ITSSTOOLS/pages/UI.php

<?php
try
{
	require_once('../application/application.inc.php');
	require_once('../application/itopwebpage.class.inc.php');
	require_once('../application/wizardhelper.class.inc.php');

	require_once('../application/startup.inc.php');
	$oContext = new UserContext();
	$oAppContext = new ApplicationContext();
	$iActiveNodeId = utils::ReadParam('menu', '');
	if (empty($iActiveNodeId) && !is_numeric($iActiveNodeId))
	{
		// No menu specified, let's get the default one:
		// 1) It's a root menu item (parent_id == 0)
		// 2) with the lowest rank
		$oFilter = DBObjectSearch::FromOQL('SELECT menuNode AS M WHERE M.parent_id = 0');
		if ($oFilter)
		{
			$oMenuSet = new CMDBObjectSet($oFilter);
			while($oMenu = $oMenuSet->Fetch())
			{
				$aRanks[$oMenu->GetKey()] = $oMenu->Get('rank');
			}
			asort($aRanks); // sort by ascending rank: menuId => rank
			$aKeys = array_keys($aRanks);
			$iActiveNodeId = array_shift($aKeys); // Takes the first key, i.e. the menuId with the lowest rank
		}
	}
	$currentOrganization = utils::ReadParam('org_id', '');
	$operation = utils::ReadParam('operation', '');

	require_once('../application/loginwebpage.class.inc.php');
	LoginWebPage::DoLogin(); // Check user rights and prompt if needed


	$oP = new iTopWebPage("Welcome to ITop", $currentOrganization);

	// From now on the context is limited to the the selected organization ??
	if ($iActiveNodeId != -1)
	{
	    $oActiveNode = $oContext->GetObject('menuNode', $iActiveNodeId);
	}
	else
	{
	    $oActiveNode = null;
	}

	switch($operation)
	{
		case 'details':
			$sClass = utils::ReadParam('class', '');
			$sClassLabel = MetaModel::GetName($sClass);
			$id = utils::ReadParam('id', '');
			$oSearch = new DBObjectSearch($sClass);
			$oBlock = new DisplayBlock($oSearch, 'search', false);
			$oBlock->Display($oP, 0);
			if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
			{
				$oP->add("<p>'class' and 'id' parameters must be specifed for this operation.</p>\n");
			}
			else
			{
				$oObj = $oContext->GetObject($sClass, $id);
				if ($oObj != null)
				{
					$oP->set_title("iTop - ".$oObj->GetDisplayName()." - $sClassLabel details");
					$oObj->DisplayDetails($oP);
				}
				else
				{
					$oP->set_title("iTop - Error");
					$oP->add("<p>Sorry this object does not exist (or you are not allowed to view it).</p>\n");
				}
			}
		break;
	
		case 'search_oql':
			$sOQLClass = utils::ReadParam('oql_class', '');
			$sOQLClause = utils::ReadParam('oql_clause', '');
			$sFormat = utils::ReadParam('format', '');
			$bSearchForm = utils::ReadParam('search_form', true);
			if (empty($sOQLClass))
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>'oql_class' must be specifed for this operation.</p>\n");
			}
			else
			{
				$oP->set_title("iTop - Search results");
				$sOQL = "SELECT $sOQLClass $sOQLClause";
				try
				{
					$oFilter = DBObjectSearch::FromOQL($sOQL); // To Do: Make sure we don't bypass security
					$oSet = new DBObjectSet($oFilter);
					if ($bSearchForm)
					{
						$oBlock = new DisplayBlock($oFilter, 'search', false);
						$oBlock->Display($oP, 0);
					}
					if (strtolower($sFormat) == 'csv')
					{
						$oBlock = new DisplayBlock($oFilter, 'csv', false);
						$oBlock->Display($oP, 'csv');
						$oPage->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
					}
					else
					{
						$oBlock = new DisplayBlock($oFilter, 'list', false);
						$oBlock->Display($oP, 1);
					}
				}
				catch(CoreException $e)
				{
					$oFilter = new DBObjectSearch($sOQLClass); // To Do: Make sure we don't bypass security
					$oSet = new DBObjectSet($oFilter);
					if ($bSearchForm)
					{
						$oBlock = new DisplayBlock($oFilter, 'search', false);
						$oBlock->Display($oP, 0);
					}
					$oP->P("<b>Error incorrect OQL query:</b>");
					$oP->P($e->getHtmlDesc());
				}
				catch(Exception $e)
				{
					$oP->p('<b>An error occured while running the query:</b>');
					$oP->p($e->getMessage());
				}
			}
		break;
		case 'search_form':
			$sClass = utils::ReadParam('class', '');
			$sFormat = utils::ReadParam('format', 'html');
			$bSearchForm = utils::ReadParam('search_form', true);
			if (empty($sClass))
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>'class' must be specifed for this operation.</p>\n");
			}
			else
			{
				$oP->set_title("iTop - Search results");
				$oFilter =  $oContext->NewFilter($sClass);
				$oSet = new DBObjectSet($oFilter);
				if ($bSearchForm)
				{
					$oBlock = new DisplayBlock($oFilter, 'search', false /* Asynchronous */, array('open' => true));
					$oBlock->Display($oP, 0);
				}
				if (strtolower($sFormat) == 'csv')
				{
					$oBlock = new DisplayBlock($oFilter, 'csv', false);
					$oBlock->Display($oP, 1);
					$oP->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
				}
				else
				{
					$oBlock = new DisplayBlock($oFilter, 'list', false);
					$oBlock->Display($oP, 1);
				}
			}
		break;
		
