Computation of user rights: added a config flag to force the legacy algorithm (user_rights_legacy, defaulting to false)

git-svn-id: http://svn.code.sf.net/p/itop/code/trunk@3366 a333f486-631f-4898-b8df-5754b55c2be0

core/config.class.inc.php

@@ -769,6 +769,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false, 
 		),
+		'user_rights_legacy' => array(
+			'type' => 'bool',
+			'description' => 'Set to true to restore the buggy algorithm for the computation of user rights (within the same profile, ALLOW on the class itself has precedence on DENY of a parent class)',
+			'default' => false,
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		),
 	);
 
 	public function IsProperty($sPropCode)

setup/compiler.class.inc.php

@@ -1650,6 +1650,8 @@ class ProfilesConfig
 
 	public static function GetProfileActionGrant(\$iProfileId, \$sClass, \$sAction)
 	{
+		\$bLegacyBehavior = MetaModel::GetConfig()->Get('user_rights_legacy');
+
 		// Search for a grant, stoping if any deny is encountered (allowance implies the verification of all paths)
 		\$bAllow = null;
 
@@ -1659,6 +1661,7 @@ class ProfilesConfig
 		if (isset(self::\$aGRANTS[\$sGrantKey]))
 		{
 			\$bAllow = self::\$aGRANTS[\$sGrantKey];
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}
 
@@ -1670,6 +1673,7 @@ class ProfilesConfig
 			if (isset(self::\$aGRANTS[\$sGrantKey]))
 			{
 				\$bAllow = self::\$aGRANTS[\$sGrantKey];
+				if (\$bLegacyBehavior) return \$bAllow;
 				if (!\$bAllow) return false;
 			}
 		}
@@ -1680,6 +1684,7 @@ class ProfilesConfig
 		if (!is_null(\$bGrant))
 		{
 			\$bAllow = \$bGrant;
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}
 
@@ -1689,6 +1694,7 @@ class ProfilesConfig
 		if (isset(self::\$aGRANTS[\$sGrantKey]))
 		{
 			\$bAllow = self::\$aGRANTS[\$sGrantKey];
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}