diff --git a/datamodels/2.x/itop-portal-base/portal/src/DependencyInjection/SilexCompatBootstrap/PortalXmlConfiguration/Basic.php b/datamodels/2.x/itop-portal-base/portal/src/DependencyInjection/SilexCompatBootstrap/PortalXmlConfiguration/Basic.php
index 2800d62ca..0011fc5ce 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/DependencyInjection/SilexCompatBootstrap/PortalXmlConfiguration/Basic.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/DependencyInjection/SilexCompatBootstrap/PortalXmlConfiguration/Basic.php
@@ -22,13 +22,12 @@
namespace Combodo\iTop\Portal\DependencyInjection\SilexCompatBootstrap\PortalXmlConfiguration;
use Combodo\iTop\DesignElement;
-use iPortalUIExtension;
-use Symfony\Component\DependencyInjection\Container;
-use Exception;
-use utils;
-use UserRights;
-use MetaModel;
use DOMFormatException;
+use Exception;
+use iPortalUIExtension;
+use MetaModel;
+use Symfony\Component\DependencyInjection\Container;
+use utils;
/**
* Class Basic
@@ -55,8 +54,6 @@ class Basic extends AbstractConfiguration
$aPortalConf = $this->ParseGlobalProperties($aPortalConf);
// - Rectifying portal logo url
$aPortalConf = $this->AppendLogoUri($aPortalConf);
- // - User allowed portals
- $aPortalConf['portals'] = UserRights::GetAllowedPortals();
// - class list
$aPortalConf['ui_extensions'] = $this->GetUiExtensions($oContainer);
@@ -99,7 +96,6 @@ class Basic extends AbstractConfiguration
'opening_mode' => null,
),
),
- 'portals' => array(),
'forms' => array(),
'ui_extensions' => array(
'css_files' => array(),
@@ -148,7 +144,7 @@ class Basic extends AbstractConfiguration
$aPortalConf = $this->ParseAttachments($aPortalConf, $oPropertyNode);
break;
case 'allowed_portals':
- $aPortalConf = $this->ParseAllowedPortals($aPortalConf, $oPropertyNode);
+ $aPortalConf = $this->ParseAllowedPortalsOptions($aPortalConf, $oPropertyNode);
break;
}
}
@@ -247,7 +243,7 @@ class Basic extends AbstractConfiguration
*
* @return array
*/
- private function ParseAllowedPortals(array $aPortalConf, DesignElement $oPropertyNode)
+ private function ParseAllowedPortalsOptions(array $aPortalConf, DesignElement $oPropertyNode)
{
/** @var \MFElement $oSubNode */
foreach ($oPropertyNode->GetNodes('*') as $oSubNode)
diff --git a/datamodels/2.x/itop-portal-base/portal/src/EventListener/UserProvider.php b/datamodels/2.x/itop-portal-base/portal/src/EventListener/UserProvider.php
index f51ac8436..ccd487d10 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/EventListener/UserProvider.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/EventListener/UserProvider.php
@@ -21,14 +21,16 @@
namespace Combodo\iTop\Portal\EventListener;
+use Dict;
use Exception;
+use LoginWebPage;
+use ModuleDesign;
use Symfony\Component\DependencyInjection\ContainerAwareInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Dict;
-use LoginWebPage;
+use Symfony\Component\HttpKernel\Exception\HttpException;
use UserRights;
-use ModuleDesign;
/**
* Class UserProvider
@@ -38,9 +40,9 @@ use ModuleDesign;
*/
class UserProvider implements ContainerAwareInterface
{
- /** @var \ModuleDesign $oModuleDesign */
- private $oModuleDesign;
- /** @var string $sPortalId */
+ /** @var \ModuleDesign $oModuleDesign */
+ private $oModuleDesign;
+ /** @var string $sPortalId */
private $sPortalId;
/** @var \Symfony\Component\DependencyInjection\ContainerInterface $container */
private $oContainer;
@@ -51,42 +53,62 @@ class UserProvider implements ContainerAwareInterface
* @param \ModuleDesign $oModuleDesign
* @param string $sPortalId
*/
- public function __construct(ModuleDesign $oModuleDesign, $sPortalId)
- {
- $this->oModuleDesign = $oModuleDesign;
- $this->sPortalId = $sPortalId;
- }
+ public function __construct(ModuleDesign $oModuleDesign, $sPortalId)
+ {
+ $this->oModuleDesign = $oModuleDesign;
+ $this->sPortalId = $sPortalId;
+ }
/**
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $oGetResponseEvent
*
* @throws \Exception
*/
- public function onKernelRequest(GetResponseEvent $oGetResponseEvent)
- {
- // User pre-checks
- // Note: At this point the Exception handler is not registered, so we can't use $oApp::abort() method, hence the die().
