composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-03-10 11:34:13 +01:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: composer:support/3.2
Branches Tags
composer:develop composer:issue/8606-unauthorized-access-to-object composer:support/3.2 composer:feature/8761-dummycleanup composer:issue/8543 composer:feature/8994-add-classes-description composer:feature/3961-service-menu composer:feature/9356-Service-tooltips composer:feature/8142-labels-menu-Incident composer:feature/8692-placeholder_attributesubitem composer:feature/7771-CMDB-flow-map composer:feature/8955_UIBlocks_in_setup composer:feature/uninstallation composer:feature/8612-inline-images-to-base64 composer:feature/asynchronous-cron composer:feature/7150-Backup_MariaDB_11 composer:faf/operation_on_replicas composer:feature/9248-REST-Updating_link_empty_caselog composer:feature/new-dashboard-layout composer:feature/8933-change-password-default-length composer:feature/rest_multi_classes composer:feature/9223-Portal-AttributeExternalKey_adding composer:issue/9057-SuperUser-cannot-run-collectors composer:feature/phpstan composer:issue/9063-missing-transition-auto-resolve composer:class_extraction composer:feature/9100-CSVImport_test_on_hierarchicalKey composer:feature/9086-UniquenessRulesOnTypology composer:feature/property_types composer:feature/8864-list-changes-in-setup-recap composer:issue/jeffrey-rewind composer:feature/8772_form_dependencies_manager_module_usage composer:feature/8514-CMDB-datamodel-for-electricity composer:feature/4678-add-static-analysis-for-php composer:feature/6327-Enum-Date-FinalClass_in_Complementary_Name composer:feature/5221-DG_display_all_related_URs composer:detached composer:support/3.2.1 composer:designer-3.2.1 composer:feature/8533-Impact-Analysis composer:feature/640-Team-tickets_list composer:test_eric composer:feature/8781_-_Improve_twig_base_controller_render_error_report composer:feature/8807-DoCheckToWrite_removed_linkset composer:feature/8528-ignore_silo_1_n_linkedset_in_portal composer:form_dependency_1 composer:form-sdk-poc-controller composer:feature/7577-GetAttributeFlags_Attributes_HIDDEN composer:feature/8663-DoCheckToWrite_portal composer:faf/moduledependency-validation composer:issue/7071_Remove_MYSQL_DEFAULT_PORT composer:feature/6071-Prefill_Tagset_not_saved composer:feature/6111-Display_read-only_field_in_transition composer:feature/8123_improve_on_mention_data_parsing composer:feature/8699_attributedef_PSR4 composer:feature/2535-split_file composer:feature/4789-moduleparsing composer:feature/6759_factorize_config composer:feature/8598-Request_template_with_portal_scopes composer:feature/GetObject_for_portal composer:faf/quick_impact_analysis composer:feature/6193-Excel_export_dependencies_of_CI_by_class composer:support/2.7 composer:faf/Add_filters_on_audit composer:feature/attribute_computed composer:feature/8291-column_name_not_automatically_recognized composer:feature/faf_cron_v1 composer:tag composer:feature/7326-Fix_remove_tab composer:support/3.1 composer:8231-prototype composer:issue/8129-dont_crash_if_datetime_default_value_has_bad_format composer:feature/3777-change_easily_favicon composer:issue/7662_CKEditor_Indent_Block composer:feature/7746---Caselog-edition-button-active-even-if-the-user-has-a-read-only-access-to-the-object composer:feature/7383_ShowDatatableWhenEmpty composer:feature/7963-InlineImageSetDefaultOrgId composer:feature/7770-security-hardening composer:issue/7984 composer:support/7770-3.2 composer:issue/7726 composer:feature/5874 composer:issue/7746 composer:issue/7707 composer:feature/2298-switch-portal-profile composer:support/3.0 composer:support/3.2.0 composer:feature/7063 composer:feature/7146-markup_in_portal_search composer:support/3.2-beta composer:feature/N°7552-Polishing-CKeditor composer:feature/7423-add_context_to_users