Skip to content

Commit

Permalink
fix(issue): restrict list of issues
Browse files Browse the repository at this point in the history
if the user is not member of any group, the generated WHERE clause incluses everything
btry committed Mar 17, 2022

Unverified

This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
1 parent cfdf940 commit 75276f1
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions hook.php
Original file line number Diff line number Diff line change
@@ -151,18 +151,22 @@ function plugin_formcreator_addDefaultWhere($itemtype) {
} else {
$condition .= "`glpi_plugin_formcreator_issues`.`users_id_validator` = '$currentUser'";
}

// condition where current user is a member of a validator group of the issue
$groupList = [];
foreach (Group_User::getUserGroups($currentUser) as $group) {
$groupList[] = $group['id'];
}
$groupList = implode("', '", $groupList);
if (Plugin::isPluginActive('advform')) {
$complexJoinId = Search::computeComplexJoinID(Search::getOptions($itemtype)[9]['joinparams']);
$condition .= " OR `glpi_groups_$complexJoinId`.`id` IN ('$groupList')";
} else {
$condition .= " OR `glpi_plugin_formcreator_issues`.`groups_id_validator` IN ('$groupList')";
if (count($groupList) > 0) {
$groupList = implode("', '", $groupList);
if (Plugin::isPluginActive('advform')) {
$complexJoinId = Search::computeComplexJoinID(Search::getOptions($itemtype)[9]['joinparams']);
$condition .= " OR `glpi_groups_$complexJoinId`.`id` IN ('$groupList')";
} else {
$condition .= " OR `glpi_plugin_formcreator_issues`.`groups_id_validator` IN ('$groupList')";
}
}

// condition where current user is a validator of a issue of type ticket
$complexJoinId = Search::computeComplexJoinID(Search::getOptions($itemtype)[11]['joinparams']);
$condition .= " OR `glpi_users_users_id_validate_$complexJoinId`.`id` = '$currentUser'";

0 comments on commit 75276f1

Please sign in to comment.