addVisibilityRestrict() статический публичный Метод

Return visibility SQL restriction to add
static public addVisibilityRestrict ( ) : string
Результат string restrict to add
 /**
  * Check is the curent user is allowed to see the file
  *
  * @param $options array of options (only 'tickets_id' used)
  *
  * @return boolean
  **/
 function canViewFile($options)
 {
     global $DB, $CFG_GLPI;
     if (isset($_SESSION["glpiactiveprofile"]["interface"]) && $_SESSION["glpiactiveprofile"]["interface"] == "central") {
         // My doc Check and Common doc right access
         if ($this->can($this->fields["id"], READ) || $this->fields["users_id"] === Session::getLoginUserID()) {
             return true;
         }
         // Reminder Case
         $query = "SELECT *\n                   FROM `glpi_documents_items`\n                   LEFT JOIN `glpi_reminders`\n                        ON (`glpi_reminders`.`id` = `glpi_documents_items`.`items_id`\n                            AND `glpi_documents_items`.`itemtype` = 'Reminder')\n                   " . Reminder::addVisibilityJoins() . "\n                   WHERE `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                         AND " . Reminder::addVisibilityRestrict();
         $result = $DB->query($query);
         if ($DB->numrows($result) > 0) {
             return true;
         }
         // Knowbase Case
         if (Session::haveRight("knowbase", READ)) {
             $query = "SELECT *\n                      FROM `glpi_documents_items`\n                      LEFT JOIN `glpi_knowbaseitems`\n                           ON (`glpi_knowbaseitems`.`id` = `glpi_documents_items`.`items_id`\n                               AND `glpi_documents_items`.`itemtype` = 'KnowbaseItem')\n                      " . KnowbaseItem::addVisibilityJoins() . "\n                      WHERE `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                            AND " . KnowbaseItem::addVisibilityRestrict();
             $result = $DB->query($query);
             if ($DB->numrows($result) > 0) {
                 return true;
             }
         }
         if (Session::haveRight('knowbase', KnowbaseItem::READFAQ)) {
             $query = "SELECT *\n                      FROM `glpi_documents_items`\n                      LEFT JOIN `glpi_knowbaseitems`\n                           ON (`glpi_knowbaseitems`.`id` = `glpi_documents_items`.`items_id`\n                               AND `glpi_documents_items`.`itemtype` = 'KnowbaseItem')\n                      " . KnowbaseItem::addVisibilityJoins() . "\n                      WHERE `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                            AND `glpi_knowbaseitems`.`is_faq` = '1'\n                            AND " . KnowbaseItem::addVisibilityRestrict();
             $result = $DB->query($query);
             if ($DB->numrows($result) > 0) {
                 return true;
             }
         }
         // Tracking Case
         if (isset($options["tickets_id"])) {
             $job = new Ticket();
             if ($job->can($options["tickets_id"], READ)) {
                 $query = "SELECT *\n                         FROM `glpi_documents_items`\n                         WHERE `glpi_documents_items`.`items_id` = '" . $options["tickets_id"] . "'\n                               AND `glpi_documents_items`.`itemtype` = 'Ticket'\n                               AND `documents_id`='" . $this->fields["id"] . "'";
                 $result = $DB->query($query);
                 if ($DB->numrows($result) > 0) {
                     return true;
                 }
             }
         }
     } else {
         if (Session::getLoginUserID()) {
             // ! central
             // Check if it is my doc
             if ($this->fields["users_id"] === Session::getLoginUserID()) {
                 return true;
             }
             // Reminder Case
             $query = "SELECT *\n                   FROM `glpi_documents_items`\n                   LEFT JOIN `glpi_reminders`\n                        ON (`glpi_reminders`.`id` = `glpi_documents_items`.`items_id`\n                            AND `glpi_documents_items`.`itemtype` = 'Reminder')\n                   " . Reminder::addVisibilityJoins() . "\n                   WHERE `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                         AND " . Reminder::addVisibilityRestrict();
             $result = $DB->query($query);
             if ($DB->numrows($result) > 0) {
                 return true;
             }
             if (Session::haveRight('knowbase', KnowbaseItem::READFAQ)) {
                 // Check if it is a FAQ document
                 $query = "SELECT *\n                      FROM `glpi_documents_items`\n                      LEFT JOIN `glpi_knowbaseitems`\n                           ON (`glpi_knowbaseitems`.`id` = `glpi_documents_items`.`items_id`)\n                      " . KnowbaseItem::addVisibilityJoins() . "\n                      WHERE `glpi_documents_items`.`itemtype` = 'KnowbaseItem'\n                            AND `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                            AND `glpi_knowbaseitems`.`is_faq` = '1'\n                            AND " . KnowbaseItem::addVisibilityRestrict();
