diff --git a/public_html/create.php b/public_html/create.php
deleted file mode 100644
index 07f62327..00000000
--- a/public_html/create.php
+++ /dev/null
@@ -1,140 +0,0 @@
- getForm('create',urldecode($_GET['load']));
- }
- else {
- if (isset($_GET['LSrelation']) && isset($_GET['relatedLSobject']) && isset($_GET['relatedLSobjectDN'])) {
- if (LSsession :: loadLSobject($_GET['relatedLSobject']) && LSsession :: loadLSclass('LSrelation')) {
- $obj = new $_GET['relatedLSobject']();
- if ($obj -> loadData(urldecode($_GET['relatedLSobjectDN']))) {
- $relation = new LSrelation($obj, $_GET['LSrelation']);
- if ($relation -> exists()) {
- $attr = $relation -> getRelatedEditableAttribute();
- if (isset($object -> attrs[$attr])) {
- $value = $relation -> getRelatedKeyValue();
- if (is_array($value)) $value=$value[0];
- $object -> attrs[$attr] -> data = array($value);
- }
- else {
- LSerror :: addErrorCode('LSrelations_06',array('relation' => $relation -> getName(),'LSobject' => $obj -> getType()));
- }
- }
- }
- else {
- LSerror :: addErrorCode('LSsession_24');
- }
- }
- }
- $form = $object -> getForm('create');
- }
-
- if (isset($_REQUEST['LSform_dataEntryForm'])) {
- $form -> applyDataEntryForm((string)$_REQUEST['LSform_dataEntryForm']);
- LStemplate :: assign('LSform_dataEntryForm',(string)$_REQUEST['LSform_dataEntryForm']);
- }
-
- LStemplate :: assign('listAvailableDataEntryForm',LSform :: listAvailableDataEntryForm($LSobject));
- LStemplate :: assign('DataEntryFormLabel',_('Data entry form'));
-
- if ($form->validate()) {
- // Data update for LDAP object
- if ($object -> updateData('create')) {
- if (!LSerror::errorsDefined()) {
- LSsession :: addInfo(_("Object has been added."));
- }
- if (isset($_REQUEST['ajax'])) {
- LSsession :: displayAjaxReturn (
- array(
- 'LSredirect' => "object/$LSobject/".urlencode($object -> getDn())
- )
- );
- exit();
- }
- else {
- if (!LSdebugDefined()) {
- LSurl :: redirect("object/$LSobject/".urlencode($object -> getDn()));
- }
- }
- }
- else {
- if (isset($_REQUEST['ajax'])) {
- LSsession :: displayAjaxReturn (
- array(
- 'LSformErrors' => $form -> getErrors()
- )
- );
- exit();
- }
- else {
- LSsession :: displayTemplate();
- }
- }
- }
- else if (isset($_REQUEST['ajax']) && $form -> definedError()) {
- LSsession :: displayAjaxReturn (
- array(
- 'LSformErrors' => $form -> getErrors()
- )
- );
- exit();
- }
- // Define page title
- LStemplate :: assign('pagetitle',_('New').' : '.$object -> getLabel());
- LSsession :: setTemplate('create.tpl');
- $form -> display();
- }
- else {
- LSerror :: addErrorCode('LSsession_11');
- }
- }
- else {
- LSerror :: addErrorCode('LSldapObject_01');
- }
- }
- else {
- LSerror :: addErrorCode('LSsession_12');
- }
-
-}
-else {
- LSsession :: setTemplate('login.tpl');
-}
-LSsession :: displayTemplate();
diff --git a/public_html/includes/class/class.LSform.php b/public_html/includes/class/class.LSform.php
index 1b37fc67..6d15ddf5 100644
--- a/public_html/includes/class/class.LSform.php
+++ b/public_html/includes/class/class.LSform.php
@@ -75,13 +75,14 @@ class LSform {
}
/**
- * Affiche le formualaire
+ * Display the form
*
+ * @param[in] $LSform_action string|null The form action attribute value (optional, default: $_SERVER['PHP_SELF'])
* @author Benjamin Renard
*
* @retval void
*/
- public function display(){
+ public function display($LSform_action=null){
if ($this -> idForm == 'view') {
self :: loadDependenciesDisplayView($this -> $ldapObject);
}
@@ -100,7 +101,7 @@ class LSform {
)
);
- LStemplate :: assign('LSform_action',$_SERVER['PHP_SELF']);
+ LStemplate :: assign('LSform_action', ($LSform_action?$LSform_action:$_SERVER['PHP_SELF']));
