/** * Describe (as a text string) the modifications corresponding to this change */ public function GetDescription() { $sResult = ''; $oTargetObjectClass = $this->Get('objclass'); $oTargetObjectKey = $this->Get('objkey'); $oTargetSearch = new DBObjectSearch($oTargetObjectClass); $oTargetSearch->AddCondition('id', $oTargetObjectKey, '='); $oMonoObjectSet = new DBObjectSet($oTargetSearch); if (UserRights::IsActionAllowedOnAttribute($this->Get('objclass'), $this->Get('attcode'), UR_ACTION_READ, $oMonoObjectSet) == UR_ALLOWED_YES) { if (!MetaModel::IsValidAttCode($this->Get('objclass'), $this->Get('attcode'))) { return ''; } // Protects against renamed attributes... $oAttDef = MetaModel::GetAttributeDef($this->Get('objclass'), $this->Get('attcode')); $sAttName = $oAttDef->GetLabel(); $sLinkClass = $oAttDef->GetLinkedClass(); $aLinkClasses = MetaModel::EnumChildClasses($sLinkClass, ENUM_CHILD_CLASSES_ALL); // Search for changes on the corresponding link // $oSearch = new DBObjectSearch('CMDBChangeOpSetAttribute'); $oSearch->AddCondition('change', $this->Get('change'), '='); $oSearch->AddCondition('objkey', $this->Get('link_id'), '='); if (count($aLinkClasses) == 1) { // Faster than the whole building of the expression below for just one value ?? $oSearch->AddCondition('objclass', $sLinkClass, '='); } else { $oField = new FieldExpression('objclass', $oSearch->GetClassAlias()); $sListExpr = '(' . implode(', ', CMDBSource::Quote($aLinkClasses)) . ')'; $sOQLCondition = $oField->Render() . " IN {$sListExpr}"; $oNewCondition = Expression::FromOQL($sOQLCondition); $oSearch->AddConditionExpression($oNewCondition); } $oSet = new DBObjectSet($oSearch); $aChanges = array(); while ($oChangeOp = $oSet->Fetch()) { $aChanges[] = $oChangeOp->GetDescription(); } if (count($aChanges) == 0) { return ''; } $sItemDesc = MetaModel::GetHyperLink($this->Get('item_class'), $this->Get('item_id')); $sResult = $sAttName . ' - '; $sResult .= Dict::Format('Change:LinkSet:Modified', $sItemDesc); $sResult .= ' : ' . implode(', ', $aChanges); } return $sResult; }
public function DoCheckToWrite() { parent::DoCheckToWrite(); // Plugins // foreach (MetaModel::EnumPlugins('iApplicationObjectExtension') as $oExtensionInstance) { $aNewIssues = $oExtensionInstance->OnCheckToWrite($this); if (count($aNewIssues) > 0) { $this->m_aCheckIssues = array_merge($this->m_aCheckIssues, $aNewIssues); } } // User rights // $aChanges = $this->ListChanges(); if (count($aChanges) > 0) { $aForbiddenFields = array(); foreach ($this->ListChanges() as $sAttCode => $value) { $bUpdateAllowed = UserRights::IsActionAllowedOnAttribute(get_class($this), $sAttCode, UR_ACTION_MODIFY, DBObjectSet::FromObject($this)); if (!$bUpdateAllowed) { $oAttCode = MetaModel::GetAttributeDef(get_class($this), $sAttCode); $aForbiddenFields[] = $oAttCode->GetLabel(); } } if (count($aForbiddenFields) > 0) { // Security issue $this->m_bSecurityIssue = true; $this->m_aCheckIssues[] = Dict::Format('UI:Delete:NotAllowedToUpdate_Fields', implode(', ', $aForbiddenFields)); } } }
protected function DoExecute() { $sUser = '******'; echo "<p>Totor: " . (UserRights::CheckCredentials('Totor', 'toto') ? 'ok' : 'NO') . "</p>\n"; echo "<p>Romain: " . (UserRights::CheckCredentials('Romain', 'toto') ? 'ok' : 'NO') . "</p>\n"; echo "<p>User: "******"</p>\n"; echo "<p>On behalf of..." . UserRights::GetRealUser() . "</p>\n"; echo "<p>Denis (impersonate) : " . (UserRights::Impersonate('Denis', 'tutu') ? 'ok' : 'NO') . "</p>\n"; echo "<p>User: "******"</p>\n"; echo "<p>On behalf of..." . UserRights::GetRealUser() . "</p>\n"; $oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT bizOrganization")); echo "<p>IsActionAllowed..." . (UserRights::IsActionAllowed('bizOrganization', UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n"; echo "<p>IsStimulusAllowed..." . (UserRights::IsStimulusAllowed('bizOrganization', 'myStimulus', $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n"; echo "<p>IsActionAllowedOnAttribute..." . (UserRights::IsActionAllowedOnAttribute('bizOrganization', 'myattribute', UR_ACTION_MODIFY, $oSet) == UR_ALLOWED_YES ? 'ok' : 'NO') . "</p>\n"; return true; }