[Rt-commit] r13639 - in rt/3.8/trunk: . share/html/Dashboards

[sartak at bestpractical.com]

Author: sartak
Date: Thu Jun 26 20:21:55 2008
New Revision: 13639

Modified:
   rt/3.8/trunk/   (props changed)
   rt/3.8/trunk/lib/RT/SharedSetting.pm
   rt/3.8/trunk/share/html/Dashboards/Modify.html

Log:
 r63305 at onn:  sartak | 2008-06-26 20:14:37 -0400
 Extra checks and fixes


Modified: rt/3.8/trunk/lib/RT/SharedSetting.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/SharedSetting.pm	(original)
+++ rt/3.8/trunk/lib/RT/SharedSetting.pm	Thu Jun 26 20:21:55 2008
@@ -371,6 +371,11 @@
 
     my ($obj_type, $obj_id) = split(/\-/, ($privacy || ''));
 
+    unless ($obj_type && $obj_id) {
+        $RT::Logger->error("Invalid privacy string '$privacy'");
+        return undef;
+    }
+
     my $object = $self->_load_privacy_object($obj_type, $obj_id);
 
     unless (ref($object) eq $obj_type) {

Modified: rt/3.8/trunk/share/html/Dashboards/Modify.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Modify.html	(original)
+++ rt/3.8/trunk/share/html/Dashboards/Modify.html	Thu Jun 26 20:21:55 2008
@@ -88,7 +88,7 @@
 my $Dashboard = RT::Dashboard->new($session{'CurrentUser'});
 my @privacies = $Dashboard->_PrivacyObjects(Modify => 1);
 
-my $can_delete = 1; # XXX: acl check
+my $can_delete = $Dashboard->CurrentUserCanDelete;
 
 # user went directly to Modify.html
 $Create = 1 if !$id;
@@ -115,7 +115,7 @@
     }
     else {
         my ($ok, $msg) = $Dashboard->LoadById($id);
-        $ok || Abort(loc('Couldn't load dashboard [_1]: [_2]', $id, $msg));
+        $ok || Abort(loc("Couldn't load dashboard [_1]: [_2]", $id, $msg));
     }
 
     if ($id) {