Improved user rights management: SELECT filtered on objects authorized for the current user (not yet fully implemented)

SVN:trunk[681]
2026-04-24 02:58:43 +02:00 · 2010-08-19 13:08:42 +00:00
parent 2387176142
commit b555f104df
12 changed files with 666 additions and 50 deletions
--- a/core/metamodel.class.php
+++ b/core/metamodel.class.php
@@ -1509,6 +1509,27 @@ abstract class MetaModel

 	public static function MakeSelectQuery(DBObjectSearch $oFilter, $aOrderBy = array(), $aArgs = array())
 	{
+		// Hide objects that are not visible to the current user
+		//
+		if (!$oFilter->IsAllDataAllowed())
+		{
+			$oVisibleObjects = UserRights::GetSelectFilter($oFilter->GetClass());
+			if ($oVisibleObjects === false)
+			{
+				// Make sure this is a valid search object, saying NO for all
+				$oVisibleObjects = DBObjectSearch::FromEmptySet($oFilter->GetClass());
+			}
+			if (is_object($oVisibleObjects))
+			{
+				$oFilter->MergeWith($oVisibleObjects);
+			}
+			else
+			{
+				// should be true at this point, meaning that no additional filtering
+				// is required
+			}
+		}
+
 		// Query caching
 		//
 		$bQueryCacheEnabled = true;