		case 'search':
			$sFilter = utils::ReadParam('filter', '');
			$sFormat = utils::ReadParam('format', '');
			$bSearchForm = utils::ReadParam('search_form', true);
			if (empty($sFilter))
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>'filter' must be specifed for this operation.</p>\n");
			}
			else
			{
				$oP->set_title("iTop - Search results");
				// TO DO: limit the search filter by the user context
				$oFilter = CMDBSearchFilter::unserialize($sFilter); // TO DO : check that the filter is valid
				$oSet = new DBObjectSet($oFilter);
				if ($bSearchForm)
				{
					$oBlock = new DisplayBlock($oFilter, 'search', false);
					$oBlock->Display($oP, 0);
				}
				if (strtolower($sFormat) == 'csv')
				{
					$oBlock = new DisplayBlock($oFilter, 'csv', false);
					$oBlock->Display($oP, 'csv');
					$oP->add_ready_script(" $('#csv').css('height', '95%');"); // adjust the size of the block
				}
				else
				{
					$oBlock = new DisplayBlock($oFilter, 'list', false);
					$oBlock->Display($oP, 1);
				}
			}
		break;
	
		case 'full_text':
			$sFullText = trim(utils::ReadParam('text', ''));
			if (empty($sFullText))
			{
				$oP->p('Nothing to search.');
			}
			else
			{
				$oP->p("<h2>Results for '$sFullText':</h2>\n");
				$iCount = 0;
				$iBlock = 0;
				// Search in full text mode in all the classes
				foreach(MetaModel::GetClasses('bizmodel') as $sClassName)
				{
					$oFilter = new DBObjectSearch($sClassName);
					$oFilter->AddCondition_FullText($sFullText);
					$oSet = new DBObjectSet($oFilter);
					if ($oSet->Count() > 0)
					{
						$aLeafs = array();
						while($oObj = $oSet->Fetch())
						{
							if (get_class($oObj) == $sClassName)
							{
								$aLeafs[] = $oObj->GetKey();
							}
						}
						$oLeafsFilter = new DBObjectSearch($sClassName);
						if (count($aLeafs) > 0)
						{
							$iCount += count($aLeafs);
							$oP->add("<div class=\"page_header\">\n");
							$oP->add("<h1><span class=\"hilite\">".Metamodel::GetName($sClassName).":</span> ".count($aLeafs)." object(s) found.</h1>\n");
							$oP->add("</div>\n");
							$oLeafsFilter->AddCondition('pkey', $aLeafs, 'IN');
							$oBlock = new DisplayBlock($oLeafsFilter, 'list', false);
							$oBlock->Display($oP, $iBlock++);
						}
					}
				}
				if ($iCount == 0)
				{
					$oP->p('No object found.');
				}
			}	
		break;
	
		case 'modify':
			$oP->add_linked_script("../js/json.js");
			$oP->add_linked_script("../js/forms-json-utils.js");
			$oP->add_linked_script("../js/wizardhelper.js");
			$oP->add_linked_script("../js/wizard.utils.js");
			$oP->add_linked_script("../js/linkswidget.js");
			$oP->add_linked_script("../js/jquery.blockUI.js");
			$sClass = utils::ReadParam('class', '');
			$sClassLabel = MetaModel::GetName($sClass);
			$id = utils::ReadParam('id', '');
			if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
			{
				$oP->add("<p>'class' and 'id' parameters must be specifed for this operation.</p>\n");
			}
			else
			{
				// Check if the user can modify this object
				$oSearch = new DBObjectSearch($sClass);
				$oSearch->AddCondition('pkey', $id, '=');
				$oSet = new CMDBObjectSet($oSearch);
				if ($oSet->Count() > 0)
				{
					$oObj = $oSet->Fetch();
				}
			
				$bIsModifiedAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES);
				$bIsReadAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) == UR_ALLOWED_YES);
				if( ($oObj != null) && ($bIsModifiedAllowed) && ($bIsReadAllowed))
				{
					$oP->set_title("iTop - ".$oObj->GetName()." - $sClassLabel modification");
					$oP->add("<div class=\"page_header\">\n");
					$oP->add("<h1>Modification of $sClassLabel: <span class=\"hilite\">".$oObj->GetName()."</span></h1>\n");
					$oP->add("</div>\n");

					$oP->add("<div class=\"wizContainer\">\n");
					$oObj->DisplayModifyForm($oP);
					$oP->add("</div>\n");
				}
				else
				{
					$oP->set_title("iTop - Error");
					$oP->add("<p>Sorry this object does not exist (or you are not allowed to view it).</p>\n");
				}
			}
		break;
	
		case 'clone':
		$sClass = utils::ReadParam('class', '');
		$sClassLabel = MetaModel::GetName($sClass);
		$id = utils::ReadParam('id', '');
		if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
		{
			$oP->add("<p>'class' and 'id' parameters must be specifed for this operation.</p>\n");
		}
		else
		{
			// Check if the user can modify this object
			$oSearch = new DBObjectSearch($sClass);
			$oSearch->AddCondition('pkey', $id, '=');
			$oSet = new CMDBObjectSet($oSearch);
			if ($oSet->Count() > 0)
			{
				$oObjToClone = $oSet->Fetch();
			}
		
			$bIsModifiedAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES);
			$bIsReadAllowed = (UserRights::IsActionAllowed($sClass, UR_ACTION_READ, $oSet) == UR_ALLOWED_YES);
			if( ($oObjToClone != null) && ($bIsModifiedAllowed) && ($bIsReadAllowed))
			{
				$oP->add_linked_script("../js/json.js");
				$oP->add_linked_script("../js/forms-json-utils.js");
				$oP->add_linked_script("../js/wizardhelper.js");
				$oP->add_linked_script("../js/wizard.utils.js");
				$oP->add_linked_script("../js/linkswidget.js");
				$oP->add_linked_script("../js/jquery.blockUI.js");
				$oP->set_title("iTop - ".$oObjToClone->GetName()." - $sClassLabel clone");
				$oP->add("<div class=\"page_header\">\n");
				$oP->add("<h1>Clone of $sClassLabel: <span class=\"hilite\">".$oObjToClone->GetName()."</span></h1>\n");
				$oP->add("</div>\n");

