/** * Summary of setReadOnlyProfile * Switches current profile with read-only profile * Registers a shutdown function to be sure that even in case of die() calls, * the switch back will be done: to ensure correct reset of normal profile **/ static function setReadOnlyProfile() { global $CFG_GLPI, $_SESSION; // to prevent double set ReadOnlyProfile if (!isset($_SESSION['glpilocksavedprofile'])) { if (isset($CFG_GLPI['lock_lockprofile'])) { if (!self::$shutdownregistered) { // this is a security in case of a die that can prevent correct revert of profile register_shutdown_function(array(__CLASS__, 'revertProfile')); self::$shutdownregistered = true; } $_SESSION['glpilocksavedprofile'] = $_SESSION['glpiactiveprofile']; $_SESSION['glpiactiveprofile'] = $CFG_GLPI['lock_lockprofile']; // this mask is mandatory to prevent read of information // that are not permitted to view by active profile ProfileRight::getAllPossibleRights(); foreach ($_SESSION['glpi_all_possible_rights'] as $key => $val) { if (isset($_SESSION['glpilocksavedprofile'][$key])) { $_SESSION['glpiactiveprofile'][$key] = intval($_SESSION['glpilocksavedprofile'][$key]) & (isset($CFG_GLPI['lock_lockprofile'][$key]) ? intval($CFG_GLPI['lock_lockprofile'][$key]) : 0); } } // don't forget entities $_SESSION['glpiactiveprofile']['entities'] = $_SESSION['glpilocksavedprofile']['entities']; } } }