diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php index e9ead975b..4763d54e2 100644 --- a/addons/userrights/userrightsprofile.class.inc.php +++ b/addons/userrights/userrightsprofile.class.inc.php @@ -799,7 +799,7 @@ class UserRightsProfile extends UserRightsAddOnAPI return $aRes; } - public function IsActionAllowed($oUser, $sClass, $iActionCode, $oInstanceSet = null) + public function IsActionAllowed($oUser, $sClass, $iActionCode, DBObjectSet $oInstanceSet = null) { $this->LoadCache(); @@ -825,46 +825,33 @@ class UserRightsProfile extends UserRightsAddOnAPI { // We are protected by GetSelectFilter: the object set contains objects allowed or shared for reading // We have to answer NO for objects shared for reading purposes - if (self::HasSharing()) - { - $aClassProps = SharedObject::GetSharedClassProperties($sClass); - if ($aClassProps) - { - // This class is shared, GetSelectFilter may allow some objects for read only - // But currently we are checking wether the objects might be written... - // Let's exclude the objects based on the relevant criteria + if (self::HasSharing() && SharedObject::GetSharedClassProperties($sClass)) { + // This class is shared, GetSelectFilter may allow some objects for read only + // But currently we are checking whether the objects might be written... + // Let's exclude the objects based on the relevant criteria + // Use $oInstanceSet only if sClass is the main class + if ($sClass === $oInstanceSet->GetClass()) { $sOrgAttCode = self::GetOwnerOrganizationAttCode($sClass); - if (!is_null($sOrgAttCode)) - { + if (!is_null($sOrgAttCode)) { $aUserOrgs = $this->GetUserOrgs($oUser, $sClass); - if (!is_null($aUserOrgs) && count($aUserOrgs) > 0) - { + if (!is_null($aUserOrgs) && count($aUserOrgs) > 0) { $iCountNO = 0; $iCountYES = 0; $oInstanceSet->Rewind(); - while($oObject = $oInstanceSet->Fetch()) - { + while ($oObject = $oInstanceSet->Fetch()) { $iOrg = $oObject->Get($sOrgAttCode); - if (in_array($iOrg, $aUserOrgs)) - { + if (in_array($iOrg, $aUserOrgs)) { $iCountYES++; - } - else - { + } else { $iCountNO++; } } - if ($iCountNO == 0) - { + if ($iCountNO == 0) { $iPermission = UR_ALLOWED_YES; - } - elseif ($iCountYES == 0) - { + } elseif ($iCountYES == 0) { $iPermission = UR_ALLOWED_NO; - } - else - { + } else { $iPermission = UR_ALLOWED_DEPENDS; } } diff --git a/application/displayblock.class.inc.php b/application/displayblock.class.inc.php index 2bdc4ed09..12a0fe18e 100644 --- a/application/displayblock.class.inc.php +++ b/application/displayblock.class.inc.php @@ -2024,8 +2024,8 @@ class MenuBlock extends DisplayBlock $sSelectedClassName = MetaModel::GetName($sSelectedClass); // Check rights on class - $bIsBulkModifyAllowed = (!MetaModel::IsAbstract($sSelectedClass)) && UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_MODIFY, $oSet) && ($oReflectionClass->IsSubclassOf('cmdbAbstractObject')); - $bIsBulkDeleteAllowed = (bool) UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_DELETE, $sSelectedClass); + $bIsBulkModifyAllowed = (!MetaModel::IsAbstract($sSelectedClass)) && UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_MODIFY) && ($oReflectionClass->IsSubclassOf('cmdbAbstractObject')); + $bIsBulkDeleteAllowed = (bool) UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_DELETE); // Refine filter on selected class so bullk actions occur on the right class $oSelectedClassFilter = $this->GetFilter()->DeepClone();