#415 Could not limit user on some organization (symptom: wrong queries... org_id does not exist...)

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@1319 a333f486-631f-4898-b8df-5754b55c2be0

addons/userrights/userrightsprofile.class.inc.php

@@ -751,17 +751,24 @@ exit;
 
 		// Determine how to position the objects of this class
 		//
+		$aCallSpec = array($sClass, 'MapContextParam');
 		if ($sClass == 'Organization')
 		{
 			$sAttCode = 'id';
 		}
-		elseif (is_callable("$sClass::MapContextParam"))
+		elseif (is_callable($aCallSpec))
 		{
-			$sAttCode = eval("return $sClass::MapContextParam('org_id');"); // Returns null when there is no mapping for this parameter
+			$sAttCode = call_user_func($aCallSpec, 'org_id'); // Returns null when there is no mapping for this parameter
+
 			if ($sAttCode == null)
 			{
 				return true;
 			}
+			if (!MetaModel::IsValidAttCode($sClass, $sAttCode))
+			{
+				// Skip silently. The data model checker will tell you something about this...
+				return true;
+			}
 		}
 		elseif(MetaModel::IsValidAttCode($sClass, 'org_id'))
 		{

application/displayblock.class.inc.php

@@ -331,9 +331,10 @@ class DisplayBlock
 				$oAppContext = new ApplicationContext();
 				$sClass = $this->m_oFilter->GetClass();
 				$aFilterCodes = array_keys(MetaModel::GetClassFilterDefs($sClass));
+				$aCallSpec = array($sClass, 'MapContextParam');
 				foreach($oAppContext->GetNames() as $sContextParam)
 				{
-					eval("\$sParamCode = $sClass::MapContextParam('$sContextParam');"); //Map context parameter to the value/filter code depending on the class
+					$sParamCode = call_user_func($aCallSpec, $sContextParam); //Map context parameter to the value/filter code depending on the class
 					if (!is_null($sParamCode))
 					{
 						$sParamValue = $oAppContext->GetCurrentValue($sContextParam, null);

pages/audit.php

@@ -44,15 +44,16 @@ try
 	{
 		$sObjClass = $oFilter->GetClass();		
 		$aContextParams = $oAppContext->GetNames();
-		if (is_callable("$sObjClass::MapContextParam"))
+		$aCallSpec = array($sObjClass, 'MapContextParam');
+		if (is_callable($aCallSpec))
 		{
 			foreach($aContextParams as $sParamName)
 			{
 				$sValue = $oAppContext->GetCurrentValue($sParamName, null);
 				if ($sValue != null)
 				{
-					$sAttCode = eval("return $sObjClass::MapContextParam('$sParamName');"); // Returns null when there is no mapping for this parameter
-					if ($sAttCode != null)
+					$sAttCode = call_user_func($aCallSpec, $sParamName); // Returns null when there is no mapping for this parameter
+					if ($sAttCode != null && MetaModel::IsValidAttCode($sObjClass, $sAttCode))
 					{
 						$oFilter->AddCondition($sAttCode, $sValue);
 					}