From ab2a83b66e42ecde4faf001b27a62cd7447fe12a Mon Sep 17 00:00:00 2001 From: Benjamin Dalsass Date: Mon, 20 Nov 2023 16:34:13 +0100 Subject: [PATCH] =?UTF-8?q?N=C2=B06933=20-=20SF=206.4=20-=20Remove=20depre?= =?UTF-8?q?cated=20calls=20-=20ObjectController=20(services=20access)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../src/Controller/ObjectController.php | 291 ++++++------------ 1 file changed, 102 insertions(+), 189 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php index 759e97873b..9eee289711 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php +++ b/datamodels/2.x/itop-portal-base/portal/src/Controller/ObjectController.php @@ -27,9 +27,15 @@ use AttributeFriendlyName; use AttributeImage; use BinaryExpression; use Combodo\iTop\Form\Field\DateTimeField; +use Combodo\iTop\Portal\Brick\BrickCollection; use Combodo\iTop\Portal\Brick\CreateBrick; use Combodo\iTop\Portal\Helper\ApplicationHelper; use Combodo\iTop\Portal\Helper\ContextManipulatorHelper; +use Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper; +use Combodo\iTop\Portal\Helper\RequestManipulatorHelper; +use Combodo\iTop\Portal\Helper\ScopeValidatorHelper; +use Combodo\iTop\Portal\Helper\SecurityHelper; +use Combodo\iTop\Portal\Routing\UrlGenerator; use Combodo\iTop\Renderer\Bootstrap\FieldRenderer\BsLinkedSetFieldRenderer; use DBObject; use DBObjectSearch; @@ -67,6 +73,19 @@ class ObjectController extends BrickController const DEFAULT_PAGE_NUMBER = 1; const DEFAULT_LIST_LENGTH = 10; + + public function __construct( + protected SecurityHelper $oSecurityHelper, + protected ScopeValidatorHelper $oScopeValidator, + protected RequestManipulatorHelper $oRequestManipulator, + protected UrlGenerator $oUrlGenerator, + protected BrickCollection $oBrickCollection, + protected ObjectFormHandlerHelper $oObjectFormHandler + + ) + { + } + /** * Displays an cmdbAbstractObject (from its ID) if the connected user is allowed to. * @@ -85,11 +104,6 @@ class ObjectController extends BrickController */ public function ViewAction(Request $oRequest, $sObjectClass, $sObjectId) { - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - // Checking parameters if ($sObjectClass === '' || $sObjectId === '') { IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass and sObjectId expected, "'.$sObjectClass.'" and "'.$sObjectId.'" given.'); @@ -97,14 +111,14 @@ class ObjectController extends BrickController } // Checking security layers - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) { + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sObjectClass.'::'.$sObjectId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } // Retrieving object $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, - $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); + $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); if ($oObject === null) { // We should never be there as the secuirty helper makes sure that the object exists, but just in case. IssueLog::Info(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sObjectClass.'::'.$sObjectId.'.'); @@ -134,11 +148,6 @@ class ObjectController extends BrickController */ public function ViewFromAttributeAction(Request $oRequest, $sObjectClass, $sObjectAttCode, $sObjectAttValue) { - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - // Checking parameters if ($sObjectClass === '' || $sObjectAttCode === '' || $sObjectAttValue === '') { IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass and sObjectAttCode/sObjectAttValue expected, "' @@ -147,7 +156,7 @@ class ObjectController extends BrickController } $oObject = MetaModel::GetObjectByColumn($sObjectClass, $sObjectAttCode, $sObjectAttValue, false, - $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); + $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); if ($oObject === null) { // null if object not found or multiple matches IssueLog::Info(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sObjectClass.'" and "'.$sObjectAttCode.' / '.$sObjectAttValue.'.'); @@ -156,7 +165,7 @@ class ObjectController extends BrickController // Checking security layers $sObjectId = $oObject->GetKey(); - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) { + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass, $sObjectId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sObjectClass.'::'.