mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-18 06:48:50 +02:00
N°6933 - SF 6.4 - Remove deprecated calls
- ObjectController (services access)
This commit is contained in:
Benjamin Dalsass
@@ -27,9 +27,15 @@ use AttributeFriendlyName;
|
||||
use AttributeImage;
|
||||
use BinaryExpression;
|
||||
use Combodo\iTop\Form\Field\DateTimeField;
|
||||
use Combodo\iTop\Portal\Brick\BrickCollection;
|
||||
use Combodo\iTop\Portal\Brick\CreateBrick;
|
||||
use Combodo\iTop\Portal\Helper\ApplicationHelper;
|
||||
use Combodo\iTop\Portal\Helper\ContextManipulatorHelper;
|
||||
use Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper;
|
||||
use Combodo\iTop\Portal\Helper\RequestManipulatorHelper;
|
||||
use Combodo\iTop\Portal\Helper\ScopeValidatorHelper;
|
||||
use Combodo\iTop\Portal\Helper\SecurityHelper;
|
||||
use Combodo\iTop\Portal\Routing\UrlGenerator;
|
||||
use Combodo\iTop\Renderer\Bootstrap\FieldRenderer\BsLinkedSetFieldRenderer;
|
||||
use DBObject;
|
||||
use DBObjectSearch;
|
||||
@@ -67,6 +73,19 @@ class ObjectController extends BrickController
|
||||
const DEFAULT_PAGE_NUMBER = 1;
|
||||
const DEFAULT_LIST_LENGTH = 10;
|
||||
|
||||
|
||||
public function __construct(
|
||||
protected SecurityHelper $oSecurityHelper,
|
||||
protected ScopeValidatorHelper $oScopeValidator,
|
||||
protected RequestManipulatorHelper $oRequestManipulator,
|
||||
protected UrlGenerator $oUrlGenerator,
|
||||
protected BrickCollection $oBrickCollection,
|
||||
protected ObjectFormHandlerHelper $oObjectFormHandler
|
||||
|
||||
)
|
||||
{
|
||||
}
|
||||
|
||||
/**
|
||||
* Displays an cmdbAbstractObject (from its ID) if the connected user is allowed to.
|
||||
*
|
||||
@@ -85,11 +104,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function ViewAction(Request $oRequest, $sObjectClass, $sObjectId)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
// Checking parameters
|
||||
if ($sObjectClass === '' || $sObjectId === '') {
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass and sObjectId expected, "'.$sObjectClass.'" and "'.$sObjectId.'" given.');
|
||||
@@ -97,14 +111,14 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Checking security layers
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) {
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) {
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sObjectClass.'::'.$sObjectId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */,
|
||||
$oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
$this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null) {
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sObjectClass.'::'.$sObjectId.'.');
|
||||
@@ -134,11 +148,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function ViewFromAttributeAction(Request $oRequest, $sObjectClass, $sObjectAttCode, $sObjectAttValue)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
// Checking parameters
|
||||
if ($sObjectClass === '' || $sObjectAttCode === '' || $sObjectAttValue === '') {
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass and sObjectAttCode/sObjectAttValue expected, "'
|
||||
@@ -147,7 +156,7 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
$oObject = MetaModel::GetObjectByColumn($sObjectClass, $sObjectAttCode, $sObjectAttValue, false,
|
||||
$oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
$this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null) {
|
||||
// null if object not found or multiple matches
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sObjectClass.'" and "'.$sObjectAttCode.' / '.$sObjectAttValue.'.');
|
||||
@@ -156,7 +165,7 @@ class ObjectController extends BrickController
|
||||
|
||||
// Checking security layers
|
||||
$sObjectId = $oObject->GetKey();
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) {
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) {
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sObjectClass.'::'.$sObjectId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
@@ -182,31 +191,21 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
protected function PrepareViewObjectResponse(Request $oRequest, DBObject $oObject)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */
|
||||
$oUrlGenerator = $this->get('url_generator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */
|
||||
$oObjectFormHandler = $this->get('object_form_handler');
|
||||
/** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
