mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-19 00:28:47 +02:00
Merge branch 'support/3.2' into develop
This commit is contained in:
odain
@@ -1921,50 +1921,45 @@ class UserRights
|
||||
*/
|
||||
protected static function FindUser($sLogin, $sAuthentication = 'any', $bAllowDisabledUsers = false)
|
||||
{
|
||||
if ($sAuthentication == 'any')
|
||||
{
|
||||
$oUser = self::FindUser($sLogin, 'internal');
|
||||
if ($oUser == null)
|
||||
{
|
||||
$oUser = self::FindUser($sLogin, 'external');
|
||||
if ($sAuthentication === 'any') {
|
||||
$oUser = self::FindUser($sLogin, 'internal', $bAllowDisabledUsers);
|
||||
if ($oUser !== null) {
|
||||
return $oUser;
|
||||
}
|
||||
|
||||
return self::FindUser($sLogin, 'external', $bAllowDisabledUsers);
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!isset(self::$m_aCacheUsers))
|
||||
{
|
||||
self::$m_aCacheUsers = array('internal' => array(), 'external' => array());
|
||||
}
|
||||
|
||||
if (!isset(self::$m_aCacheUsers[$sAuthentication][$sLogin]))
|
||||
{
|
||||
switch($sAuthentication)
|
||||
{
|
||||
case 'external':
|
||||
$sBaseClass = 'UserExternal';
|
||||
break;
|
||||
|
||||
case 'internal':
|
||||
$sBaseClass = 'UserInternal';
|
||||
break;
|
||||
|
||||
default:
|
||||
echo "<p>sAuthentication = $sAuthentication</p>\n";
|
||||
assert(false); // should never happen
|
||||
}
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT $sBaseClass WHERE login = :login");
|
||||
$oSearch->AllowAllData();
|
||||
if (!$bAllowDisabledUsers)
|
||||
{
|
||||
$oSearch->AddCondition('status', 'enabled');
|
||||
}
|
||||
$oSet = new DBObjectSet($oSearch, array(), array('login' => $sLogin));
|
||||
$oUser = $oSet->fetch();
|
||||
self::$m_aCacheUsers[$sAuthentication][$sLogin] = $oUser;
|
||||
}
|
||||
$oUser = self::$m_aCacheUsers[$sAuthentication][$sLogin];
|
||||
if (!isset(self::$m_aCacheUsers)) {
|
||||
self::$m_aCacheUsers = [ 'internal' => [], 'external' => [] ];
|
||||
}
|
||||
return $oUser;
|
||||
|
||||
if (! isset(self::$m_aCacheUsers[$sAuthentication]) || ! array_key_exists($sLogin, self::$m_aCacheUsers[$sAuthentication])) {
|
||||
switch($sAuthentication) {
|
||||
case 'external':
|
||||
$sBaseClass = 'UserExternal';
|
||||
break;
|
||||
|
||||
case 'internal':
|
||||
$sBaseClass = 'UserInternal';
|
||||
break;
|
||||
|
||||
default:
|
||||
echo "<p>sAuthentication = $sAuthentication</p>\n";
|
||||
assert(false); // should never happen
|
||||
}
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT $sBaseClass WHERE login = :login");
|
||||
$oSearch->AllowAllData();
|
||||
if (!$bAllowDisabledUsers) {
|
||||
$oSearch->AddCondition('status', 'enabled');
|
||||
}
|
||||
$oSet = new DBObjectSet($oSearch, array(), array('login' => $sLogin));
|
||||
$oUser = $oSet->fetch();
|
||||
|
||||
self::$m_aCacheUsers[$sAuthentication][$sLogin] = $oUser;
|
||||
}
|
||||
|
||||
return self::$m_aCacheUsers[$sAuthentication][$sLogin];
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -952,5 +952,22 @@ HTML
|
||||
</classes>
|
||||
</group>
|
||||
</groups>
|
||||
<profiles>
|
||||
<profile id="117" _delta="if_exists">
|
||||
<!-- SuperUser -->
|
||||
<groups>
|
||||
<group id="OauthConnection">
|
||||
<actions>
|
||||
<action id="action:read">allow</action>
|
||||
<action id="action:write">allow</action>
|
||||
<action id="action:delete">allow</action>
|
||||
<action id="action:bulk read">allow</action>
|
||||
<action id="action:bulk write">allow</action>
|
||||
<action id="action:bulk delete">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
</groups>
|
||||
</profile>
|
||||
</profiles>
|
||||
</user_rights>
|
||||
</itop_design>
|
||||
|
||||
@@ -183,8 +183,103 @@
|
||||
<class id="SynchroLog"/>
|
||||
</classes>
|
||||
</group>
|
||||
<group id="AdminSysReadOnly" _delta="define">
|
||||
<classes>
|
||||
<class id="ItopFenceLogin"/>
|
||||
</classes>
|
||||
</group>
|
||||
<group id="AdminSys" _delta="define">
|
||||
<classes>
|
||||
<class id="ResourceDesignerConnectorMenu"/>
|
||||
<class id="ResourceSystemMenu"/>
|
||||
<class id="RessourceHybridAuthMenu"/>
|
||||
</classes>
|
||||
</group>
|
||||
</groups>
|
||||
<profiles>
|
||||
<profile id="117" _delta="define">
|
||||
<name>SuperUser</name>
|
||||
<description>This profil allows all actions which are not Administrator restricted.</description>
|
||||
<groups>
|
||||
<group id="AdminTools">
|
||||
<actions>
|
||||
<action id="action:read">allow</action>
|
||||
<action id="action:write">allow</action>
|
||||
<action id="action:delete">allow</action>
|
||||
<action id="action:bulk read">allow</action>
|
||||
<action id="action:bulk write">allow</action>
|
||||