$sObjectId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } @@ -182,31 +191,21 @@ class ObjectController extends BrickController */ protected function PrepareViewObjectResponse(Request $oRequest, DBObject $oObject) { - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */ - $oUrlGenerator = $this->get('url_generator'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */ - $oObjectFormHandler = $this->get('object_form_handler'); - /** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */ - $oBrickCollection = $this->get('brick_collection'); - $sOperation = $oRequestManipulator->ReadParam('operation', ''); + $sOperation = $this->oRequestManipulator->ReadParam('operation', ''); $sObjectClass = get_class($oObject); $sObjectId = $oObject->GetKey(); $oObject->FireEvent(EVENT_DISPLAY_OBJECT_DETAILS); $aData = array('sMode' => 'view'); - $aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId); + $aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId); $aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:View:Title', MetaModel::GetName($sObjectClass), $oObject->GetName()); // Add an edit button if user is allowed - if ($oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) { - $sModifyUrl = $oUrlGenerator->generate('p_object_edit', array('sObjectClass' => $sObjectClass, 'sObjectId' => $sObjectId)); + if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) { + $sModifyUrl = $this->oUrlGenerator->generate('p_object_edit', array('sObjectClass' => $sObjectClass, 'sObjectId' => $sObjectId)); $oModifyButton = new JSButtonItem( 'modify_object', Dict::S('UI:Menu:Modify'), @@ -226,9 +225,9 @@ class ObjectController extends BrickController } } else { // Adding brick if it was passed - $sBrickId = $oRequestManipulator->ReadParam('sBrickId', ''); + $sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', ''); if (!empty($sBrickId)) { - $oBrick = $oBrickCollection->GetBrickById($sBrickId); + $oBrick = $this->oBrickCollection->GetBrickById($sBrickId); if ($oBrick !== null) { $aData['oBrick'] = $oBrick; } @@ -256,17 +255,6 @@ class ObjectController extends BrickController */ public function EditAction(Request $oRequest, $sObjectClass, $sObjectId) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */ - $oObjectFormHandler = $this->get('object_form_handler'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - /** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */ - $oBrickCollection = $this->get('brick_collection'); - // Checking parameters if ($sObjectClass === '' || $sObjectId === '') { @@ -277,7 +265,7 @@ class ObjectController extends BrickController // Checking security layers // Warning : This is a dirty quick fix to allow editing its own contact information $bAllowWrite = ($sObjectClass === 'Person' && $sObjectId == UserRights::GetContactId()); - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId) && !$bAllowWrite) + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId) && !$bAllowWrite) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to modify '.$sObjectClass.'::'.$sObjectId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); @@ -285,7 +273,7 @@ class ObjectController extends BrickController // Retrieving object $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, - $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); + $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); if ($oObject === null) { // We should never be there as the secuirty helper makes sure that the object exists, but just in case. @@ -293,10 +281,10 @@ class ObjectController extends BrickController throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } - $sOperation = $oRequestManipulator->ReadParam('operation', ''); + $sOperation = $this->oRequestManipulator->ReadParam('operation', ''); $aData = array('sMode' => 'edit'); - $aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId); + $aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId); $aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Edit:Title', MetaModel::GetName($sObjectClass), $aData['form']['object_name']); @@ -316,10 +304,10 @@ class ObjectController extends BrickController else { // Adding brick if it was passed - $sBrickId = $oRequestManipulator->ReadParam('sBrickId', ''); + $sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', ''); if (!empty($sBrickId)) { - $oBrick = $oBrickCollection->GetBrickById($sBrickId); + $oBrick = $this->oBrickCollection->GetBrickById($sBrickId); if ($oBrick !