N°642.2 Portal: Lifecycle transitions security is now a blacklist instead of a white list. Making migration transparent and portal configuration easier.

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@5008 a333f486-631f-4898-b8df-5754b55c2be0

datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php

@@ -161,10 +161,10 @@ class LifecycleValidatorHelper
                             }
 
                             // Retrieving profiles for the stimulus
-                            $oProfilesNode = $oStimulusNode->GetOptionalElement('allowed_profiles');
+                            $oProfilesNode = $oStimulusNode->GetOptionalElement('denied_profiles');
                             $aProfilesNames = array();
                             // If no profile is specified, we consider that it's for ALL the profiles
-                            if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./allowed_profile')->length === 0))
+                            if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./denied_profile')->length === 0))
                             {
                                 foreach (ProfilesConfig::GetProfilesValues() as $iKey => $aValue)
                                 {
@@ -173,13 +173,13 @@ class LifecycleValidatorHelper
                             }
                             else
                             {
-                                foreach ($oProfilesNode->GetNodes('./allowed_profile') as $oProfileNode)
+                                foreach ($oProfilesNode->GetNodes('./denied_profile') as $oProfileNode)
                                 {
                                     // Retrieving mandatory profile id attribute
                                     $sProfileId = $oProfileNode->getAttribute('id');
                                     if ($sProfileId === '')
                                     {
-                                        throw new DOMFormatException('Stimulus tag must have an id attribute.', null, null, $oProfileNode);
+                                        throw new DOMFormatException('Profile tag must have an id attribute.', null, null, $oProfileNode);
                                     }
                                     $aProfilesNames[] = $sProfileId;
                                 }
@@ -287,6 +287,12 @@ class LifecycleValidatorHelper
 	{
 		$aStimuli = array();
 
+		// Preparing available stimuli
+        foreach(MetaModel::EnumStimuli($sClass) as $sStimulusCode => $aData)
+        {
+            $aStimuli[$sStimulusCode] = true;
+        }
+
 		// Iterating on profiles to retrieving the different OQLs parts
 		foreach ($aProfiles as $sProfile)
 		{
@@ -297,19 +303,16 @@ class LifecycleValidatorHelper
 			$sLifecycleValuesClass = $this->sGeneratedClass;
 			$aProfileMatrix = $sLifecycleValuesClass::GetProfileStimuli($iProfileId, $sClass);
 
-			// If the profile / class tuple is not present (null), it means that all stimuli are allowed
-			if($aProfileMatrix === null)
-            {
-                $aImplicitStimuli = array_keys(MetaModel::EnumStimuli($sClass));
-                $aStimuli = array_merge_recursive($aStimuli, $aImplicitStimuli);
-            }
-            else
+			foreach($aProfileMatrix as $sStimulusCode)
             {
-                $aStimuli = array_merge_recursive($aStimuli, $aProfileMatrix);
+                if(array_key_exists($sStimulusCode, $aStimuli))
+                {
+                    unset($aStimuli[$sStimulusCode]);
+                }
             }
 		}
 
-		return $aStimuli;
+		return array_keys($aStimuli);
 	}
 
 	/**
@@ -374,7 +377,7 @@ class LifecycleValidatorHelper
 // File generated by LifeCycleValidatorHelper
 //
 // Please do not edit manually
-// List of constant lifecycles
+// List of denied stimuli by profiles in the lifecycles
 // - used by the portal LifecycleValidatorHelper
 //
 class $sClassName
@@ -382,6 +385,8 @@ class $sClassName
 	protected static \$aPROFILES = $sProfiles;
 
 	/**
+	* Returns the denied stimuli for a profile / class
+	*
 	* @param integer \$iProfileId
 	* @param string \$sClass
 	*/