[Rt-commit] [svn] r1447 - in rt/branches/3.3-TESTING: . lib/RT
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Wed Sep 8 01:24:49 EDT 2004
Author: jesse
Date: Wed Sep 8 01:24:48 2004
New Revision: 1447
Modified:
rt/branches/3.3-TESTING/ (props changed)
rt/branches/3.3-TESTING/lib/RT/Ticket_Overlay.pm
Log:
r10181 at tinbook: jesse | 2004-09-08T05:21:47.107322Z
ACL checks to make sure a user can modify both tickets when creating a link
Modified: rt/branches/3.3-TESTING/lib/RT/Ticket_Overlay.pm
==============================================================================
--- rt/branches/3.3-TESTING/lib/RT/Ticket_Overlay.pm (original)
+++ rt/branches/3.3-TESTING/lib/RT/Ticket_Overlay.pm Wed Sep 8 01:24:48 2004
@@ -2484,6 +2484,50 @@
Takes a paramhash of Type and one of Base or Target. Adds that link to this ticket.
+=begin testing
+
+my $q1 = RT::Queue->new($RT::SystemUser);
+my ($id,$msg) = $q1->Create(Name => 'LinkTest1');
+ok ($id,$msg);
+my $q2 = RT::Queue->new($RT::SystemUser);
+($id,$msg) = $q2->Create(Name => 'LinkTest2');
+ok ($id,$msg);
+
+my $u1 = RT::User->new($RT::SystemUser);
+($id,$msg) =$u1->Create(Name => 'LinkTestUser');
+
+ok ($id,$msg);
+
+($id,$msg) = $u1->PrincipalObj->GrantRight ( Object => $q1, Right => 'CreateTicket');
+ok ($id,$msg);
+($id,$msg) = $u1->PrincipalObj->GrantRight ( Object => $q1, Right => 'ModifyTicket');
+ok ($id,$msg);
+
+my $tid;
+
+my $creator = RT::CurrentUser->new($u1->id);
+
+my $ticket = RT::Ticket->new( $creator);
+ok($ticket->isa('RT::Ticket'));
+($id,$tid, $msg) = $ticket->Create(Subject => 'Link test 1', Queue => $q1->id);
+ok ($id,$msg);
+
+
+my $ticket2 = RT::Ticket->new($RT::SystemUser);
+($id, $tid, $msg) = $ticket2->Create(Subject => 'Link test 2', Queue => $q2->id);
+ok ($id, $msg);
+
+($id,$msg) =$ticket->AddLink(Type => 'RefersTo', Target => $ticket2->id);
+ok(!$id,$msg);
+($id,$msg) = $u1->PrincipalObj->GrantRight ( Object => $q2, Right => 'CreateTicket');
+ok ($id,$msg);
+($id,$msg) = $u1->PrincipalObj->GrantRight ( Object => $q2, Right => 'ModifyTicket');
+ok ($id,$msg);
+sleep(15);
+($id,$msg) =$ticket->AddLink(Type => 'RefersTo', Target => $ticket2->id);
+ok($id,$msg);
+
+=end testing
=cut
@@ -2500,6 +2544,32 @@
return ( 0, $self->loc("Permission Denied") );
}
+ # {{{ If the other URI is an RT::Ticket, we want to make sure the user
+ # can modify it too...
+ my $other_ticket_uri = RT::URI->new($self->CurrentUser);
+
+ if ( $args{'Target'} ) {
+ $other_ticket_uri->FromURI( $args{'Target'} );
+
+ }
+ elsif ( $args{'Base'} ) {
+ $other_ticket_uri->FromURI( $args{'Base'} );
+ }
+
+ if ( $other_ticket_uri->Resolver->Scheme eq 'fsck.com-rt') {
+ my $object = $other_ticket_uri->Resolver->Object;
+
+ if ( UNIVERSAL::isa( $object, 'RT::Ticket' )
+ && $object->id
+ && !$object->CurrentUserHasRight('ModifyTicket') )
+ {
+ return ( 0, $self->loc("Permission Denied") );
+ }
+
+ }
+
+ # }}}
+
my ($val, $Msg) = $self->SUPER::_AddLink(%args);
if (!$val) {
@@ -2557,7 +2627,6 @@
$t1 = RT::Ticket->new($RT::SystemUser);
is ($t1->id, undef, "ok. we've got a blank ticket1");
$t1->Load($t1id);
-is ($t1->id, 17, "first ticket's id is 17");
is ($t1->id, $t2->id);
@@ -3436,7 +3505,9 @@
unless ( ( defined $args{'Principal'} ) and ( ref( $args{'Principal'} ) ) )
{
- $RT::Logger->warning("Principal attrib undefined for Ticket::HasRight");
+ Carp::cluck;
+ $RT::Logger->crit("Principal attrib undefined for Ticket::HasRight");
+ return(undef);
}
return (
More information about the Rt-commit
mailing list