Feature : targeted private saved searches

Author: ArthurMinfotel

ajax/subvisibility.php

@@ -53,6 +53,10 @@
             if (Session::canViewAllEntities()) {
                 $params['toadd'] = [-1 => __('No restriction')];
             }
+            if (isset($_POST['entity']) && $_POST['entity'] >= 0) {
+                $params['entity'] = $_POST['entity'];
+                $params['entity_sons'] = $_POST['is_recursive'] ?? false;
+            }
             echo "<table class='tab_format'><tr><td>";
             echo htmlescape(Entity::getTypeName(1));
             echo "</td><td>";

ajax/visibility.php

@@ -43,10 +43,7 @@
 
 Session::checkCentralAccess();
 
-if (
-    isset($_POST['type']) && !empty($_POST['type'])
-    && isset($_POST['right'])
-) {
+if (isset($_POST['type']) && !empty($_POST['type'])) {
     $display = false;
     $rand    = mt_rand();
     $prefix = '';
@@ -61,10 +58,16 @@
     echo "<div class='d-flex'>";
     switch ($_POST['type']) {
         case 'User':
-            $params = [
-                'right' => isset($_POST['allusers']) ? 'all' : $_POST['right'],
-                'name' => $prefix . 'users_id' . $suffix
-            ];
+            $params = ['name' => $prefix . 'users_id' . $suffix];
+            if (isset($_POST['right'])) {
+                $params['right'] = isset($_POST['allusers']) ? 'all' : $_POST['right'];
+            } else {
+                $params['right'] = 'all';
+            }
+            if (isset($_POST['entity']) && $_POST['entity'] >= 0) {
+                $params['entity'] = $_POST['entity'];
+                $params['entity_sons'] = $_POST['is_recursive'] ?? false;
+            }
             User::dropdown($params);
             $display = true;
             break;
@@ -82,6 +85,12 @@
                     'prefix'   => $_POST['prefix']
                 ]
             ];
+            if (isset($_POST['entity']) && $_POST['entity'] >= 0) {
+                $params['entity'] = $_POST['entity'];
+                $params['toupdate']['moreparams']['entity'] = $_POST['entity'];
+                $params['entity_sons'] = $_POST['is_recursive'] ?? false;
+                $params['toupdate']['moreparams']['entity_sons'] = $_POST['is_recursive'] ?? false;
+            }
 
             Group::dropdown($params);
             echo "<span id='subvisibility$rand'></span>";

front/savedsearch.php

@@ -45,8 +45,13 @@
     isset($_GET['action']) && $_GET["action"] == "load"
     && isset($_GET["id"]) && ($_GET["id"] > 0)
 ) {
-    $savedsearch->check($_GET["id"], READ);
-    $savedsearch->load($_GET["id"]);
+    $savedsearch->getFromDB($_GET['ID']);
+    if ($savedsearch->canViewItem()) {
+        $savedsearch->load($_GET["id"]);
+    } else {
+        $info = "User can not access the SavedSearch " . $_GET['id'];
+        throw new \Glpi\Exception\Http\AccessDeniedHttpException($info);
+    }
     return;
 }
 

inc/relation.constant.php

@@ -589,6 +589,7 @@
         '_glpi_entities_knowbaseitems'     => 'entities_id',
         '_glpi_entities_reminders'         => 'entities_id',
         '_glpi_entities_rssfeeds'          => 'entities_id',
+        '_glpi_entities_savedsearches'     => 'entities_id',
         'glpi_fieldblacklists'             => 'entities_id',
         'glpi_fieldunicities'              => 'entities_id',
         'glpi_forms_forms'                 => 'entities_id',
@@ -598,6 +599,7 @@
         'glpi_groups_knowbaseitems'        => 'entities_id',
         'glpi_groups_reminders'            => 'entities_id',
         'glpi_groups_rssfeeds'             => 'entities_id',
+        'glpi_groups_savedsearches'        => 'entities_id',
         'glpi_holidays'                    => 'entities_id',
         'glpi_imageformats'                => 'entities_id',
         'glpi_imageresolutions'            => 'entities_id',
@@ -739,6 +741,7 @@
         '_glpi_groups_problems'      => 'groups_id',
         '_glpi_groups_reminders'     => 'groups_id',
         '_glpi_groups_rssfeeds'      => 'groups_id',
+        '_glpi_groups_savedsearches' => 'groups_id',
         '_glpi_groups_tickets'       => 'groups_id',
         '_glpi_groups_users'         => 'groups_id',
         'glpi_itilcategories'        => 'groups_id',
@@ -1263,8 +1266,11 @@
     ],
 
     'glpi_savedsearches' => [
-        '_glpi_savedsearches_alerts' => 'savedsearches_id',
-        '_glpi_savedsearches_users'  => 'savedsearches_id',
+        '_glpi_entities_savedsearches'    => 'savedsearches_id',
+        '_glpi_groups_savedsearches'      => 'savedsearches_id',
+        '_glpi_savedsearches_alerts'      => 'savedsearches_id',
+        '_glpi_savedsearches_users'       => 'savedsearches_id',
+        '_glpi_savedsearches_usertargets' => 'savedsearches_id',
     ],
 