== null) { $aData['oBrick'] = $oBrick; @@ -436,19 +424,6 @@ class ObjectController extends BrickController /** @var array $aCombodoPortalInstanceConf */ $aCombodoPortalInstanceConf = $this->getParameter('combodo.portal.instance.conf'); - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */ - $oUrlGenerator = $this->get('url_generator'); - /** @var \Combodo\iTop\Portal\Helper\NavigationRuleHelper $oNavigationRuleHelper */ - $oNavigationRuleHelper = $this->get('navigation_rule_helper'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */ - $oObjectFormHandler = $this->get('object_form_handler'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - // Checking parameters if ($sObjectClass === '' || $sObjectId === '' || $sStimulusCode === '') { @@ -458,18 +433,18 @@ class ObjectController extends BrickController } // Checking security layers - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_MODIFY, $sObjectClass, $sObjectId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to modify '.$sObjectClass.'::'.$sObjectId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } - if (!$oSecurityHelper->IsStimulusAllowed($sStimulusCode, $sObjectClass)) + if (!$this->oSecurityHelper->IsStimulusAllowed($sStimulusCode, $sObjectClass)) { throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } // Retrieving object - $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); + $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass)); if ($oObject === null) { // We should never be there as the secuirty helper makes sure that the object exists, but just in case. @@ -478,7 +453,7 @@ class ObjectController extends BrickController } // Retrieving request parameters - $sOperation = $oRequestManipulator->ReadParam('operation', ''); + $sOperation = $this->oRequestManipulator->ReadParam('operation', ''); // Retrieving form properties $aStimuliForms = ApplicationHelper::GetLoadedFormFromClass($aCombodoPortalInstanceConf['forms'], $sObjectClass, 'apply_stimulus'); @@ -505,7 +480,7 @@ class ObjectController extends BrickController $oRequest->request->set('apply_stimulus', array('code' => $sStimulusCode)); $aData = array('sMode' => 'apply_stimulus'); - $aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties); + $aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties); $aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Stimulus:Title'); // TODO : This is a ugly patch to avoid showing a modal with a readonly form to the user as it would prevent user from finishing the transition. @@ -523,12 +498,12 @@ class ObjectController extends BrickController $oSubRequest->request->set('formmanager_data', json_encode($aData['form']['formmanager_data'])); $aData = array('sMode' => 'apply_stimulus'); - $aData['form'] = $oObjectFormHandler->HandleForm($oSubRequest, $aData['sMode'], $sObjectClass, $sObjectId, + $aData['form'] = $this->oObjectFormHandler->HandleForm($oSubRequest, $aData['sMode'], $sObjectClass, $sObjectId, $aFormProperties); // Reload the object to make sure we have it in a clean state $oObject->Reload(true); - $aNavigationRules = $oNavigationRuleHelper->PrepareRulesForForm($aFormProperties, $oObject, true); + $aNavigationRules = $this->oNavigationRuleHelper->PrepareRulesForForm($aFormProperties, $oObject, true); // Redefining the array to be as simple as possible : $aData = array( @@ -585,16 +560,6 @@ class ObjectController extends BrickController */ public function SearchAutocompleteAction(Request $oRequest, $sTargetAttCode, $sHostObjectClass, $sHostObjectId = null) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ContextManipulatorHelper $oContextManipulator */ - $oContextManipulator = $this->get('context_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oFormHandlerHelper */ - $oFormHandlerHelper = $this->get('object_form_handler'); $aData = array( 'results' => array( @@ -618,7 +583,7 @@ class ObjectController extends BrickController $sFieldId = $aRequestContent['sFieldId']; // Checking security layers - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId)) + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : Could not load object '.