Fix(Core): check UPDATE / VIEW right from API

pluginsGLPI · Nov 19, 2024 · d3fcbc0 · d3fcbc0
1 parent 815ef13
commit d3fcbc0
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/hook.php b/hook.php
@@ -339,11 +339,20 @@ function plugin_datainjection_populate_fields()
     }
 }
 
+function plugin_fields_addDefaultWhere($itemtype)
+{
+
+    toolbox::logDebug($itemtype);
+}
+
 function plugin_fields_addWhere($link, $nott, $itemtype, $ID, $val, $searchtype)
 {
     /** @var \DBmysql $DB */
     global $DB;
 
+    toolbox::logDebug($link, $nott, $itemtype, $ID, $val, $searchtype);
+
+
     $searchopt = &Search::getOptions($itemtype);
     $table     = $searchopt[$ID]['table'];
     $field     = $searchopt[$ID]['field'];

diff --git a/inc/abstractcontainerinstance.class.php b/inc/abstractcontainerinstance.class.php
@@ -30,6 +30,26 @@
 
 abstract class PluginFieldsAbstractContainerInstance extends CommonDBTM
 {
+
+    public function canViewItem()
+    {
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right < READ) {
+            return false;
+        }
+        return true;
+    }
+
+    public function canUpdateItem()
+    {
+        $right = PluginFieldsProfile::getRightOnContainer($_SESSION['glpiactiveprofile']['id'], $this->fields['plugin_fields_containers_id']);
+        if ($right > READ) {
+            return true;
+        }
+        return false;
+    }
+
+
     public static function getSpecificValueToSelect($field, $name = '', $values = '', array $options = [])
     {
         if (!is_array($values)) {