[Rt-commit] r18971 - in rt/3.999/trunk: lib/RT lib/RT/Model t/api

ruz at bestpractical.com ruz at bestpractical.com
Fri Mar 27 19:25:49 EDT 2009


Author: ruz
Date: Fri Mar 27 19:25:48 2009
New Revision: 18971

Added:
   rt/3.999/trunk/lib/RT/IsPrincipalCollection.pm
Modified:
   rt/3.999/trunk/lib/RT/Model/GroupCollection.pm
   rt/3.999/trunk/lib/RT/Model/UserCollection.pm
   rt/3.999/trunk/lib/RT/ScripAction/CreateTickets.pm
   rt/3.999/trunk/t/api/groups.t

Log:
* add lib/RT/IsPrincipalCollection.pm
* move all who_have_*_right there
* move principals_alias there

Added: rt/3.999/trunk/lib/RT/IsPrincipalCollection.pm
==============================================================================
--- (empty file)
+++ rt/3.999/trunk/lib/RT/IsPrincipalCollection.pm	Fri Mar 27 19:25:48 2009
@@ -0,0 +1,401 @@
+use strict;
+use warnings;
+
+package RT::IsPrincipalCollection;
+
+
+=head2 principals_alias
+
+Returns the string that represents this Users object's primary "Principals" alias.
+
+=cut
+
+sub principals_alias {
+    my $self = shift;
+
+    return $self->{'princ_alias'} if $self->{'princ_alias'};
+
+    $self->{'princ_alias'} = $self->new_alias('Principals');
+    $self->join(
+        alias1  => 'main',
+        column1 => 'id',
+        alias2  => $self->principals_alias,
+        column2 => 'id'
+    );
+    return $self->{'princ_alias'};
+}
+
+=head2 limit_to_enabled
+
+Only find items that haven\'t been disabled
+
+=cut
+
+sub limit_to_enabled {
+    my $self = shift;
+
+    $self->limit(
+        alias    => $self->principals_alias,
+        column   => 'disabled',
+        value    => '0',
+        operator => '='
+    );
+}
+
+
+
+=head2 member_of
+
+takes one argument, a group's principal id. Limits the returned set
+to members of a given group
+
+=cut
+
+sub member_of {
+    my $self  = shift;
+    my $group = shift;
+
+    return _("No group specified") if ( !defined $group );
+
+    my $groupalias = $self->new_alias('CachedGroupMembers');
+
+    # join the principal to the groups table
+    $self->join(
+        alias1  => $self->principals_alias,
+        column1 => 'id',
+        alias2  => $groupalias,
+        column2 => 'member_id',
+    );
+
+    $self->limit(
+        alias    => $groupalias,
+        column   => 'group_id',
+        value    => "$group",
+        operator => "="
+    );
+}
+
+=head2 who_have_right { right => 'name', object => $rt_object , include_superusers => undef, recursive => undef, include_system_rights => undef, equiv_objects => [ ] }
+
+
+find all users who the right right for this group, either individually
+or as members of groups
+
+If passed a queue object, with no id, it will find users who have that right for _any_ queue
+
+=cut
+
+sub who_have_right {
+    my $self = shift;
+    my %args = (
+        right                    => undef,
+        object                   => undef,
+        include_system_rights    => 1,
+        include_superusers       => 0,
+        recursive                => 1,
+        equiv_objects            => [],
+        @_
+    );
+
+    if ( defined $args{'object_type'} || defined $args{'object_id'} ) {
+        Jifty->log->fatal( "who_have_right called with the Obsolete object_id/Object_type API" );
+        return (undef);
+    }
+
+    my $from_role = $self->clone;
+    $from_role->who_have_role_right(%args);
+
+    my $from_group = $self->clone;
+    $from_group->who_have_group_right(%args);
+
+    #XXX: DIRTY HACK
+    use Jifty::DBI::Collection::Union;
+    my $union = new Jifty::DBI::Collection::Union;
+    $union->add($from_role);
+    $union->add($from_group);
+    %$self = %$union;
+    bless $self, ref($union);
+
+    return;
+}
+
+
+sub who_have_role_right {
+    my $self = shift;
+    my %args = (
+        right                    => undef,
+        object                   => undef,
+        include_system_rights    => undef,
+        include_superusers       => undef,
+        recursive => 1,
+        equiv_objects            => [],
+        @_
+    );
+
+    my $groups = $self->_join_groups(%args);
+    my $acl    = $self->_join_acl(%args);
+
+    my ( $check_roles, $check_objects ) = ( '', '' );
+
+    my @objects = $self->_get_equiv_objects(%args);
+
+    if (@objects) {
+        my @role_clauses;
+        my @object_clauses;
+        foreach my $obj (@objects) {
+            my $type = ref($obj) ? ref($obj) : $obj;
+            my $id;
+            $id = $obj->id
+                if ref($obj) && UNIVERSAL::can( $obj, 'id' ) && $obj->id;
+
+            my $role_clause = "$groups.domain = '$type-Role'";
+
+            # if we want mysql 4.0 use indexes here. we MUST convert that
+            # field to integer and drop this quotes.
+            $role_clause .= " AND $groups.instance = '$id'" if $id;
+            push @role_clauses, "($role_clause)";
+            my $object_clause = "$acl.object_type = '$type'";
+            $object_clause .= " AND $acl.object_id = $id" if $id;
+            push @object_clauses, "($object_clause)";
