Revert "Add post update processing to prevent unauthorized deletion o…

…f ticket actors (pluginsGLPI#186)"

This reverts commit 3663936.

CHANGELOG.md

@@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/)
 and this project adheres to [Semantic Versioning](http://semver.org/).
 
+<<<<<<< HEAD
 ## [2.9.5] - 2024-05-06
 
 ### Fixed
@@ -13,6 +14,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/).
 - Fix unsended notifications while `Delete old groups when adding a new one` is set to `No`
 
 ## [2.9.4] - 2024-04-03
+=======
+## [2.9.4] - 20204-04-03
+>>>>>>> parent of 3663936 (Add post update processing to prevent unauthorized deletion of ticket actors (#186))
 
 ### Fixed
 

inc/ticket.class.php

@@ -43,11 +43,7 @@ public static function pre_item_update(CommonDBTM $item)
             !empty(array_filter(
                 $item->input['_actors']['assign'] ?? [],
                 fn ($actor) => $actor['itemtype'] == 'Group'
-            ))
-            && (
-                isset($item->input['_from_assignment'])
-                && $item->input['_from_assignment']
-            )
+            )) && $item->input['_from_assignment']
         ) {
            //handle status behavior
             if ($_SESSION['plugins']['escalade']['config']['ticket_last_status'] != -1) {
@@ -58,60 +54,6 @@ public static function pre_item_update(CommonDBTM $item)
         if (isset($input['_itil_assign'])) {
             $item->input['_do_not_compute_status'] = true;
         }
-
-        $config = $_SESSION['plugins']['escalade']['config'];
-
-        // Get actual actors for the ticket
-        if ($item instanceof Ticket) {
-            $actorTypes = [CommonITILActor::REQUESTER, CommonITILActor::OBSERVER, CommonITILActor::ASSIGN];
-            $ticket_actors = array_reduce(
-                $actorTypes,
-                function ($carry, $type) use ($item) {
-                    $carry[$item->getActorFieldNameType($type)] = $item->getActorsForType($type);
-                    return $carry;
-                },
-                []
-            );
-
-            // Get updated actors
-            $actors_update = $item->input['_actors'] ?? [];
-
-            // Get deletion rights for each type of actor
-            $deletion_rights = [
-                User::getType() => [
-                    'requester' => $config['remove_delete_requester_user_btn'],
-                    'observer' => $config['remove_delete_watcher_user_btn'],
-                    'assign' => $config['remove_delete_assign_user_btn'],
-                ],
-                Group::getType() => [
-                    'requester' => $config['remove_delete_requester_group_btn'],
-                    'observer' => $config['remove_delete_watcher_group_btn'],
-                    'assign' => $config['remove_delete_assign_group_btn'],
-                ],
-                Supplier::getType() => [
-                    'assign' => $config['remove_delete_assign_supplier_btn'],
-                ],
-            ];
-
-            // Iteration through actor types and verification of deletion rights
-            foreach ($ticket_actors as $type => $actors) {
-                $updatedActors = array_map(
-                    function ($a) {
-                        return [$a['items_id'], $a['itemtype']];
-                    },
-                    $actors_update[$type] ?? []
-                );
-
-                foreach ($actors as $actor) {
-                    $actorKey = [$actor['items_id'], $actor['itemtype']];
-
-                    // If the actor has been deleted and deletion is forbidden, it is readjusted to simulate a non-deletion
-                    if (!in_array($actorKey, $updatedActors) && empty($deletion_rights[$actor['itemtype']][$type])) {
-                        $item->input['_actors'][$type][] = $actor;
-                    }
-                }
-            }
-        }
     }
 
    /**