GetDeletionScheme();
// Evaluate feasibility (user access control)
//
foreach ($aDeletedObjs as $sRemoteClass => $aDeletes)
{
$iTotalDelete += count($aDeletes);
foreach ($aDeletes as $iId => $aData)
{
$oToDelete = $aData['to_delete'];
$bDeleteAllowed = UserRights::IsActionAllowed($sClass, UR_ACTION_DELETE, DBObjectSet::FromObject($oToDelete));
$aTotalDeletedObjs[$sRemoteClass][$iId]['auto_delete'] = $aData['auto_delete'];
if (!$bDeleteAllowed)
{
$aTotalDeletedObjs[$sRemoteClass][$iId]['issue'] = 'not allowed to delete this object';
$bFoundStopper = true;
}
else
{
$aTotalDeletedObjs[$sRemoteClass][$iId]['to_delete'] = $oToDelete;
}
$bAutoDel = $aData['auto_delete'];
if (!$bAutoDel)
{
$bFoundManual = true;
}
}
}
foreach ($aResetedObjs as $sRemoteClass => $aToReset)
{
$iTotalReset += count($aToReset);
foreach ($aToReset as $iId => $aData)
{
$oToReset = $aData['to_reset'];
$aExtKeyLabels = array();
$aForbiddenKeys = array(); // keys on which the current user is not allowed to write
foreach ($aData['attributes'] as $sRemoteExtKey => $aRemoteAttDef)
{
$bUpdateAllowed = UserRights::IsActionAllowedOnAttribute($sClass, $sRemoteExtKey, UR_ACTION_MODIFY, DBObjectSet::FromObject($oToReset));
if (!$bUpdateAllowed)
{
$bFoundStopper = true;
$aForbiddenKeys[] = $aRemoteAttDef->GetLabel();
}
$aExtKeyLabels[] = $aRemoteAttDef->GetLabel();
}
$aResetedObjs[$sRemoteClass][$iId]['attributes_list'] = implode(', ', $aExtKeyLabels);
if (count($aForbiddenKeys) > 0)
{
$aTotalResetedObjs[$sRemoteClass][$iId]['issue'] = 'you are not allowed to update some fields: '.implode(', ', $aForbiddenKeys);
}
else
{
$aTotalResetedObjs[$sRemoteClass][$iId]['to_reset'] = $oToReset;
}
}
}
// Count of dependent objects (+ the current one)
$iTotalTargets = $iTotalDelete + $iTotalReset;
}
if ($bDeleteConfirmed)
{
if (count($aObjects) == 1)
{
$oObj = $aObjects[0];
$oP->add("
Deletion of ".$oObj->GetName()."
\n");
}
else
{
$oP->add("
Deletion of ".count($aObjects)." objects of class $sClass.
\n");
}
// Security - do not allow the user to force a forbidden delete by the mean of page arguments...
if ($bFoundStopper)
{
throw new SecurityException('This object could not be deleted because the current user do not have sufficient rights');
}
if ($bFoundManual)
{
throw new SecurityException('This object could not be deleted because some manual operations must be performed prior to that');
}
// Prepare the change reporting
//
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
if (UserRights::GetUser() != UserRights::GetRealUser())
{
$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
}
else
{
$sUserString = UserRights::GetUser();
}
$oMyChange->Set("userinfo", $sUserString);
$oMyChange->DBInsert();
// Delete dependencies
//
$aDisplayData = array();
foreach ($aTotalDeletedObjs as $sRemoteClass => $aDeletes)
{
foreach ($aDeletes as $iId => $aData)
{
$oToDelete = $aData['to_delete'];
$aDisplayData[] = array(
'class' => MetaModel::GetName(get_class($oToDelete)),
'object' => $oToDelete->GetHyperLink(),
'consequence' => 'automatically deleted',
);
$oToDelete->DBDeleteTracked($oMyChange);
}
}
// Update dependencies
//
foreach ($aTotalResetedObjs as $sRemoteClass => $aToReset)
{
foreach ($aToReset as $iId => $aData)
{
$oToReset = $aData['to_reset'];
$aDisplayData[] = array(
'class' => MetaModel::GetName(get_class($oToReset)),
'object' => $oToReset->GetHyperLink(),
'consequence' => 'automatic reset of: '.$aData['attributes_list'],
);
foreach ($aData['attributes'] as $sRemoteExtKey => $aRemoteAttDef)
{
$oToReset->Set($sRemoteExtKey, 0);
$oToReset->DBUpdateTracked($oMyChange);
}
}
}
// Report automatic jobs
//
if ($iTotalTargets > 0)
{
if (count($aObjects) == 1)
{
$oObj = $aObjects[0];
$oP->p('Cleaning up any reference to '.$oObj->GetName().'...');
}
else
{
$oP->p("Cleaning up any reference to the ".count($aObjects)." objects of class $sClass.\n");
}
$aDisplayConfig = array();
$aDisplayConfig['class'] = array('label' => 'Class', 'description' => '');
$aDisplayConfig['object'] = array('label' => 'Object', 'description' => '');
$aDisplayConfig['consequence'] = array('label' => 'Done', 'description' => 'What has been done');
$oP->table($aDisplayConfig, $aDisplayData);
}
foreach($aObjects as $oObj)
{
$sName = $oObj->GetName();
$sClassLabel = MetaModel::GetName(get_class($oObj));
$oObj->DBDeleteTracked($oMyChange);
$oP->add("
Deletion of ".count($aObjects)." objects of class $sClass.