composer:support/designer-3.1.2-3 composer:faf/improve_perf_of_sharing_base composer:feature/6935-migrate-to-sf-router composer:saas/3.1 composer:issue/context-tag-on-initdatamodel composer:support/3.1.1 composer:support/3.1.0 composer:feature/poc_form_sdk_symfony_6 composer:support/designer-3.1.0-2 composer:issue/6218 composer:feature/little_optimization_in_search_screen composer:feature/6890-Update_request_template_REST composer:saas/manager-3.1 composer:support/3.0.3 composer:issue/6716_add_perf_tests composer:saas/3.1.0 composer:issue/6667_trigger_on_state_enter composer:feature/1386-Navigation_in_list composer:support/2.6 composer:feature/1318-multiple_choice_in_template composer:saas/3.0 composer:feature/6293-sort-popupmenuitems composer:feature/5619-hide-newsroom composer:feature/5620-hide-org-filter-menu composer:documentation/latest composer:documentation/3.0 composer:feature/4157 composer:feature/faf_doc_twig_blocks composer:feature/5160_hide_readonly_fields composer:feature/faf_sqlite composer:feature/faf_unit_test_with_misc_custo composer:support/2.5 composer:feature/blob-as-extfield composer:support/2.4 composer:support/2.3 composer:feature/b1312 composer:support/2.2.0 composer:support/2.1.0 composer:support/2.1.1 composer:support/2.0.3 composer:support/2.0.1 composer:support/2.0.2 composer:support/2.0 composer:support/1.2.1 composer:support/1.2 composer:support/2.0-beta1 composer:support/1.2.0 composer:support/1.1 composer:support/1.0.2
composer:designer-prod-20251113 composer:2.7.13 composer:designer-prod-20251011 composer:3.2.2 composer:designer-prod-260525 composer:3.2.1-1 composer:3.2.1 composer:3.1.3 composer:2.7.12 composer:3.1.2 composer:2.7.11 composer:3.2.0-2 composer:3.2.0 composer:3.2.0-rc3 composer:3.2.0-rc2 composer:3.2.0-rc1 composer:3.2.0-beta1 composer:3.2.0-alpha1 composer:3.0.4 composer:2.7.10 composer:3.1.1-2 composer:3.1.1-1 composer:3.1.1 composer:3.1.0-3 composer:saas-1.0.17 composer:saas-1.0.18 composer:3.1.0-2 composer:3.1.0-designer-2 composer:2.7.9 composer:3.1.0-1 composer:3.1.0 composer:3.1.0-beta composer:ITSM_Designer_3.1-compatibility composer:saas-1.0.13 composer:3.0.3-1 composer:3.0.3-designer-php8.0-compatibility composer:3.0.3 composer:3.1.0-alpha1 composer:2.7.8 composer:saas-1.0.7 composer:saas-1.0.6 composer:3.0.2-1 composer:3.0.2 composer:3.0.2-rc1 composer:2.7.7 composer:3.0.1-designer-feature-lot2 composer:3.0.1 composer:3.0.1-designer-feature-lot1 composer:3.0.0 composer:3.0.0-rc composer:2.7.6 composer:3.0.0-beta8 composer:3.0.0-beta7 composer:3.0.0-beta6 composer:3.0.0-beta5 composer:2.7.5-2 composer:3.0.0-beta4 composer:3.0.0-beta3 composer:2.7.5-1 composer:2.7.5 composer:3.0.0-beta2 composer:2.7.3-2 composer:2.7.3-1 composer:3 composer:3.0.0-beta composer:2.7.4 composer:2.7.3 composer:1.0.8 composer:3.0.0-alpha composer:2.7.2-1 composer:2.7.2 composer:2.7.1 composer:2.7.0-2 composer:2.6.4 composer:2.7.0-1 composer:2.7.0 composer:2.7.0-rc2 composer:2.7.0-rc composer:2.7.0-beta2 composer:2.6.3 composer:2.5.4 composer:2.7.0-beta composer:2.7.0-alpha1 composer:2.6.2-2 composer:2.6.2-1 composer:2.5.3 composer:2.6.2 composer:itop-carbon composer:2.6.1 composer:2.5.2 composer:2.6.0-a composer:N941-2 composer:N941 composer:N2016 composer:N2011 composer:N1963 composer:1.0.0 composer:2.6.0 composer:2.6.0-products composer:2.5.1 composer:2.4.3 composer:0.1.0 composer:2.4.2 composer:2.5.0 composer:2.4.1 composer:2.4.0 composer:2.3.4 composer:2.3.3 composer:2.3.1 composer:2.3.0 composer:2.2.1 composer:2.2.0 composer:2.1.0 composer:2.1.0-beta composer:2.0.3 composer:2.0.2 composer:2.0.1 composer:2.0 composer:1.2.1 composer:1.2 composer:1.1 composer:1.0.2 composer:1.0.1 composer:1.0 composer:0.9.1 composer:0.9 composer:0.8.1 composer:0.8.1@194 composer:0.8 composer:0.8@189 composer:0.7.2 composer:0.7.1 composer:0.7 composer:0.7@51
...
