[Rt-commit] [svn] r736 - in rt/trunk: . lib/RT
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Sat Apr 24 14:48:31 EDT 2004
Author: jesse
Date: Sat Apr 24 14:48:30 2004
New Revision: 736
Modified:
rt/trunk/ (props changed)
rt/trunk/lib/RT/User_Overlay.pm
Log:
----------------------------------------------------------------------
r2150 at tinbook: jesse | 2004-04-24T18:46:32.312073Z
Additional changes to user creation and setting of "Privileged" status to improve access control handling
----------------------------------------------------------------------
Modified: rt/trunk/lib/RT/User_Overlay.pm
==============================================================================
--- rt/trunk/lib/RT/User_Overlay.pm (original)
+++ rt/trunk/lib/RT/User_Overlay.pm Sat Apr 24 14:48:30 2004
@@ -304,7 +304,7 @@
}
- my ($everyone_id, $everyone_msg) = $everyone->AddMember($self->PrincipalId);
+ my ($everyone_id, $everyone_msg) = $everyone->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
unless ($everyone_id) {
$RT::Logger->crit("Could not add user to Everyone group on user creation.");
$RT::Logger->crit($everyone_msg);
@@ -327,7 +327,7 @@
}
- my ($ac_id, $ac_msg) = $access_class->AddMember($self->PrincipalId);
+ my ($ac_id, $ac_msg) = $access_class->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
unless ($ac_id) {
$RT::Logger->crit("Could not add user to Privileged or Unprivileged group on user creation. Aborted");
@@ -375,6 +375,10 @@
my $self = shift;
my $val = shift;
+ #Check the ACL
+ unless ( $self->CurrentUser->HasRight(Right => 'AdminUsers', Object => $RT::System) ) {
+ return ( 0, $self->loc('Permission Denied') );
+ }
my $priv = RT::Group->new($self->CurrentUser);
$priv->LoadSystemInternalGroup('Privileged');
@@ -396,7 +400,7 @@
return (0,$self->loc("That user is already privileged"));
}
if ($unpriv->HasMember($self->PrincipalObj)) {
- $unpriv->DeleteMember($self->PrincipalId);
+ $unpriv->_DeleteMember($self->PrincipalId);
} else {
# if we had layered transactions, life would be good
# sadly, we have to just go ahead, even if something
@@ -404,7 +408,7 @@
$RT::Logger->crit("User ".$self->Id." is neither privileged nor ".
"unprivileged. something is drastically wrong.");
}
- my ($status, $msg) = $priv->AddMember($self->PrincipalId);
+ my ($status, $msg) = $priv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
if ($status) {
return (1, $self->loc("That user is now privileged"));
} else {
@@ -417,7 +421,7 @@
return (0,$self->loc("That user is already unprivileged"));
}
if ($priv->HasMember($self->PrincipalObj)) {
- $priv->DeleteMember($self->PrincipalId);
+ $priv->_DeleteMember( $self->PrincipalId);
} else {
# if we had layered transactions, life would be good
# sadly, we have to just go ahead, even if something
@@ -425,7 +429,7 @@
$RT::Logger->crit("User ".$self->Id." is neither privileged nor ".
"unprivileged. something is drastically wrong.");
}
- my ($status, $msg) = $unpriv->AddMember($self->PrincipalId);
+ my ($status, $msg) = $unpriv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
if ($status) {
return (1, $self->loc("That user is now unprivileged"));
} else {
More information about the Rt-commit
mailing list