$sHostObjectClass.'::'.$sHostObjectId.'.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); @@ -637,10 +602,10 @@ class ObjectController extends BrickController // // Note : The action rules must be a base64-encoded JSON object, this is just so users are tempted to changes values. // But it would not be a security issue as it only presets values in the form. - $sActionRulesToken = $oRequestManipulator->ReadParam('ar_token', ''); - $aActionRules = (!empty($sActionRulesToken)) ? $oContextManipulator->DecodeRulesToken($sActionRulesToken) : array(); + $sActionRulesToken = $this->oRequestManipulator->ReadParam('ar_token', ''); + $aActionRules = (!empty($sActionRulesToken)) ? $this->oContextManipulator->DecodeRulesToken($sActionRulesToken) : array(); // Preparing object - $oContextManipulator->PrepareObject($aActionRules, $oHostObject); + $this->oContextManipulator->PrepareObject($aActionRules, $oHostObject); } // Updating host object with form data / values @@ -649,14 +614,14 @@ class ObjectController extends BrickController if (!empty($sFormManagerClass) && !empty($sFormManagerData)) { /** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */ $oFormManager = $sFormManagerClass::FromJSON($sFormManagerData); - $oFormManager->SetObjectFormHandlerHelper($oFormHandlerHelper); + $oFormManager->SetObjectFormHandlerHelper($this->oFormHandlerHelper); $oFormManager->SetObject($oHostObject); // Applying action rules if present if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== '')) { $aActionRules = ContextManipulatorHelper::DecodeRulesToken($oFormManager->GetActionRulesToken()); $oObj = $oFormManager->GetObject(); - $oContextManipulator->PrepareObject($aActionRules, $oObj); + $this->oContextManipulator->PrepareObject($aActionRules, $oObj); $oFormManager->SetObject($oObj); } @@ -700,7 +665,7 @@ class ObjectController extends BrickController // It is the responsibility of the template designer to write the right query so the user see only what he should. if ($oTargetAttDef->GetEditClass() !== 'CustomFields') { - $oScopeSearch = $oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ); + $oScopeSearch = $this->oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ); $oSearch = $oSearch->Intersect($oScopeSearch); // - Allowing all data if necessary if ($oScopeSearch->IsAllDataAllowed()) @@ -765,27 +730,16 @@ class ObjectController extends BrickController /** @var array $aCombodoPortalInstanceConf */ $aCombodoPortalInstanceConf = $this->getParameter('combodo.portal.instance.conf'); - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ContextManipulatorHelper $oContextManipulator */ - $oContextManipulator = $this->get('context_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oFormHandlerHelper */ - $oFormHandlerHelper = $this->get('object_form_handler'); - $aData = array( 'sMode' => 'search_regular', 'sTargetAttCode' => $sTargetAttCode, 'sHostObjectClass' => $sHostObjectClass, 'sHostObjectId' => $sHostObjectId, - 'sActionRulesToken' => $oRequestManipulator->ReadParam('ar_token', ''), + 'sActionRulesToken' => $this->oRequestManipulator->ReadParam('ar_token', ''), ); // Checking security layers - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId)) + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostObjectClass, $sHostObjectId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to read '.$sHostObjectClass.'::'.