				$oP->add("<div class=\"wizContainer\">\n");
				cmdbAbstractObject::DisplayCreationForm($oP, $sClass, $oObjToClone);
				$oP->add("</div>\n");
			}
			else
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>Sorry this object does not exist (or you are not allowed to view it).</p>\n");
			}
		}
		break;
	
		case 'new':
			$sClass = utils::ReadParam('class', '');
			$sStateCode = utils::ReadParam('state', '');
			if ( empty($sClass) )
			{
				$oP->p("The class must be specified for this operation!");
			}
			else
			{
				$oP->add_linked_script("../js/json.js");
				$oP->add_linked_script("../js/forms-json-utils.js");
				$oP->add_linked_script("../js/wizardhelper.js");
				$oP->add_linked_script("../js/wizard.utils.js");
				$oP->add_linked_script("../js/linkswidget.js");
				$oP->add_linked_script("../js/jquery.blockUI.js");
				$oWizard = new UIWizard($oP, $sClass, $sStateCode);
				$oContext = new UserContext();
				$aArgs = array_merge($oAppContext->GetAsHash(), utils::ReadParam('default', array()));
				$sStateCode = $oWizard->GetTargetState(); // Will computes the default state if none was supplied
				$sClassLabel = MetaModel::GetName($sClass);
				$oP->add("<h2>Creation of a new $sClassLabel</h2>");
				if (!empty($sStateCode))
				{
					$sStateLabel = MetaModel::GetStateLabel($sClass, $sStateCode);
				}
				$aWizardSteps = $oWizard->GetWizardStructure();
			
				// Display the structure of the wizard
				$iStepIndex = 1;
				$iMaxInputId = 0;
				$aFieldsMap = array();
				foreach($aWizardSteps['mandatory'] as $aSteps)
				{
					$oP->SetCurrentTab("Step $iStepIndex *");
					$oWizard->DisplayWizardStep($aSteps, $iStepIndex, $iMaxInputId, $aFieldsMap, false /* no finish button */, $aArgs);
					//$oP->add("</div>\n");
					$iStepIndex++;
				}	
				foreach($aWizardSteps['optional'] as $aSteps)
				{
					$oP->SetCurrentTab("Step $iStepIndex *");
					$oWizard->DisplayWizardStep($aSteps, $iStepIndex, $iMaxInputId, $aFieldsMap, true, $aArgs); // true means enable the finish button
					//$oP->add("</div>\n");
					$iStepIndex++;
				}
				$oWizard->DisplayFinalStep($iStepIndex, $aFieldsMap);	
			
				$oObj = null;
				if (!empty($id))
				{
					$oObj = $oContext->GetObject($sClass, $id);
				}
				if (!is_object($oObj))
				{
					// new object or that can't be retrieved (corrupted id or object not allowed to this user)
					$id = '';
					$oObj = MetaModel::NewObject($sClass);
				}
				$oP->add("<script type=\"text/javascript\">
				// Fill the map between the fields of the form and the attributes of the object\n");
			
				$aNewFieldsMap = array();
				foreach($aFieldsMap as $id => $sFieldCode)
				{
					$aNewFieldsMap[$sFieldCode] = $id;
				}
				$iFieldsCount = count($aFieldsMap);
				$sJsonFieldsMap = json_encode($aNewFieldsMap);
		
				$oP->add("
				// Initializes the object once at the beginning of the page...
				var oWizardHelper = new WizardHelper('$sClass');
				oWizardHelper.SetFieldsMap($sJsonFieldsMap);
				oWizardHelper.SetFieldsCount($iFieldsCount);
		
				ActivateStep(1);
				</script>\n");
			}
		break;
	
