fix(dropdownfield): SQL error for GLPI objects / tickets and some specific rights

btry · btry · commit 2539e366c204 · 2023-06-12T13:31:56.000+02:00
diff --git a/inc/field/dropdownfield.class.php b/inc/field/dropdownfield.class.php
@@ -57,6 +57,7 @@
 use SLA;
 use SLM;
 use OLA;
+use QueryExpression;
 use QuerySubQuery;
 use QueryUnion;
 use GlpiPlugin\Formcreator\Exception\ComparisonException;
@@ -227,9 +228,11 @@ public function buildParams($rand = null) {
             $currentUser = Session::getLoginUserID();
             if (!Session::haveRight(Ticket::$rightname, Ticket::READMY) && !Session::haveRight(Ticket::$rightname, Ticket::READGROUP)) {
                // No right to view any ticket, then force the dropdown to be empty
-               $dparams_cond_crit['OR'] = new \QueryExpression('0=1');
+               $dparams_cond_crit['OR'] = new QueryExpression('0=1');
                break;
             }
+            $tickets_filter = ['users_id_recipient' => $currentUser];
+
             if (Session::haveRight(Ticket::$rightname, Ticket::READMY)) {
                $requestersObserversQuery = new QuerySubQuery([
                   'SELECT' => 'tickets_id',
@@ -239,34 +242,23 @@ public function buildParams($rand = null) {
                      'type' => [CommonITILActor::REQUESTER, CommonITILActor::OBSERVER]
                   ],
                ]);
-               $dparams_cond_crit['OR'] = [
+               $tickets_filter[] = [
                   'id' => $requestersObserversQuery,
-                  'users_id_recipient' => $currentUser,
                ];
             }
-            if (Session::haveRight(Ticket::$rightname, Ticket::READGROUP)) {
-               $sub_query = [
+
+            if (Session::haveRight(Ticket::$rightname, Ticket::READGROUP) && count($_SESSION['glpigroups']) > '0') {
+               $requestersObserversGroupsQuery = new QuerySubQuery([
                   'SELECT' => 'tickets_id',
                   'FROM' => Group_Ticket::getTable(),
                   'WHERE' => [
-                     'type' => [CommonITILActor::REQUESTER, CommonITILActor::OBSERVER]
+                     'type' => [CommonITILActor::REQUESTER, CommonITILActor::OBSERVER],
+                     'groups_id' => $_SESSION['glpigroups'],
                   ],
-               ];
-               if (count($_SESSION['glpigroups']) > '0') {
-                  $sub_query['WHERE']['groups_id'] = $_SESSION['glpigroups'];
-               }
-               $requestersObserversGroupsQuery = new QuerySubQuery($sub_query);
-               if (!isset($dparams_cond_crit['OR']['id'])) {
-                  $dparams_cond_crit['OR'] = [
-                     'id' => $requestersObserversGroupsQuery,
-                  ];
-               } else {
-                  $dparams_cond_crit['OR']['id'] = new QueryUnion([
-                     $dparams_cond_crit['OR']['id'],
-                     $requestersObserversGroupsQuery,
-                  ]);
-               }
+               ]);
+               $tickets_filter[] = ['id' => $requestersObserversGroupsQuery];
             }
+            $dparams_cond_crit['OR'] = $tickets_filter;
             break;
 
          default:
