Finished implementing the user rights by profile (simple)

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@695 a333f486-631f-4898-b8df-5754b55c2be0

core/metamodel.class.php

@@ -2710,6 +2710,7 @@ abstract class MetaModel
 					// Rework the view
 					//
 					$oFilter = new DBObjectSearch($sClass, '');
+					$oFilter->AllowAllData();
 					$sSQL = self::MakeSelectQuery($oFilter);
 					$aErrors[$sClass]['*'][] = "View '$sView' is currently not complete";
 					$aSugFix[$sClass]['*'][] = "ALTER VIEW `$sView` AS $sSQL";
@@ -2720,6 +2721,7 @@ abstract class MetaModel
 				// Create the view
 				//
 				$oFilter = new DBObjectSearch($sClass, '');
+				$oFilter->AllowAllData();
 				$sSQL = self::MakeSelectQuery($oFilter);
 				$aErrors[$sClass]['*'][] = "Missing view for class: $sClass";
 				$aSugFix[$sClass]['*'][] = "CREATE VIEW `$sView` AS $sSQL";

dictionaries/dictionary.itop.ui.php

@@ -106,6 +106,8 @@ Dict::Add('EN US', 'English', 'English', array(
 	'Class:User/Attribute:language/Value:FR FR+' => 'French (France)',
 	'Class:User/Attribute:profile_list' => 'Profiles',
 	'Class:User/Attribute:profile_list+' => 'Roles, granting rights for that person',
+	'Class:User/Attribute:allowed_org_list' => 'Allowed Organizations',
+	'Class:User/Attribute:allowed_org_list+' => 'The end user is allowed to see data belonging to the following organizations. If no organization is specified, there is no restriction.',
 ));
 
 //
@@ -665,6 +667,7 @@ Dict::Add('EN US', 'English', 'English', array(
 	'UI:UserManagement:NoLifeCycleApplicable+' => 'No lifecycle has been defined for this class',
 	'UI:UserManagement:GrantMatrix' => 'Grant Matrix',
 	'UI:UserManagement:LinkBetween_User_And_Profile' => 'Link between %1$s and %2$s',
+	'UI:UserManagement:LinkBetween_User_And_Org' => 'Link between %1$s and %2$s',
 	
 	'Menu:AdminTools' => 'Admin tools',
 	'Menu:AdminTools+' => 'Administration tools',

dictionaries/fr.dictionary.itop.ui.php

@@ -106,6 +106,8 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'Class:User/Attribute:language/Value:FR FR+' => 'Français (France)',
 	'Class:User/Attribute:profile_list' => 'Profils',
 	'Class:User/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
+	'Class:User/Attribute:allowed_org_list' => 'Organisations permises',
+	'Class:User/Attribute:allowed_org_list+' => 'L\'utilisateur a le droit de voir les données des organisations listées ici. Si aucune organisation n\'est spécifiée, alors aucune restriction ne s\'applique.',
 ));
 
 //
@@ -668,6 +670,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
 	'UI:UserManagement:NoLifeCycleApplicable+' => 'Aucun cycle de vie n\'est défini pour ce type d\'objets.',
 	'UI:UserManagement:GrantMatrix' => 'Matrice des droits',
 	'UI:USerManagement:LinkBetween_User_And_Profile' => 'Lien entre %1$s et %2$s',
+	'UI:USerManagement:LinkBetween_User_And_Org' => 'Lien entre %1$s et %2$s',
 
 	'Menu:AdminTools' => 'Outils d\'admin',
 	'Menu:AdminTools+' => 'Outils d\'administration',

modules/authent-external/en.dict.authent-external.php

@@ -40,24 +40,6 @@
 Dict::Add('EN US', 'English', 'English', array(
 	'Class:UserExternal' => 'External user',
 	'Class:UserExternal+' => 'User authentified outside of iTop',
-	'Class:UserExternal/Attribute:contactid' => 'Contact (person)',
-	'Class:UserExternal/Attribute:contactid+' => 'Personal details from the business data',
-	'Class:UserExternal/Attribute:last_name' => 'Last name',
-	'Class:UserExternal/Attribute:last_name+' => 'Name of the corresponding contact',
-	'Class:UserExternal/Attribute:first_name' => 'First name',
-	'Class:UserExternal/Attribute:first_name+' => 'First name of the corresponding contact',
-	'Class:UserExternal/Attribute:email' => 'Email',
-	'Class:UserExternal/Attribute:email+' => 'Email of the corresponding contact',
-	'Class:UserExternal/Attribute:login' => 'Login',
-	'Class:UserExternal/Attribute:login+' => 'user identification string',
-	'Class:UserExternal/Attribute:language' => 'Language',
-	'Class:UserExternal/Attribute:language+' => 'user language',
-	'Class:UserExternal/Attribute:language/Value:EN US' => 'English',
-	'Class:UserExternal/Attribute:language/Value:EN US+' => 'English (U.S.)',
-	'Class:UserExternal/Attribute:language/Value:FR FR' => 'French',
-	'Class:UserExternal/Attribute:language/Value:FR FR+' => 'French (France)',
-	'Class:UserExternal/Attribute:profile_list' => 'Profiles',
-	'Class:UserExternal/Attribute:profile_list+' => 'Roles, granting rights for that person',
 ));
 