|
||||
$oBrickCollection = $this->get('brick_collection');
|
||||
|
||||
$sOperation = $oRequestManipulator->ReadParam('operation', '');
|
||||
$sOperation = $this->oRequestManipulator->ReadParam('operation', '');
|
||||
$sObjectClass = get_class($oObject);
|
||||
$sObjectId = $oObject->GetKey();
|
||||
|
||||
$oObject->FireEvent(EVENT_DISPLAY_OBJECT_DETAILS);
|
||||
|
||||
$aData = array('sMode' => 'view');
|
||||
$aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId);
|
||||
$aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId);
|
||||
$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:View:Title', MetaModel::GetName($sObjectClass),
|
||||
$oObject->GetName());
|
||||
|
||||
// Add an edit button if user is allowed
|
||||
if ($oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) {
|
||||
$sModifyUrl = $oUrlGenerator->generate('p_object_edit', array('sObjectClass' => $sObjectClass, 'sObjectId' => $sObjectId));
|
||||
if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) {
|
||||
$sModifyUrl = $this->oUrlGenerator->generate('p_object_edit', array('sObjectClass' => $sObjectClass, 'sObjectId' => $sObjectId));
|
||||
$oModifyButton = new JSButtonItem(
|
||||
'modify_object',
|
||||
Dict::S('UI:Menu:Modify'),
|
||||
@@ -226,9 +225,9 @@ class ObjectController extends BrickController
|
||||
}
|
||||
} else {
|
||||
// Adding brick if it was passed
|
||||
$sBrickId = $oRequestManipulator->ReadParam('sBrickId', '');
|
||||
$sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', '');
|
||||
if (!empty($sBrickId)) {
|
||||
$oBrick = $oBrickCollection->GetBrickById($sBrickId);
|
||||
$oBrick = $this->oBrickCollection->GetBrickById($sBrickId);
|
||||
if ($oBrick !== null) {
|
||||
$aData['oBrick'] = $oBrick;
|
||||
}
|
||||
@@ -256,17 +255,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function EditAction(Request $oRequest, $sObjectClass, $sObjectId)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */
|
||||
$oObjectFormHandler = $this->get('object_form_handler');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
/** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
|
||||
$oBrickCollection = $this->get('brick_collection');
|
||||
|
||||
// Checking parameters
|
||||
if ($sObjectClass === '' || $sObjectId === '')
|
||||
{
|
||||
@@ -277,7 +265,7 @@ class ObjectController extends BrickController
|
||||
// Checking security layers
|
||||
// Warning : This is a dirty quick fix to allow editing its own contact information
|
||||
$bAllowWrite = ($sObjectClass === 'Person' && $sObjectId == UserRights::GetContactId());
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId) && !$bAllowWrite)
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId) && !$bAllowWrite)
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to modify '.$sObjectClass.'::'.$sObjectId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
@@ -285,7 +273,7 @@ class ObjectController extends BrickController
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */,
|
||||
$oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
$this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
@@ -293,10 +281,10 @@ class ObjectController extends BrickController
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
|
||||
$sOperation = $oRequestManipulator->ReadParam('operation', '');
|
||||
$sOperation = $this->oRequestManipulator->ReadParam('operation', '');
|
||||
|
||||
$aData = array('sMode' => 'edit');
|
||||
$aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId);
|
||||
$aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId);
|
||||
$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Edit:Title', MetaModel::GetName($sObjectClass),
|
||||
$aData['form']['object_name']);
|
||||
|
||||
@@ -316,10 +304,10 @@ class ObjectController extends BrickController
|
||||
else
|
||||
{
|
||||
// Adding brick if it was passed
|
||||
$sBrickId = $oRequestManipulator->ReadParam('sBrickId', '');
|
||||
$sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', '');
|
||||
if (!empty($sBrickId))
|
||||
{
|
||||
$oBrick = $oBrickCollection->GetBrickById($sBrickId);
|
||||
$oBrick = $this->oBrickCollection->GetBrickById($sBrickId);
|
||||
if ($oBrick !== null)
|
||||
{
|
||||
$aData['oBrick'] = $oBrick;
|
||||
@@ -436,19 +424,6 @@ class ObjectController extends BrickController
|
||||
/** @var array $aCombodoPortalInstanceConf */
|
||||