     'glpi_slalevels' => [
@@ -1625,6 +1631,7 @@
         '_glpi_rssfeeds_users'          => 'users_id',
         '_glpi_savedsearches'           => 'users_id',
         '_glpi_savedsearches_users'     => 'users_id',
+        '_glpi_savedsearches_usertargets' => 'users_id',
         'glpi_softwarelicenses'         => [
             'users_id_tech',
             'users_id',

install/migrations/update_10.0.x_to_11.0.0/entity_savedsearch.php

@@ -0,0 +1,57 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2025 Teclib' and contributors.
+ * @copyright 2003-2014 by the INDEPNET Development Team.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * @var \DBmysql $DB
+ * @var \Migration $migration
+ */
+
+$default_charset = DBConnection::getDefaultCharset();
+$default_collation = DBConnection::getDefaultCollation();
+$default_key_sign = DBConnection::getDefaultPrimaryKeySignOption();
+
+if (!$DB->tableExists('glpi_entities_savedsearches')) {
+    $query = "CREATE TABLE `glpi_entities_savedsearches` (
+        `id` int {$default_key_sign} NOT NULL AUTO_INCREMENT,
+        `savedsearches_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        `entities_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        `is_recursive` tinyint NOT NULL DEFAULT '0',
+        PRIMARY KEY (`id`),
+        KEY `savedsearches_id` (`savedsearches_id`),
+        KEY `entities_id` (`entities_id`),
+        KEY `is_recursive` (`is_recursive`)
+    ) ENGINE = InnoDB ROW_FORMAT = DYNAMIC DEFAULT CHARSET = {$default_charset} COLLATE = {$default_collation};";
+    $DB->doQuery($query);
+}

install/migrations/update_10.0.x_to_11.0.0/group_savedsearch.php

@@ -0,0 +1,60 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2025 Teclib' and contributors.
+ * @copyright 2003-2014 by the INDEPNET Development Team.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * @var \DBmysql $DB
+ * @var \Migration $migration
+ */
+
+$default_charset = DBConnection::getDefaultCharset();
+$default_collation = DBConnection::getDefaultCollation();
+$default_key_sign = DBConnection::getDefaultPrimaryKeySignOption();
+
+if (!$DB->tableExists('glpi_groups_savedsearches')) {
+    $query = "CREATE TABLE `glpi_groups_savedsearches` (
+        `id` int {$default_key_sign} NOT NULL AUTO_INCREMENT,
+        `savedsearches_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        `groups_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        `entities_id` int {$default_key_sign} DEFAULT NULL,
+        `is_recursive` tinyint NOT NULL DEFAULT '0',
+        `no_entity_restriction` tinyint NOT NULL DEFAULT '0',
+        PRIMARY KEY (`id`),
+        KEY `savedsearches_id` (`savedsearches_id`),
+        KEY `groups_id` (`groups_id`),
+        KEY `entities_id` (`entities_id`),
+        KEY `is_recursive` (`is_recursive`)
+    ) ENGINE = InnoDB ROW_FORMAT = DYNAMIC DEFAULT CHARSET = {$default_charset} COLLATE = {$default_collation};";
+    $DB->doQuery($query);
+}

install/migrations/update_10.0.x_to_11.0.0/savedsearch.php

@@ -0,0 +1,53 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2025 Teclib' and contributors.
+ * @copyright 2003-2014 by the INDEPNET Development Team.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * @var \DBmysql $DB
+ * @var \Migration $migration
+ * @var array $DELFROMDISPLAYPREF
+ */
+
+$table = SavedSearch::getTable();
+$field = 'is_private';
+if ($DB->fieldExists($table, $field)) {
+    $query = 'INSERT INTO glpi_entities_savedsearches (savedsearches_id, entities_id, is_recursive)
+SELECT id, entities_id, is_recursive
+FROM glpi_savedsearches WHERE is_private = 0;';
+    $DB->doQuery($query);
+
+    $migration->dropField($table, $field);
+
+    $DELFROMDISPLAYPREF['SavedSearch'] = 4;
+}

install/migrations/update_10.0.x_to_11.0.0/savedsearch_usertarget.php

@@ -0,0 +1,55 @@
+<?php
+
+/**
+ * ---------------------------------------------------------------------
+ *
+ * GLPI - Gestionnaire Libre de Parc Informatique
+ *
+ * http://glpi-project.org
+ *
+ * @copyright 2015-2025 Teclib' and contributors.
+ * @copyright 2003-2014 by the INDEPNET Development Team.
+ * @licence   https://www.gnu.org/licenses/gpl-3.0.html
+ *
+ * ---------------------------------------------------------------------
+ *
+ * LICENSE
+ *
+ * This file is part of GLPI.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ *
+ * ---------------------------------------------------------------------
+ */
+
+/**
+ * @var \DBmysql $DB
+ * @var \Migration $migration
+ */
+
+$default_charset = DBConnection::getDefaultCharset();
+$default_collation = DBConnection::getDefaultCollation();
+$default_key_sign = DBConnection::getDefaultPrimaryKeySignOption();
+
+if (!$DB->tableExists('glpi_savedsearches_usertargets')) {
+    $query = "CREATE TABLE `glpi_savedsearches_usertargets` (
+        `id` int {$default_key_sign} NOT NULL AUTO_INCREMENT,
+        `savedsearches_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        `users_id` int {$default_key_sign}  NOT NULL DEFAULT '0',
+        PRIMARY KEY (`id`),
+        KEY `savedsearches_id` (`savedsearches_id`),
+        KEY `users_id` (`users_id`)
+    ) ENGINE = InnoDB ROW_FORMAT = DYNAMIC DEFAULT CHARSET = {$default_charset} COLLATE = {$default_collation};";
+    $DB->doQuery($query);
+}