Portal : Allowed Organizations Part II. Made sur that the AllowAllData flag was passed everywhere it was necessary, only when it was necessary. This has been tested but needs MORE testing !

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@4409 a333f486-631f-4898-b8df-5754b55c2be0

datamodels/2.x/itop-portal-base/portal/src/controllers/objectcontroller.class.inc.php

@@ -86,7 +86,7 @@ class ObjectController extends AbstractController
 		}
 
 		// Retrieving object
-		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
+		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
 		if ($oObject === null)
 		{
 			// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
@@ -158,7 +158,7 @@ class ObjectController extends AbstractController
 		}
 
 		// Retrieving object
-		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
+		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
 		if ($oObject === null)
 		{
 			// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
@@ -278,8 +278,9 @@ class ObjectController extends AbstractController
 		}
 		
 		// Retrieving origin object
-		$oOriginObject = MetaModel::GetObject($sObjectClass, $sObjectId);
-		
+		// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+		$oOriginObject = MetaModel::GetObject($sObjectClass, $sObjectId, true, true);
+
 		// Retrieving target object (We check if the method is a simple function or if it's part of a class in which case only static function are supported)
 		if (!strpos($sMethodName, '::'))
 		{
@@ -332,7 +333,7 @@ class ObjectController extends AbstractController
 //		}
 		
 		// Retrieving object
-		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
+		$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
 		if ($oObject === null)
 		{
 			// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
@@ -461,7 +462,7 @@ class ObjectController extends AbstractController
 			}
 			else
 			{
-				$oObject = MetaModel::GetObject($sObjectClass, $sObjectId);
+				$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, true, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
 			}
 
 			// Preparing transitions only if we are currently going through one
@@ -666,7 +667,8 @@ class ObjectController extends AbstractController
 		// Retrieving host object for future DBSearch parameters
 		if ($sHostObjectId !== null)
 		{
-			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
+			// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
 		}
 		else
 		{
@@ -803,7 +805,8 @@ class ObjectController extends AbstractController
 		// Retrieving host object for future DBSearch parameters
 		if ($sHostObjectId !== null)
 		{
-			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
+			// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
 		}
 		else
 		{
@@ -1121,7 +1124,8 @@ class ObjectController extends AbstractController
 		// Retrieving host object for future DBSearch parameters
 		if ($sHostObjectId !== null)
 		{
-			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
+			// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+			$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
 		}
 		else
 		{
@@ -1427,7 +1431,12 @@ class ObjectController extends AbstractController
 		}
 		
 		// Building the search
+		$bIgnoreSilos = $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
 		$oSearch = DBObjectSearch::FromOQL("SELECT " . $sObjectClass . " WHERE id IN ('" . implode("','", $aObjectIds) . "')");
+		if ($bIgnoreSilos === true)
+		{
+			$oSearch->AllowAllData();
+		}
 		$oSet = new DBObjectSet($oSearch);
 		$oSet->OptimizeColumnLoad($aObjectAttCodes);
 

datamodels/2.x/itop-portal-base/portal/src/forms/objectformmanager.class.inc.php

@@ -94,7 +94,8 @@ class ObjectFormManager extends FormManager
 		}
 		else
 		{
-			$oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true);
+			// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+			$oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true, true);
 		}
 		$oFormManager->SetObject($oObject);
 
@@ -945,7 +946,8 @@ class ObjectFormManager extends FormManager
 								// LinkedSet
 								if (!$oAttDef->IsIndirect())
 								{
-									$oLinkedObject = MetaModel::GetObject($sTargetClass, abs($iTargetId));
+									// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+									$oLinkedObject = MetaModel::GetObject($sTargetClass, abs($iTargetId), true, true);
 									$oValueSet->AddObject($oLinkedObject);
 								}
 								// LinkedSetIndirect
@@ -961,7 +963,8 @@ class ObjectFormManager extends FormManager
 									// Existing relation
 									else
 									{
-										$oLink = MetaModel::GetObject($sTargetClass, $iTargetId);
+										// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+										$oLink = MetaModel::GetObject($sTargetClass, $iTargetId, true, true);
 									}
 									$oValueSet->AddObject($oLink);
 								}

datamodels/2.x/itop-portal-base/portal/src/helpers/scopevalidatorhelper.class.inc.php