$aCombodoPortalInstanceConf = $this->getParameter('combodo.portal.instance.conf');
|
||||
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */
|
||||
$oUrlGenerator = $this->get('url_generator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\NavigationRuleHelper $oNavigationRuleHelper */
|
||||
$oNavigationRuleHelper = $this->get('navigation_rule_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */
|
||||
$oObjectFormHandler = $this->get('object_form_handler');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
// Checking parameters
|
||||
if ($sObjectClass === '' || $sObjectId === '' || $sStimulusCode === '')
|
||||
{
|
||||
@@ -458,18 +433,18 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Checking security layers
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId))
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId))
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to modify '.$sObjectClass.'::'.$sObjectId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
if (!$oSecurityHelper->IsStimulusAllowed($sStimulusCode, $sObjectClass))
|
||||
if (!$this->oSecurityHelper->IsStimulusAllowed($sStimulusCode, $sObjectClass))
|
||||
{
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
@@ -478,7 +453,7 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Retrieving request parameters
|
||||
$sOperation = $oRequestManipulator->ReadParam('operation', '');
|
||||
$sOperation = $this->oRequestManipulator->ReadParam('operation', '');
|
||||
|
||||
// Retrieving form properties
|
||||
$aStimuliForms = ApplicationHelper::GetLoadedFormFromClass($aCombodoPortalInstanceConf['forms'], $sObjectClass, 'apply_stimulus');
|
||||
@@ -505,7 +480,7 @@ class ObjectController extends BrickController
|
||||
$oRequest->request->set('apply_stimulus', array('code' => $sStimulusCode));
|
||||
|
||||
$aData = array('sMode' => 'apply_stimulus');
|
||||
$aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties);
|
||||
$aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties);
|
||||
$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Stimulus:Title');
|
||||
|
||||
// TODO : This is a ugly patch to avoid showing a modal with a readonly form to the user as it would prevent user from finishing the transition.
|
||||
@@ -523,12 +498,12 @@ class ObjectController extends BrickController
|
||||
$oSubRequest->request->set('formmanager_data', json_encode($aData['form']['formmanager_data']));
|
||||
|
||||
$aData = array('sMode' => 'apply_stimulus');
|
||||
$aData['form'] = $oObjectFormHandler->HandleForm($oSubRequest, $aData['sMode'], $sObjectClass, $sObjectId,
|
||||
$aData['form'] = $this->oObjectFormHandler->HandleForm($oSubRequest, $aData['sMode'], $sObjectClass, $sObjectId,
|
||||
$aFormProperties);
|
||||
|
||||
// Reload the object to make sure we have it in a clean state
|
||||
$oObject->Reload(true);
|
||||
$aNavigationRules = $oNavigationRuleHelper->PrepareRulesForForm($aFormProperties, $oObject, true);
|
||||
$aNavigationRules = $this->oNavigationRuleHelper->PrepareRulesForForm($aFormProperties, $oObject, true);
|
||||
|
||||
// Redefining the array to be as simple as possible :
|
||||
$aData = array(
|
||||
@@ -585,16 +560,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function SearchAutocompleteAction(Request $oRequest, $sTargetAttCode, $sHostObjectClass, $sHostObjectId = null)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ContextManipulatorHelper $oContextManipulator */
|
||||
$oContextManipulator = $this->get('context_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oFormHandlerHelper */
|
||||
$oFormHandlerHelper = $this->get('object_form_handler');
|
||||
|
||||
$aData = array(
|
||||
'results' => array(
|
||||
@@ -618,7 +583,7 @@ class ObjectController extends BrickController
|
||||
$sFieldId = $aRequestContent['sFieldId'];
|
||||
|
||||
// Checking security layers
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId))
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId))
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sHostObjectClass.'::'.$sHostObjectId.'.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
@@ -637,10 +602,10 @@ class ObjectController extends BrickController
|
||||
//
|
||||
// Note : The action rules must be a base64-encoded JSON object, this is just so users are tempted to changes values.
|
||||
// But it would not be a security issue as it only presets values in the form.