\n");
}
// Explain what should be done
//
$aDisplayData = array();
foreach ($aTotalDeletedObjs as $sRemoteClass => $aDeletes)
{
foreach ($aDeletes as $iId => $aData)
{
$oToDelete = $aData['to_delete'];
$bAutoDel = $aData['auto_delete'];
if (array_key_exists('issue', $aData))
{
if ($bAutoDel)
{
$sConsequence = 'Should be automaticaly deleted, but you are not allowed to do so';
}
else
{
$sConsequence = 'Must be deleted manually - you are not allowed to delete this object, please contact your application admin';
}
}
else
{
if ($bAutoDel)
{
$sConsequence = 'Will be automaticaly deleted';
}
else
{
$sConsequence = 'Must be deleted manually';
}
}
$aDisplayData[] = array(
'class' => MetaModel::GetName(get_class($oToDelete)),
'object' => $oToDelete->GetHyperLink(),
'consequence' => $sConsequence,
);
}
}
foreach ($aTotalResetedObjs as $sRemoteClass => $aToReset)
{
foreach ($aToReset as $iId => $aData)
{
$oToReset = $aData['to_reset'];
if (array_key_exists('issue', $aData))
{
$sConsequence = "Should be automatically updated, but: ".$aData['issue'];
}
else
{
$sConsequence = "will be automaticaly updated (reset: ".$aData['attributes_list'].")";
}
$aDisplayData[] = array(
'class' => MetaModel::GetName(get_class($oToReset)),
'object' => $oToReset->GetHyperLink(),
'consequence' => $sConsequence,
);
}
}
if ($iTotalTargets > 0)
{
if (count($aObjects) == 1)
{
$oObj = $aObjects[0];
$oP->p("$iTotalTargets objects/links are referencing ".$oObj->GetName());
}
else
{
$oP->p("$iTotalTargets objects/links are referencing some of the objects to be deleted");
}
$oP->p('To ensure Database integrity, any reference should be further eliminated');
$aDisplayConfig = array();
$aDisplayConfig['class'] = array('label' => 'Class', 'description' => '');
$aDisplayConfig['object'] = array('label' => 'Object', 'description' => '');
$aDisplayConfig['consequence'] = array('label' => 'Consequence', 'description' => 'What will happen to this object');
$oP->table($aDisplayConfig, $aDisplayData);
}
if ($iTotalTargets > 0 && ($bFoundManual || $bFoundStopper))
{
if ($bFoundStopper)
{
$oP->p("Sorry, you are not allowed to delete this object, please see detailed explanations above");
}
elseif ($bFoundManual)
{
$oP->p("Please do the manual operations requested above prior to requesting the deletion of this object");
}
$oP->add("\n");
}
else
{
if (count($aObjects) == 1)
{
$oObj = $aObjects[0];
$id = $oObj->GetKey();
$oP->p("Please confirm that you want to delete ".$oObj->GetHyperLink());
$oP->add("\n");
}
else
{
$oP->add("
Please confirm that you want to delete the following ".count($aObjects)." objects of class $sClass.