$sHostObjectId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); @@ -806,41 +760,41 @@ class ObjectController extends BrickController // But it would not be a security issue as it only presets values in the form. $aActionRules = !empty($aData['sActionRulesToken']) ? ContextManipulatorHelper::DecodeRulesToken($aData['sActionRulesToken']) : array(); // Preparing object - $oContextManipulator->PrepareObject($aActionRules, $oHostObject); + $this->oContextManipulator->PrepareObject($aActionRules, $oHostObject); } // Updating host object with form data / values - $sFormManagerClass = $oRequestManipulator->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW); - $sFormManagerData = $oRequestManipulator->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW); + $sFormManagerClass = $this->oRequestManipulator->ReadParam('formmanager_class', '', FILTER_UNSAFE_RAW); + $sFormManagerData = $this->oRequestManipulator->ReadParam('formmanager_data', '', FILTER_UNSAFE_RAW); if (!empty($sFormManagerClass) && !empty($sFormManagerData)) { /** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */ $oFormManager = $sFormManagerClass::FromJSON($sFormManagerData); - $oFormManager->SetObjectFormHandlerHelper($oFormHandlerHelper); + $oFormManager->SetObjectFormHandlerHelper($this->oFormHandlerHelper); $oFormManager->SetObject($oHostObject); // Applying action rules if present if (($oFormManager->GetActionRulesToken() !== null) && ($oFormManager->GetActionRulesToken() !== '')) { $aActionRules = ContextManipulatorHelper::DecodeRulesToken($oFormManager->GetActionRulesToken()); $oObj = $oFormManager->GetObject(); - $oContextManipulator->PrepareObject($aActionRules, $oObj); + $this->oContextManipulator->PrepareObject($aActionRules, $oObj); $oFormManager->SetObject($oObj); } // Updating host object $oFormManager->OnUpdate(array( - 'currentValues' => $oRequestManipulator->ReadParam('current_values', array(), FILTER_UNSAFE_RAW), + 'currentValues' => $this->oRequestManipulator->ReadParam('current_values', array(), FILTER_UNSAFE_RAW), )); $oHostObject = $oFormManager->GetObject(); } // Retrieving request parameters - $iPageNumber = $oRequestManipulator->ReadParam('iPageNumber', static::DEFAULT_PAGE_NUMBER, FILTER_SANITIZE_NUMBER_INT); - $iListLength = $oRequestManipulator->ReadParam('iListLength', static::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT); - $bInitialPass = $oRequestManipulator->HasParam('draw') ? false : true; - $sQuery = $oRequestManipulator->ReadParam('sSearchValue', ''); - $sFormPath = $oRequestManipulator->ReadParam('sFormPath', ''); - $sFieldId = $oRequestManipulator->ReadParam('sFieldId', ''); - $aObjectIdsToIgnore = $oRequestManipulator->ReadParam('aObjectIdsToIgnore', null, FILTER_UNSAFE_RAW); + $iPageNumber = $this->oRequestManipulator->ReadParam('iPageNumber', static::DEFAULT_PAGE_NUMBER, FILTER_SANITIZE_NUMBER_INT); + $iListLength = $this->oRequestManipulator->ReadParam('iListLength', static::DEFAULT_LIST_LENGTH, FILTER_SANITIZE_NUMBER_INT); + $bInitialPass = $this->oRequestManipulator->HasParam('draw') ? false : true; + $sQuery = $this->oRequestManipulator->ReadParam('sSearchValue', ''); + $sFormPath = $this->oRequestManipulator->ReadParam('sFormPath', ''); + $sFieldId = $this->oRequestManipulator->ReadParam('sFieldId', ''); + $aObjectIdsToIgnore = $this->oRequestManipulator->ReadParam('aObjectIdsToIgnore', null, FILTER_UNSAFE_RAW); // Building search query // - Retrieving target object class from attcode @@ -889,7 +843,7 @@ class ObjectController extends BrickController // - Retrieving scope search // Note : This do NOT apply to custom fields as the portal administrator is not supposed to know which objects will be put in the templates. // It is the responsibility of the template designer to write the right query so the user see only what he should. - $oScopeSearch = $oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ); + $oScopeSearch = $this->oScopeValidator->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sTargetObjectClass, UR_ACTION_READ); $aInternalParams = array(); if (($oScopeSearch === null) && ($oTargetAttDef->GetEditClass() !