|
||||
$sActionRulesToken = $oRequestManipulator->ReadParam('ar_token', '');
|
||||
$aActionRules = (!empty($sActionRulesToken)) ? $oContextManipulator->DecodeRulesToken($sActionRulesToken) : array();
|
||||
$sActionRulesToken = $this->oRequestManipulator->ReadParam('ar_token', '');
|
||||
$aActionRules = (!empty($sActionRulesToken)) ? $this->oContextManipulator->DecodeRulesToken($sActionRulesToken) : array();
|
||||
// Preparing object
|
||||
$oContextManipulator->PrepareObject($aActionRules, $oHostObject);
|
||||
$this->oContextManipulator->PrepareObject($aActionRules, $oHostObject);
|
||||
}
|
||||
|
||||
// Updating host object with form data / values
|
||||
@@ -649,14 +614,14 @@ class ObjectController extends BrickController
|
||||
if (!empty($sFormManagerClass) && !empty($sFormManagerData)) {
|
||||
/** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */
|
||||
$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
|
||||
$oFormManager->SetObjectFormHandlerHelper($oFormHandlerHelper);
|
||||
$oFormManager->SetObjectFormHandlerHelper($this->oFormHandlerHelper);
|
||||
$oFormManager->SetObject($oHostObject);
|
||||
|
||||
// Applying action rules if present
|
||||
if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== '')) {
|
||||
$aActionRules = ContextManipulatorHelper::DecodeRulesToken($oFormManager->GetActionRulesToken());
|
||||
$oObj = $oFormManager->GetObject();
|
||||
$oContextManipulator->PrepareObject($aActionRules, $oObj);
|
||||
$this->oContextManipulator->PrepareObject($aActionRules, $oObj);
|
||||
$oFormManager->SetObject($oObj);
|
||||
}
|
||||
|
||||
@@ -700,7 +665,7 @@ class ObjectController extends BrickController
|
||||
// It is the responsibility of the template designer to write the right query so the user see only what he should.
|
||||
if ($oTargetAttDef->GetEditClass() !== 'CustomFields')
|
||||
{
|
||||
$oScopeSearch = $oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ);
|
||||
$oScopeSearch = $this->oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ);
|
||||
$oSearch = $oSearch->Intersect($oScopeSearch);
|
||||
// - Allowing all data if necessary
|
||||
if ($oScopeSearch->IsAllDataAllowed())
|
||||
@@ -765,27 +730,16 @@ class ObjectController extends BrickController
|
||||
/** @var array $aCombodoPortalInstanceConf */
|
||||
$aCombodoPortalInstanceConf = $this->getParameter('combodo.portal.instance.conf');
|
||||
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ContextManipulatorHelper $oContextManipulator */
|
||||
$oContextManipulator = $this->get('context_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oFormHandlerHelper */
|
||||
$oFormHandlerHelper = $this->get('object_form_handler');
|
||||
|
||||
$aData = array(
|
||||
'sMode' => 'search_regular',
|
||||
'sTargetAttCode' => $sTargetAttCode,
|
||||
'sHostObjectClass' => $sHostObjectClass,
|
||||
'sHostObjectId' => $sHostObjectId,
|
||||
'sActionRulesToken' => $oRequestManipulator->ReadParam('ar_token', ''),
|
||||
'sActionRulesToken' => $this->oRequestManipulator->ReadParam('ar_token', ''),
|
||||
);
|
||||
|
||||
// Checking security layers
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId))
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId))
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sHostObjectClass.'::'.$sHostObjectId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
@@ -806,41 +760,41 @@ class ObjectController extends BrickController
|
||||
// But it would not be a security issue as it only presets values in the form.