$LSform_header = "\t\n
\t\n
\t\n
diff --git a/public_html/includes/class/class.LSrelation.php b/public_html/includes/class/class.LSrelation.php
index fac6c1c6..6c8acf8e 100644
--- a/public_html/includes/class/class.LSrelation.php
+++ b/public_html/includes/class/class.LSrelation.php
@@ -265,7 +265,7 @@ class LSrelation {
if ($relation -> canCreate()) {
$return['actions'][] = array(
'label' => _('New'),
- 'url' => 'create.php?LSobject='.$relationConf['LSobject'].'&LSrelation='.$relationName.'&relatedLSobject='.$object->getType().'&relatedLSobjectDN='.urlencode($object -> getValue('dn')),
+ 'url' => 'object/'.$relationConf['LSobject'].'/create?LSrelation='.$relationName.'&relatedLSobject='.$object->getType().'&relatedLSobjectDN='.urlencode($object -> getValue('dn')),
'action' => 'create'
);
}
diff --git a/public_html/includes/class/class.LSsearchEntry.php b/public_html/includes/class/class.LSsearchEntry.php
index 1b8025cd..a0672cd2 100644
--- a/public_html/includes/class/class.LSsearchEntry.php
+++ b/public_html/includes/class/class.LSsearchEntry.php
@@ -173,7 +173,7 @@ class LSsearchEntry {
if ($this -> LSsearch -> canCopy) {
$this -> cache['actions'][] = array(
'label' => _('Copy'),
- 'url' =>'create.php?LSobject='.$this -> LSobject.'&load='.urlencode($this -> dn),
+ 'url' => 'object/'.$this -> LSobject.'/create?load='.urlencode($this -> dn),
'action' => 'copy'
);
}
diff --git a/public_html/includes/routes.php b/public_html/includes/routes.php
index a2b94187..0bfa7a9a 100644
--- a/public_html/includes/routes.php
+++ b/public_html/includes/routes.php
@@ -79,14 +79,19 @@ LSurl :: add_handler('#^image/(?P[^/]+)$#', 'handle_image', false);
*
* @param[in] $request LSurlRequest The request
* @param[in] $instanciate boolean Instanciate and return an object (optional, default: true)
+ * @param[in] $check_access callable|null Permit to specify check access method (optional, default: LSsession :: canAccess())
*
* @retval LSobject|boolean The instanciated LSobject (or True if $instanciate=false), or False
* on error/access refused
*/
-function get_LSobject_from_request($request, $instanciate=true) {
+function get_LSobject_from_request($request, $instanciate=true, $check_access=null) {
$LSobject = $request -> LSobject;
$dn = (isset($request -> dn)?$request -> dn:null);
+ // Handle $check_access parameter
+ if (is_null($check_access))
+ $check_access = array('LSsession', 'canAccess');
+
// Handle SELF redirect
if ( $LSobject == 'SELF' ) {
$LSobject = LSsession :: getLSuserObject() -> getType();
@@ -96,12 +101,12 @@ function get_LSobject_from_request($request, $instanciate=true) {
// If $dn, check user access to this LSobject
if ($dn) {
- if (!LSsession :: canAccess($LSobject, $dn)) {
+ if (!call_user_func($check_access, $LSobject, $dn)) {
LSerror :: addErrorCode('LSsession_11');
return false;
}
}
- else if (!LSsession :: in_menu($LSobject) && !LSsession :: canAccess($LSobject)) {
+ else if (!LSsession :: in_menu($LSobject) && !call_user_func($check_access, $LSobject)) {
LSerror :: addErrorCode('LSsession_11');
return false;
}
@@ -158,7 +163,7 @@ function handle_LSobject_search($request) {
if(LSsession :: canCreate($LSobject)) {
$LSview_actions['create'] = array (
'label' => _('New'),
- 'url' => 'create.php?LSobject='.$LSobject,
+ 'url' => "object/$LSobject/create",
'action' => 'create'
);
if ($object -> listValidIOformats()) {
@@ -241,6 +246,126 @@ function handle_LSobject_search($request) {
}
LSurl :: add_handler('#^object/(?P[^/]+)/?$#', 'handle_LSobject_search');
+/*
+ * Handle LSobject create request
+ *
+ * @param[in] $request LSurlRequest The request