== 'CustomFields')) { @@ -1083,12 +1037,6 @@ class ObjectController extends BrickController */ public function DocumentAction(Request $oRequest, $sOperation = null) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); // Setting default operation if ($sOperation === null) @@ -1097,9 +1045,9 @@ class ObjectController extends BrickController } // Retrieving ormDocument's host object - $sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', ''); - $sObjectId = $oRequestManipulator->ReadParam('sObjectId', ''); - $sObjectField = $oRequestManipulator->ReadParam('sObjectField', ''); + $sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', ''); + $sObjectId = $this->oRequestManipulator->ReadParam('sObjectId', ''); + $sObjectField = $this->oRequestManipulator->ReadParam('sObjectField', ''); $bCheckSecurity = true; // When reaching to an Attachment, we have to check security on its host object instead of the Attachment itself @@ -1114,7 +1062,7 @@ class ObjectController extends BrickController $sHostId = $oAttachment->Get('item_id'); // Attachments could be linked to host objects without an org_id. Retrieving the attachment would fail if enforced silos are based on org_id - if($oAttachment->Get('item_org_id') === 0 && ($sHostId > 0) && $oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) { + if($oAttachment->Get('item_org_id') === 0 && ($sHostId > 0) && $this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) { $bCheckSecurity = false; } @@ -1132,14 +1080,14 @@ class ObjectController extends BrickController // Checking security layers // Note: Checking if host object already exists as we can try to download document from an object that is being created - if (($bCheckSecurity === true) && ($sHostId > 0) && !$oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) + if (($bCheckSecurity === true) && ($sHostId > 0) && !$this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sHostClass, $sHostId)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to retrieve document from attribute '.$sObjectField.' as it not allowed to read '.$sHostClass.'::'.$sHostId.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } // Retrieving object - $bAllowAllDataFlag = ($bCheckSecurity === false) ? true : $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass); + $bAllowAllDataFlag = ($bCheckSecurity === false) ? true : $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sHostClass); $oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* Must not be found */, $bAllowAllDataFlag); if ($oObject === null) { @@ -1156,7 +1104,7 @@ class ObjectController extends BrickController } else { - $iCacheSec = $oRequestManipulator->ReadParam('cache', 0, FILTER_SANITIZE_NUMBER_INT); + $iCacheSec = $this->oRequestManipulator->ReadParam('cache', 0, FILTER_SANITIZE_NUMBER_INT); } $aHeaders = array(); @@ -1204,11 +1152,6 @@ class ObjectController extends BrickController */ public function AttachmentAction(Request $oRequest, $sOperation = null) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */ - $oUrlGenerator = $this->get('url_generator'); - $aData = array( 'att_id' => 0, 'preview' => false, @@ -1218,14 +1161,14 @@ class ObjectController extends BrickController // Retrieving sOperation from request only if it wasn't forced (determined by the route) if ($sOperation === null) { - $sOperation = $oRequestManipulator->ReadParam('operation', null); + $sOperation = $this->oRequestManipulator->ReadParam('operation', null); } switch ($sOperation) { case 'add': - $sFieldName = $oRequestManipulator->ReadParam('field_name', ''); - $sObjectClass = $oRequestManipulator->ReadParam('object_class', ''); - $sTempId = $oRequestManipulator->ReadParam('temp_id', ''); + $sFieldName = $this->oRequestManipulator->ReadParam('field_name', ''); + $sObjectClass = $this->oRequestManipulator->ReadParam('object_class', ''); + $sTempId = $this->oRequestManipulator->ReadParam('temp_id', ''); if (empty($sObjectClass) || empty($sTempId)) { @@ -1277,7 +1220,7 @@ class ObjectController extends BrickController // - Route $aRouteParams = array( 'sObjectClass' => 'Attachment', - 'sObjectId' => $oRequestManipulator->ReadParam('sAttachmentId', null), + 'sObjectId' => $this->oRequestManipulator->ReadParam('sAttachmentId', null), 'sObjectField' => 'contents', ); @@ -1313,17 +1256,13 @@ class ObjectController extends BrickController */ public function GetInformationAsJsonAction(Request $oRequest) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); $aData = array(); // Retrieving parameters - $sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', ''); - $aObjectIds = $oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW); - $aObjectAttCodes = $oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW); + $sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', ''); + $aObjectIds = $this->oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW); + $aObjectAttCodes = $this->oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW); if (empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes)) { IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass, aObjectIds and aObjectAttCodes expected, "'.