compare: composer:issue/8606-unauthorized-access-to-object
Branches Tags
composer:issue/8606-unauthorized-access-to-object composer:support/3.2 composer:feature/8761-dummycleanup composer:issue/8543 composer:feature/8994-add-classes-description composer:feature/3961-service-menu composer:feature/9356-Service-tooltips composer:feature/8142-labels-menu-Incident composer:feature/8692-placeholder_attributesubitem composer:develop composer:feature/7771-CMDB-flow-map composer:feature/8955_UIBlocks_in_setup composer:feature/uninstallation composer:feature/8612-inline-images-to-base64 composer:feature/asynchronous-cron composer:feature/7150-Backup_MariaDB_11 composer:faf/operation_on_replicas composer:feature/9248-REST-Updating_link_empty_caselog composer:feature/new-dashboard-layout composer:feature/8933-change-password-default-length composer:feature/rest_multi_classes composer:feature/9223-Portal-AttributeExternalKey_adding composer:issue/9057-SuperUser-cannot-run-collectors composer:feature/phpstan composer:issue/9063-missing-transition-auto-resolve composer:class_extraction composer:feature/9100-CSVImport_test_on_hierarchicalKey composer:feature/9086-UniquenessRulesOnTypology composer:feature/property_types composer:feature/8864-list-changes-in-setup-recap composer:issue/jeffrey-rewind composer:feature/8772_form_dependencies_manager_module_usage composer:feature/8514-CMDB-datamodel-for-electricity composer:feature/4678-add-static-analysis-for-php composer:feature/6327-Enum-Date-FinalClass_in_Complementary_Name composer:feature/5221-DG_display_all_related_URs composer:detached composer:support/3.2.1 composer:designer-3.2.1 composer:feature/8533-Impact-Analysis composer:feature/640-Team-tickets_list composer:test_eric composer:feature/8781_-_Improve_twig_base_controller_render_error_report composer:feature/8807-DoCheckToWrite_removed_linkset composer:feature/8528-ignore_silo_1_n_linkedset_in_portal composer:form_dependency_1 composer:form-sdk-poc-controller composer:feature/7577-GetAttributeFlags_Attributes_HIDDEN composer:feature/8663-DoCheckToWrite_portal composer:faf/moduledependency-validation composer:issue/7071_Remove_MYSQL_DEFAULT_PORT composer:feature/6071-Prefill_Tagset_not_saved composer:feature/6111-Display_read-only_field_in_transition composer:feature/8123_improve_on_mention_data_parsing composer:feature/8699_attributedef_PSR4 composer:feature/2535-split_file composer:feature/4789-moduleparsing composer:feature/6759_factorize_config composer:feature/8598-Request_template_with_portal_scopes composer:feature/GetObject_for_portal composer:faf/quick_impact_analysis composer:feature/6193-Excel_export_dependencies_of_CI_by_class composer:support/2.7 composer:faf/Add_filters_on_audit composer:feature/attribute_computed composer:feature/8291-column_name_not_automatically_recognized composer:feature/faf_cron_v1 composer:tag composer:feature/7326-Fix_remove_tab composer:support/3.1 composer:8231-prototype composer:issue/8129-dont_crash_if_datetime_default_value_has_bad_format