\n");
$oSet = CMDBobjectSet::FromArray($sClass, $aObjects);
CMDBAbstractObject::DisplaySet($oP, $oSet, array('display_limit' => false, 'menu' => false));
$oP->add("\n");
}
}
}
}
/***********************************************************************************
*
* Main user interface page, starts here
*
* ***********************************************************************************/
try
{
require_once('../application/application.inc.php');
require_once('../application/itopwebpage.class.inc.php');
require_once('../application/wizardhelper.class.inc.php');
require_once('../application/startup.inc.php');
$oContext = new UserContext();
$oAppContext = new ApplicationContext();
$iActiveNodeId = utils::ReadParam('menu', '');
if (empty($iActiveNodeId) && !is_numeric($iActiveNodeId))
{
// No menu specified, let's get the default one:
// 1) It's a root menu item (parent_id == 0)
// 2) with the lowest rank
$oFilter = DBObjectSearch::FromOQL('SELECT menuNode AS M WHERE M.parent_id = 0');
if ($oFilter)
{
$oMenuSet = new CMDBObjectSet($oFilter);
while($oMenu = $oMenuSet->Fetch())
{
$aRanks[$oMenu->GetKey()] = $oMenu->Get('rank');
}
asort($aRanks); // sort by ascending rank: menuId => rank
$aKeys = array_keys($aRanks);
$iActiveNodeId = array_shift($aKeys); // Takes the first key, i.e. the menuId with the lowest rank
}
}
$currentOrganization = utils::ReadParam('org_id', '');
$operation = utils::ReadParam('operation', '');
require_once('../application/loginwebpage.class.inc.php');
LoginWebPage::DoLogin(); // Check user rights and prompt if needed
$oP = new iTopWebPage("Welcome to ITop", $currentOrganization);
// From now on the context is limited to the the selected organization ??
if ($iActiveNodeId != -1)
{
$oActiveNode = $oContext->GetObject('menuNode', $iActiveNodeId);
}
else
{
$oActiveNode = null;
}
switch($operation)
{
case 'details':
$sClass = utils::ReadParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$id = utils::ReadParam('id', '');
$oSearch = new DBObjectSearch($sClass);
$oBlock = new DisplayBlock($oSearch, 'search', false);
$oBlock->Display($oP, 0);
if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
{
$oP->add("
'class' and 'id' parameters must be specifed for this operation.
\n");
}
else
{
$oP->set_title("iTop - Search results");
$sOQL = "SELECT $sOQLClass $sOQLClause";
try
{
$oFilter = DBObjectSearch::FromOQL($sOQL); // To Do: Make sure we don't bypass security
$oSet = new DBObjectSet($oFilter);
if ($bSearchForm)
{
$oBlock = new DisplayBlock($oFilter, 'search', false);
$oBlock->Display($oP, 0);
}
if (strtolower($sFormat) == 'csv')
{
$oBlock = new DisplayBlock($oFilter, 'csv', false);
$oBlock->Display($oP, 'csv');
$oPage->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
}
else
{
$oBlock = new DisplayBlock($oFilter, 'list', false);
$oBlock->Display($oP, 1);
}
}
catch(CoreException $e)
{
$oFilter = new DBObjectSearch($sOQLClass); // To Do: Make sure we don't bypass security
$oSet = new DBObjectSet($oFilter);
if ($bSearchForm)
{
$oBlock = new DisplayBlock($oFilter, 'search', false);
$oBlock->Display($oP, 0);
}
$oP->P("Error incorrect OQL query:");
$oP->P($e->getHtmlDesc());
}
catch(Exception $e)
{
$oP->p('An error occured while running the query:');
$oP->p($e->getMessage());
}
}
break;
case 'search_form':
$sClass = utils::ReadParam('class', '');
$sFormat = utils::ReadParam('format', 'html');
$bSearchForm = utils::ReadParam('search_form', true);
if (empty($sClass))
{
$oP->set_title("iTop - Error");
$oP->add("
'class' must be specifed for this operation.
\n");
}
else
{
$oP->set_title("iTop - Search results");
$oFilter = $oContext->NewFilter($sClass);
$oSet = new DBObjectSet($oFilter);
if ($bSearchForm)
{
$oBlock = new DisplayBlock($oFilter, 'search', false /* Asynchronous */, array('open' => true));
$oBlock->Display($oP, 0);
}
if (strtolower($sFormat) == 'csv')
{
$oBlock = new DisplayBlock($oFilter, 'csv', false);
$oBlock->Display($oP, 1);
$oP->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
}
else
{
$oBlock = new DisplayBlock($oFilter, 'list', false);
$oBlock->Display($oP, 1);
}
}
break;
case 'search':
$sFilter = utils::ReadParam('filter', '');
$sFormat = utils::ReadParam('format', '');
$bSearchForm = utils::ReadParam('search_form', true);
if (empty($sFilter))
{
$oP->set_title("iTop - Error");
$oP->add("
'filter' must be specifed for this operation.