@@ -545,6 +545,39 @@ class ScopeValidatorHelper
 	}
 
 	/**
+	 * Returns true if at least one of the $aProfiles has the ignore_silos flag set to true for the $sClass.
+	 *
+	 * @param array $aProfiles
+	 * @param string $sClass
+	 * @return boolean
+	 */
+	public function IsAllDataAllowedForScope($aProfiles, $sClass)
+	{
+		$bIgnoreSilos = false;
+
+		// Iterating on profiles to retrieving the different OQLs parts
+		foreach ($aProfiles as $sProfile)
+		{
+			// Retrieving matrix informtions
+			$iProfileId = $this->GetProfileIdFromProfileName($sProfile);
+
+			// Retrieving profile OQLs
+			$sScopeValuesClass = $this->sGeneratedClass;
+			$aProfileMatrix = $sScopeValuesClass::GetProfileScope($iProfileId, $sClass, static::ENUM_MODE_READ);
+			if ($aProfileMatrix !== null)
+			{
+				// If a profile should ignore allowed org, we set it for all its queries no matter the profile
+				if (isset($aProfileMatrix['ignore_silos']) && $aProfileMatrix['ignore_silos'] === true)
+				{
+					$bIgnoreSilos = true;
+				}
+			}
+		}
+
+		return $bIgnoreSilos;
+	}
+
+	/**
 	 * Returns the profile id from a string being either a constant or its name.
 	 *
 	 * @param string $sProfile

datamodels/2.x/itop-portal-base/portal/src/helpers/securityhelper.class.inc.php

@@ -112,7 +112,7 @@ class SecurityHelper
 			// Checking if the cmdbAbstractObject exists if id is specified
 			if ($sObjectId !== null)
 			{
-				$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
+				$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
 				if ($oObject === null)
 				{
 					if ($oApp['debug'])

sources/renderer/bootstrap/fieldrenderer/bsfileuploadfieldrenderer.class.inc.php

@@ -229,6 +229,8 @@ EOF
 		$sDeleteBtn = Dict::S('Portal:Button:Delete');
 
 		$oSearch = DBObjectSearch::FromOQL("SELECT Attachment WHERE item_class = :class AND item_id = :item_id");
+		// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+		$oSearch->AllowAllData();
 		$oSet = new DBObjectSet($oSearch, array(), array('class' => $sObjectClass, 'item_id' => $this->oField->GetObject()->GetKey()));
 
 		// If in read only and no attachments, we display a short message

sources/renderer/bootstrap/fieldrenderer/bslinkedsetfieldrenderer.class.inc.php

@@ -479,7 +479,8 @@ EOF
 			// In case of indirect linked set, we must retrieve the remote object
 			if ($this->oField->IsIndirect())
 			{
-				$oRemoteItem = MetaModel::GetObject($this->oField->GetTargetClass(), $oItem->Get($this->oField->GetExtKeyToRemote()));
+				// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+				$oRemoteItem = MetaModel::GetObject($this->oField->GetTargetClass(), $oItem->Get($this->oField->GetExtKeyToRemote()), true, true);
 			}
 			else
 			{

sources/renderer/bootstrap/fieldrenderer/bsselectobjectfieldrenderer.class.inc.php

@@ -143,7 +143,8 @@ EOF
 					{
 						try
 						{
-							$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue());
+							// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+							$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue(), true, true);
 						}
 						catch (CoreException $e)
 						{
@@ -298,7 +299,8 @@ EOF
 			// Retrieving field value
 			if ($this->oField->GetCurrentValue() !== null && $this->oField->GetCurrentValue() !== 0 && $this->oField->GetCurrentValue() !== '')
 			{
-				$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue());
+				// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
+				$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue(), true, true);
 				$sFieldValue = $oFieldValue->GetName();
 			}
 			else