		case 'apply_modify':
			$sClass = utils::ReadPostedParam('class', '');
			$sClassLabel = MetaModel::GetName($sClass);
			$id = utils::ReadPostedParam('id', '');
			$sTransactionId = utils::ReadPostedParam('transaction_id', '');
			if ( empty($sClass) || empty($id)) // TO DO: check that the class name is valid !
			{
				$oP->add("<p>'class' and 'id' parameters must be specifed for this operation.</p>\n");
			}
			else if (!utils::IsTransactionValid($sTransactionId))
			{
				$oP->p("<strong>Error: object has already be updated!</strong>\n");
			}
			else
			{
				$oObj = $oContext->GetObject($sClass, $id);
				if ($oObj != null)
				{
					$oP->set_title("iTop - ".$oObj->GetName()." - $sClassLabel modification");
					$oP->add("<h1>".$oObj->GetName()." - $sClassLabel modification</h1>\n");
					$bObjectModified = false;
					foreach(MetaModel::ListAttributeDefs(get_class($oObj)) as $sAttCode=>$oAttDef)
					{
						$iFlags = $oObj->GetAttributeFlags($sAttCode);
						if ($iFlags & (OPT_ATT_HIDDEN | OPT_ATT_READONLY))
						{
							// Non-visible, or read-only attribute, do nothing
						}
						else if ($sAttCode == 'finalclass')
						{
							// This very specific field is read-only
						}
						else if ($oAttDef->IsLinkSet())
						{
							// Link set, the data is a set of link objects, encoded in JSON
							$aAttributes[$sAttCode] = trim(utils::ReadPostedParam("attr_$sAttCode", ''));
							if (!empty($aAttributes[$sAttCode]))
							{
								$oLinkSet = WizardHelper::ParseJsonSet($oObj, $oAttDef->GetLinkedClass(), $oAttDef->GetExtKeyToMe(), $aAttributes[$sAttCode]);
								$oObj->Set($sAttCode, $oLinkSet);
								// TO DO: detect a real modification, for now always update !!
								$bObjectModified = true;
							}
						}
						else if ($oAttDef->GetEditClass() == 'Document')
						{
							// There should be an uploaded file with the named attr_<attCode>
							$oDocument = utils::ReadPostedDocument('file_'.$sAttCode);
							if (!$oDocument->IsEmpty())
							{
								// A new file has been uploaded
								$oObj->Set($sAttCode, $oDocument);
								$bObjectModified = true;
							}
						}
						else if (!$oAttDef->IsExternalField())
						{
							$rawValue = utils::ReadPostedParam("attr_$sAttCode", null);
							if (!is_null($rawValue))
							{
								$aAttributes[$sAttCode] = trim($rawValue);
								$previousValue = $oObj->Get($sAttCode);
								if ($previousValue !== $aAttributes[$sAttCode])
								{
									$oObj->Set($sAttCode, $aAttributes[$sAttCode]);
									$bObjectModified = true;
								}
							}
						}
					}
					if (!$bObjectModified)
					{
						$oP->p("No modification detected. ".MetaModel::GetName(get_class($oObj))." has <strong>not</strong> been updated.\n");
					}
					else if ($oObj->CheckToUpdate())
					{
						$oMyChange = MetaModel::NewObject("CMDBChange");
						$oMyChange->Set("date", time());
						if (UserRights::GetUser() != UserRights::GetRealUser())
						{
							$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
						}
						else
						{
							$sUserString = UserRights::GetUser();
						}
						$oMyChange->Set("userinfo", $sUserString);
						$iChangeId = $oMyChange->DBInsert();
						$oObj->DBUpdateTracked($oMyChange);
			
						$oP->p(MetaModel::GetName(get_class($oObj))." updated.\n");
					}
					else
					{
						$oP->p("<strong>Error: object can not be updated!</strong>\n");
						//$oObj->Reload(); // restore default values!
					}
				}
				else
				{
					$oP->set_title("iTop - Error");
					$oP->add("<p>Sorry this object does not exist (or you are not allowed to edit it).</p>\n");
				}
			}
			$oObj->DisplayDetails($oP);
		break;
	
		case 'delete':
		case 'delete_confirmed':
		$sClass = utils::ReadParam('class', '');
		$sClassLabel = MetaModel::GetName($sClass);
		$id = utils::ReadParam('id', '');
		$oObj = $oContext->GetObject($sClass, $id);
		$sName = $oObj->GetName();

		if (!UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, DBObjectSet::FromObject($oObj)))
		{
			throw new SecurityException('You are not allowed to do delete objects of class '.$sClass);
		}

		// Evaluate the impact on the DB integrity
		//
		list ($aDeletedObjs, $aResetedObjs) = $oObj->GetDeletionScheme();

		// Evaluate feasibility (user access control)
		//
		$bFoundManual = false;
		$bFoundStopper = false;
		$iTotalDelete = 0; // count of object that must be deleted
		$iTotalReset = 0; // count of object for which an ext key will be reset (to 0)
		foreach ($aDeletedObjs as $sRemoteClass => $aDeletes)
		{
			$iTotalDelete += count($aDeletes);
			foreach ($aDeletes as $iId => $aData)
			{
				$oToDelete = $aData['to_delete'];
				$bDeleteAllowed = UserRights::IsActionAllowed($sClass, UR_ACTION_MODIFY, DBObjectSet::FromObject($oToDelete));
				if (!$bDeleteAllowed)
				{
					$aDeletedObjs[$sRemoteClass][$iId]['issue'] = 'not allowed to delete this object';
					$bFoundStopper = true;
				}

				$bAutoDel = $aData['auto_delete'];
				if (!$bAutoDel)
				{
					$bFoundManual = true;
				}
			}
		}
		foreach ($aResetedObjs as $sRemoteClass => $aToReset)
		{
			$iTotalReset += count($aToReset);
			foreach ($aToReset as $iId => $aData)
			{
				$oToReset = $aData['to_reset'];
				$aExtKeyLabels = array();
				$aForbiddenKeys = array(); // keys on which the current user is not allowed to write
				foreach ($aData['attributes'] as $sRemoteExtKey => $aRemoteAttDef)
				{
					$bUpdateAllowed = UserRights::IsActionAllowedOnAttribute($sClass, $sRemoteExtKey, UR_ACTION_MODIFY, DBObjectSet::FromObject($oToReset));
					if (!$bUpdateAllowed)
					{
						$bFoundStopper = true;
						$aForbiddenKeys[] = $aRemoteAttDef->GetLabel();
					}
					$aExtKeyLabels[] = $aRemoteAttDef->GetLabel();
				}
				$aResetedObjs[$sRemoteClass][$iId]['attributes_list'] = implode(', ', $aExtKeyLabels); 
				if (count($aForbiddenKeys) > 0)
				{
					$aResetedObjs[$sRemoteClass][$iId]['issue'] = 'you are not allowed to update some fields: '.implode(', ', $aForbiddenKeys);
				}
			}
		}
		// Count of dependent objects (+ the current one)
		$iTotalTargets = $iTotalDelete + $iTotalReset;

		if ($operation == 'delete_confirmed')
		{
			$oP->add("<h1>Deletion of ".$oObj->GetName()."</h1>\n");
			// Security - do not allow the user to force a forbidden delete by the mean of page arguments...
			if ($bFoundStopper)
			{
				throw new SecurityException('This object could not be deleted because the current user do not have sufficient rights');
			}
			if ($bFoundManual)
			{
				throw new SecurityException('This object could not be deleted because some manual operations must be performed prior to that');
			}