\n");
}
else
{
$oP->set_title("iTop - Search results");
// TO DO: limit the search filter by the user context
$oFilter = CMDBSearchFilter::unserialize($sFilter); // TO DO : check that the filter is valid
$oSet = new DBObjectSet($oFilter);
if ($bSearchForm)
{
$oBlock = new DisplayBlock($oFilter, 'search', false);
$oBlock->Display($oP, 0);
}
if (strtolower($sFormat) == 'csv')
{
$oBlock = new DisplayBlock($oFilter, 'csv', false);
$oBlock->Display($oP, 'csv');
$oP->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
}
else
{
$oBlock = new DisplayBlock($oFilter, 'list', false);
$oBlock->Display($oP, 1);
}
}
break;
case 'full_text':
$sFullText = trim(utils::ReadParam('text', ''));
if (empty($sFullText))
{
$oP->p('Nothing to search.');
}
else
{
$oP->p("
Results for '$sFullText':
\n");
$iCount = 0;
$iBlock = 0;
// Search in full text mode in all the classes
foreach(MetaModel::GetClasses('bizmodel') as $sClassName)
{
$oFilter = new DBObjectSearch($sClassName);
$oFilter->AddCondition_FullText($sFullText);
$oSet = new DBObjectSet($oFilter);
if ($oSet->Count() > 0)
{
$aLeafs = array();
while($oObj = $oSet->Fetch())
{
if (get_class($oObj) == $sClassName)
{
$aLeafs[] = $oObj->GetKey();
}
}
$oLeafsFilter = new DBObjectSearch($sClassName);
if (count($aLeafs) > 0)
{
$iCount += count($aLeafs);
$oP->add("
Sorry this object does not exist (or you are not allowed to view it).
\n");
}
}
break;
case 'clone':
$sClass = utils::ReadParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$id = utils::ReadParam('id', '');
if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
{
$oP->add("
'class' and 'id' parameters must be specifed for this operation.
\n");
}
else
{
// Check if the user can modify this object
$oSearch = new DBObjectSearch($sClass);
$oSearch->AddCondition('id', $id, '=');
$oSet = new CMDBObjectSet($oSearch);
if ($oSet->Count() > 0)
{
$oObjToClone = $oSet->Fetch();
}
$bIsModifiedAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES);
$bIsReadAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) == UR_ALLOWED_YES);
if( ($oObjToClone != null) && ($bIsModifiedAllowed) && ($bIsReadAllowed))
{
$oP->add_linked_script("../js/json.js");
$oP->add_linked_script("../js/forms-json-utils.js");
$oP->add_linked_script("../js/wizardhelper.js");
$oP->add_linked_script("../js/wizard.utils.js");
$oP->add_linked_script("../js/linkswidget.js");
$oP->add_linked_script("../js/jquery.blockUI.js");
$oP->set_title("iTop - ".$oObjToClone->GetName()." - $sClassLabel clone");
$oP->add("
\n");
$oP->add("
Clone of $sClassLabel: ".$oObjToClone->GetName()."
Sorry this object does not exist (or you are not allowed to view it).