|
||||
$aActionRules = !empty($aData['sActionRulesToken']) ? ContextManipulatorHelper::DecodeRulesToken($aData['sActionRulesToken']) : array();
|
||||
// Preparing object
|
||||
$oContextManipulator->PrepareObject($aActionRules, $oHostObject);
|
||||
$this->oContextManipulator->PrepareObject($aActionRules, $oHostObject);
|
||||
}
|
||||
|
||||
// Updating host object with form data / values
|
||||
$sFormManagerClass = $oRequestManipulator->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW);
|
||||
$sFormManagerData = $oRequestManipulator->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW);
|
||||
$sFormManagerClass = $this->oRequestManipulator->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW);
|
||||
$sFormManagerData = $this->oRequestManipulator->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW);
|
||||
if (!empty($sFormManagerClass) && !empty($sFormManagerData)) {
|
||||
/** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */
|
||||
$oFormManager = $sFormManagerClass::FromJSON($sFormManagerData);
|
||||
$oFormManager->SetObjectFormHandlerHelper($oFormHandlerHelper);
|
||||
$oFormManager->SetObjectFormHandlerHelper($this->oFormHandlerHelper);
|
||||
$oFormManager->SetObject($oHostObject);
|
||||
|
||||
// Applying action rules if present
|
||||
if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== '')) {
|
||||
$aActionRules = ContextManipulatorHelper::DecodeRulesToken($oFormManager->GetActionRulesToken());
|
||||
$oObj = $oFormManager->GetObject();
|
||||
$oContextManipulator->PrepareObject($aActionRules, $oObj);
|
||||
$this->oContextManipulator->PrepareObject($aActionRules, $oObj);
|
||||
$oFormManager->SetObject($oObj);
|
||||
}
|
||||
|
||||
// Updating host object
|
||||
$oFormManager->OnUpdate(array(
|
||||
'currentValues' => $oRequestManipulator->ReadParam('current_values', array(), FILTER_UNSAFE_RAW),
|
||||
'currentValues' => $this->oRequestManipulator->ReadParam('current_values', array(), FILTER_UNSAFE_RAW),
|
||||
));
|
||||
$oHostObject = $oFormManager->GetObject();
|
||||
}
|
||||
|
||||
// Retrieving request parameters
|
||||
$iPageNumber = $oRequestManipulator->ReadParam('iPageNumber', static::DEFAULT_PAGE_NUMBER, FILTER_SANITIZE_NUMBER_INT);
|
||||
$iListLength = $oRequestManipulator->ReadParam('iListLength', static::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT);
|
||||
$bInitialPass = $oRequestManipulator->HasParam('draw') ? false : true;
|
||||
$sQuery = $oRequestManipulator->ReadParam('sSearchValue', '');
|
||||
$sFormPath = $oRequestManipulator->ReadParam('sFormPath', '');
|
||||
$sFieldId = $oRequestManipulator->ReadParam('sFieldId', '');
|
||||
$aObjectIdsToIgnore = $oRequestManipulator->ReadParam('aObjectIdsToIgnore', null, FILTER_UNSAFE_RAW);
|
||||
$iPageNumber = $this->oRequestManipulator->ReadParam('iPageNumber', static::DEFAULT_PAGE_NUMBER, FILTER_SANITIZE_NUMBER_INT);
|
||||
$iListLength = $this->oRequestManipulator->ReadParam('iListLength', static::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT);
|
||||
$bInitialPass = $this->oRequestManipulator->HasParam('draw') ? false : true;
|
||||
$sQuery = $this->oRequestManipulator->ReadParam('sSearchValue', '');
|
||||
$sFormPath = $this->oRequestManipulator->ReadParam('sFormPath', '');
|
||||
$sFieldId = $this->oRequestManipulator->ReadParam('sFieldId', '');
|
||||
$aObjectIdsToIgnore = $this->oRequestManipulator->ReadParam('aObjectIdsToIgnore', null, FILTER_UNSAFE_RAW);
|
||||
|
||||
// Building search query
|
||||
// - Retrieving target object class from attcode
|
||||
@@ -889,7 +843,7 @@ class ObjectController extends BrickController
|
||||
// - Retrieving scope search
|
||||
// Note : This do NOT apply to custom fields as the portal administrator is not supposed to know which objects will be put in the templates.
|
||||
// It is the responsibility of the template designer to write the right query so the user see only what he should.
