composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-13 07:24:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

#736 Could not delete objects unless you are authorized to bulk delete -reintegrated from trunk

Browse Source 
SVN:2.0.1[2770]
This commit is contained in:
Romain Quetiez
2013-06-07 07:32:38 +00:00
parent 1ce8046c46
commit ae6e0c5242
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dictionaries/dictionary.itop.ui.php
View File

@@ -754,7 +754,7 @@ Dict::Add('EN US', 'English', 'English', array(
'UI:Apply_Stimulus_On_Object_In_State_ToTarget_State' => 'Applying %1$s on object: %2$s in state %3$s to target state: %4$s.',
'UI:ObjectCouldNotBeWritten' => 'The object could not be written: %1$s',
'UI:PageTitle:FatalError' => 'iTop - Fatal Error',
'UI:SystemIntrusion' => 'Access denied. You have trying to perform an operation that is not allowed for you.',
'UI:SystemIntrusion' => 'Access denied. You have requested an operation that is not allowed for you.',
'UI:FatalErrorMessage' => 'Fatal error, iTop cannot continue.',
'UI:Error_Details' => 'Error: %1$s.',

20
pages/UI.php
View File

@@ -938,9 +938,9 @@ try
$id = utils::ReadParam('id', '');
$oObj = MetaModel::GetObject($sClass, $id);
$aObjects[] = $oObj;
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, DBObjectSet::FromObject($oObj)))
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_DELETE, DBObjectSet::FromObject($oObj)))
{
throw new SecurityException(Dict::Format('UI:Error:DeleteNotAllowedOn_Class', $sClass));
throw new SecurityException(Dict::Format('UI:Error:DeleteNotAllowedOn_Class', $sClassLabel));
}
}
else
@@ -957,11 +957,21 @@ try
{
$aObjects[] = MetaModel::GetObject($sClass, $iId);
}
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_BULK_DELETE, DBObjectSet::FromArray($sClass, $aObjects)))
if (count($aObjects) == 1)
{
throw new SecurityException(Dict::Format('UI:Error:BulkDeleteNotAllowedOn_Class', $sClass));
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_DELETE, DBObjectSet::FromArray($sClass, $aObjects)))
{
throw new SecurityException(Dict::Format('UI:Error:BulkDeleteNotAllowedOn_Class', $sClassLabel));
}
}
else
{
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_BULK_DELETE, DBObjectSet::FromArray($sClass, $aObjects)))
{
throw new SecurityException(Dict::Format('UI:Error:BulkDeleteNotAllowedOn_Class', $sClassLabel));
}
$oP->set_title(Dict::S('UI:BulkDeletePageTitle'));
}
$oP->set_title(Dict::S('UI:BulkDeletePageTitle'));
}
// Go for the common part... (delete single, delete bulk, delete confirmed)
cmdbAbstractObject::DeleteObjects($oP, $sClass, $aObjects, ($operation != 'bulk_delete_confirmed'), 'bulk_delete_confirmed');