\n");
}
}
break;
case 'new':
$sClass = utils::ReadParam('class', '');
$sStateCode = utils::ReadParam('state', '');
if ( empty($sClass) )
{
$oP->p("The class must be specified for this operation!");
}
else
{
$oP->add_linked_script("../js/json.js");
$oP->add_linked_script("../js/forms-json-utils.js");
$oP->add_linked_script("../js/wizardhelper.js");
$oP->add_linked_script("../js/wizard.utils.js");
$oP->add_linked_script("../js/linkswidget.js");
$oP->add_linked_script("../js/jquery.blockUI.js");
$oWizard = new UIWizard($oP, $sClass, $sStateCode);
$oContext = new UserContext();
$aArgs = array_merge($oAppContext->GetAsHash(), utils::ReadParam('default', array()));
$sStateCode = $oWizard->GetTargetState(); // Will computes the default state if none was supplied
$sClassLabel = MetaModel::GetName($sClass);
$oP->add("
Creation of a new $sClassLabel
");
if (!empty($sStateCode))
{
$sStateLabel = MetaModel::GetStateLabel($sClass, $sStateCode);
}
$aWizardSteps = $oWizard->GetWizardStructure();
// Display the structure of the wizard
$iStepIndex = 1;
$iMaxInputId = 0;
$aFieldsMap = array();
foreach($aWizardSteps['mandatory'] as $aSteps)
{
$oP->SetCurrentTab("Step $iStepIndex *");
$oWizard->DisplayWizardStep($aSteps, $iStepIndex, $iMaxInputId, $aFieldsMap, false /* no finish button */, $aArgs);
//$oP->add("\n");
$iStepIndex++;
}
foreach($aWizardSteps['optional'] as $aSteps)
{
$oP->SetCurrentTab("Step $iStepIndex *");
$oWizard->DisplayWizardStep($aSteps, $iStepIndex, $iMaxInputId, $aFieldsMap, true, $aArgs); // true means enable the finish button
//$oP->add("\n");
$iStepIndex++;
}
$oWizard->DisplayFinalStep($iStepIndex, $aFieldsMap);
$oObj = null;
if (!empty($id))
{
$oObj = $oContext->GetObject($sClass, $id);
}
if (!is_object($oObj))
{
// new object or that can't be retrieved (corrupted id or object not allowed to this user)
$id = '';
$oObj = MetaModel::NewObject($sClass);
}
$oP->add("\n");
}
break;
case 'apply_modify':
$sClass = utils::ReadPostedParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$id = utils::ReadPostedParam('id', '');
$sTransactionId = utils::ReadPostedParam('transaction_id', '');
if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
{
$oP->add("
'class' and 'id' parameters must be specifed for this operation.
\n");
}
else if (!utils::IsTransactionValid($sTransactionId))
{
$oP->p("Error: object has already be updated!\n");
}
else
{
$oObj = $oContext->GetObject($sClass, $id);
if ($oObj != null)
{
$oP->set_title("iTop - ".$oObj->GetName()." - $sClassLabel modification");
$oP->add("
".$oObj->GetName()." - $sClassLabel modification
\n");
$bObjectModified = false;
foreach(MetaModel::ListAttributeDefs(get_class($oObj)) as $sAttCode=>$oAttDef)
{
if ($oAttDef->IsLinkSet())
{
// Link set, the data is a set of link objects, encoded in JSON
$aAttributes[$sAttCode] = trim(utils::ReadPostedParam("attr_$sAttCode", ''));
if (!empty($aAttributes[$sAttCode]))
{
$oLinkSet = WizardHelper::ParseJsonSet($oObj, $oAttDef->GetLinkedClass(), $oAttDef->GetExtKeyToMe(), $aAttributes[$sAttCode]);
$oObj->Set($sAttCode, $oLinkSet);
// TO DO: detect a real modification, for now always update !!
$bObjectModified = true;
}
}
else if (!$oAttDef->IsExternalField())
{
$rawValue = utils::ReadPostedParam("attr_$sAttCode", null);
if (!is_null($rawValue))
{
$aAttributes[$sAttCode] = trim($rawValue);
$previousValue = $oObj->Get($sAttCode);
if ($previousValue !== $aAttributes[$sAttCode])
{
$oObj->Set($sAttCode, $aAttributes[$sAttCode]);
$bObjectModified = true;
}
}
}
else if ($oAttDef->IsWritable())
{
$iFlags = $oObj->GetAttributeFlags($sAttCode);
if ($iFlags & (OPT_ATT_HIDDEN | OPT_ATT_READONLY))
{
// Non-visible, or read-only attribute, do nothing
}
else if ($oAttDef->GetEditClass() == 'Document')
{
// There should be an uploaded file with the named attr_
$oDocument = utils::ReadPostedDocument('file_'.$sAttCode);
if (!$oDocument->IsEmpty())
{
// A new file has been uploaded
$oObj->Set($sAttCode, $oDocument);
$bObjectModified = true;
}
}
}
}
if (!$bObjectModified)
{
$oP->p("No modification detected. ".MetaModel::GetName(get_class($oObj))." has not been updated.\n");
}
else if ($oObj->CheckToUpdate())
{
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
if (UserRights::GetUser() != UserRights::GetRealUser())
{
$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
}
else
{
$sUserString = UserRights::GetUser();
}
$oMyChange->Set("userinfo", $sUserString);
$iChangeId = $oMyChange->DBInsert();
$oObj->DBUpdateTracked($oMyChange);
$oP->p(MetaModel::GetName(get_class($oObj))." updated.\n");
}
else
{
$oP->p("Error: object can not be updated!\n");
//$oObj->Reload(); // restore default values!
