N°7997 - Sharing Base incompatible with iTop >= 3.1

2026-02-13 07:24:13 +01:00 · 2024-12-11 13:28:37 +01:00
parent 9d3b46b919
commit aa55c2b30f
2 changed files with 17 additions and 30 deletions
--- a/addons/userrights/userrightsprofile.class.inc.php
+++ b/addons/userrights/userrightsprofile.class.inc.php
@@ -799,7 +799,7 @@ class UserRightsProfile extends UserRightsAddOnAPI
 		return $aRes;
 	}

-	public function IsActionAllowed($oUser, $sClass, $iActionCode, $oInstanceSet = null)
+	public function IsActionAllowed($oUser, $sClass, $iActionCode, DBObjectSet $oInstanceSet = null)
 	{
 		$this->LoadCache();

@@ -825,46 +825,33 @@ class UserRightsProfile extends UserRightsAddOnAPI
 		{
 			// We are protected by GetSelectFilter: the object set contains objects allowed or shared for reading
 			// We have to answer NO for objects shared for reading purposes
-			if (self::HasSharing())
-			{
-				$aClassProps = SharedObject::GetSharedClassProperties($sClass);
-				if ($aClassProps)
-				{
+			if (self::HasSharing() && SharedObject::GetSharedClassProperties($sClass)) {
 				// This class is shared, GetSelectFilter may allow some objects for read only
-					// But currently we are checking wether the objects might be written...
+				// But currently we are checking whether the objects might be written...
 				// Let's exclude the objects based on the relevant criteria

+				// Use $oInstanceSet only if sClass is the main class
+				if ($sClass === $oInstanceSet->GetClass()) {
 					$sOrgAttCode = self::GetOwnerOrganizationAttCode($sClass);
-					if (!is_null($sOrgAttCode))
-					{
+					if (!is_null($sOrgAttCode)) {
 						$aUserOrgs = $this->GetUserOrgs($oUser, $sClass);
-						if (!is_null($aUserOrgs) && count($aUserOrgs) > 0)
-						{
+						if (!is_null($aUserOrgs) && count($aUserOrgs) > 0) {
 							$iCountNO = 0;
 							$iCountYES = 0;
 							$oInstanceSet->Rewind();
-							while($oObject = $oInstanceSet->Fetch())
-							{
+							while ($oObject = $oInstanceSet->Fetch()) {
 								$iOrg = $oObject->Get($sOrgAttCode);
-								if (in_array($iOrg, $aUserOrgs))
-								{
+								if (in_array($iOrg, $aUserOrgs)) {
 									$iCountYES++;
-								}
-								else
-								{
+								} else {
 									$iCountNO++;
 								}
 							}
-							if ($iCountNO == 0)
-							{
+							if ($iCountNO == 0) {
 								$iPermission = UR_ALLOWED_YES;
-							}
-							elseif ($iCountYES == 0)
-							{
+							} elseif ($iCountYES == 0) {
 								$iPermission = UR_ALLOWED_NO;
-							}
-							else
-							{
+							} else {
 								$iPermission = UR_ALLOWED_DEPENDS;
 							}
 						}
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -2024,8 +2024,8 @@ class MenuBlock extends DisplayBlock
 					$sSelectedClassName = MetaModel::GetName($sSelectedClass);

 					// Check rights on class
-					$bIsBulkModifyAllowed = (!MetaModel::IsAbstract($sSelectedClass)) && UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_MODIFY, $oSet) && ($oReflectionClass->IsSubclassOf('cmdbAbstractObject'));
-					$bIsBulkDeleteAllowed = (bool) UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_DELETE, $sSelectedClass);
+					$bIsBulkModifyAllowed = (!MetaModel::IsAbstract($sSelectedClass)) && UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_MODIFY) && ($oReflectionClass->IsSubclassOf('cmdbAbstractObject'));
+					$bIsBulkDeleteAllowed = (bool) UserRights::IsActionAllowed($sSelectedClass, UR_ACTION_BULK_DELETE);

 					// Refine filter on selected class so bullk actions occur on the right class
 					$oSelectedClassFilter = $this->GetFilter()->DeepClone();