<action id="action:bulk delete">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="AdminSysReadOnly">
|
||||
<actions>
|
||||
<action id="action:read">allow</action>
|
||||
<action id="action:bulk read">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="AdminSys">
|
||||
<actions>
|
||||
<action id="action:read">allow</action>
|
||||
<action id="action:write">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="History">
|
||||
<actions>
|
||||
<action id="action:bulk read">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="*">
|
||||
<actions>
|
||||
<action id="action:read">allow</action>
|
||||
<action id="action:bulk read">allow</action>
|
||||
<action id="action:write">allow</action>
|
||||
<action id="action:bulk write">allow</action>
|
||||
<action id="action:delete">allow</action>
|
||||
<action id="action:bulk delete">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="UserRequest">
|
||||
<actions>
|
||||
<action id="stimulus:ev_approve">allow</action>
|
||||
<action id="stimulus:ev_assign">allow</action>
|
||||
<action id="stimulus:ev_close">allow</action>
|
||||
<action id="stimulus:ev_dispatch">allow</action>
|
||||
<action id="stimulus:ev_pending">allow</action>
|
||||
<action id="stimulus:ev_reassign">allow</action>
|
||||
<action id="stimulus:ev_reject">allow</action>
|
||||
<action id="stimulus:ev_reopen">allow</action>
|
||||
<action id="stimulus:ev_resolve">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="Incident">
|
||||
<actions>
|
||||
<action id="stimulus:ev_assign">allow</action>
|
||||
<action id="stimulus:ev_reassign">allow</action>
|
||||
<action id="stimulus:ev_resolve">allow</action>
|
||||
<action id="stimulus:ev_close">allow</action>
|
||||
<action id="stimulus:ev_pending">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="Change">
|
||||
<actions>
|
||||
<action id="stimulus:ev_approve">allow</action>
|
||||
<action id="stimulus:ev_assign">allow</action>
|
||||
<action id="stimulus:ev_finish">allow</action>
|
||||
<action id="stimulus:ev_plan">allow</action>
|
||||
<action id="stimulus:ev_reject">allow</action>
|
||||
<action id="stimulus:ev_reopen">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
<group id="Problem">
|
||||
<actions>
|
||||
<action id="stimulus:ev_reassign">allow</action>
|
||||
<action id="stimulus:ev_assign">allow</action>
|
||||
<action id="stimulus:ev_resolve">allow</action>
|
||||
<action id="stimulus:ev_close">allow</action>
|
||||
</actions>
|
||||
</group>
|
||||
</groups>
|
||||
</profile>
|
||||
<profile id="3" _delta="define">
|
||||
<name>Configuration Manager</name>
|
||||
<description>Person in charge of the documentation of the managed CIs</description>
|
||||
|
||||
@@ -488,4 +488,55 @@ class UserRightsTest extends ItopDataTestCase
|
||||
'with Admins hidden' => [true, 0],
|
||||
];
|
||||
}
|
||||
|
||||
public function testFindUser_ExistingInternalUser()
|
||||
{
|
||||
$sLogin = 'UserRightsFindUser'.uniqid();
|
||||
$iKey = $this->CreateUser($sLogin, self::$aURP_Profiles['Administrator'])->GetKey();
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
|
||||
$this->assertNotNull($oUser);
|
||||
$this->assertEquals($iKey, $oUser->GetKey());
|
||||
$this->assertEquals(\UserLocal::class, get_class($oUser));
|
||||
|
||||
$this->assertDBQueryCount(0, function() use ($sLogin, $iKey){
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
static::assertEquals($iKey, $oUser->GetKey());
|
||||
static::assertEquals(\UserLocal::class, get_class($oUser));
|
||||
});
|
||||
}
|
||||
|
||||
public function testFindUser_ExistingExternalUser()
|
||||
{
|
||||
$sLogin = 'UserRightsFindUser'.uniqid();
|
||||
|
||||
$iKey = $this->GivenObjectInDB(\UserExternal::class, [
|
||||
'login' => $sLogin,
|
||||
'language' => 'EN US',
|
||||
]);
|
||||
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
|
||||
$this->assertNotNull($oUser);
|
||||
$this->assertEquals($iKey, $oUser->GetKey());
|
||||
$this->assertEquals(\UserExternal::class, get_class($oUser));
|
||||
|
||||
$this->assertDBQueryCount(0, function() use ($sLogin, $iKey){
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
static::assertEquals($iKey, $oUser->GetKey());
|
||||
static::assertEquals(\UserExternal::class, get_class($oUser));
|
||||
});
|
||||
}
|
||||
|
||||
public function testFindUser_UnknownLogin_AvoidSameSqlQueryTwice()
|
||||
{
|
||||
$sLogin = 'UserRightsFindUser'.uniqid();
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
$this->assertNull($oUser);
|
||||
|
||||
$this->assertDBQueryCount(0, function() use ($sLogin){
|
||||
$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
|
||||
$this->assertNull($oUser);
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user