fix(itil): Readonly logic is now only applied on form controller not on all add/update logic

Author: froozeify

front/change.form.php

@@ -53,6 +53,7 @@
 if (isset($_POST["add"])) {
     $change->check(-1, CREATE, $_POST);
 
+    $_POST = $change->enforceReadonlyFields($_POST, true);
     $newID = $change->add($_POST);
     Event::log(
         $newID,
@@ -109,6 +110,7 @@
 } elseif (isset($_POST["update"])) {
     $change->check($_POST["id"], UPDATE);
 
+    $_POST = $change->enforceReadonlyFields($_POST);
     $change->update($_POST);
     Event::log(
         $_POST["id"],

front/problem.form.php

@@ -53,6 +53,7 @@
 if (isset($_POST["add"])) {
     $problem->check(-1, CREATE, $_POST);
 
+    $_POST = $problem->enforceReadonlyFields($_POST, true);
     if ($newID = $problem->add($_POST)) {
         Event::log(
             $newID,
@@ -108,6 +109,7 @@
 } elseif (isset($_POST["update"])) {
     $problem->check($_POST["id"], UPDATE);
 
+    $_POST = $problem->enforceReadonlyFields($_POST);
     $problem->update($_POST);
     Event::log(
         $_POST["id"],

front/ticket.form.php

@@ -74,6 +74,7 @@
 
 if (isset($_POST["add"])) {
     $track->check(-1, CREATE, $_POST);
+    $_POST = $track->enforceReadonlyFields($_POST, true);
 
     if ($track->add($_POST)) {
         if ($_SESSION['glpibackcreated']) {
@@ -85,6 +86,7 @@
     if (!$track::canUpdate()) {
         throw new AccessDeniedHttpException();
     }
+    $_POST = $track->enforceReadonlyFields($_POST);
     $track->update($_POST);
 
     if (isset($_POST['kb_linked_id'])) {

src/CommonITILObject.php

@@ -1770,8 +1770,6 @@ public function cleanDBonPurge()
     protected function handleTemplateFields(array $input, bool $show_error_message = true)
     {
         //// check mandatory fields
-        // First get ticket template associated: entity and type/category
-        $tt = $this->getITILTemplateFromInput($input);
 
         $check_allowed_fields_for_template = false;
         $allowed_fields                    = [];
@@ -1858,7 +1856,9 @@ class_exists($validation_class)
             }
         }
 
-        if (count($tt->mandatory)) {
+        // First get ticket template associated: entity and type/category
+        $tt = $this->getITILTemplateFromInput($input);
+        if ($tt && count($tt->mandatory)) {
             $mandatory_missing = [];
             $fieldsname        = $tt->getAllowedFieldsNames(true);
             foreach ($tt->mandatory as $key => $val) {
@@ -1967,7 +1967,6 @@ public function prepareInputForUpdate($input)
         if (!$this->checkFieldsConsistency($input)) {
             return false;
         }
-        $input = $this->handleReadonlyFields($input);
 
         // Add document if needed
         $this->getFromDB($input["id"]); // entities_id field required
@@ -2332,9 +2331,25 @@ public function prepareInputForUpdate($input)
 
         return $input;
     }
-    private function handleReadonlyFields(array $input, bool $isAdd = false): array
+
+    /**
+     * Processes readonly fields in the input array based on the ITIL template data.
+     *
+     * @param array $input The user input data to process (often $_POST).
+     * @param bool $isAdd true if we are in a creation, will force to apply the template predefined field.
+     *
+     * @return array The modified user input array after processing readonly fields.
+     *
+     * @since 11.0.2
+     */
+    public function enforceReadonlyFields(array $input, bool $isAdd = false): array
     {
         $tt = $this->getITILTemplateFromInput($input);
+        if (!$tt) {
+            dump('Template not found');
+            return $input;
+        }
+
         $tt->getFromDBWithData($tt->getID()); // We load the fields (predefined and readonly)
 
         foreach (array_keys($tt->readonly) as $read_only_field) {
@@ -2824,7 +2839,6 @@ public function prepareInputForAdd($input)
         if (!$this->checkFieldsConsistency($input)) {
             return false;
         }
-        $input = $this->handleReadonlyFields($input, true);
 
         $input = $this->transformActorsInput($input);
 
@@ -8269,13 +8283,16 @@ public function getITILTemplateToUse(
      * If the input is not defined, it will get it from the object fields datas
      *
      * @param array $input
-     * @return ITILTemplate
+     * @return ITILTemplate|null
      *
      * @since 11.0.2
      */
-    public function getITILTemplateFromInput(array $input = []): ITILTemplate
+    public function getITILTemplateFromInput(array $input = []): ?ITILTemplate
     {
-        $entid = $input['entities_id'] ?? $this->fields['entities_id'];
+        $entid = $input['entities_id'] ?? $this->fields['entities_id'] ?? $input['id'] ?? null;
+        if (is_null($entid)) {
+            return null;
+        }
 
         $type = null;
         if (isset($input['type'])) {
@@ -8285,6 +8302,9 @@ public function getITILTemplateFromInput(array $input = []): ITILTemplate
         }
 
         $categid = $input['itilcategories_id'] ?? $this->fields['itilcategories_id'];
+        if (is_null($categid)) {
+            return null;
+        }
         return $this->getITILTemplateToUse(0, $type, $categid, $entid);
     }
 

tests/src/AbstractITILTemplateReadonlyFieldTest.php

@@ -165,7 +165,7 @@ public function testHandleReadonlyFieldsOnAddWithPredefined(): void
             $input['type'] = Ticket::INCIDENT_TYPE;
         }
 
-        $processed_input = $itil_object->prepareInputForAdd($input);
+        $processed_input = $itil_object->enforceReadonlyFields($input, true);
 
         $this->assertEquals(Urgency::HIGH->value, $processed_input['urgency']);
         $this->assertEquals('Some content', $processed_input['name']);
@@ -187,9 +187,9 @@ public function testHandleReadonlyFieldsOnAddWithoutPredefined(): void
             $input['type'] = Ticket::INCIDENT_TYPE;
         }
 
-        $processed_input = $itil_object->prepareInputForAdd($input);
+        $processed_input = $itil_object->enforceReadonlyFields($input, true);
 
-        $this->assertEquals(Urgency::MEDIUM->value, $processed_input['urgency']); // Default value
+        $this->assertArrayNotHasKey('urgency', $processed_input); // Default value
         $this->assertEquals('Some content', $processed_input['name']);
     }
 
@@ -224,7 +224,7 @@ public function testHandleReadonlyFieldsOnUpdateWithExistingValue(): void
             $update_input['type'] = Ticket::INCIDENT_TYPE;
         }
 
-        $processed_input = $itil_object->prepareInputForUpdate($update_input);
+        $processed_input = $itil_object->enforceReadonlyFields($update_input);
 
         $this->assertEquals(Urgency::MEDIUM->value, $processed_input['urgency']);
         $this->assertEquals('Updated content', $processed_input['name']);
@@ -261,7 +261,7 @@ public function testHandleReadonlyFieldsOnUpdateWithoutExistingValue(): void
             $update_input['type'] = Ticket::INCIDENT_TYPE;
         }
 
-        $processed_input = $itil_object->prepareInputForUpdate($update_input);
+        $processed_input = $itil_object->enforceReadonlyFields($update_input);
 
         $this->assertEquals(Urgency::MEDIUM->value, $processed_input['urgency']); // Default value
         $this->assertEquals('Updated content', $processed_input['name']);