|
||||
$oScopeSearch = $oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ);
|
||||
$oScopeSearch = $this->oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ);
|
||||
$aInternalParams = array();
|
||||
if (($oScopeSearch === null) && ($oTargetAttDef->GetEditClass() !== 'CustomFields'))
|
||||
{
|
||||
@@ -1083,12 +1037,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function DocumentAction(Request $oRequest, $sOperation = null)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
// Setting default operation
|
||||
if ($sOperation === null)
|
||||
@@ -1097,9 +1045,9 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Retrieving ormDocument's host object
|
||||
$sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$sObjectId = $oRequestManipulator->ReadParam('sObjectId', '');
|
||||
$sObjectField = $oRequestManipulator->ReadParam('sObjectField', '');
|
||||
$sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$sObjectId = $this->oRequestManipulator->ReadParam('sObjectId', '');
|
||||
$sObjectField = $this->oRequestManipulator->ReadParam('sObjectField', '');
|
||||
$bCheckSecurity = true;
|
||||
|
||||
// When reaching to an Attachment, we have to check security on its host object instead of the Attachment itself
|
||||
@@ -1114,7 +1062,7 @@ class ObjectController extends BrickController
|
||||
$sHostId = $oAttachment->Get('item_id');
|
||||
|
||||
// Attachments could be linked to host objects without an org_id. Retrieving the attachment would fail if enforced silos are based on org_id
|
||||
if($oAttachment->Get('item_org_id') === 0 && ($sHostId > 0) && $oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) {
|
||||
if($oAttachment->Get('item_org_id') === 0 && ($sHostId > 0) && $this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) {
|
||||
$bCheckSecurity = false;
|
||||
}
|
||||
|
||||
@@ -1132,14 +1080,14 @@ class ObjectController extends BrickController
|
||||
|
||||
// Checking security layers
|
||||
// Note: Checking if host object already exists as we can try to download document from an object that is being created
|
||||
if (($bCheckSecurity === true) && ($sHostId > 0) && !$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId))
|
||||
if (($bCheckSecurity === true) && ($sHostId > 0) && !$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId))
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to retrieve document from attribute '.$sObjectField.' as it not allowed to read '.$sHostClass.'::'.$sHostId.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
|
||||
// Retrieving object
|
||||
$bAllowAllDataFlag = ($bCheckSecurity === false) ? true : $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass);
|
||||
$bAllowAllDataFlag = ($bCheckSecurity === false) ? true : $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* Must not be found */, $bAllowAllDataFlag);
|
||||
if ($oObject === null)
|
||||
{
|
||||
@@ -1156,7 +1104,7 @@ class ObjectController extends BrickController
|
||||
}
|
||||
else
|
||||
{
|
||||
$iCacheSec = $oRequestManipulator->ReadParam('cache', 0, FILTER_SANITIZE_NUMBER_INT);
|
||||
$iCacheSec = $this->oRequestManipulator->ReadParam('cache', 0, FILTER_SANITIZE_NUMBER_INT);
|
||||
}
|
||||
|
||||
$aHeaders = array();
|
||||
@@ -1204,11 +1152,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function AttachmentAction(Request $oRequest, $sOperation = null)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */
|
||||
$oUrlGenerator = $this->get('url_generator');
|
||||
|
||||
$aData = array(
|
||||
'att_id' => 0,
|
||||
'preview' => false,
|
||||
@@ -1218,14 +1161,14 @@ class ObjectController extends BrickController
|
||||
// Retrieving sOperation from request only if it wasn't forced (determined by the route)
|
||||
if ($sOperation === null)
|
||||
{
|
||||
$sOperation = $oRequestManipulator->ReadParam('operation', null);
|
||||
$sOperation = $this->oRequestManipulator->ReadParam('operation', null);
|
||||
}
|
||||
switch ($sOperation)
|
||||
{
|
||||
case 'add':
|
||||
$sFieldName = $oRequestManipulator->ReadParam('field_name', '');
|
||||
$sObjectClass = $oRequestManipulator->ReadParam('object_class', '');
|
||||
$sTempId = $oRequestManipulator->ReadParam('temp_id', '');
|
||||
$sFieldName = $this->oRequestManipulator->ReadParam('field_name', '');
|
||||
$sObjectClass = $this->oRequestManipulator->ReadParam('object_class', '');
|
||||
$sTempId = $this->oRequestManipulator->ReadParam('temp_id', '');
|
||||
|
||||
if (empty($sObjectClass) || empty($sTempId))
|
||||
{
|
||||
@@ -1277,7 +1220,7 @@ class ObjectController extends BrickController
|
||||
// - Route
|
||||
$aRouteParams = array(
|
||||
'sObjectClass' => 'Attachment',
|
||||
'sObjectId' => $oRequestManipulator->ReadParam('sAttachmentId', null),
|
||||
