#693 Portal user cannot choose services linked via customer contract

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@2720 a333f486-631f-4898-b8df-5754b55c2be0

core/dbobject.class.php

@@ -455,7 +455,10 @@ abstract class DBObject
 					if (($iRemote = $this->Get($sExtKeyAttCode)) && ($iRemote > 0)) // Objects in memory have negative IDs
 					{
 						$oExtKeyAttDef = MetaModel::GetAttributeDef(get_class($this), $sExtKeyAttCode);
-						$oRemote = MetaModel::GetObject($oExtKeyAttDef->GetTargetClass(), $iRemote);
+						// Note: "allow all data" must be enabled because the external fields are always visible
+						//       to the current user even if this is not the case for the remote object
+						//       This is consistent with the behavior of the lists
+						$oRemote = MetaModel::GetObject($oExtKeyAttDef->GetTargetClass(), $iRemote, true, true);
 					}
 					else
 					{
@@ -509,6 +512,9 @@ abstract class DBObject
 	/**
 	 * Updates the value of an external field by (re)loading the object
 	 * corresponding to the external key and getting the value from it
+	 * 	 
+	 * UNUSED ?
+	 * 	 
 	 * @param string $sAttCode Attribute code of the external field to update
 	 * @return void
 	 */
@@ -519,7 +525,10 @@ abstract class DBObject
 		{
 			$sTargetClass = $oAttDef->GetTargetClass();
 			$objkey = $this->Get($oAttDef->GetKeyAttCode());
-			$oObj = MetaModel::GetObject($sTargetClass, $objkey);
+			// Note: "allow all data" must be enabled because the external fields are always visible
+			//       to the current user even if this is not the case for the remote object
+			//       This is consistent with the behavior of the lists
+			$oObj = MetaModel::GetObject($sTargetClass, $objkey, true, true);
 			if (is_object($oObj))
 			{
 				$value = $oObj->Get($oAttDef->GetExtAttCode());

portal/index.php

@@ -1,5 +1,5 @@
 <?php
-// Copyright (C) 2010-2012 Combodo SARL
+// Copyright (C) 2010-2013 Combodo SARL
 //
 //   This file is part of iTop.
 //
@@ -90,6 +90,7 @@ function SelectServiceCategory($oP, $oUserOrg)
 	$oP->add("<h1 id=\"select_category\">".Dict::S('Portal:SelectService')."</h1>\n");
 	$oP->add("<table>\n");
 	$oSearch = DBObjectSearch::FromOQL(PORTAL_SERVICECATEGORY_QUERY);
+	$oSearch->AllowAllData(); // In case the user has the rights on his org only
 	$oSet = new CMDBObjectSet($oSearch, array(), array('org_id' => $oUserOrg->GetKey()));
 	while($oService = $oSet->Fetch())
 	{
@@ -130,8 +131,9 @@ function SelectServiceSubCategory($oP, $oUserOrg)
 	$iDefaultWizNext = 2;
 
 	$oSearch = DBObjectSearch::FromOQL(PORTAL_SERVICE_SUBCATEGORY_QUERY);
+	$oSearch->AllowAllData(); // In case the user has the rights on his org only
 	$oSet = new CMDBObjectSet($oSearch, array(), array('svc_id' => $iSvcId, 'org_id' => $oUserOrg->GetKey()));
-	$oServiceCategory = MetaModel::GetObject('Service', $iSvcId, false);
+	$oServiceCategory = MetaModel::GetObject('Service', $iSvcId, false, true /* allow all data*/);
 	if (is_object($oServiceCategory))
 	{
 		$oP->add("<div class=\"wizContainer\" id=\"form_select_servicesubcategory\">\n");
@@ -202,8 +204,8 @@ EOF
 		}
 	}
 
-	$oServiceCategory = MetaModel::GetObject('Service', $aParameters['service_id'], false);
-	$oServiceSubCategory = MetaModel::GetObject('ServiceSubcategory', $aParameters['servicesubcategory_id'], false);
+	$oServiceCategory = MetaModel::GetObject('Service', $aParameters['service_id'], false, true /* allow all data*/);
+	$oServiceSubCategory = MetaModel::GetObject('ServiceSubcategory', $aParameters['servicesubcategory_id'], false, true /* allow all data*/);
 	if (is_object($oServiceCategory) && is_object($oServiceSubCategory))
 	{
 		$oRequest = new UserRequest();
@@ -310,6 +312,7 @@ function DoCreateRequest($oP, $oUserOrg)
 	// Validate the parameters
 	// 1) ServiceCategory
 	$oSearch = DBObjectSearch::FromOQL(PORTAL_VALIDATE_SERVICECATEGORY_QUERY);
+	$oSearch->AllowAllData(); // In case the user has the rights on his org only
 	$oSet = new CMDBObjectSet($oSearch, array(), array('id' => $aParameters['service_id'], 'org_id' => $oUserOrg->GetKey()));
 	if ($oSet->Count() != 1)
 	{
@@ -320,6 +323,7 @@ function DoCreateRequest($oP, $oUserOrg)
 	
 	// 2) Service Subcategory
 	$oSearch = DBObjectSearch::FromOQL(PORTAL_VALIDATE_SERVICESUBCATEGORY_QUERY);
+	$oSearch->AllowAllData(); // In case the user has the rights on his org only
 	$oSet = new CMDBObjectSet($oSearch, array(), array('service_id' => $aParameters['service_id'], 'id' =>$aParameters['servicesubcategory_id'],'org_id' => $oUserOrg->GetKey() ));
 	if ($oSet->Count() != 1)
 	{
@@ -355,7 +359,7 @@ function DoCreateRequest($oP, $oUserOrg)
 	list($bRes, $aIssues) = $oRequest->CheckToWrite();
 	if ($bRes)
 	{
-		$oRequest->DBInsert();
+		$oRequest->DBInsertNoReload();
 		$oP->add("<h1>".Dict::Format('UI:Title:Object_Of_Class_Created', $oRequest->GetName(), MetaModel::GetName(get_class($oRequest)))."</h1>\n");
 
 		//DisplayObject($oP, $oRequest, $oUserOrg);
@@ -935,6 +939,7 @@ catch(CoreException $e)
 	$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
 	$oP->add("<h1>".Dict::S('UI:FatalErrorMessage')."</h1>\n");	
 	$oP->error(Dict::Format('UI:Error_Details', $e->getHtmlDesc()));	
+	//$oP->p($e->getTraceAsString());	
 	$oP->output();
 
 	if (MetaModel::IsLogEnabledIssue())
@@ -971,6 +976,7 @@ catch(Exception $e)
 	$oP = new SetupPage(Dict::S('UI:PageTitle:FatalError'));
 	$oP->add("<h1>".Dict::S('UI:FatalErrorMessage')."</h1>\n");	
 	$oP->error(Dict::Format('UI:Error_Details', $e->getMessage()));	
+	//$oP->p($e->getTraceAsString());	
 	$oP->output();
 
 	if (MetaModel::IsLogEnabledIssue())