composer:feature/3777-change_easily_favicon composer:issue/7662_CKEditor_Indent_Block composer:feature/7746---Caselog-edition-button-active-even-if-the-user-has-a-read-only-access-to-the-object composer:feature/7383_ShowDatatableWhenEmpty composer:feature/7963-InlineImageSetDefaultOrgId composer:feature/7770-security-hardening composer:issue/7984 composer:support/7770-3.2 composer:issue/7726 composer:feature/5874 composer:issue/7746 composer:issue/7707 composer:feature/2298-switch-portal-profile composer:support/3.0 composer:support/3.2.0 composer:feature/7063 composer:feature/7146-markup_in_portal_search composer:support/3.2-beta composer:feature/N°7552-Polishing-CKeditor composer:feature/7423-add_context_to_users composer:support/designer-3.1.2-3 composer:faf/improve_perf_of_sharing_base composer:feature/6935-migrate-to-sf-router composer:saas/3.1 composer:issue/context-tag-on-initdatamodel composer:support/3.1.1 composer:support/3.1.0 composer:feature/poc_form_sdk_symfony_6 composer:support/designer-3.1.0-2 composer:issue/6218 composer:feature/little_optimization_in_search_screen composer:feature/6890-Update_request_template_REST composer:saas/manager-3.1 composer:support/3.0.3 composer:issue/6716_add_perf_tests composer:saas/3.1.0 composer:issue/6667_trigger_on_state_enter composer:feature/1386-Navigation_in_list composer:support/2.6 composer:feature/1318-multiple_choice_in_template composer:saas/3.0 composer:feature/6293-sort-popupmenuitems composer:feature/5619-hide-newsroom composer:feature/5620-hide-org-filter-menu composer:documentation/latest composer:documentation/3.0 composer:feature/4157 composer:feature/faf_doc_twig_blocks composer:feature/5160_hide_readonly_fields composer:feature/faf_sqlite composer:feature/faf_unit_test_with_misc_custo composer:support/2.5 composer:feature/blob-as-extfield composer:support/2.4 composer:support/2.3 composer:feature/b1312 composer:support/2.2.0 composer:support/2.1.0 composer:support/2.1.1 composer:support/2.0.3 composer:support/2.0.1 composer:support/2.0.2 composer:support/2.0 composer:support/1.2.1 composer:support/1.2 composer:support/2.0-beta1 composer:support/1.2.0 composer:support/1.1 composer:support/1.0.2
composer:designer-prod-20251113 composer:2.7.13 composer:designer-prod-20251011 composer:3.2.2 composer:designer-prod-260525 composer:3.2.1-1 composer:3.2.1 composer:3.1.3 composer:2.7.12 composer:3.1.2 composer:2.7.11 composer:3.2.0-2 composer:3.2.0 composer:3.2.0-rc3 composer:3.2.0-rc2 composer:3.2.0-rc1 composer:3.2.0-beta1 composer:3.2.0-alpha1 composer:3.0.4 composer:2.7.10 composer:3.1.1-2 composer:3.1.1-1 composer:3.1.1 composer:3.1.0-3 composer:saas-1.0.17 composer:saas-1.0.18 composer:3.1.0-2 composer:3.1.0-designer-2 composer:2.7.9 composer:3.1.0-1 composer:3.1.0 composer:3.1.0-beta composer:ITSM_Designer_3.1-compatibility composer:saas-1.0.13 composer:3.0.3-1 composer:3.0.3-designer-php8.0-compatibility composer:3.0.3 composer:3.1.0-alpha1 