 

modules/authent-external/fr.dict.authent-external.php

@@ -40,24 +40,6 @@
 Dict::Add('EN US', 'French', 'Français', array(
 	'Class:UserExternal' => 'Utilisateur externe à iTop',
 	'Class:UserExternal+' => 'Utilisateur authentifié à l\'extérieur d\'iTop',
-	'Class:UserExternal/Attribute:contactid' => 'Contact (personne)',
-	'Class:UserExternal/Attribute:contactid+' => '',
-	'Class:UserExternal/Attribute:last_name' => 'Nom',
-	'Class:UserExternal/Attribute:last_name+' => '',
-	'Class:UserExternal/Attribute:first_name' => 'Prénom',
-	'Class:UserExternal/Attribute:first_name+' => '',
-	'Class:UserExternal/Attribute:email' => 'Adresse email',
-	'Class:UserExternal/Attribute:email+' => '',
-	'Class:UserExternal/Attribute:login' => 'Login',
-	'Class:UserExternal/Attribute:login+' => '',
-	'Class:UserExternal/Attribute:language' => 'Langage',
-	'Class:UserExternal/Attribute:language+' => '',
-	'Class:UserExternal/Attribute:language/Value:EN US' => 'Anglais',
-	'Class:UserExternal/Attribute:language/Value:EN US+' => 'Anglais (Etats-unis)',
-	'Class:UserExternal/Attribute:language/Value:FR FR' => 'Français',
-	'Class:UserExternal/Attribute:language/Value:FR FR+' => 'Français (France)',
-	'Class:UserExternal/Attribute:profile_list' => 'Profils',
-	'Class:UserExternal/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
 ));
 
 ?>

modules/authent-ldap/en.dict.authent-ldap.php

@@ -40,26 +40,8 @@
 Dict::Add('EN US', 'English', 'English', array(
 	'Class:UserLDAP' => 'LDAP user',
 	'Class:UserLDAP+' => 'User authentified by LDAP',
-	'Class:UserLDAP/Attribute:contactid' => 'Contact (person)',
-	'Class:UserLDAP/Attribute:contactid+' => 'Personal details from the business data',
-	'Class:UserLDAP/Attribute:last_name' => 'Last name',
-	'Class:UserLDAP/Attribute:last_name+' => 'Name of the corresponding contact',
-	'Class:UserLDAP/Attribute:first_name' => 'First name',
-	'Class:UserLDAP/Attribute:first_name+' => 'First name of the corresponding contact',
-	'Class:UserLDAP/Attribute:email' => 'Email',
-	'Class:UserLDAP/Attribute:email+' => 'Email of the corresponding contact',
-	'Class:UserLDAP/Attribute:login' => 'Login',
-	'Class:UserLDAP/Attribute:login+' => 'user identification string',
 	'Class:UserLDAP/Attribute:password' => 'Password',
 	'Class:UserLDAP/Attribute:password+' => 'user authentication string',
-	'Class:UserLDAP/Attribute:language' => 'Language',
-	'Class:UserLDAP/Attribute:language+' => 'user language',
-	'Class:UserLDAP/Attribute:language/Value:EN US' => 'English',
-	'Class:UserLDAP/Attribute:language/Value:EN US+' => 'English (U.S.)',
-	'Class:UserLDAP/Attribute:language/Value:FR FR' => 'French',
-	'Class:UserLDAP/Attribute:language/Value:FR FR+' => 'French (France)',
-	'Class:UserLDAP/Attribute:profile_list' => 'Profiles',
-	'Class:UserLDAP/Attribute:profile_list+' => 'Roles, granting rights for that person',
 ));
 
 

modules/authent-ldap/fr.dict.authent-ldap.php

@@ -40,26 +40,8 @@
 Dict::Add('EN US', 'French', 'Français', array(
 	'Class:UserLDAP' => 'Utilisateur iTop',
 	'Class:UserLDAP+' => 'Utilisateur authentifié par iTop',
-	'Class:UserLDAP/Attribute:contactid' => 'Contact (personne)',
-	'Class:UserLDAP/Attribute:contactid+' => '',
-	'Class:UserLDAP/Attribute:last_name' => 'Nom',
-	'Class:UserLDAP/Attribute:last_name+' => '',
-	'Class:UserLDAP/Attribute:first_name' => 'Prénom',
-	'Class:UserLDAP/Attribute:first_name+' => '',
-	'Class:UserLDAP/Attribute:email' => 'Adresse email',
-	'Class:UserLDAP/Attribute:email+' => '',
-	'Class:UserLDAP/Attribute:login' => 'Login',
-	'Class:UserLDAP/Attribute:login+' => '',
 	'Class:UserLDAP/Attribute:password' => 'Mot de passe LDAP',
 	'Class:UserLDAP/Attribute:password+' => '',
-	'Class:UserLDAP/Attribute:language' => 'Language',
-	'Class:UserLDAP/Attribute:language+' => '',
-	'Class:UserLDAP/Attribute:language/Value:EN US' => 'Anglais',
-	'Class:UserLDAP/Attribute:language/Value:EN US+' => 'Anglais (Etats-unis)',
-	'Class:UserLDAP/Attribute:language/Value:FR FR' => 'Français',
-	'Class:UserLDAP/Attribute:language/Value:FR FR+' => 'Français (France)',
-	'Class:UserLDAP/Attribute:profile_list' => 'Profils',
-	'Class:UserLDAP/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
 ));
 
