fix(form): import of entity and category

btry · btry · commit 2e3beea57ac8 · 2019-03-05T19:36:32.000+01:00
- avoid import or update of forms in an entity where the user does not has right for update
- fix import of form category

Signed-off-by: Thierry Bugier &lt;tbugier@teclib.com&gt;
diff --git a/inc/form.class.php b/inc/form.class.php
@@ -1734,12 +1734,12 @@ function export($remove_uuid = false) {
       // replace dropdown ids
       if ($form['plugin_formcreator_categories_id'] > 0) {
          $form['_plugin_formcreator_category']
-            = Dropdown::getDropdownName('glpi_plugin_formcreator_categories',
+            = Dropdown::getDropdownName(PluginFormcreatorCategory::getTable(),
                                         $form['plugin_formcreator_categories_id']);
       }
       if ($form['entities_id'] > 0) {
          $form['_entity']
-            = Dropdown::getDropdownName('glpi_entities',
+            = Dropdown::getDropdownName(Entity::getTable(),
                                         $form['entities_id']);
       }
 
@@ -2028,34 +2028,57 @@ public static function import(PluginFormcreatorImportLinker $importLinker, $form
       set_time_limit(30);
 
       $form_obj = new self;
-      $entity   = new Entity;
-      $form_cat = new PluginFormcreatorCategory;
+
+      $forms_id = plugin_formcreator_getFromDBByField(
+         $form_obj,
+         'uuid',
+         $form['uuid']
+      );
 
       // retrieve foreign keys
-      if (!isset($form['_entity'])
-          || !$form['entities_id']
-             = plugin_formcreator_getFromDBByField($entity,
-                                                   'completename',
-                                                   $form['_entity'])) {
-         $form['entities_id'] = $_SESSION['glpiactive_entity'];
+      $entity = new Entity();
+      $entityFk = Entity::getForeignKeyField();
+      $entityId = $_SESSION['glpiactive_entity'];
+      if (isset($form['_entity'])) {
+         plugin_formcreator_getFromDBByField(
+            $entity,
+            'completename',
+            $form['_entity']
+         );
+         // Check rights on the destination entity of the form
+         if (!$entity->isNewItem() && $entity->canUpdateItem()) {
+            $entityId = $entity->getID();
+         } else {
+            if ($forms_id !== false) {
+               // The form is in an entity where we don't have UPDATE right
+               Session::addMessageAfterRedirect(
+                  sprintf(__('The form %1$s already exists and is in an unmodifiable entity.', 'formcreator'), $form['name']),
+                  false,
+                  WARNING
+               );
+               return false;
+            }
+         }
       }
-      if (!isset($form['_plugin_formcreator_categories_id'])
-          || !$form['_plugin_formcreator_categories_id']
-             = plugin_formcreator_getFromDBByField($form_cat,
-                                                   'completename',
-                                                   $form['_plugin_formcreator_category'])) {
-         $form['plugin_formcreator_categories_id'] = 0;
+      $form[$entityFk] = $entityId;
+
+      $formCategory = new PluginFormcreatorCategory();
+      $formCategoryFk = PluginFormcreatorCategory::getForeignKeyField();
+      $formCategoryId = 0;
+      if (isset($form['_plugin_formcreator_category'])) {
+         $formCategoryId = $formCategory->import([
+            'completename' => $form['_plugin_formcreator_category'],
+         ]);
       }
+      $form[$formCategoryFk] = $formCategoryId;
 
       // escape text fields
       foreach (['name', 'description', 'content'] as $key) {
          $form[$key] = $DB->escape($form[$key]);
       }
 
       // retrieve form by its uuid
-      if ($forms_id = plugin_formcreator_getFromDBByField($form_obj,
-                                                          'uuid',
-                                                          $form['uuid'])) {
+      if (!$form_obj->isNewItem()) {
          // add id key
          $form['id'] = $forms_id;
 
