Home Explore Help
Register Sign In
SKZH
/
ITSSTOOLS
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Customer portal : Manage Brick : Now displays object from the oql_view scope instead of the oql_edit scope. However, opening an object will be in edition mode if the user is allowed to do so, iotherwise it will open in view mode

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@4174 a333f486-631f-4898-b8df-5754b55c2be0
glajarige 9 years ago
parent
c57b05ea06
commit
99554d8593
1 changed files with 26 additions and 6 deletions
Split View Show Diff Stats
  1. 26 6
      datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php

+ 26 - 6
datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
View File 

@@ -23,6 +23,7 @@ use \Silex\Application;
 
 use \Symfony\Component\HttpFoundation\Request;

 use \UserRights;

 use \CMDBSource;

+use \IssueLog;

 use \MetaModel;

 use \AttributeDefinition;

 use \AttributeDate;

@@ -249,7 +250,8 @@ class ManageBrickController extends BrickController
 
 

 			// Restricting query to allowed scope on each classes

 			// Note : Will need to moved the scope restriction on queries elsewhere when we consider grouping on something else than finalclass

-			$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $aGroupingAreasValue['value'], UR_ACTION_MODIFY);

+			// Note : We now get view scope instead of edit scope as we allowed users to view/edit objects in the brick regarding their rights

+			$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $aGroupingAreasValue['value'], UR_ACTION_READ);

 			$oAreaQuery = ($oScopeQuery !== null) ? $oAreaQuery->Intersect($oScopeQuery) : null;

 

 			$aQueries[$sKey] = $oAreaQuery;

@@ -341,11 +343,29 @@ class ManageBrickController extends BrickController
 
 					//if ($sItemAttr === $sTitleAttrCode)

 					if ($sItemAttr === $sMainActionAttrCode)

 					{

-						$aActions[] = array(

-							'type' => ManageBrick::ENUM_ACTION_EDIT,

-							'class' => $sCurrentClass,

-							'id' => $oCurrentRow->GetKey()

-						);

+						// Checking if we can edit the object

+						if (SecurityHelper::IsActionAllowed($oApp, UR_ACTION_MODIFY, $sCurrentClass, $oCurrentRow->GetKey()))

+						{

+							$sActionType = ManageBrick::ENUM_ACTION_EDIT;

+						}

+						// - Otherwise, check if view is allowed

+						elseif (SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $sCurrentClass, $oCurrentRow->GetKey()))

+						{

+							$sActionType = ManageBrick::ENUM_ACTION_VIEW;

+						}

+						else

+						{

+							$sActionType = null;

+						}

+						// - Then set allowed action

+						if ($sActionType !== null)

+						{

+							$aActions[] = array(

+								'type' => $sActionType,

+								'class' => $sCurrentClass,

+								'id' => $oCurrentRow->GetKey()

+							);

+						}

 					}

 

 					$oAttDef = MetaModel::GetAttributeDef($sCurrentClass, $sItemAttr);