N°1232 Portal: Harmonize right checks for external url in forms

datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php

@@ -29,7 +29,6 @@ use CMDBSource;
 use Combodo\iTop\Form\Field\Field;
 use Combodo\iTop\Form\Field\FileUploadField;
 use Combodo\iTop\Form\Field\LabelField;
-use Combodo\iTop\Form\Field\SelectObjectField;
 use Combodo\iTop\Form\Form;
 use Combodo\iTop\Form\FormManager;
 use Combodo\iTop\Portal\Helper\ApplicationHelper;
@@ -827,20 +826,6 @@ class ObjectFormManager extends FormManager
 					else
 					{
 						$oField->SetReadOnly(true);
-
-						// Specific operation on field
-						// - SelectObjectField
-						if ($oField instanceof SelectObjectField)
-						{
-							// - Set if remote object can be accessed
-							if ($this->oContainer !== null && !$oAttDef->IsNull($oField->GetCurrentValue()) && !is_null($oField->GetSearch()))
-							{
-								$sRemoteObjectFieldClass = $oField->GetSearch()->GetClass();
-								$sRemoteObjectFieldId = $oField->GetCurrentValue();
-								$bIsRemoteObjectReadAllowed = $this->oContainer->get('security_helper')->IsActionAllowed(UR_ACTION_READ, $sRemoteObjectFieldClass, $sRemoteObjectFieldId);
-								$oField->SetRemoteObjectAccessible($bIsRemoteObjectReadAllowed);
-							}
-						}
 					}
 				}
 

sources/autoload.php

@@ -42,7 +42,6 @@ require_once APPROOT . 'sources/form/field/caselogfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/multiplechoicesfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/selectfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/multipleselectfield.class.inc.php';
-require_once APPROOT . 'sources/form/field/remoteobjectfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/selectobjectfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/checkboxfield.class.inc.php';
 require_once APPROOT . 'sources/form/field/radiofield.class.inc.php';

sources/form/field/remoteobjectfield.class.inc.php

@@ -1,66 +0,0 @@
-<?php
-
-/**
- * Copyright (C) 2013-2019 Combodo SARL
- *
- * This file is part of iTop.
- *
- * iTop is free software; you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * iTop is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- */
-
-
-namespace Combodo\iTop\Form\Field;
-
-use Closure;
-
-/**
- * Fields pointing to a remote object
- *
- * @author Guillaume Lajarige <guillaume.lajarige@combodo.com>
- * @since  2.7.0
- */
-abstract class RemoteObjectField extends Field
-{
-	/** @var bool DEFAULT_IS_REMOTE_OBJECT_ACCESSIBLE */
-	const DEFAULT_IS_REMOTE_OBJECT_ACCESSIBLE = true;
-
-	/** @var boolean $bIsRemoteObjectAccessible */
-	protected $bIsRemoteObjectAccessible;
-
-	/**
-	 * @inheritDoc
-	 */
-	public function __construct($sId, Closure $onFinalizeCallback = null)
-	{
-		parent::__construct($sId, $onFinalizeCallback);
-		$this->bIsRemoteObjectAccessible = static::DEFAULT_IS_REMOTE_OBJECT_ACCESSIBLE;
-	}
-
-	/**
-	 * Return true if the remote object pointed by this field is accessible
-	 *
-	 * @return boolean
-	 */
-	public function GetRemoteObjectAccessible()
-	{
-		return $this->bIsRemoteObjectAccessible;
-	}
-
-	/**
-	 * @param boolean $bIsRemoteObjectAccessible
-	 */
-	public function SetRemoteObjectAccessible($bIsRemoteObjectAccessible)
-	{
-		$this->bIsRemoteObjectAccessible = $bIsRemoteObjectAccessible;
-	}
-}

sources/form/field/selectobjectfield.class.inc.php

@@ -32,7 +32,7 @@ use ScalarExpression;
  *
  * @author Romain Quetiez <romain.quetiez@combodo.com>
  */
-class SelectObjectField extends RemoteObjectField
+class SelectObjectField extends Field
 {
 	protected $oSearch;
 	protected $iMaximumComboLength;
@@ -100,6 +100,7 @@ class SelectObjectField extends RemoteObjectField
 	 * Setting the value will automatically add/remove a MandatoryValidator to the Field
 	 *
 	 * @param boolean $bMandatory
+	 *
 	 * @return \Combodo\iTop\Form\Field\Field
 	 */
 	public function SetMandatory($bMandatory)
@@ -169,14 +170,15 @@ class SelectObjectField extends RemoteObjectField
 	 */
 	public function VerifyCurrentValue($bAlways = false)
 	{
-		if(!$this->GetReadOnly() || $bAlways)
+		if (!$this->GetReadOnly() || $bAlways)
 		{
 			$oValuesScope = $this->GetSearch()->DeepClone();
-			$oBinaryExp = new BinaryExpression(new FieldExpression('id', $oValuesScope->GetClassAlias()), '=', new ScalarExpression($this->currentValue));
+			$oBinaryExp = new BinaryExpression(new FieldExpression('id', $oValuesScope->GetClassAlias()), '=',
+				new ScalarExpression($this->currentValue));
 			$oValuesScope->AddConditionExpression($oBinaryExp);
 			$oValuesSet = new DBObjectSet($oValuesScope);
 
-			if($oValuesSet->Count() === 0)
+			if ($oValuesSet->Count() === 0)
 			{
 				$this->currentValue = null;
 			}

sources/renderer/bootstrap/fieldrenderer/bsselectobjectfieldrenderer.class.inc.php

@@ -329,9 +329,9 @@ EOF
 				// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
 				$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue(), true, true);
 				$sFieldHtmlValue = $oFieldValue->GetName();
-				if ($this->oField->GetRemoteObjectAccessible())
+				$sFieldUrl = ApplicationContext::MakeObjectUrl($sFieldValueClass, $this->oField->GetCurrentValue());
+				if(!empty($sFieldUrl))
 				{
-					$sFieldUrl = ApplicationContext::MakeObjectUrl($sFieldValueClass, $this->oField->GetCurrentValue());
 					$sFieldHtmlValue = '<a href="'.$sFieldUrl.'" data-toggle="itop-portal-modal">'.$sFieldHtmlValue.'</a>';
 				}
 			}