                 $result = $DB->query($query);
                 if ($DB->numrows($result) > 0) {
                     return true;
                 }
             }
             // Tracking Case
             if (isset($options["tickets_id"])) {
                 $job = new Ticket();
                 if ($job->can($options["tickets_id"], READ)) {
                     $query = "SELECT *\n                         FROM `glpi_documents_items`\n                         WHERE `glpi_documents_items`.`items_id` = '" . $options["tickets_id"] . "'\n                               AND `glpi_documents_items`.`itemtype` = 'Ticket'\n                               AND `documents_id` = '" . $this->fields["id"] . "'";
                     $result = $DB->query($query);
                     if ($DB->numrows($result) > 0) {
                         return true;
                     }
                 }
             }
         }
     }
     // Public FAQ for not connected user
     if ($CFG_GLPI["use_public_faq"]) {
         $query = "SELECT *\n                   FROM `glpi_documents_items`\n                   LEFT JOIN `glpi_knowbaseitems`\n                        ON (`glpi_knowbaseitems`.`id` = `glpi_documents_items`.`items_id`)\n                   LEFT JOIN `glpi_entities_knowbaseitems`\n                        ON (`glpi_knowbaseitems`.`id` = `glpi_entities_knowbaseitems`.`knowbaseitems_id`)\n                   WHERE `glpi_documents_items`.`itemtype` = 'KnowbaseItem'\n                         AND `glpi_documents_items`.`documents_id` = '" . $this->fields["id"] . "'\n                         AND `glpi_knowbaseitems`.`is_faq` = '1'\n                         AND `glpi_entities_knowbaseitems`.`entities_id` = '0'\n                         AND `glpi_entities_knowbaseitems`.`is_recursive` = '1'";
         $result = $DB->query($query);
         if ($DB->numrows($result) > 0) {
             return true;
         }
     }
     return false;
 }
Пример #2
0
 /**
  * Generic Function to add default where to a request
  *
  * @param $itemtype device type
  *
  * @return select string
  **/
 static function addDefaultWhere($itemtype)
 {
     global $CFG_GLPI;
     switch ($itemtype) {
         case 'Reminder':
             return Reminder::addVisibilityRestrict();
         case 'RSSFeed':
             return RSSFeed::addVisibilityRestrict();
         case 'Notification':
             if (!Config::canView()) {
                 return " `glpi_notifications`.`itemtype` NOT IN ('Crontask', 'DBConnection') ";
             }
             break;
             // No link
         // No link
         case 'User':
             // View all entities
             if (Session::isViewAllEntities()) {
                 return "";
             }
             return getEntitiesRestrictRequest("", "glpi_profiles_users");
         case 'ProjectTask':
             $condition = '';
             $teamtable = 'glpi_projecttaskteams';
             $condition .= "((`{$teamtable}`.`itemtype` = 'User'\n                             AND `{$teamtable}`.`items_id` = '" . Session::getLoginUserID() . "')";
             if (count($_SESSION['glpigroups'])) {
                 $condition .= " OR (`{$teamtable}`.`itemtype` = 'Group'\n                                    AND `{$teamtable}`.`items_id`\n                                       IN (" . implode(",", $_SESSION['glpigroups']) . "))";
             }
             $condition .= ") ";
             return $condition;
         case 'Project':
             $condition = '';
             if (!Session::haveRight("project", Project::READALL)) {
                 $teamtable = 'glpi_projectteams';
                 $condition .= "(`glpi_projects`.users_id = '" . Session::getLoginUserID() . "'\n                               OR (`{$teamtable}`.`itemtype` = 'User'\n                                   AND `{$teamtable}`.`items_id` = '" . Session::getLoginUserID() . "')";
                 if (count($_SESSION['glpigroups'])) {
                     $condition .= " OR (`glpi_projects`.`groups_id`\n                                       IN (" . implode(",", $_SESSION['glpigroups']) . "))";
                     $condition .= " OR (`{$teamtable}`.`itemtype` = 'Group'\n                                      AND `{$teamtable}`.`items_id`\n                                          IN (" . implode(",", $_SESSION['glpigroups']) . "))";
                 }
                 $condition .= ") ";
             }
             return $condition;
         case 'Ticket':
             // Same structure in addDefaultJoin
             $condition = '';
             if (!Session::haveRight("ticket", Ticket::READALL)) {
                 $searchopt =& self::getOptions($itemtype);
                 $requester_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[4]['joinparams']['beforejoin']['joinparams']) . '`';
                 $requestergroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[71]['joinparams']['beforejoin']['joinparams']) . '`';
                 $assign_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[5]['joinparams']['beforejoin']['joinparams']) . '`';