$sObjectClass.'", "'.implode('/', $aObjectIds).'" given.'); @@ -1331,7 +1270,7 @@ class ObjectController extends BrickController } // Building the search - $bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass); + $bIgnoreSilos = $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass); $aParams = array('objects_id' => $aObjectIds); $oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)"); if ($bIgnoreSilos === true) { @@ -1371,11 +1310,6 @@ class ObjectController extends BrickController */ public function GetInformationForLinkedSetAsJsonAction(Request $oRequest) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeValidator */ - $oScopeValidator = $this->get('scope_validator'); - // Data array $aData = array( 'js_inline' => '', @@ -1383,12 +1317,12 @@ class ObjectController extends BrickController ); // Retrieving parameters - $sObjectClass = $oRequestManipulator->ReadParam('sObjectClass', ''); - $sLinkClass = $oRequestManipulator->ReadParam('sLinkClass', ''); - $aObjectIds = $oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW); - $aObjectAttCodes = $oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW); - $aLinkAttCodes = $oRequestManipulator->ReadParam('aLinkAttCodes', array(), FILTER_UNSAFE_RAW); - $sDateTimePickerWidgetParent = $oRequestManipulator->ReadParam('sDateTimePickerWidgetParent', array(), FILTER_UNSAFE_RAW); + $sObjectClass = $this->oRequestManipulator->ReadParam('sObjectClass', ''); + $sLinkClass = $this->oRequestManipulator->ReadParam('sLinkClass', ''); + $aObjectIds = $this->oRequestManipulator->ReadParam('aObjectIds', array(), FILTER_UNSAFE_RAW); + $aObjectAttCodes = $this->oRequestManipulator->ReadParam('aObjectAttCodes', array(), FILTER_UNSAFE_RAW); + $aLinkAttCodes = $this->oRequestManipulator->ReadParam('aLinkAttCodes', array(), FILTER_UNSAFE_RAW); + $sDateTimePickerWidgetParent = $this->oRequestManipulator->ReadParam('sDateTimePickerWidgetParent', array(), FILTER_UNSAFE_RAW); if (empty($sObjectClass) || empty($aObjectIds) || empty($aObjectAttCodes)) { IssueLog::Info(__METHOD__.' at line '.__LINE__.' : sObjectClass, aObjectIds and aObjectAttCodes expected, "'.$sObjectClass.'", "'.implode('/', @@ -1397,7 +1331,7 @@ class ObjectController extends BrickController } // Building the search - $bIgnoreSilos = $oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass); + $bIgnoreSilos = $this->oScopeValidator->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass); $aParams = array('objects_id' => $aObjectIds); $oSearch = DBObjectSearch::FromOQL("SELECT $sObjectClass WHERE id IN (:objects_id)"); if ($bIgnoreSilos === true) @@ -1460,11 +1394,6 @@ class ObjectController extends BrickController */ protected function PrepareObjectInformation(DBObject $oObject, $aAttCodes = array()) { - /** @var \Combodo\iTop\Portal\Routing\UrlGenerator $oUrlGenerator */ - $oUrlGenerator = $this->get('url_generator'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - $sObjectClass = get_class($oObject); $aObjectData = array( 'id' => $oObject->GetKey(), @@ -1496,9 +1425,9 @@ class ObjectController extends BrickController $aAttData['value'] = $oObject->GetAsHTML($oAttDef->GetCode().'_friendlyname'); // Checking if user can access object's external key - if ($oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $oAttDef->GetTargetClass())) + if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $oAttDef->GetTargetClass())) { - $aAttData['url'] = $oUrlGenerator->generate('p_object_view', + $aAttData['url'] = $this->oUrlGenerator->generate('p_object_view', array('sObjectClass' => $oAttDef->GetTargetClass(), 'sObjectId' => $oObject->Get($oAttDef->GetCode()))); } } @@ -1513,7 +1442,7 @@ class ObjectController extends BrickController $oOrmDoc = $oObject->Get($oAttDef->GetCode()); if (is_object($oOrmDoc) && !