Removing user counting from iTop (to put it in itop-system-information)

datamodels/2.x/itop-profiles-itil/datamodel.itop-profiles-itil.xml

@@ -85,6 +85,13 @@
           <class id="Attachment"/>
         </classes>
       </group>
+      <group id="Ticket" _delta="define">
+        <classes>
+          <class id="Ticket"/>
+          <class id="WorkOrder"/>
+          <class id="Attachment"/>
+        </classes>
+      </group>
       <group id="Portal" _delta="define">
         <classes>
           <class id="lnkFunctionalCIToTicket"/>
@@ -205,6 +212,60 @@
       </group>
     </groups>
     <profiles>
+      <profile id="5500" _delta="define">
+        <name>Configuration ReadOnly</name>
+        <description>This read-only profile allows to see CIs objects.</description>
+        <groups>
+          <group id="Configuration">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+          <group id="General">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+        </groups>
+      </profile>
+      <profile id="5501" _delta="define">
+        <name>Ticket ReadOnly</name>
+        <description>This read-only profile allows to see Ticket objects.</description>
+        <groups>
+          <group id="Ticket">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+          <group id="General">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+        </groups>
+      </profile>
+      <profile id="5502" _delta="define">
+        <name>Service Catalog ReadOnly</name>
+        <description>This read-only profile allows to see Service Catalog objects.</description>
+        <groups>
+          <group id="Service">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+          <group id="General">
+            <actions>
+              <action id="action:read">allow</action>
+              <action id="action:bulk read">allow</action>
+            </actions>
+          </group>
+        </groups>
+      </profile>
       <profile id="117" _delta="define">
         <name>SuperUser</name>
         <description>This profile allows all actions which are not Administrator restricted.</description>

dictionaries/en.dictionary.itop.core.php

@@ -1036,45 +1036,45 @@ The hyperlink is displayed in the tooltip appearing on the “Lock” symbol of
 	'Class:SynchroAttLinkSet/Attribute:row_separator'                          => 'Rows separator',
 	'Class:SynchroAttLinkSet/Attribute:attribute_separator'                    => 'Attributes separator',
 	'Class:SynchroLog'                                                         => 'Synchro Log',
-	'Class:SynchroLog/Attribute:sync_source_id'                         => 'Synchro Data Source',
-	'Class:SynchroLog/Attribute:start_date'                             => 'Start Date',
-	'Class:SynchroLog/Attribute:end_date'                               => 'End Date',
-	'Class:SynchroLog/Attribute:status'                                 => 'Status',
-	'Class:SynchroLog/Attribute:status/Value:completed'                 => 'Completed',
-	'Class:SynchroLog/Attribute:status/Value:error'                     => 'Error',
-	'Class:SynchroLog/Attribute:status/Value:running'                   => 'Still Running',
-	'Class:SynchroLog/Attribute:stats_nb_replica_seen'                  => 'Nb replica seen',
-	'Class:SynchroLog/Attribute:stats_nb_replica_total'                 => 'Nb replica total',
-	'Class:SynchroLog/Attribute:stats_nb_obj_deleted'                   => 'Nb objects deleted',
-	'Class:SynchroLog/Attribute:stats_nb_obj_deleted_errors'            => 'Nb of errors while deleting',
-	'Class:SynchroLog/Attribute:stats_nb_obj_obsoleted'                 => 'Nb objects obsoleted',
-	'Class:SynchroLog/Attribute:stats_nb_obj_obsoleted_errors'          => 'Nb of errors while obsoleting',
-	'Class:SynchroLog/Attribute:stats_nb_obj_created'                   => 'Nb objects created',
-	'Class:SynchroLog/Attribute:stats_nb_obj_created_errors'            => 'Nb or errors while creating',
-	'Class:SynchroLog/Attribute:stats_nb_obj_updated'                   => 'Nb objects updated',
-	'Class:SynchroLog/Attribute:stats_nb_obj_updated_errors'            => 'Nb errors while updating',
-	'Class:SynchroLog/Attribute:stats_nb_replica_reconciled_errors'     => 'Nb of errors during reconciliation',
+	'Class:SynchroLog/Attribute:sync_source_id'                                => 'Synchro Data Source',
+	'Class:SynchroLog/Attribute:start_date'                                    => 'Start Date',
+	'Class:SynchroLog/Attribute:end_date'                                      => 'End Date',
+	'Class:SynchroLog/Attribute:status'                                        => 'Status',
+	'Class:SynchroLog/Attribute:status/Value:completed'                        => 'Completed',
+	'Class:SynchroLog/Attribute:status/Value:error'                            => 'Error',
+	'Class:SynchroLog/Attribute:status/Value:running'                          => 'Still Running',
+	'Class:SynchroLog/Attribute:stats_nb_replica_seen'                         => 'Nb replica seen',
+	'Class:SynchroLog/Attribute:stats_nb_replica_total'                        => 'Nb replica total',
+	'Class:SynchroLog/Attribute:stats_nb_obj_deleted'                          => 'Nb objects deleted',
+	'Class:SynchroLog/Attribute:stats_nb_obj_deleted_errors'                   => 'Nb of errors while deleting',
+	'Class:SynchroLog/Attribute:stats_nb_obj_obsoleted'                        => 'Nb objects obsoleted',
+	'Class:SynchroLog/Attribute:stats_nb_obj_obsoleted_errors'                 => 'Nb of errors while obsoleting',
+	'Class:SynchroLog/Attribute:stats_nb_obj_created'                          => 'Nb objects created',
+	'Class:SynchroLog/Attribute:stats_nb_obj_created_errors'                   => 'Nb or errors while creating',
+	'Class:SynchroLog/Attribute:stats_nb_obj_updated'                          => 'Nb objects updated',
+	'Class:SynchroLog/Attribute:stats_nb_obj_updated_errors' => 'Nb errors while updating',
+	'Class:SynchroLog/Attribute:stats_nb_replica_reconciled_errors' => 'Nb of errors during reconciliation',
 	'Class:SynchroLog/Attribute:stats_nb_replica_disappeared_no_action' => 'Nb replica disappeared',
-	'Class:SynchroLog/Attribute:stats_nb_obj_new_updated'               => 'Nb objects updated',
-	'Class:SynchroLog/Attribute:stats_nb_obj_new_unchanged'             => 'Nb objects unchanged',
-	'Class:SynchroLog/Attribute:last_error'                             => 'Last error',
-	'Class:SynchroLog/Attribute:traces'                                 => 'Traces',
-	'Class:SynchroReplica'                                              => 'Synchro Replica',
-	'Class:SynchroReplica/Attribute:sync_source_id'                     => 'Synchro Data Source',
-	'Class:SynchroReplica/Attribute:dest_id'                            => 'Destination object (ID)',
-	'Class:SynchroReplica/Attribute:dest_class'                         => 'Destination type',
-	'Class:SynchroReplica/Attribute:status_last_seen'                   => 'Last seen',
-	'Class:SynchroReplica/Attribute:status'                             => 'Status',
-	'Class:SynchroReplica/Attribute:status/Value:modified'              => 'Modified',
-	'Class:SynchroReplica/Attribute:status/Value:new'                   => 'New',
-	'Class:SynchroReplica/Attribute:status/Value:obsolete'              => 'Obsolete',
-	'Class:SynchroReplica/Attribute:status/Value:orphan'                => 'Orphan',
-	'Class:SynchroReplica/Attribute:status/Value:synchronized'          => 'Synchronized',
-	'Class:SynchroReplica/Attribute:status_dest_creator'                => 'Object Created ?',
-	'Class:SynchroReplica/Attribute:status_last_error'                  => 'Last Error',
-	'Class:SynchroReplica/Attribute:status_last_warning'                => 'Warnings',
-	'Class:SynchroReplica/Attribute:info_creation_date'                 => 'Creation Date',
-	'Class:SynchroReplica/Attribute:info_last_modified'                 => 'Last Modified Date',
+	'Class:SynchroLog/Attribute:stats_nb_obj_new_updated' => 'Nb objects updated',
+	'Class:SynchroLog/Attribute:stats_nb_obj_new_unchanged' => 'Nb objects unchanged',
+	'Class:SynchroLog/Attribute:last_error' => 'Last error',
+	'Class:SynchroLog/Attribute:traces' => 'Traces',
+	'Class:SynchroReplica' => 'Synchro Replica',
+	'Class:SynchroReplica/Attribute:sync_source_id' => 'Synchro Data Source',
+	'Class:SynchroReplica/Attribute:dest_id' => 'Destination object (ID)',
+	'Class:SynchroReplica/Attribute:dest_class' => 'Destination type',
+	'Class:SynchroReplica/Attribute:status_last_seen' => 'Last seen',
+	'Class:SynchroReplica/Attribute:status' => 'Status',
+	'Class:SynchroReplica/Attribute:status/Value:modified' => 'Modified',
+	'Class:SynchroReplica/Attribute:status/Value:new' => 'New',
+	'Class:SynchroReplica/Attribute:status/Value:obsolete' => 'Obsolete',
+	'Class:SynchroReplica/Attribute:status/Value:orphan' => 'Orphan',
+	'Class:SynchroReplica/Attribute:status/Value:synchronized' => 'Synchronized',
+	'Class:SynchroReplica/Attribute:status_dest_creator' => 'Object Created ?',
+	'Class:SynchroReplica/Attribute:status_last_error' => 'Last Error',
+	'Class:SynchroReplica/Attribute:status_last_warning' => 'Warnings',
+	'Class:SynchroReplica/Attribute:info_creation_date' => 'Creation Date',
+	'Class:SynchroReplica/Attribute:info_last_modified' => 'Last Modified Date',
 	'Class:SynchroReplica/Action:delete+'                               => 'delete replica',
 	'Class:SynchroReplica/Action:unlink'                                => 'Unlink',
 	'Class:SynchroReplica/Action:unlink+'                               => 'Unlink replica with destination object',
@@ -1109,26 +1109,26 @@ The hyperlink is displayed in the tooltip appearing on the “Lock” symbol of
 	'UI:DenyDeleteAllTabTitle'              => 'Deny delete of objects linked to Synchro Replica',
 	'UI:DenyDeleteAllPageTitle'                   => 'Deny delete of objects linked to Synchro Replica',
 
-	'Class:appUserPreferences'                       => 'User Preferences',
-	'Class:appUserPreferences/Attribute:userid'      => 'User',
+	'Class:appUserPreferences' => 'User Preferences',
+	'Class:appUserPreferences/Attribute:userid' => 'User',
 	'Class:appUserPreferences/Attribute:preferences' => 'Prefs',
-	'Core:ExecProcess:Code1'                         => 'Wrong command or command finished with errors (e.g. wrong script name)',
-	'Core:ExecProcess:Code255'                       => 'PHP Error (parsing, or runtime)',
+	'Core:ExecProcess:Code1' => 'Wrong command or command finished with errors (e.g. wrong script name)',
+	'Core:ExecProcess:Code255' => 'PHP Error (parsing, or runtime)',
 
 	// Attribute Duration
-	'Core:Duration_Seconds'                          => '%1$ds',
-	'Core:Duration_Minutes_Seconds'                  => '%1$dmin %2$ds',
-	'Core:Duration_Hours_Minutes_Seconds'            => '%1$dh %2$dmin %3$ds',
-	'Core:Duration_Days_Hours_Minutes_Seconds'       => '%1$sd %2$dh %3$dmin %4$ds',
+	'Core:Duration_Seconds' => '%1$ds',
+	'Core:Duration_Minutes_Seconds' => '%1$dmin %2$ds',
+	'Core:Duration_Hours_Minutes_Seconds' => '%1$dh %2$dmin %3$ds',
+	'Core:Duration_Days_Hours_Minutes_Seconds' => '%1$sd %2$dh %3$dmin %4$ds',
 
 	// Explain working time computing
-	'Core:ExplainWTC:ElapsedTime'                    => 'Time elapsed (stored as "%1$s")',
-	'Core:ExplainWTC:StopWatch-TimeSpent'            => 'Time spent for "%1$s"',
-	'Core:ExplainWTC:StopWatch-Deadline'             => 'Deadline for "%1$s" at %2$d%%',
+	'Core:ExplainWTC:ElapsedTime' => 'Time elapsed (stored as "%1$s")',
+	'Core:ExplainWTC:StopWatch-TimeSpent' => 'Time spent for "%1$s"',
+	'Core:ExplainWTC:StopWatch-Deadline' => 'Deadline for "%1$s" at %2$d%%',
 
 	// Bulk export
-	'Core:BulkExport:MissingParameter_Param'         => 'Missing parameter "%1$s"',
-	'Core:BulkExport:InvalidParameter_Query'         => 'Invalid value for the parameter "query". There is no Query Phrasebook corresponding to the id: "%1$s".',
+	'Core:BulkExport:MissingParameter_Param' => 'Missing parameter "%1$s"',
+	'Core:BulkExport:InvalidParameter_Query' => 'Invalid value for the parameter "query". There is no Query Phrasebook corresponding to the id: "%1$s".',
 	'Core:BulkExport:ExportFormatPrompt' => 'Export format:',
 	'Core:BulkExportOf_Class' => '%1$s Export',
 	'Core:BulkExport:ClickHereToDownload_FileName' => 'Click here to download %1$s',

setup/unattended-install/unattended-install.php

@@ -3,17 +3,6 @@
 require_once(dirname(__FILE__, 3).'/approot.inc.php');
 require_once(__DIR__.'/InstallationFileService.php');
 
-function fatalHandler()
-{
-	$error = error_get_last();
-	if ($error) {
-		SetupLog::Error("Fatal error during setup", null, $error);
-		echo "Fatal Error occured: {$error["message"]}";
-	}
-}
-
-register_shutdown_function("fatalHandler");
-
 function PrintUsageAndExit()
 {
 	echo <<<EOF

tests/php-unit-tests/src/BaseTestCase/ItopDataTestCase.php

@@ -87,8 +87,6 @@ abstract class ItopDataTestCase extends ItopTestCase
 	 */
 	public const DEFAULT_TEST_ENVIRONMENT = 'production';
 	public const USE_TRANSACTION = true;
-	public const CREATE_TEST_ORG = false;
-
 	protected static $aURP_Profiles = [
 		'Administrator'         => 1,
 		'Portal user'           => 2,
@@ -102,9 +100,15 @@ abstract class ItopDataTestCase extends ItopTestCase
 		'Service Manager'       => 10,
 		'Document author'       => 11,
 		'Portal power user'     => 12,
+		'Business partner user'     => 40,
 		'REST Services User'    => 1024,
+		'Configuration ReadOnly' => 5500,
+		'Ticket ReadOnly' => 5501,
+		'Service Catalog ReadOnly' => 5502,
 	];
 
+	public const CREATE_TEST_ORG = false;
+
 	/**
 	 * This method is called before the first test of this test class is run (in the current process).
 	 */
@@ -1463,16 +1467,42 @@ abstract class ItopDataTestCase extends ItopTestCase
 		]);
 	}
 
+	/**
+	 * @description To avoid adding finalclasses parameters to GivenUserInDB
+	 * @param string $sPassword
+	 * @param array $aProfiles Profile names Example: ['Administrator']
+	 * @param bool $bReturnLogin
+	 *
+	 * @return string|int The unique login
+	 * @throws \Exception
+	 */
+	protected function GivenTokenUserInDB(array $aProfiles, bool $bReturnLogin = true): string|int
+	{
+		$sLogin = 'demo_test_'.uniqid(__CLASS__, true);
+
+		$aProfileList = array_map(function ($sProfileId) {
+			return 'profileid:'.self::$aURP_Profiles[$sProfileId];
+		}, $aProfiles);
+
+		$iUser = $this->GivenObjectInDB('UserToken', [
+			'login' => $sLogin,
+			'language' => 'EN US',
+			'profile_list' => $aProfileList,
+		]);
+		return $bReturnLogin ? $sLogin : $iUser;
+	}
+
 	/**
 	 * @param string $sPassword
 	 * @param array $aProfiles Profile names Example: ['Administrator']
 	 * @param string|null $sLogin
 	 * @param string|null $sUserId
+	 * @param bool $bReturnLogin
 	 *
 	 * @return string The unique login
 	 * @throws \Exception
 	 */
-	protected function GivenUserInDB(string $sPassword, array $aProfiles, ?string $sLogin = null, ?string &$sUserId = null): string
+	protected function GivenUserInDB(string $sPassword, array $aProfiles, ?string $sLogin = null, ?string &$sUserId = null, bool $bReturnLogin = true): string
 	{
 		if (is_null($sLogin)) {
 			$sLogin = 'demo_test_'.uniqid(__CLASS__, true);
@@ -1489,7 +1519,7 @@ abstract class ItopDataTestCase extends ItopTestCase
 			'profile_list' => $aProfileList,
 		]);
 
-		return $sLogin;
+		return $bReturnLogin ? $sLogin : $sUserId;
 	}
 
 	/**

tests/php-unit-tests/unitary-tests/core/UserRightsTest.php

@@ -29,11 +29,11 @@ namespace Combodo\iTop\Test\UnitTest\Core;
 
 use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
 use CoreCannotSaveObjectException;
-use CoreException;
 use DBObject;
 use DBObjectSearch;
 use DBObjectSet;
 use DeleteException;
+use Dict;
 use MetaModel;
 use UserLocal;
 use UserRights;
@@ -81,6 +81,54 @@ class UserRightsTest extends ItopDataTestCase
 		return $oUser;
 	}
 
+	/**
+	 * @param array $aProfileIds
+	 * @param array $aShouldBeAllowedToSeeClass
+	 * @param array $aShouldBeAllowedToEditClass
+	 *
+	 * @return void
+	 * @throws \ArchivedObjectException
+	 * @throws \CoreCannotSaveObjectException
+	 * @throws \CoreException
+	 * @throws \CoreUnexpectedValue
+	 * @throws \CoreWarning
+	 * @throws \DictExceptionUnknownLanguage
+	 * @throws \MySQLException
+	 * @throws \OQLException
+	 * @dataProvider ReadOnlyProvider
+	 */
+	public function testReadOnlyUser(array $aProfileIds, array $aShouldBeAllowedToSeeClass, array $aShouldBeAllowedToEditClass): void
+	{
+
+		$oUser = $this->GivenUserWithProfiles('test1', $aProfileIds);
+		$oUser->DBInsert();
+		$_SESSION = [];
+		UserRights::Login($oUser->Get('login'));
+
+		$aClassesToTest = ['FunctionalCI', 'Ticket', 'ServiceFamily'];
+
+		foreach ($aClassesToTest as $sClass) {
+			$bShouldBeAllowedToSee = in_array($sClass, $aShouldBeAllowedToSeeClass);
+			$bIsAllowedReading = (bool)UserRights::IsActionAllowed($sClass, UR_ACTION_READ);
+
+			$this->assertSame(
+				$bShouldBeAllowedToSee,
+				$bIsAllowedReading,
+				"User with profiles ".implode(',', $aProfileIds)." should ".($bShouldBeAllowedToSee ? "" : "NOT ")."be allowed to see class $sClass"
+			);
+
+			$bShouldBeAllowedToEdit = in_array($sClass, $aShouldBeAllowedToEditClass);
+
+			$bIsAllowedEditing = (bool)UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY);
+
+			$this->assertSame(
+				$bIsAllowedEditing,
+				$bShouldBeAllowedToEdit,
+				"User with profiles ".implode(',', $aProfileIds)." should ".($bShouldBeAllowedToEdit ? "" : "NOT ")."be allowed to edit class $sClass"
+			);
+		}
+	}
+
 	protected function GivenUserWithProfiles(string $sLogin, array $aProfileIds): DBObject
 	{
 		$oProfiles = new \ormLinkSet(\UserLocal::class, 'profile_list', \DBObjectSet::FromScratch(\URP_UserProfile::class));
@@ -433,7 +481,7 @@ class UserRightsTest extends ItopDataTestCase
 		$oUser = $this->GivenUserWithProfiles('test1', [$iProfileId, 2]);
 
 		$this->expectException(CoreCannotSaveObjectException::class);
-		$this->expectExceptionMessage('Profile "Portal user" cannot be given to privileged Users (Administrators, SuperUsers and REST Services Users)');
+		$this->expectExceptionMessage(Dict::Format('Class:User/Error:PrivilegedUserMustHaveAccessToBackOffice', PORTAL_PROFILE_NAME));
 		$oUser->DBInsert();
 
 	}
@@ -572,4 +620,82 @@ class UserRightsTest extends ItopDataTestCase
 		$oUser = $this->InvokeNonPublicStaticMethod(UserRights::class, "FindUser", [$sLogin]);
 		static::assertNull($oUser, 'FindUser should return null when the login is unknown');
 	}
+
+	protected function ReadOnlyProvider(): array
+	{
+		return [
+			'CI' => [
+				'ProfilesId' => [
+					5500,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'FunctionalCI',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'Tickets' => [
+				'ProfilesId' => [
+					5501,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'Ticket',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'Catalog' => [
+				'ProfilesId' => [
+					5502,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'ServiceFamily',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'CI and Tickets' => [
+				'ProfilesId' => [
+					5500, 5501,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'FunctionalCI', 'Ticket',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'CI and Catalog' => [
+				'ProfilesId' => [
+					5500, 5502,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'FunctionalCI', 'ServiceFamily',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'Tickets and Catalog' => [
+				'ProfilesId' => [
+					5501, 5502,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'Ticket', 'ServiceFamily',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+			'Tickets and Catalog + profile Ccnfiguration Manager' => [
+				'ProfilesId' => [
+					5501, 5502, 3,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'FunctionalCI', 'Ticket', 'ServiceFamily',
+				],
+				'ShouldBeAllowedToEditClasses' => ['FunctionalCI'],
+			],
+			'CI, Tickets and Catalog' => [
+				'ProfilesId' => [
+					5500, 5501, 5502,
+				],
+				'ShouldBeAllowedToSeeClasses' => [
+					'FunctionalCI', 'Ticket', 'ServiceFamily',
+				],
+				'ShouldBeAllowedToEditClasses' => [],
+			],
+		];
+	}
 }