                 $assigngroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[8]['joinparams']['beforejoin']['joinparams']) . '`';
                 $observer_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[66]['joinparams']['beforejoin']['joinparams']) . '`';
                 $observergroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[65]['joinparams']['beforejoin']['joinparams']) . '`';
                 $condition = "(";
                 if (Session::haveRight("ticket", Ticket::READMY)) {
                     $condition .= " {$requester_table}.users_id = '" . Session::getLoginUserID() . "'\n                                    OR {$observer_table}.users_id = '" . Session::getLoginUserID() . "'\n                                    OR `glpi_tickets`.`users_id_recipient` = '" . Session::getLoginUserID() . "'";
                 } else {
                     $condition .= "0=1";
                 }
                 if (Session::haveRight("ticket", Ticket::READGROUP)) {
                     if (count($_SESSION['glpigroups'])) {
                         $condition .= " OR {$requestergroup_table}.`groups_id`\n                                             IN (" . implode(",", $_SESSION['glpigroups']) . ")";
                         $condition .= " OR {$observergroup_table}.`groups_id`\n                                             IN (" . implode(",", $_SESSION['glpigroups']) . ")";
                     }
                 }
                 if (Session::haveRight("ticket", Ticket::OWN)) {
                     // Can own ticket : show assign to me
                     $condition .= " OR {$assign_table}.users_id = '" . Session::getLoginUserID() . "' ";
                 }
                 if (Session::haveRight("ticket", Ticket::READASSIGN)) {
                     // assign to me
                     $condition .= " OR {$assign_table}.`users_id` = '" . Session::getLoginUserID() . "'";
                     if (count($_SESSION['glpigroups'])) {
                         $condition .= " OR {$assigngroup_table}.`groups_id`\n                                             IN (" . implode(",", $_SESSION['glpigroups']) . ")";
                     }
                     if (Session::haveRight('ticket', Ticket::ASSIGN)) {
                         $condition .= " OR `glpi_tickets`.`status`='" . CommonITILObject::INCOMING . "'";
                     }
                 }
                 if (Session::haveRightsOr('ticketvalidation', array(TicketValidation::VALIDATEINCIDENT, TicketValidation::VALIDATEREQUEST))) {
                     $condition .= " OR `glpi_ticketvalidations`.`users_id_validate`\n                                          = '" . Session::getLoginUserID() . "'";
                 }
                 $condition .= ") ";
             }
             return $condition;
         case 'Change':
         case 'Problem':
             if ($itemtype == 'Change') {
                 $right = 'change';
                 $table = 'changes';
                 $groupetable = "`glpi_changes_groups_";
             } else {
                 if ($itemtype == 'Problem') {
                     $right = 'problem';
                     $table = 'problems';
                     $groupetable = "`glpi_groups_problems";
                 }
             }
             // Same structure in addDefaultJoin
             $condition = '';
             if (!Session::haveRight("{$right}", $itemtype::READALL)) {
                 $searchopt =& self::getOptions($itemtype);
                 if (Session::haveRight("{$right}", $itemtype::READMY)) {
                     $requester_table = '`glpi_' . $table . '_users_' . self::computeComplexJoinID($searchopt[4]['joinparams']['beforejoin']['joinparams']) . '`';
                     $requestergroup_table = $groupetable . self::computeComplexJoinID($searchopt[71]['joinparams']['beforejoin']['joinparams']) . '`';
                     $observer_table = '`glpi_' . $table . '_users_' . self::computeComplexJoinID($searchopt[66]['joinparams']['beforejoin']['joinparams']) . '`';
                     $observergroup_table = $groupetable . self::computeComplexJoinID($searchopt[65]['joinparams']['beforejoin']['joinparams']) . '`';
                     $assign_table = '`glpi_' . $table . '_users_' . self::computeComplexJoinID($searchopt[5]['joinparams']['beforejoin']['joinparams']) . '`';
                     $assigngroup_table = $groupetable . self::computeComplexJoinID($searchopt[8]['joinparams']['beforejoin']['joinparams']) . '`';
                 }
                 $condition = "(";
                 if (Session::haveRight("{$right}", $itemtype::READMY)) {
                     $condition .= " {$requester_table}.users_id = '" . Session::getLoginUserID() . "'\n                                    OR {$observer_table}.users_id = '" . Session::getLoginUserID() . "'\n                                    OR `glpi_" . $table . "`.`users_id_recipient` = '" . Session::getLoginUserID() . "'";
                 } else {
                     $condition .= "0=1";
                 }
                 $condition .= ") ";
             }
             return $condition;
         default:
             // Plugin can override core definition for its type
             if ($plug = isPluginItemType($itemtype)) {
                 $function = 'plugin_' . $plug['plugin'] . '_addDefaultWhere';
                 if (function_exists($function)) {
                     $out = $function($itemtype);
                     if (!empty($out)) {
                         return $out;
                     }
                 }
             }
             return "";
     }
 }
Пример #3
0
 /**
  * Generic Function to add default where to a request
  *
  * @param $itemtype device type
  *
  * @return select string
  **/
 static function addDefaultWhere($itemtype)
 {
     global $CFG_GLPI;
     switch ($itemtype) {
         case 'Reminder':
             return Reminder::addVisibilityRestrict();
         case 'RSSFeed':
             return RSSFeed::addVisibilityRestrict();
         case 'Notification':
             if (!Session::haveRight('config', CREATE)) {
                 return " `glpi_notifications`.`itemtype` NOT IN ('Crontask', 'DBConnection') ";
             }
             break;
             // No link
         // No link
         case 'User':
             // View all entities
             if (Session::isViewAllEntities()) {
                 return "";
             }
             return getEntitiesRestrictRequest("", "glpi_profiles_users");
         case 'Ticket':
             // Same structure in addDefaultJoin
             $condition = '';
             // if (!Session::haveRight("show_all_ticket","1")) {
             if (!Session::haveRight("ticket", Ticket::READALL)) {
                 $searchopt =& self::getOptions($itemtype);
                 $requester_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[4]['joinparams']['beforejoin']['joinparams']) . '`';
                 $requestergroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[71]['joinparams']['beforejoin']['joinparams']) . '`';
                 $assign_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[5]['joinparams']['beforejoin']['joinparams']) . '`';
                 $assigngroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[8]['joinparams']['beforejoin']['joinparams']) . '`';
                 $observer_table = '`glpi_tickets_users_' . self::computeComplexJoinID($searchopt[66]['joinparams']['beforejoin']['joinparams']) . '`';
                 $observergroup_table = '`glpi_groups_tickets_' . self::computeComplexJoinID($searchopt[65]['joinparams']['beforejoin']['joinparams']) . '`';
                 $condition = "(";
                 $condition .= " {$requester_table}.users_id = '" . Session::getLoginUserID() . "'\n                              OR {$observer_table}.users_id = '" . Session::getLoginUserID() . "'\n                              OR `glpi_tickets`.`users_id_recipient` = '" . Session::getLoginUserID() . "' ";
                 if (Session::haveRight("show_group_ticket", 1)) {
                     if (count($_SESSION['glpigroups'])) {
                         $condition .= " OR {$requestergroup_table}.`groups_id`\n                                             IN ('" . implode("','", $_SESSION['glpigroups']) . "')";
                         $condition .= " OR {$observergroup_table}.`groups_id`\n                                             IN ('" . implode("','", $_SESSION['glpigroups']) . "')";
                     }
                 }
                 if (Session::haveRight("own_ticket", "1")) {
                     // Can own ticket : show assign to me
                     $condition .= " OR {$assign_table}.users_id = '" . Session::getLoginUserID() . "' ";
                 }
                 if (Session::haveRight("show_assign_ticket", "1")) {
                     // show mine + assign to me
                     $condition .= " OR {$assign_table}.`users_id` = '" . Session::getLoginUserID() . "'";
                     if (count($_SESSION['glpigroups'])) {
                         $condition .= " OR {$assigngroup_table}.`groups_id`\n                                             IN ('" . implode("','", $_SESSION['glpigroups']) . "')";
                     }
                     if (Session::haveRight('assign_ticket', 1)) {
                         $condition .= " OR `glpi_tickets`.`status`='" . CommonITILObject::INCOMING . "'";
                     }
                 }
                 if (Session::haveRight('validate_incident', 1) || Session::haveRight('validate_request', 1)) {
                     $condition .= " OR `glpi_ticketvalidations`.`users_id_validate`\n                                          = '" . Session::getLoginUserID() . "'";
                 }
                 $condition .= ") ";
             }
             return $condition;
         default:
             // Plugin can override core definition for its type
             if ($plug = isPluginItemType($itemtype)) {
                 $function = 'plugin_' . $plug['plugin'] . '_addDefaultWhere';
                 if (function_exists($function)) {
                     $out = $function($itemtype);
                     if (!empty($out)) {
                         return $out;
                     }
                 }
             }
             return "";
     }
 }