}
}
else
{
$oP->set_title("iTop - Error");
$oP->add("
Sorry this object does not exist (or you are not allowed to edit it).
\n");
}
else
{
$oP->set_title("iTop - mass delete");
$oP->add("
Select the objects you want to delete
\n");
// TO DO: limit the search filter by the user context
$oFilter = CMDBSearchFilter::unserialize($sFilter); // TO DO : check that the filter is valid
$oSet = new DBObjectSet($oFilter);
if ($bSearchForm)
{
$oBlock = new DisplayBlock($oFilter, 'search', false);
$oBlock->Display($oP, 0);
}
$oBlock = new DisplayBlock($oFilter, 'list', false);
$oP->add("\n");
}
break;
case 'bulk_delete':
case 'bulk_delete_confirmed':
$sClass = utils::ReadPostedParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$aSelectObject = utils::ReadPostedParam('selectObject', '');
$aObjects = array();
$sTransactionId = utils::ReadPostedParam('transaction_id', '');
if ( empty($sClass) || empty($aSelectObject)) // TO DO: check that the class name is valid !
{
throw new ApplicationException('Error: \'class\' and \'selectObject[]\' parameters must be specifed for this operation.');
}
if (!utils::IsTransactionValid($sTransactionId))
{
throw new ApplicationException('Error: objects have already been deleted!');
}
foreach($aSelectObject as $iId)
{
$aObjects[] = $oContext->GetObject($sClass, $iId);
}
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_BULK_DELETE, DBObjectSet::FromArray($sClass, $aObjects)))
{
throw new SecurityException('You are not allowed to perform a bulk delete of objects of class '.$sClass);
}
DeleteObjects($oP, $sClass, $aObjects, ($operation == 'bulk_delete_confirmed'));
break;
case 'delete':
case 'delete_confirmed':
$sClass = utils::ReadParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$id = utils::ReadParam('id', '');
$oObj = $oContext->GetObject($sClass, $id);
if (!UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, DBObjectSet::FromObject($oObj)))
{
throw new SecurityException('You are not allowed to do delete objects of class '.$sClass);
}
DeleteObjects($oP, $sClass, array($oObj), ($operation == 'delete_confirmed'));
break;
case 'apply_new':
$oP->p('Creation of the object');
$oP->p('Obsolete, should now go through the wizard...');
break;
case 'apply_clone':
$sClass = utils::ReadPostedParam('class', '');
$sClassLabel = MetaModel::GetName($sClass);
$iCloneId = utils::ReadPostedParam('clone_id', '');
$sTransactionId = utils::ReadPostedParam('transaction_id', '');
if (!utils::IsTransactionValid($sTransactionId))
{
$oP->p("Error: object has already be cloned!\n");
}
else
{
$oObj = $oContext->GetObject($sClass, $iCloneId);
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
if (UserRights::GetUser() != UserRights::GetRealUser())
{
$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
}
else
{
$sUserString = UserRights::GetUser();
}
$oMyChange->Set("userinfo", $sUserString);
$iChangeId = $oMyChange->DBInsert();
$sStateAttCode = MetaModel::GetStateAttributeCode(get_class($oObj));
foreach(MetaModel::ListAttributeDefs($sClass) as $sAttCode=>$oAttDef)
{
if ( ($oAttDef->IsWritable()) )
{
$value = utils::ReadPostedParam('attr_'.$sAttCode, '');
$oObj->Set($sAttCode, $value);
}
}
$oObj->DBCloneTracked($oMyChange);
$oP->add("
\n");
$oObj->DisplayDetails($oP);
}
}
break;
case 'stimulus':
$sClass = utils::ReadParam('class', '');
$id = utils::ReadParam('id', '');
$sStimulus = utils::ReadParam('stimulus', '');
if ( empty($sClass) || empty($id) || empty($sStimulus) ) // TO DO: check that the class name is valid !
{
$oP->add("
'class', 'id' and 'stimulus' parameters must be specifed for this operation.