$oOrmDoc->IsEmpty()) { - $sUrl = $oUrlGenerator->generate('p_object_document_display', [ + $sUrl = $this->oUrlGenerator->generate('p_object_document_display', [ 'sObjectClass' => get_class($oObject), 'sObjectId' => $oObject->GetKey(), 'sObjectField' => $oAttDef->GetCode(), @@ -1537,9 +1466,9 @@ class ObjectController extends BrickController if ($oAttDef instanceof AttributeFriendlyName) { // Checking if user can access object - if ($oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass)) + if ($this->oSecurityHelper->IsActionAllowed(UR_ACTION_READ, $sObjectClass)) { - $aAttData['url'] = $oUrlGenerator->generate('p_object_view', + $aAttData['url'] = $this->oUrlGenerator->generate('p_object_view', array('sObjectClass' => $sObjectClass, 'sObjectId' => $oObject->GetKey())); } } @@ -1569,26 +1498,17 @@ class ObjectController extends BrickController */ protected function DisplayCreationForm(Request $oRequest, $sObjectClass) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\ObjectFormHandlerHelper $oObjectFormHandler */ - $oObjectFormHandler = $this->get('object_form_handler'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */ - $oBrickCollection = $this->get('brick_collection'); - // Checking security layers - if (!$oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sObjectClass)) + if (!$this->oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sObjectClass)) { IssueLog::Warning(__METHOD__.' at line '.__LINE__.' : User #'.UserRights::GetUserId().' not allowed to create '.$sObjectClass.' object.'); throw new HttpException(Response::HTTP_NOT_FOUND, Dict::S('UI:ObjectDoesNotExist')); } - $sOperation = $oRequestManipulator->ReadParam('operation', ''); + $sOperation = $this->oRequestManipulator->ReadParam('operation', ''); $aData = array('sMode' => 'create'); - $aData['form'] = $oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass); + $aData['form'] = $this->oObjectFormHandler->HandleForm($oRequest, $aData['sMode'], $sObjectClass); $aData['form']['title'] = Dict::Format('Brick:Portal:Object:Form:Create:Title', MetaModel::GetName($sObjectClass)); // Preparing response @@ -1607,10 +1527,10 @@ class ObjectController extends BrickController else { // Adding brick if it was passed - $sBrickId = $oRequestManipulator->ReadParam('sBrickId', ''); + $sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', ''); if (!empty($sBrickId)) { - $oBrick = $oBrickCollection->GetBrickById($sBrickId); + $oBrick = $this->oBrickCollection->GetBrickById($sBrickId); if ($oBrick !== null) { $aData['oBrick'] = $oBrick; @@ -1639,25 +1559,18 @@ class ObjectController extends BrickController */ protected function DisplayLeafClassesForm($sObjectClass) { - /** @var \Combodo\iTop\Portal\Helper\RequestManipulatorHelper $oRequestManipulator */ - $oRequestManipulator = $this->get('request_manipulator'); - /** @var \Combodo\iTop\Portal\Helper\SecurityHelper $oSecurityHelper */ - $oSecurityHelper = $this->get('security_helper'); - /** @var \Combodo\iTop\Portal\Brick\BrickCollection $oBrickCollection */ - $oBrickCollection = $this->get('brick_collection'); - $aData = array( 'aLeafClasses' => array(), 'sPageTitle' => Dict::Format('Brick:Portal:Object:Form:Create:Title', MetaModel::GetName($sObjectClass)), 'sLeafClassesListId' => 'leaf_classes_list_' . uniqid(), - 'ar_token' => $oRequestManipulator->ReadParam('ar_token', ''), + 'ar_token' => $this->oRequestManipulator->ReadParam('ar_token', ''), ); $sTemplatePath = CreateBrick::DEFAULT_PAGE_TEMPLATE_PATH; - $sBrickId = $oRequestManipulator->ReadParam('sBrickId', ''); + $sBrickId = $this->oRequestManipulator->ReadParam('sBrickId', ''); if (!empty($sBrickId)) { - $oBrick = $oBrickCollection->GetBrickById($sBrickId); + $oBrick = $this->oBrickCollection->GetBrickById($sBrickId); $sTemplatePath = $oBrick->GetPageTemplatePath(); $aData['sBrickId'] = $sBrickId; @@ -1669,7 +1582,7 @@ class ObjectController extends BrickController $aChildClasses = MetaModel::EnumChildClasses($sObjectClass); foreach ($aChildClasses as $sChildClass) { - if (!MetaModel::IsAbstract($sChildClass) && $oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sChildClass)) + if (!MetaModel::IsAbstract($sChildClass) && $this->oSecurityHelper->IsActionAllowed(UR_ACTION_CREATE, $sChildClass)) { $aLeafClasses[] = array( 'id' => $sChildClass,