+ *
+ * @retval void
+**/
+function handle_LSobject_create($request) {
+ $object = get_LSobject_from_request(
+ $request,
+ true, // instanciate object
+ array('LSsession', 'canCreate') // Check access method
+ );
+ if (!$object)
+ return;
+
+ $LSobject = $object -> getType();
+
+ if (isset($_GET['load']) && $_GET['load']!='') {
+ $form = $object -> getForm('create', urldecode($_GET['load']));
+ }
+ else {
+ if (isset($_GET['LSrelation']) && isset($_GET['relatedLSobject']) && isset($_GET['relatedLSobjectDN'])) {
+ if (LSsession :: loadLSobject($_GET['relatedLSobject']) && LSsession :: loadLSclass('LSrelation')) {
+ $obj = new $_GET['relatedLSobject']();
+ if ($obj -> loadData(urldecode($_GET['relatedLSobjectDN']))) {
+ $relation = new LSrelation($obj, $_GET['LSrelation']);
+ if ($relation -> exists()) {
+ $attr = $relation -> getRelatedEditableAttribute();
+ if (isset($object -> attrs[$attr])) {
+ $value = $relation -> getRelatedKeyValue();
+ if (is_array($value)) $value=$value[0];
+ $object -> attrs[$attr] -> data = array($value);
+ }
+ else {
+ LSerror :: addErrorCode('LSrelations_06',array('relation' => $relation -> getName(),'LSobject' => $obj -> getType()));
+ }
+ }
+ }
+ else {
+ LSerror :: addErrorCode('LSsession_24');
+ }
+ }
+ }
+ $form = $object -> getForm('create');
+ }
+
+ if (isset($_REQUEST['LSform_dataEntryForm'])) {
+ $form -> applyDataEntryForm((string)$_REQUEST['LSform_dataEntryForm']);
+ LStemplate :: assign('LSform_dataEntryForm', (string)$_REQUEST['LSform_dataEntryForm']);
+ }
+
+ LStemplate :: assign('listAvailableDataEntryForm', LSform :: listAvailableDataEntryForm($LSobject));
+ LStemplate :: assign('DataEntryFormLabel', _('Data entry form'));
+
+ if ($form->validate()) {
+ // Data update for LDAP object
+ if ($object -> updateData('create')) {
+ if (!LSerror::errorsDefined()) {
+ LSsession :: addInfo(_("Object has been added."));
+ }
+ if (isset($_REQUEST['ajax'])) {
+ LSsession :: displayAjaxReturn (
+ array(
+ 'LSredirect' => "object/$LSobject/".urlencode($object -> getDn())
+ )
+ );
+ exit();
+ }
+ else {
+ if (!LSdebugDefined())
+ LSurl :: redirect("object/$LSobject/".urlencode($object -> getDn()));
+ }
+ }
+ else {
+ if (isset($_REQUEST['ajax'])) {
+ LSsession :: displayAjaxReturn (
+ array(
+ 'LSformErrors' => $form -> getErrors()
+ )
+ );
+ exit();
+ }
+ }
+ }
+ else if (isset($_REQUEST['ajax']) && $form -> definedError()) {
+ LSsession :: displayAjaxReturn (
+ array(
+ 'LSformErrors' => $form -> getErrors()
+ )
+ );
+ exit();
+ }
+ // Define page title
+ LStemplate :: assign('pagetitle',_('New').' : '.$object -> getLabel());
+ $form -> display("object/$LSobject/create");
+
+ // Set & display template
+ LSsession :: setTemplate('create.tpl');
+ LSsession :: displayTemplate();
+}
+LSurl :: add_handler('#^object/(?P[^/]+)/create/?$#', 'handle_LSobject_create');
+
+/*
+ * Handle old create.php request for retro-compatibility
+ *
+ * @param[in] $request LSurlRequest The request
+ *
+ * @retval void
+ **/
+function handle_old_create_php($request) {
+ if (!isset($_GET['LSobject']))
+ $url = null;
+ else
+ $url = "object/".$_GET['LSobject']."/create";
+ LSerror :: addErrorCode('LSsession_26', 'create.php');
+ LSurl :: redirect($url);
+}
+LSurl :: add_handler('#^create.php#', 'handle_old_create_php');
+
/*
* Handle LSobject show request
*
@@ -269,7 +394,7 @@ function handle_LSobject_show($request) {
if (LSsession :: canCreate($LSobject)) {
$LSview_actions[] = array(
'label' => _('Copy'),
- 'url' =>'create.php?LSobject='.$LSobject.'&load='.urlencode($dn),
+ 'url' => "object/$LSobject/create?load=".urlencode($dn),
'action' => 'copy'
);
}