			// Prepare the change reporting
			//
			$oMyChange = MetaModel::NewObject("CMDBChange");
			$oMyChange->Set("date", time());
			if (UserRights::GetUser() != UserRights::GetRealUser())
			{
				$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
			}
			else
			{
				$sUserString = UserRights::GetUser();
			}
			$oMyChange->Set("userinfo", $sUserString);
			$oMyChange->DBInsert();

			// Delete dependencies
			//
			$aDisplayData = array();
			foreach ($aDeletedObjs as $sRemoteClass => $aDeletes)
			{
				foreach ($aDeletes as $iId => $aData)
				{
					$oToDelete = $aData['to_delete'];

					$aDisplayData[] = array(
						'class' => MetaModel::GetName(get_class($oToDelete)),
						'object' => $oToDelete->GetHyperLink(),
						'consequence' => 'automatically deleted',
					);

					$oToDelete->DBDeleteTracked($oMyChange);
				}
			}
		
			// Update dependencies
			//
			foreach ($aResetedObjs as $sRemoteClass => $aToReset)
			{
				foreach ($aToReset as $iId => $aData)
				{
					$oToReset = $aData['to_reset'];
					$aDisplayData[] = array(
						'class' => MetaModel::GetName(get_class($oToReset)),
						'object' => $oToReset->GetHyperLink(),
						'consequence' => 'automatic reset of: '.$aData['attributes_list'],
					);

					foreach ($aData['attributes'] as $sRemoteExtKey => $aRemoteAttDef)
					{
						$oToReset->Set($sRemoteExtKey, 0);
						$oToReset->DBUpdateTracked($oMyChange);
					}
				}
			}

			// Report automatic jobs
			//
			if ($iTotalTargets > 0)
			{
				$oP->p('Cleaning up any reference to '.$oObj->GetName().'...');
				$aDisplayConfig = array();
				$aDisplayConfig['class'] = array('label' => 'Class', 'description' => '');
				$aDisplayConfig['object'] = array('label' => 'Object', 'description' => '');
				$aDisplayConfig['consequence'] = array('label' => 'Done', 'description' => 'What has been done');
				$oP->table($aDisplayConfig, $aDisplayData);
			}

			$oObj->DBDeleteTracked($oMyChange);
			$oP->add("<h1>".$sName." - $sClassLabel deleted</h1>\n");
		}
		else
		{
			$oP->add("<h1>Deletion of ".$oObj->GetHyperLink()."</h1>\n");
			// Explain what should be done
			//
			$aDisplayData = array();
			foreach ($aDeletedObjs as $sRemoteClass => $aDeletes)
			{
				foreach ($aDeletes as $iId => $aData)
				{
					$oToDelete = $aData['to_delete'];
					$bAutoDel = $aData['auto_delete'];
					if (array_key_exists('issue', $aData))
					{
						if ($bAutoDel)
						{
							$sConsequence = 'Should be automaticaly deleted, but you are not allowed to do so';
						}
						else
						{
							$sConsequence = 'Must be deleted manually - you are not allowed to delete this object, please contact your application admin';
						}
					}
					else
					{
						if ($bAutoDel)
						{
							$sConsequence = 'Will be automaticaly deleted';
						}
						else
						{
							$sConsequence = 'Must be deleted manually';
						}
					}
					$aDisplayData[] = array(
						'class' => MetaModel::GetName(get_class($oToDelete)),
						'object' => $oToDelete->GetHyperLink(),
						'consequence' => $sConsequence,
					);
				}
			}
			foreach ($aResetedObjs as $sRemoteClass => $aToReset)
			{
				foreach ($aToReset as $iId => $aData)
				{
					$oToReset = $aData['to_reset'];
					if (array_key_exists('issue', $aData))
					{
						$sConsequence = "Should be automatically updated, but: ".$aData['issue'];
					}
					else
					{
						$sConsequence = "will be automaticaly updated (reset: ".$aData['attributes_list'].")";
					}
					$aDisplayData[] = array(
						'class' => MetaModel::GetName(get_class($oToReset)),
						'object' => $oToReset->GetHyperLink(),
						'consequence' => $sConsequence,
					);
				}
			}

			if ($iTotalTargets > 0)
			{
				$oP->p("$iTotalTargets objects/links are referencing ".$oObj->GetName());
				$oP->p('To ensure Database integrity, any reference should be further eliminated');

				$aDisplayConfig = array();
				$aDisplayConfig['class'] = array('label' => 'Class', 'description' => '');
				$aDisplayConfig['object'] = array('label' => 'Object', 'description' => '');
				$aDisplayConfig['consequence'] = array('label' => 'Consequence', 'description' => 'What will happen to this object');
				$oP->table($aDisplayConfig, $aDisplayData);
			}

			if ($iTotalTargets > 0 && ($bFoundManual || $bFoundStopper))
			{
				if ($bFoundStopper)
				{
					$oP->p("Sorry, you are not allowed to delete this object, please see detailed explanations above");
				}
				elseif ($bFoundManual)
				{
					$oP->p("Please do the manual operations requested above prior to requesting the deletion of this object");
				}		
				$oP->add("<form method=\"post\">\n");
				$oP->add("<input DISABLED type=\"submit\" name=\"\" value=\" Delete! \">\n");
				$oP->add("<input type=\"button\" onclick=\"window.history.back();\" value=\" Cancel \">\n");
				$oP->add("</form>\n");
			}
			else
			{
				$oP->p("Please confirm that you want to delete ".$oObj->GetHyperLink());
				$oP->add("<form method=\"post\">\n");
				$oP->add("<input type=\"hidden\" name=\"menu\" value=\"$iActiveNodeId\">\n");
				$oP->add("<input type=\"hidden\" name=\"operation\" value=\"delete_confirmed\">\n");
				$oP->add("<input type=\"hidden\" name=\"class\" value=\"$sClass\">\n");
				$oP->add("<input type=\"hidden\" name=\"id\" value=\"$id\">\n");
				$oP->add("<input type=\"submit\" name=\"\" value=\" Delete! \">\n");
				$oP->add("<input type=\"button\" onclick=\"window.history.back();\" value=\" Cancel \">\n");
				$oP->add("</form>\n");
			}
		}
		break;
	