 ?>

modules/authent-local/en.dict.authent-local.php

@@ -40,26 +40,8 @@
 Dict::Add('EN US', 'English', 'English', array(
 	'Class:UserLocal' => 'iTop user',
 	'Class:UserLocal+' => 'User authentified by iTop',
-	'Class:UserLocal/Attribute:contactid' => 'Contact (person)',
-	'Class:UserLocal/Attribute:contactid+' => 'Personal details from the business data',
-	'Class:UserLocal/Attribute:last_name' => 'Last name',
-	'Class:UserLocal/Attribute:last_name+' => 'Name of the corresponding contact',
-	'Class:UserLocal/Attribute:first_name' => 'First name',
-	'Class:UserLocal/Attribute:first_name+' => 'First name of the corresponding contact',
-	'Class:UserLocal/Attribute:email' => 'Email',
-	'Class:UserLocal/Attribute:email+' => 'Email of the corresponding contact',
-	'Class:UserLocal/Attribute:login' => 'Login',
-	'Class:UserLocal/Attribute:login+' => 'user identification string',
 	'Class:UserLocal/Attribute:password' => 'Password',
 	'Class:UserLocal/Attribute:password+' => 'user authentication string',
-	'Class:UserLocal/Attribute:language' => 'Language',
-	'Class:UserLocal/Attribute:language+' => 'user language',
-	'Class:UserLocal/Attribute:language/Value:EN US' => 'English',
-	'Class:UserLocal/Attribute:language/Value:EN US+' => 'English (U.S.)',
-	'Class:UserLocal/Attribute:language/Value:FR FR' => 'French',
-	'Class:UserLocal/Attribute:language/Value:FR FR+' => 'French (France)',
-	'Class:UserLocal/Attribute:profile_list' => 'Profiles',
-	'Class:UserLocal/Attribute:profile_list+' => 'Roles, granting rights for that person',
 ));
 
 

modules/authent-local/fr.dict.authent-local.php

@@ -40,26 +40,8 @@
 Dict::Add('EN US', 'French', 'Français', array(
 	'Class:UserLocal' => 'Utilisateur iTop',
 	'Class:UserLocal+' => 'Utilisateur authentifié par iTop',
-	'Class:UserLocal/Attribute:contactid' => 'Contact (personne)',
-	'Class:UserLocal/Attribute:contactid+' => '',
-	'Class:UserLocal/Attribute:last_name' => 'Nom',
-	'Class:UserLocal/Attribute:last_name+' => '',
-	'Class:UserLocal/Attribute:first_name' => 'Prénom',
-	'Class:UserLocal/Attribute:first_name+' => '',
-	'Class:UserLocal/Attribute:email' => 'Adresse email',
-	'Class:UserLocal/Attribute:email+' => '',
-	'Class:UserLocal/Attribute:login' => 'Login',
-	'Class:UserLocal/Attribute:login+' => '',
 	'Class:UserLocal/Attribute:password' => 'Mot de passe',
 	'Class:UserLocal/Attribute:password+' => '',
-	'Class:UserLocal/Attribute:language' => 'Language',
-	'Class:UserLocal/Attribute:language+' => '',
-	'Class:UserLocal/Attribute:language/Value:EN US' => 'Anglais',
-	'Class:UserLocal/Attribute:language/Value:EN US+' => 'Anglais (Etats-unis)',
-	'Class:UserLocal/Attribute:language/Value:FR FR' => 'Français',
-	'Class:UserLocal/Attribute:language/Value:FR FR+' => 'Français (France)',
-	'Class:UserLocal/Attribute:profile_list' => 'Profils',
-	'Class:UserLocal/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
 ));
 
 ?>

setup/benchmark.php

@@ -256,11 +256,6 @@ class BenchmarkDataCreation
 		$aStdProfiles = array(2, 3, 4, 5, 6, 7, 8, 9);
 
 		////////////////////////////////////////
-		// Dimension: Organization
-		//
-		$iDimension = self::FindId('URP_Dimensions');
-
-		////////////////////////////////////////
 		// New specific profile, giving access to everything
 		//
 		$aData = array(
@@ -281,13 +276,6 @@ class BenchmarkDataCreation
 				$this->CreateObject('URP_ActionGrant', $aData);
 			}
 		}
-		$aData = array(
-			'dimensionid' => $iDimension,
-			'profileid' => $iGuruProfile,
-			'value' => '<any>',
-			'attribute' => '',
-		);
-		$this->CreateObject('URP_ProfileProjection', $aData);
 
 		// User login with super access rights
 		//