composer:2.7.8 composer:saas-1.0.7 composer:saas-1.0.6 composer:3.0.2-1 composer:3.0.2 composer:3.0.2-rc1 composer:2.7.7 composer:3.0.1-designer-feature-lot2 composer:3.0.1 composer:3.0.1-designer-feature-lot1 composer:3.0.0 composer:3.0.0-rc composer:2.7.6 composer:3.0.0-beta8 composer:3.0.0-beta7 composer:3.0.0-beta6 composer:3.0.0-beta5 composer:2.7.5-2 composer:3.0.0-beta4 composer:3.0.0-beta3 composer:2.7.5-1 composer:2.7.5 composer:3.0.0-beta2 composer:2.7.3-2 composer:2.7.3-1 composer:3 composer:3.0.0-beta composer:2.7.4 composer:2.7.3 composer:1.0.8 composer:3.0.0-alpha composer:2.7.2-1 composer:2.7.2 composer:2.7.1 composer:2.7.0-2 composer:2.6.4 composer:2.7.0-1 composer:2.7.0 composer:2.7.0-rc2 composer:2.7.0-rc composer:2.7.0-beta2 composer:2.6.3 composer:2.5.4 composer:2.7.0-beta composer:2.7.0-alpha1 composer:2.6.2-2 composer:2.6.2-1 composer:2.5.3 composer:2.6.2 composer:itop-carbon composer:2.6.1 composer:2.5.2 composer:2.6.0-a composer:N941-2 composer:N941 composer:N2016 composer:N2011 composer:N1963 composer:1.0.0 composer:2.6.0 composer:2.6.0-products composer:2.5.1 composer:2.4.3 composer:0.1.0 composer:2.4.2 composer:2.5.0 composer:2.4.1 composer:2.4.0 composer:2.3.4 composer:2.3.3 composer:2.3.1 composer:2.3.0 composer:2.2.1 composer:2.2.0 composer:2.1.0 composer:2.1.0-beta composer:2.0.3 composer:2.0.2 composer:2.0.1 composer:2.0 composer:1.2.1 composer:1.2 composer:1.1 composer:1.0.2 composer:1.0.1 composer:1.0 composer:0.9.1 composer:0.9 composer:0.8.1 composer:0.8.1@194 composer:0.8 composer:0.8@189 composer:0.7.2 composer:0.7.1 composer:0.7 composer:0.7@51

1 Commits
support/3. ... issue/8606

Author SHA1 Message Date
lenaick.moreira
c4d74c4b95 N°8606 - Check user permissions in search operation of ajax.render.php 2026-03-10 11:31:05 +01:00
1 changed files with 12 additions and 0 deletions
Expand all files Collapse all files

12
sources/Controller/AjaxRenderController.php
View File

@@ -42,6 +42,7 @@ use RunTimeEnvironment;
use ScalarExpression;
use SetupUtils;
use UILinksWidget;
use UserRights;
use utils;
use WizardHelper;
@@ -71,6 +72,12 @@ class AjaxRenderController
$bShowObsoleteData = utils::ShowObsoleteData();
}
$oSet->SetShowObsoleteData($bShowObsoleteData);
// N°8606 : Check user permissions on the main class
if (!UserRights::IsActionAllowed($oSet->GetClass(), UR_ACTION_READ, $oSet) == UR_ALLOWED_YES) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $oSet->GetClass()));
}
$aResult["draw"] = $iDrawNumber;
$aResult["recordsTotal"] = $oSet->Count();
$aResult["recordsFiltered"] = $aResult["recordsTotal"] ;
@@ -95,6 +102,11 @@ class AjaxRenderController
continue;
}
// N°8606 : Check user permissions on the current class
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) == UR_ALLOWED_YES) {
throw new Exception(Dict::Format('UI:Error:ReadNotAllowedOn_Class', $sClass));
}
foreach ($aColumnsLoad[$sAlias] as $sAttCode) {
$aObj[$sAlias."/".$sAttCode] = $aObject[$sAlias]->GetAsHTML($sAttCode);
$bExcludeRawValue = false;