From e205d85728e7e79419fcc66b0ae84d46543d920f Mon Sep 17 00:00:00 2001 From: Pierre Goiffon Date: Wed, 30 May 2018 16:44:23 +0000 Subject: [PATCH] Portal : new helper method to add scope to a DbSearch (moved from existing one in ManageBrick) SVN:trunk[5822] --- .../managebrickcontroller.class.inc.php | 50 ++++++----------- .../scopevalidatorhelper.class.inc.php | 56 +++++++++++++++---- 2 files changed, 63 insertions(+), 43 deletions(-) diff --git a/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php b/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php index 23706fb482..ac812759ba 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php +++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php @@ -156,7 +156,9 @@ class ManageBrickController extends BrickController { $oQuery = DBSearch::FromOQL($oBrick->GetOql()); $sClass = $oQuery->GetClass(); - $this->AddScopeToQuery($oQuery, $oApp, $oBrick, $sClass); + /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeHelper */ + $oScopeHelper = $oApp['scope_validator']; + $oScopeHelper->AddScopeToQuery($oQuery, $sClass); $aData = array(); $this->ManageSearchValue($oRequest, $aData, $oQuery, $sClass); @@ -304,7 +306,11 @@ class ManageBrickController extends BrickController { $oConditionQuery = $oQuery->Intersect(DBSearch::FromOQL($aGroup['condition'])); // - Restricting query to scope - if ($this->AddScopeToQuery($oConditionQuery, $oApp, $oBrick, $oConditionQuery->GetClass())) + + /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeHelper */ + $oScopeHelper = $oApp['scope_validator']; + $bHasScope = $oScopeHelper->AddScopeToQuery($oConditionQuery, $oConditionQuery->GetClass()); + if ($bHasScope) { // - Building ObjectSet $oConditionSet = new DBObjectSet($oConditionQuery); @@ -421,7 +427,10 @@ class ManageBrickController extends BrickController // Restricting query to allowed scope on each classes // Note: Will need to moved the scope restriction on queries elsewhere when we consider grouping on something else than finalclass // Note: We now get view scope instead of edit scope as we allowed users to view/edit objects in the brick regarding their rights - if (!$this->AddScopeToQuery($oAreaQuery, $oApp, $oBrick, $aGroupingAreasValue['value'])) + /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeHelper */ + $oScopeHelper = $oApp['scope_validator']; + $bHasScope = $oScopeHelper->AddScopeToQuery($oAreaQuery, $aGroupingAreasValue['value']); + if (!$bHasScope) { // if no scope apply does not allow any data $oAreaQuery = null; @@ -796,7 +805,9 @@ class ManageBrickController extends BrickController $aGroupingTabsValues = array(); $aDistinctResults = array(); $oDistinctQuery = DBSearch::FromOQL($oBrick->GetOql()); - $bHasScope = $this->AddScopeToQuery($oDistinctQuery, $oApp, $oBrick, $oDistinctQuery->GetClass()); + /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeHelper */ + $oScopeHelper = $oApp['scope_validator']; + $bHasScope = $oScopeHelper->AddScopeToQuery($oDistinctQuery, $oDistinctQuery->GetClass()); if ($bHasScope) { // - Adding field condition @@ -903,35 +914,10 @@ class ManageBrickController extends BrickController protected function GetScopedQuery(Application $oApp, ManageBrick $oBrick, $sClass) { $oQuery = DBSearch::FromOQL($oBrick->GetOql()); - $this->AddScopeToQuery($oQuery, $oApp, $oBrick, $sClass); + /** @var \Combodo\iTop\Portal\Helper\ScopeValidatorHelper $oScopeHelper */ + $oScopeHelper = $oApp['scope_validator']; + $oScopeHelper->AddScopeToQuery($oQuery, $sClass); return $oQuery; } - - /** - * @param DBSearch $oQuery - * @param Application $oApp - * @param ManageBrick $oBrick - * @param string $sClass - * - * @return bool true if scope exists, false if scope is null - */ - protected function AddScopeToQuery(DBSearch &$oQuery, Application $oApp, ManageBrick $oBrick, $sClass) - { - $oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sClass, - UR_ACTION_READ); - if ($oScopeQuery !