		case 'apply_new':
		$oP->p('Creation of the object');
		$oP->p('Obsolete, should now go through the wizard...');
		break;
	
		case 'apply_clone':
		$sClass = utils::ReadPostedParam('class', '');
		$sClassLabel = MetaModel::GetName($sClass);
		$iCloneId = utils::ReadPostedParam('clone_id', '');
		$sTransactionId = utils::ReadPostedParam('transaction_id', '');
		if (!utils::IsTransactionValid($sTransactionId))
		{
			$oP->p("<strong>Error: object has already be cloned!</strong>\n");
		}
		else
		{
				$oObj = $oContext->GetObject($sClass, $iCloneId);
				$oMyChange = MetaModel::NewObject("CMDBChange");
				$oMyChange->Set("date", time());
				if (UserRights::GetUser() != UserRights::GetRealUser())
				{
					$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
				}
				else
				{
					$sUserString = UserRights::GetUser();
				}
				$oMyChange->Set("userinfo", $sUserString);
				$iChangeId = $oMyChange->DBInsert();
				$sStateAttCode = MetaModel::GetStateAttributeCode(get_class($oObj));
				foreach(MetaModel::ListAttributeDefs($sClass) as $sAttCode=>$oAttDef)
				{
					if ( ('finalclass' != $sAttCode) && // finalclass is a reserved word, hardcoded !
					     ($sStateAttCode != $sAttCode) &&
						  (!$oAttDef->IsExternalField()) )
					{
						$value = utils::ReadPostedParam('attr_'.$sAttCode, '');
						$oObj->Set($sAttCode, $value);
					}
				}
				$oObj->DBCloneTracked($oMyChange);
				$oP->add("<h1>".$oObj->GetName()." - $sClassLabel created</h1>\n");
				$oObj->DisplayDetails($oP);
		}

		break;
	
		case 'wizard_apply_new':
		$sJson = utils::ReadPostedParam('json_obj', '');
		$oWizardHelper = WizardHelper::FromJSON($sJson);
		$sTransactionId = utils::ReadPostedParam('transaction_id', '');
		if (!utils::IsTransactionValid($sTransactionId))
		{
			$oP->p("<strong>Error: object has already be created!</strong>\n");
		}
		else
		{
			$oObj = $oWizardHelper->GetTargetObject(true /* read uploaded files */);
			if (is_object($oObj))
			{
				$sClass = get_class($oObj);
				$sClassLabel = MetaModel::GetName($sClass);
				$oMyChange = MetaModel::NewObject("CMDBChange");
				$oMyChange->Set("date", time());
				if (UserRights::GetUser() != UserRights::GetRealUser())
				{
					$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
				}
				else
				{
					$sUserString = UserRights::GetUser();
				}
				$oMyChange->Set("userinfo", $sUserString);
				$iChangeId = $oMyChange->DBInsert();
				$oObj->DBInsertTracked($oMyChange);
				$oP->set_title("iTop - ".$oObj->GetName()." - $sClassLabel created");
				$oP->add("<h1>".$oObj->GetName()." - $sClassLabel created</h1>\n");
				$oObj->DisplayDetails($oP);
			}
		}
		break;
	
