composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-17 22:39:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into odain

Browse Source
This commit is contained in:
odain
2026-04-08 20:24:22 +02:00
parent 2ec0931896 4afe06d370
commit e28addfd6d
302 changed files with 6640 additions and 3255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
sources/Controller/AjaxRenderController.php
View File

@@ -42,6 +42,7 @@ use RunTimeEnvironment;
use ScalarExpression;
use SetupUtils;
use UILinksWidget;
use UserRights;
use utils;
use WizardHelper;
@@ -71,6 +72,15 @@ class AjaxRenderController
$bShowObsoleteData = utils::ShowObsoleteData();
}
$oSet->SetShowObsoleteData($bShowObsoleteData);
// N°8606 : Check user permissions on the main class
if (
UserRights::IsActionAllowed($oSet->GetClass(), UR_ACTION_READ, $oSet) !== UR_ALLOWED_YES
&& ($aExtraParams['display_unauthorized_objects'] ?? false) === false
) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $oSet->GetClass()));
}
$iCount = 0;
if (isset($aExtraParams['object_count'])) {
$iCount = $aExtraParams['object_count'];
@@ -101,6 +111,14 @@ class AjaxRenderController
continue;
}
// N°8606 : Check user permissions on the current class
if (
UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) !== UR_ALLOWED_YES
&& ($aExtraParams['display_unauthorized_objects'] ?? false) === false
) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $sClass));
}
foreach ($aColumnsLoad[$sAlias] as $sAttCode) {
$aObj[$sAlias."/".$sAttCode] = $aObject[$sAlias]->GetAsHTML($sAttCode);
$bExcludeRawValue = false;

8
sources/Controller/Newsroom/iTopNewsroomController.php
View File

@@ -26,6 +26,7 @@ use CoreException;
use DBObjectSearch;
use DBObjectSet;
use Dict;
use EventNotificationNewsroom;
use MetaModel;
use SecurityException;
use UserRights;
@@ -361,6 +362,7 @@ JS
// Search for all notifications for the current user
$oSearch = DBObjectSearch::FromOQL('SELECT EventNotificationNewsroom');
$oSearch->AddCondition('contact_id', UserRights::GetContactId(), '=');
$oSearch->AllowAllData();
$oSet = new DBObjectSet($oSearch, ['read' => true, 'date' => false], []);
// Add main content block
@@ -529,6 +531,7 @@ JS
if (utils::IsNotNullOrEmptyString($iContactId)) {
$oSearch = DBObjectSearch::FromOQL('SELECT EventNotificationNewsroom WHERE contact_id = :contact_id AND read = "no"');
$oSearch->AllowAllData();
$oSet = new DBObjectSet($oSearch, [], ['contact_id' => $iContactId]);
while ($oMessage = $oSet->Fetch()) {
@@ -542,7 +545,7 @@ $sMessage
HTML;
$sIcon = $oMessage->Get('icon') !== null ?
$oMessage->Get('icon')->GetDisplayURL('EventNotificationNewsroom', $oMessage->GetKey(), 'icon') :
$oMessage->Get('icon')->GetDisplayURL(EventNotificationNewsroom::class, $oMessage->GetKey(), 'icon') :
Branding::GetCompactMainLogoAbsoluteUrl();
$aMessages[] = [
'id' => $oMessage->GetKey(),
@@ -579,6 +582,7 @@ HTML;
if (utils::IsNotNullOrEmptyString($iContactId)) {
$oSearch = DBObjectSearch::FromOQL('SELECT EventNotificationNewsroom WHERE contact_id = :contact_id AND read = "no"');
$oSearch->AllowAllData();
$oSet = new DBObjectSet($oSearch, [], ['contact_id' => $iContactId]);
while ($oEvent = $oSet->Fetch()) {
@@ -608,7 +612,7 @@ HTML;
$sEventId = utils::ReadParam('event_id', 0);
if ($sEventId > 0) {
try {
$oEvent = MetaModel::GetObject('EventNotificationNewsroom', $sEventId);
$oEvent = MetaModel::GetObject(EventNotificationNewsroom::class, $sEventId, true, true);
if ($oEvent !== null && $oEvent->Get('contact_id') === UserRights::GetContactId()) {
$oEvent->Set('read', 'yes');
$oEvent->SetCurrentDate('read_date');