'sObjectId' => $this->oRequestManipulator->ReadParam('sAttachmentId', null),
|
||||
'sObjectField' => 'contents',
|
||||
);
|
||||
|
||||
@@ -1313,17 +1256,13 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function GetInformationAsJsonAction(Request $oRequest)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
$aData = array();
|
||||
|
||||
// Retrieving parameters
|
||||
$sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$aObjectIds = $oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW);
|
||||
$aObjectAttCodes = $oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
$sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$aObjectIds = $this->oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW);
|
||||
$aObjectAttCodes = $this->oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
if (empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes)) {
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass, aObjectIds and aObjectAttCodes expected, "'.$sObjectClass.'", "'.implode('/',
|
||||
$aObjectIds).'" given.');
|
||||
@@ -1331,7 +1270,7 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Building the search
|
||||
$bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
|
||||
$bIgnoreSilos = $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
|
||||
$aParams = array('objects_id' => $aObjectIds);
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)");
|
||||
if ($bIgnoreSilos === true) {
|
||||
@@ -1371,11 +1310,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
public function GetInformationForLinkedSetAsJsonAction(Request $oRequest)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */
|
||||
$oScopeValidator = $this->get('scope_validator');
|
||||
|
||||
// Data array
|
||||
$aData = array(
|
||||
'js_inline' => '',
|
||||
@@ -1383,12 +1317,12 @@ class ObjectController extends BrickController
|
||||
);
|
||||
|
||||
// Retrieving parameters
|
||||
$sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$sLinkClass = $oRequestManipulator->ReadParam('sLinkClass', '');
|
||||
$aObjectIds = $oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW);
|
||||
$aObjectAttCodes = $oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
$aLinkAttCodes = $oRequestManipulator->ReadParam('aLinkAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
$sDateTimePickerWidgetParent = $oRequestManipulator->ReadParam('sDateTimePickerWidgetParent', array(), FILTER_UNSAFE_RAW);
|
||||
$sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', '');
|
||||
$sLinkClass = $this->oRequestManipulator->ReadParam('sLinkClass', '');
|
||||
$aObjectIds = $this->oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW);
|
||||
$aObjectAttCodes = $this->oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
$aLinkAttCodes = $this->oRequestManipulator->ReadParam('aLinkAttCodes', array(), FILTER_UNSAFE_RAW);
|
||||
$sDateTimePickerWidgetParent = $this->oRequestManipulator->ReadParam('sDateTimePickerWidgetParent', array(), FILTER_UNSAFE_RAW);
|
||||
|
||||
if (empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes)) {
|
||||
IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass, aObjectIds and aObjectAttCodes expected, "'.$sObjectClass.'", "'.implode('/',
|
||||
@@ -1397,7 +1331,7 @@ class ObjectController extends BrickController
|
||||
}
|
||||
|
||||
// Building the search
|
||||
$bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
|
||||
$bIgnoreSilos = $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
|
||||
$aParams = array('objects_id' => $aObjectIds);
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)");
|
||||
if ($bIgnoreSilos === true)
|
||||
@@ -1460,11 +1394,6 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
protected function PrepareObjectInformation(DBObject $oObject, $aAttCodes = array())
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */
|
||||
$oUrlGenerator = $this->get('url_generator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
|
||||
$sObjectClass = get_class($oObject);
|
||||
$aObjectData = array(
|
||||
'id' => $oObject->GetKey(),
|
||||
@@ -1496,9 +1425,9 @@ class ObjectController extends BrickController
|
||||
$aAttData['value'] = $oObject->GetAsHTML($oAttDef->GetCode().'_friendlyname');
|
||||
|
||||
// Checking if user can access object's external key
|
||||
if ($oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $oAttDef->GetTargetClass()))
|
||||
if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $oAttDef->GetTargetClass()))
|
||||
{
|
||||
$aAttData['url'] = $oUrlGenerator->generate('p_object_view',
|
||||
$aAttData['url'] = $this->oUrlGenerator->generate('p_object_view',
|
||||
array('sObjectClass' => $oAttDef->GetTargetClass(), 'sObjectId' => $oObject->Get($oAttDef->GetCode())));
|
||||
}
|
||||
}
|
||||