		case 'stimulus':
		$sClass = utils::ReadParam('class', '');
		$id = utils::ReadParam('id', '');
		$sStimulus = utils::ReadParam('stimulus', '');
		if ( empty($sClass) || empty($id) ||  empty($sStimulus) ) // TO DO: check that the class name is valid !
		{
			$oP->add("<p>'class', 'id' and 'stimulus' parameters must be specifed for this operation.</p>\n");
		}
		else
		{
			$oObj = $oContext->GetObject($sClass, $id);
			if ($oObj != null)
			{
				$aTransitions = $oObj->EnumTransitions();
				$aStimuli = MetaModel::EnumStimuli($sClass);
				if (!isset($aTransitions[$sStimulus]))
				{
					$oP->add("<p><strong>Error:</strong> Invalid stimulus: '$sStimulus' on object: {$oObj->GetName()} in state {$oObj->GetStateLabel()}.</p>\n");
				}
				else
				{
					$sActionLabel = $aStimuli[$sStimulus]->GetLabel();
					$sActionDetails = $aStimuli[$sStimulus]->GetDescription();
					$aTransition = $aTransitions[$sStimulus];
					$sTargetState = $aTransition['target_state'];
					$aTargetStates = MetaModel::EnumStates($sClass);
					$oP->add("<div class=\"page_header\">\n");
					$oP->add("<h1>$sActionLabel - <span class=\"hilite\">{$oObj->GetName()}</span></h1>\n");
					//$oP->add("<p>Applying '$sActionLabel' on object: {$oObj->GetName()} in state {$oObj->GetStateLabel()} to target state: $sTargetState.</p>\n");
					$oP->add("</div>\n");
					$oObj->DisplayBareDetails($oP);
					$aTargetState = $aTargetStates[$sTargetState];
					//print_r($aTransitions[$sStimulus]);
					//print_r($aTargetState);
					$aExpectedAttributes = $aTargetState['attribute_list'];
					$oP->add("<div class=\"wizHeader\">\n");
					$oP->add("<h1>$sActionDetails</h1>\n");
					$oP->add("<div class=\"wizContainer\">\n");
					$oP->add("<form method=\"post\">\n");
					$aDetails = array();
					foreach($aExpectedAttributes as $sAttCode => $iExpectCode)
					{
						// Prompt for an attribute if
						// - the attribute must be changed or must be displayed to the user for confirmation
						// - or the field is mandatory and currently empty
						if ( ($iExpectCode & (OPT_ATT_MUSTCHANGE | OPT_ATT_MUSTPROMPT)) ||
							 (($iExpectCode & OPT_ATT_MANDATORY) && ($oObj->Get($sAttCode) == '')) ) 
						{
							$aAttributesDef = MetaModel::ListAttributeDefs($sClass);
							$oAttDef = $aAttributesDef[$sAttCode];
							$aArgs = array('this' => $oObj);
							$sHTMLValue = cmdbAbstractObject::GetFormElementForField($oP, $sClass, $sAttCode, $oAttDef, $oObj->Get($sAttCode), $oObj->GetEditValue($sAttCode), '', '', $iExpectCode, $aArgs);
							$aDetails[] = array('label' => $oAttDef->GetLabel(), 'value' => $sHTMLValue);
						}
					}
					$oP->details($aDetails);
					$oP->add("<input type=\"hidden\" name=\"id\" value=\"$id\">\n");
					$oP->add("<input type=\"hidden\" name=\"class\" value=\"$sClass\">\n");
					$oP->add("<input type=\"hidden\" name=\"operation\" value=\"apply_stimulus\">\n");
					$oP->add("<input type=\"hidden\" name=\"stimulus\" value=\"$sStimulus\">\n");
					$oP->add("<input type=\"hidden\" name=\"transaction_id\" value=\"".utils::GetNewTransactionId()."\">\n");
					$oP->add($oAppContext->GetForForm());
					$oP->add("<button type=\"button\" class=\"action\" onClick=\"goBack()\"><span>Cancel</span></button>&nbsp;&nbsp;&nbsp;&nbsp;\n");
					$oP->add("<button type=\"submit\" class=\"action\"><span>$sActionLabel</span></button>\n");
					$oP->add("</form>\n");
					$oP->add("</div>\n");
					$oP->add("</div>\n");
				}
			}
			else
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>Sorry this object does not exist (or you are not allowed to edit it).</p>\n");
			}		
		}
		break;

		case 'apply_stimulus':
		$sClass = utils::ReadPostedParam('class', '');
		$id = utils::ReadPostedParam('id', '');
		$sTransactionId = utils::ReadPostedParam('transaction_id', '');
		$sStimulus = utils::ReadPostedParam('stimulus', '');
		if ( empty($sClass) || empty($id) ||  empty($sStimulus) ) // TO DO: check that the class name is valid !
		{
			$oP->add("<p>'class', 'id' and 'stimulus' parameters must be specifed for this operation.</p>\n");
		}
		else
		{
			$oObj = $oContext->GetObject($sClass, $id);
			if ($oObj != null)
			{
				$aTransitions = $oObj->EnumTransitions();
				$aStimuli = MetaModel::EnumStimuli($sClass);
				if (!isset($aTransitions[$sStimulus]))
				{
					$oP->add("<p><strong>Error:</strong> Invalid stimulus: '$sStimulus' on object: {$oObj->GetName()} in state {$oObj->GetStateLabel()}.</p>\n");
				}
				else if (!utils::IsTransactionValid($sTransactionId))
				{
					$oP->p("<strong>Error: object has already been updated!</strong>\n");
				}
				else
				{
					$sActionLabel = $aStimuli[$sStimulus]->GetLabel();
					$sActionDetails = $aStimuli[$sStimulus]->GetDescription();
					$aTransition = $aTransitions[$sStimulus];
					$sTargetState = $aTransition['target_state'];
					$aTargetStates = MetaModel::EnumStates($sClass);
					$oP->add("<div class=\"page_header\">\n");
					$oP->add("<h1>$sActionLabel - <span class=\"hilite\">{$oObj->GetName()}</span></h1>\n");
					$oP->add("<p>$sActionDetails</p>\n");
					$oP->add("<p>Applying '$sActionLabel' on object: {$oObj->GetName()} in state {$oObj->GetStateLabel()} to target state: $sTargetState.</p>\n");
					$oP->add("</div>\n");
					$aTargetState = $aTargetStates[$sTargetState];
					//print_r($aTransitions[$sStimulus]);
					//print_r($aTargetState);
					$aExpectedAttributes = $aTargetState['attribute_list'];
					$aDetails = array();
					foreach($aExpectedAttributes as $sAttCode => $iExpectCode)
					{
						if (($iExpectCode & OPT_ATT_MUSTCHANGE) || ($oObj->Get($sAttCode) == '') ) 
						{
							$paramValue = utils::ReadPostedParam("attr_$sAttCode", '');
							$oObj->Set($sAttCode, $paramValue);
						}
					}
					if ($oObj->ApplyStimulus($sStimulus) && $oObj->CheckToUpdate())
					{
						$oMyChange = MetaModel::NewObject("CMDBChange");
						$oMyChange->Set("date", time());
						if (UserRights::GetUser() != UserRights::GetRealUser())
						{
							$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
						}
						else
						{
							$sUserString = UserRights::GetUser();
						}
						$oMyChange->Set("userinfo", $sUserString);
						$iChangeId = $oMyChange->DBInsert();
						$oObj->DBUpdateTracked($oMyChange);
			
