Profile::getUnderActiveProfileRestrictRequest PHP Method

Profile Class Documentation Exibir arquivo Open project: glpi-project/glpi

getUnderActiveProfileRestrictRequest() static public method

Get SQL restrict request to determine profiles with less rights than the active one

static public getUnderActiveProfileRestrictRequest ( $separator = "AND" ) : SQL
$separator		string Separator used at the beginning of the request (default 'AND')
return	SQL	restrict string

    static function getUnderActiveProfileRestrictRequest($separator = "AND")
    {
        // I don't understand usefull of this code (yllen)
        /*
        if (in_array('reservation', self::$helpdesk_rights)
            && !Session::haveRight('reservation', ReservationItem::RESERVEANITEM)) {
           return false;
        }
        
        if (in_array('ticket', self::$helpdesk_rights)
            && !Session::haveRightsOr("ticket", array(CREATE, Ticket::READGROUP))) {
           return false;
        }
        if (in_array('followup', self::$helpdesk_rights)
            && !Session::haveRightsOr('followup',
                                      array(TicketFollowup::ADDMYTICKET, TicketFollowup::UPDATEMY,
                                            TicketFollowup::SEEPUBLIC))) {
           return false;
        }
        if (in_array('task', self::$helpdesk_rights)
           && !Session::haveRight('task', TicketTask::SEEPUBLIC)) {
           return false;
        }
        if (in_array('ticketvalidation', self::$helpdesk_rights)
              && !Session::haveRightsOr('ticketvalidation',
                                        array(TicketValidation::CREATEREQUEST,
                                              TicketValidation::CREATEINCIDENT,
                                              TicketValidation::VALIDATEREQUEST,
                                              TicketValidation::VALIDATEINCIDENT))) {
           return false;
        }
        */
        $query = $separator . " ";
        // Not logged -> no profile to see
        if (!isset($_SESSION['glpiactiveprofile'])) {
            return $query . " 0 ";
        }
        // Profile right : may modify profile so can attach all profile
        if (Profile::canCreate()) {
            return $query . " 1 ";
        }
        if ($_SESSION['glpiactiveprofile']['interface'] == 'central') {
            $query .= " (`glpi_profiles`.`interface` = 'helpdesk') ";
        }
        $query .= " OR (`glpi_profiles`.`interface` = '" . $_SESSION['glpiactiveprofile']['interface'] . "' ";
        // First, get all possible rights
        $right_subqueries = array();
        foreach (ProfileRight::getAllPossibleRights() as $key => $default) {
            $val = isset($_SESSION['glpiactiveprofile'][$key]) ? $_SESSION['glpiactiveprofile'][$key] : 0;
            if (!is_array($val) && ($_SESSION['glpiactiveprofile']['interface'] == 'central' || in_array($key, self::$helpdesk_rights))) {
                $right_subqueries[] = "(`glpi_profilerights`.`name` = '{$key}'\n                                   AND (`glpi_profilerights`.`rights` | {$val}) = {$val})";
            }
        }
        $query .= " AND " . count($right_subqueries) . " = (\n                    SELECT count(*)\n                    FROM `glpi_profilerights`\n                    WHERE `glpi_profilerights`.`profiles_id` = `glpi_profiles`.`id`\n                     AND (" . implode(' OR ', $right_subqueries) . ")))";
        return $query;
    }

Profile

cleanDBonPurge

cleanProfile

currentUserHaveMoreRightThan

defineTabs

displayLifeCycleMatrix

displayLifeCycleMatrixTicketHelpdesk

displayRightsChoiceMatrix

displayTabContentForItem

dropdownHelpdeskItemtypes

dropdownNoneReadWrite

dropdownRight