@@ -1513,7 +1442,7 @@ class ObjectController extends BrickController
|
||||
$oOrmDoc = $oObject->Get($oAttDef->GetCode());
|
||||
if (is_object($oOrmDoc) && !$oOrmDoc->IsEmpty())
|
||||
{
|
||||
$sUrl = $oUrlGenerator->generate('p_object_document_display', [
|
||||
$sUrl = $this->oUrlGenerator->generate('p_object_document_display', [
|
||||
'sObjectClass' => get_class($oObject),
|
||||
'sObjectId' => $oObject->GetKey(),
|
||||
'sObjectField' => $oAttDef->GetCode(),
|
||||
@@ -1537,9 +1466,9 @@ class ObjectController extends BrickController
|
||||
if ($oAttDef instanceof AttributeFriendlyName)
|
||||
{
|
||||
// Checking if user can access object
|
||||
if ($oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass))
|
||||
if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass))
|
||||
{
|
||||
$aAttData['url'] = $oUrlGenerator->generate('p_object_view',
|
||||
$aAttData['url'] = $this->oUrlGenerator->generate('p_object_view',
|
||||
array('sObjectClass' => $sObjectClass, 'sObjectId' => $oObject->GetKey()));
|
||||
}
|
||||
}
|
||||
@@ -1569,26 +1498,17 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
protected function DisplayCreationForm(Request $oRequest, $sObjectClass)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */
|
||||
$oObjectFormHandler = $this->get('object_form_handler');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
|
||||
$oBrickCollection = $this->get('brick_collection');
|
||||
|
||||
// Checking security layers
|
||||
if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sObjectClass))
|
||||
if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sObjectClass))
|
||||
{
|
||||
IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to create '.$sObjectClass.' object.');
|
||||
throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist'));
|
||||
}
|
||||
|
||||
$sOperation = $oRequestManipulator->ReadParam('operation', '');
|
||||
$sOperation = $this->oRequestManipulator->ReadParam('operation', '');
|
||||
|
||||
$aData = array('sMode' => 'create');
|
||||
$aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass);
|
||||
$aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass);
|
||||
$aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Create:Title', MetaModel::GetName($sObjectClass));
|
||||
|
||||
// Preparing response
|
||||
@@ -1607,10 +1527,10 @@ class ObjectController extends BrickController
|
||||
else
|
||||
{
|
||||
// Adding brick if it was passed
|
||||
$sBrickId = $oRequestManipulator->ReadParam('sBrickId', '');
|
||||
$sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', '');
|
||||
if (!empty($sBrickId))
|
||||
{
|
||||
$oBrick = $oBrickCollection->GetBrickById($sBrickId);
|
||||
$oBrick = $this->oBrickCollection->GetBrickById($sBrickId);
|
||||
if ($oBrick !== null)
|
||||
{
|
||||
$aData['oBrick'] = $oBrick;
|
||||
@@ -1639,25 +1559,18 @@ class ObjectController extends BrickController
|
||||
*/
|
||||
protected function DisplayLeafClassesForm($sObjectClass)
|
||||
{
|
||||
/** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */
|
||||
$oRequestManipulator = $this->get('request_manipulator');
|
||||
/** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */
|
||||
$oSecurityHelper = $this->get('security_helper');
|
||||
/** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */
|
||||
$oBrickCollection = $this->get('brick_collection');
|
||||
|
||||
$aData = array(
|
||||
'aLeafClasses' => array(),
|
||||
'sPageTitle' => Dict::Format('Brick:Portal:Object:Form:Create:Title', MetaModel::GetName($sObjectClass)),
|
||||
'sLeafClassesListId' => 'leaf_classes_list_' . uniqid(),
|
||||
'ar_token' => $oRequestManipulator->ReadParam('ar_token', ''),
|
||||
'ar_token' => $this->oRequestManipulator->ReadParam('ar_token', ''),
|
||||
);
|
||||
$sTemplatePath = CreateBrick::DEFAULT_PAGE_TEMPLATE_PATH;
|
||||
|
||||
$sBrickId = $oRequestManipulator->ReadParam('sBrickId', '');
|
||||
$sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', '');
|
||||
if (!empty($sBrickId))
|
||||
{
|
||||
$oBrick = $oBrickCollection->GetBrickById($sBrickId);
|
||||
$oBrick = $this->oBrickCollection->GetBrickById($sBrickId);
|
||||
$sTemplatePath = $oBrick->GetPageTemplatePath();
|
||||
|
||||
$aData['sBrickId'] = $sBrickId;
|
||||
@@ -1669,7 +1582,7 @@ class ObjectController extends BrickController
|
||||
$aChildClasses = MetaModel::EnumChildClasses($sObjectClass);
|
||||
foreach ($aChildClasses as $sChildClass)
|
||||
{
|
||||
if (!MetaModel::IsAbstract($sChildClass) && $oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sChildClass))
|
||||
if (!MetaModel::IsAbstract($sChildClass) && $this->oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sChildClass))
|
||||
{
|
||||
$aLeafClasses[] = array(
|
||||
'id' => $sChildClass,
|
||||
|
||||
Reference in New Issue
Block a user