== null) - { - $oQuery = $oQuery->Intersect($oScopeQuery); - // - Allowing all data if necessary - if ($oScopeQuery->IsAllDataAllowed()) - { - $oQuery->AllowAllData(); - } - - return true; - } - - return false; - } } diff --git a/datamodels/2.x/itop-portal-base/portal/src/helpers/scopevalidatorhelper.class.inc.php b/datamodels/2.x/itop-portal-base/portal/src/helpers/scopevalidatorhelper.class.inc.php index 81f7bc8bc8..0dfe2e5788 100644 --- a/datamodels/2.x/itop-portal-base/portal/src/helpers/scopevalidatorhelper.class.inc.php +++ b/datamodels/2.x/itop-portal-base/portal/src/helpers/scopevalidatorhelper.class.inc.php @@ -19,15 +19,23 @@ namespace Combodo\iTop\Portal\Helper; -use Exception; -use DOMNodeList; -use DOMFormatException; -use utils; -use ProfilesConfig; -use MetaModel; use DBSearch; use DBUnionSearch; +use DOMFormatException; +use DOMNodeList; +use Exception; +use MetaModel; +use ProfilesConfig; +use UserRights; +use utils; +/** + * Class ScopeValidatorHelper + * + * Inside the portal this service is injected, get the instance using $oApp['scope_validator'] + * + * @package Combodo\iTop\Portal\Helper + */ class ScopeValidatorHelper { const ENUM_MODE_READ = 'r'; @@ -113,6 +121,7 @@ class ScopeValidatorHelper $this->sInstancePrefix = $sInstancePrefix; $this->sGeneratedClass = $this->sInstancePrefix . static::DEFAULT_GENERATED_CLASS; + return $this; } @@ -150,7 +159,7 @@ class ScopeValidatorHelper { throw new DOMFormatException('Class tag must have an id attribute.', null, null, $oClassNode); } - + // Iterating over scope nodes of the class $oScopesNode = $oClassNode->GetOptionalElement('scopes'); if ($oScopesNode !== null) @@ -213,7 +222,7 @@ class ScopeValidatorHelper { // Scope profile id $iProfileId = $this->GetProfileIdFromProfileName($sProfileName); - + // Now that we have the queries infos, we are going to build the queries for that profile / class $sMatrixPrefix = $iProfileId . '_' . $sClass . '_'; // - View query @@ -284,7 +293,7 @@ class ScopeValidatorHelper $aProfileClasses[] = $sClass; } } - + // Filling the array with missing classes from MetaModel, so we can have an inheritance principle on the scope // For each class explicitly given in the scopes, we check if its child classes were also in the scope : // If not, we add them with the same OQL @@ -493,7 +502,7 @@ class ScopeValidatorHelper { $iAction = UR_ACTION_READ; } - + // Iterating on profiles to retrieving the different OQLs parts foreach ($aProfiles as $sProfile) { @@ -539,10 +548,34 @@ class ScopeValidatorHelper { $oSearch->AllowAllData(); } - + return $oSearch; } + /** + * @param DBSearch $oQuery + * @param string $sClass + * + * @return bool true if scope exists, false if scope is null + */ + public function AddScopeToQuery(DBSearch &$oQuery, $sClass) + { + $oScopeQuery = $this->GetScopeFilterForProfiles(UserRights::ListProfiles(), $sClass, UR_ACTION_READ); + if ($oScopeQuery !== null) + { + $oQuery = $oQuery->Intersect($oScopeQuery); + // - Allowing all data if necessary + if ($oScopeQuery->IsAllDataAllowed()) + { + $oQuery->AllowAllData(); + } + + return true; + } + + return false; + } + /** * Returns true if at least one of the $aProfiles has the ignore_silos flag set to true for the $sClass. * @@ -665,6 +698,7 @@ class $sClassName } EOF; + return $sPHP; }