						$oP->p(MetaModel::GetName(get_class($oObj))." updated.\n");
					}
					$oObj->DisplayDetails($oP);
				}
			}
			else
			{
				$oP->set_title("iTop - Error");
				$oP->add("<p>Sorry this object does not exist (or you are not allowed to edit it).</p>\n");
			}		
		}
		break;

		case 'modify_links':
		$sClass = utils::ReadParam('class', '');
		$sLinkAttr = utils::ReadParam('link_attr', '');
		$sTargetClass = utils::ReadParam('target_class', '');
		$id = utils::ReadParam('id', '');
		$bAddObjects = utils::ReadParam('addObjects', false);
		if ( empty($sClass) || empty($id) || empty($sLinkAttr) || empty($sTargetClass)) // TO DO: check that the class name is valid !
		{
			$oP->set_title("iTop - Error");
			$oP->add("<p>4 parameters are mandatory for this operation: class, id, target_class and link_attr.</p>\n");
		}
		else
		{
			require_once('../application/uilinkswizard.class.inc.php');
			$oWizard = new UILinksWizard($sClass, $sLinkAttr, $id, $sTargetClass);
			$oWizard->Display($oP, $oContext, array('StartWithAdd' => $bAddObjects));		
		}
		break;
	
		case 'do_modify_links':
		$aLinks = utils::ReadParam('linkId', array(), 'post');
		$sLinksToRemove = trim(utils::ReadParam('linksToRemove', '', 'post'));
		$aLinksToRemove = array();
		if (!empty($sLinksToRemove))
		{
			$aLinksToRemove = explode(' ', trim($sLinksToRemove));
		}
		$sClass = utils::ReadParam('class', '', 'post');
		$sLinkageAtt = utils::ReadParam('linkage', '', 'post');
		$iObjectId = utils::ReadParam('object_id', '', 'post');
		$sLinkingAttCode = utils::ReadParam('linking_attcode', '', 'post');
		$oMyChange = MetaModel::NewObject("CMDBChange");
		$oMyChange->Set("date", time());
		if (UserRights::GetUser() != UserRights::GetRealUser())
		{
			$sUserString = UserRights::GetRealUser()." on behalf of ".UserRights::GetUser();
		}
		else
		{
			$sUserString = UserRights::GetUser();
		}
		$oMyChange->Set("userinfo", $sUserString);
		$iChangeId = $oMyChange->DBInsert();
	
		// Delete links that are to be deleted
		foreach($aLinksToRemove as $iLinkId)
		{
			if ($iLinkId > 0) // Negative IDs are objects that were not even created
			{
				$oLink = $oContext->GetObject($sClass, $iLinkId);
				$oLink->DBDeleteTracked($oMyChange);
			}
		}
	
		$aEditableFields = array();
		$aData = array();
		foreach(MetaModel::GetAttributesList($sClass) as $sAttCode)
		{
			$oAttDef = MetaModel::GetAttributeDef($sClass, $sAttCode);
			if ( (!$oAttDef->IsExternalKey()) && (!$oAttDef->IsExternalField()))
			{
				$aEditableFields[] = $sAttCode;
				$aData[$sAttCode] = utils::ReadParam('attr_'.$sAttCode, array(), 'post');
			}
		}
	
		// Update existing links or create new links
		foreach($aLinks as $iLinkId)
		{
			if ($iLinkId > 0)
			{
				// This is an existing link to be modified
				$oLink = $oContext->GetObject($sClass, $iLinkId);
			
				// Update all the attributes of the link
				foreach($aEditableFields as $sAttCode)
				{
					$value = $aData[$sAttCode][$iLinkId];
					$oLink->Set($sAttCode, $value);
				}
				if ($oLink->IsModified())
				{
					$oLink->DBUpdateTracked($oMyChange);
				}
				//echo "Updated link:<br/>\n";
				//var_dump($oLink);
			}
			else
			{
				// A new link must be created
				$oLink = MetaModel::NewObject($sClass);
				$oLinkedObjectId = -$iLinkId;
				// Set all the attributes of the link
				foreach($aEditableFields as $sAttCode)
				{
					$value = $aData[$sAttCode][$iLinkId];
					$oLink->Set($sAttCode, $value);
				}
				// And the two external keys
				$oLink->Set($sLinkageAtt, $iObjectId);
				$oLink->Set($sLinkingAttCode, $oLinkedObjectId);
				// then save it
				//echo "Created link:<br/>\n";
				//var_dump($oLink);
				$oLink->DBInsertTracked($oMyChange);
			}
		}
		// Display again the details of the linked object
		$oAttDef = MetaModel::GetAttributeDef($sClass, $sLinkageAtt);
		$sTargetClass = $oAttDef->GetTargetClass();
		$oObj = $oContext->GetObject($sTargetClass, $iObjectId);
	
		$oSearch = $oContext->NewFilter(get_class($oObj));
		$oBlock = new DisplayBlock($oSearch, 'search', false);
		$oBlock->Display($oP, 0);
		$oObj->DisplayDetails($oP);
		break;
	
		default:
		if (is_object($oActiveNode))
		{
			$oActiveNode->RenderContent($oP, $oAppContext->GetAsHash());
			$oP->set_title($oActiveNode->Get('label'));
		}
	}
	////MetaModel::ShowQueryTrace();
	$oP->output();
}
catch(Exception $e)
{
	require_once('../setup/setuppage.class.inc.php');
	$oP = new SetupWebPage('iTop - fatal error');
	$oP->add("<h1>Fatal Error, iTop cannot continue</h1>\n");	
	$oP->error("Error: '".$e->getMessage()."'");	
	$oP->output();
}
catch(CoreException $e)
{
	require_once('../setup/setuppage.class.inc.php');
	$oP = new SetupWebPage('iTop - fatal error');
	$oP->add("<h1>Fatal Error, iTop cannot continue</h1>\n");	
	$oP->error("Error: '".$e->getHtmlDesc()."'");	
	$oP->output();
}
?>