- // - Checking user rights and prompt if needed (401 HTTP code returned if XHR request)
- $iExitMethod = ($oGetResponseEvent->getRequest()->isXmlHttpRequest()) ? LoginWebPage::EXIT_RETURN : LoginWebPage::EXIT_PROMPT;
- $iLogonRes = LoginWebPage::DoLoginEx($this->sPortalId, false, $iExitMethod);
- if( ($iExitMethod === LoginWebPage::EXIT_RETURN) && ($iLogonRes != 0) )
- {
- die(Dict::S('Portal:ErrorUserLoggedOut'));
- }
- // - User must be associated with a Contact
- if (UserRights::GetContactId() == 0)
- {
- die(Dict::S('Portal:ErrorNoContactForThisUser'));
- }
+ public function onKernelRequest(GetResponseEvent $oGetResponseEvent)
+ {
+ // User pre-checks
+ // Note: At this point the Exception handler is not registered, so we can't use $oApp::abort() method, hence the die().
+ // - Checking user rights and prompt if needed (401 HTTP code returned if XHR request)
+ $iExitMethod = ($oGetResponseEvent->getRequest()->isXmlHttpRequest()) ? LoginWebPage::EXIT_RETURN : LoginWebPage::EXIT_PROMPT;
+ $iLogonRes = LoginWebPage::DoLoginEx($this->sPortalId, false, $iExitMethod);
+ if( ($iExitMethod === LoginWebPage::EXIT_RETURN) && ($iLogonRes != 0) )
+ {
+ die(Dict::S('Portal:ErrorUserLoggedOut'));
+ }
+ // - User must be associated with a Contact
+ if (UserRights::GetContactId() == 0)
+ {
+ die(Dict::S('Portal:ErrorNoContactForThisUser'));
+ }
- // User
- $oUser = UserRights::GetUserObject();
- if ($oUser === null)
- {
- throw new Exception('Could not load connected user.');
- }
- $this->oContainer->set('combodo.current_user', $oUser);
- }
+ // User
+ $oUser = UserRights::GetUserObject();
+ if ($oUser === null)
+ {
+ throw new Exception('Could not load connected user.');
+ }
+ $this->oContainer->set('combodo.current_user', $oUser);
+
+ // Allowed portals
+ $aAllowedPortals = UserRights::GetAllowedPortals();
+
+ // Checking that user is allowed this portal
+ $bAllowed = false;
+ foreach ($aAllowedPortals as $aAllowedPortal)
+ {
+ if ($aAllowedPortal['id'] === $this->sPortalId)
+ {
+ $bAllowed = true;
+ break;
+ }
+ }
+ if (!$bAllowed)
+ {
+ throw new HttpException(Response::HTTP_NOT_FOUND);
+ }
+ /** @noinspection PhpParamsInspection It's an array and it's gonna stay that way */
+ $this->oContainer->set('combodo.current_user.allowed_portals', $aAllowedPortals);
+ }
/**
* Sets the container.
diff --git a/datamodels/2.x/itop-portal-base/portal/templates/layout.html.twig b/datamodels/2.x/itop-portal-base/portal/templates/layout.html.twig
index 004f04a02..a73d5d107 100644
--- a/datamodels/2.x/itop-portal-base/portal/templates/layout.html.twig
+++ b/datamodels/2.x/itop-portal-base/portal/templates/layout.html.twig
@@ -217,14 +217,14 @@
{% if bUserConnected %}
{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:MyProfil'|dict_s }}
- {% for aPortal in app['combodo.portal.instance.conf'].portals %}
+ {% for aPortal in app['combodo.current_user.allowed_portals'] %}
{% if aPortal.id != app['combodo.portal.instance.conf'].properties.id %}
{% set sIconClass = (aPortal.id == 'backoffice') ? 'far fa-list-alt' : 'fas fa-external-link-alt' %}
{{ aPortal.label|dict_s }}
{% endif %}
{% endfor %}
{# We display the separator only if the user has more then 1 portal. Meaning default portal + console or several portal at least #}
- {% if app['combodo.portal.instance.conf'].portals|length > 1 %}
+ {% if app['combodo.current_user.allowed_portals']|length > 1 %}
{% endif %}
{{ 'Brick:Portal:UserProfile:Navigation:Dropdown:Logout'|dict_s }}
@@ -256,14 +256,14 @@