[Rt-commit] r13635 - in rt/3.8/trunk: .

sartak at bestpractical.com sartak at bestpractical.com
Thu Jun 26 20:08:14 EDT 2008


Author: sartak
Date: Thu Jun 26 20:08:07 2008
New Revision: 13635

Modified:
   rt/3.8/trunk/   (props changed)
   rt/3.8/trunk/lib/RT/Dashboard.pm
   rt/3.8/trunk/lib/RT/SharedSetting.pm

Log:
 r63280 at onn:  sartak | 2008-06-26 17:46:31 -0400
 Define the API for checking shared-setting ACLs, just need to fill in the details


Modified: rt/3.8/trunk/lib/RT/Dashboard.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Dashboard.pm	(original)
+++ rt/3.8/trunk/lib/RT/Dashboard.pm	Thu Jun 26 20:08:07 2008
@@ -252,6 +252,26 @@
     return @objects;
 }
 
+# ACLs
+
+sub CurrentUserCanSee {
+    my $self = shift;
+    my $privacy = shift || $self->Privacy;
+    return 1;
+}
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    my $privacy = shift || $self->Privacy;
+    return 1;
+}
+
+sub CurrentUserCanDelete {
+    my $self = shift;
+    my $privacy = shift || $self->Privacy;
+    return 1;
+}
+
 eval "require RT::Dashboard_Vendor";
 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Dashboard_Vendor.pm});
 eval "require RT::Dashboard_Local";

Modified: rt/3.8/trunk/lib/RT/SharedSetting.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/SharedSetting.pm	(original)
+++ rt/3.8/trunk/lib/RT/SharedSetting.pm	Thu Jun 26 20:08:07 2008
@@ -152,10 +152,11 @@
 
 =head2 Save
 
-Takes a privacy, a name, and any other arguments. Saves the given parameters to
-the appropriate user/group object, and loads the resulting object. Arguments
-are passed to the L</SaveAttribute> method, which does the actual update. Returns a
-tuple of status and message, where status is true on success. Defaults are:
+Creates a new shared setting. Takes a privacy, a name, and any other arguments.
+Saves the given parameters to the appropriate user/group object, and loads the
+resulting object. Arguments are passed to the L</SaveAttribute> method, which
+does the actual update. Returns a tuple of status and message, where status is
+true on success. Defaults are:
 
   Privacy:  CurrentUser only
   Name:     "new (ObjectName)"
@@ -177,7 +178,8 @@
     return (0, $self->loc("Failed to load object for [_1]", $privacy))
         unless $object;
 
-    # XXX: check acls
+    return (0, $self->loc("Permission denied"))
+        unless $self->CurrentUserCanModify($privacy);
 
     my ($att_id, $att_msg) = $self->SaveAttribute($object, \%args);
 
@@ -217,6 +219,9 @@
     return(0, $self->loc("Could not load [_1] attribute", $self->ObjectName))
         unless $self->{'Attribute'}->Id;
 
+    return (0, $self->loc("Permission denied"))
+        unless $self->CurrentUserCanModify;
+
     my ($status, $msg) = $self->UpdateAttribute(\%args);
 
     return (1, $self->loc("[_1] update: Nothing changed", ucfirst($self->ObjectName)))
@@ -247,6 +252,9 @@
 sub Delete {
     my $self = shift;
 
+    return (0, $self->loc("Permission denied"))
+        unless $self->CurrentUserCanDelete;
+
     my ($status, $msg) = $self->{'Attribute'}->Delete;
     if ($status) {
         return (1, $self->loc("Deleted [_1]", $self->ObjectName));
@@ -344,6 +352,10 @@
     return 0;
 }
 
+sub CurrentUserCanSee { 1 }
+sub CurrentUserCanModify { 1 }
+sub CurrentUserCanDelete { 1 }
+
 ### Internal methods
 
 # _GetObject: helper routine to load the correct object whose parameters


More information about the Rt-commit mailing list