+
+        }
+
+        $check_roles .= join ' OR ', @role_clauses;
+        $check_objects = join ' OR ', @object_clauses;
+    } else {
+        if ( !$args{'include_system_rights'} ) {
+            $check_objects = "($acl.object_type != 'RT::System')";
+        }
+    }
+
+    $self->_add_subclause( "Whichobject", "($check_objects)" );
+    $self->_add_subclause( "WhichRole",   "($check_roles)" );
+
+    $self->limit(
+        alias       => $acl,
+        column      => 'type',
+        value       => "$groups.Type",
+        quote_value => 0,
+    );
+
+    # no system user
+    $self->limit(
+        alias    => $self->principals_alias,
+        column   => 'id',
+        operator => '!=',
+        value    => RT->system_user->id
+    );
+    return;
+}
+
+
+sub who_have_group_right {
+    my $self = shift;
+    my %args = (
+        right                    => undef,
+        object                   => undef,
+        include_system_rights    => undef,
+        include_superusers       => undef,
+        recursive => 1,
+        equiv_objects            => [],
+        @_
+    );
+
+    # Find only rows where the Right granted is
+    # the one we're looking up or _possibly_ superuser
+    my $acl = $self->_join_acl(%args);
+
+    my ($check_objects) = ('');
+    my @objects = $self->_get_equiv_objects(%args);
+
+    if (@objects) {
+        my @object_clauses;
+        foreach my $obj (@objects) {
+            my $type = ref($obj) ? ref($obj) : $obj;
+            my $id;
+            $id = $obj->id
+                if ref($obj) && UNIVERSAL::can( $obj, 'id' ) && $obj->id;
+
+            my $object_clause = "$acl.object_type = '$type'";
+            $object_clause .= " AND $acl.object_id   = $id" if $id;
+            push @object_clauses, "($object_clause)";
+        }
+
+        $check_objects = join ' OR ', @object_clauses;
+    } else {
+        if ( !$args{'include_system_rights'} ) {
+            $check_objects = "($acl.object_type != 'RT::System')";
+        }
+    }
+    $self->_add_subclause( "Whichobject", "($check_objects)" );
+
+    $self->_join_group_members_for_group_rights( %args, aclalias => $acl );
+
+    # Find only members of groups that have the right.
+    $self->limit(
+        alias  => $acl,
+        column => 'type',
+        value  => 'Group',
+    );
+
+    # no system user
+    $self->limit(
+        alias    => $self->principals_alias,
+        column   => 'id',
+        operator => '!=',
+        value    => RT->system_user->id
+    );
+    return;
+}
+
+
+=head2 who_belong_to_groups { Groups => ARRAYREF, recursive => 1 }
+
+=cut
+
+sub who_belong_to_groups {
+    my $self = shift;
+    my %args = (
+        groups                   => undef,
+        recursive => 1,
+        @_
+    );
+
+    # Unprivileged users can't be granted real system rights.
+    # is this really the right thing to be saying?
+    $self->limit_to_privileged();
+
+    my $group_members = $self->_join_group_members(%args);
+
+    foreach my $groupid ( @{ $args{'groups'} } ) {
+        $self->limit(
+            alias            => $group_members,
+            column           => 'group_id',
+            value            => $groupid,
+            quote_value      => 0,
+            entry_aggregator => 'OR',
+        );
+    }
+}
+
+
+sub _join_group_members_for_group_rights {
+    my $self          = shift;
+    my %args          = (@_);
+    my $group_members = $self->_join_group_members(%args);
+    $self->limit(
+        alias       => $args{'aclalias'},
+        column      => 'principal',
+        value       => "$group_members.group_id",
+        quote_value => 0,
+    );
+}
+
+sub _join_group_members {
+    my $self = shift;
+    my %args = (
+        recursive => 1,
+        @_
+    );
+
+    my $principals = $self->principals_alias;
+
+    # The cachedgroupmembers table is used for unrolling group memberships
+    # to allow fast lookups. if we bind to CachedGroupMembers, we'll find
+    # all members of groups recursively. if we don't we'll find only 'direct'
+    # members of the group in question
+    my $group_members;
+    if ( $args{'recursive'} ) {
+        $group_members = $self->new_alias('CachedGroupMembers');
+    } else {
+        $group_members = $self->new_alias('GroupMembers');
+    }
+
+    $self->join(
+        alias1  => $group_members,
+        column1 => 'member_id',
+        alias2  => $principals,
+        column2 => 'id'
+    );
+
+    return $group_members;
+}
+
+
+sub _join_groups {
+    my $self = shift;
+    my %args = (@_);
+
+    my $group_members = $self->_join_group_members(%args);
+    my $groups        = $self->new_alias('Groups');
+    $self->join(
+        alias1  => $groups,
+        column1 => 'id',
+        alias2  => $group_members,
+        column2 => 'group_id'
+    );
+
+    return $groups;
+}
+
+sub _join_acl {
+    my $self = shift;
+    my %args = (
+        right              => undef,
+        include_superusers => undef,
+        @_,
+    );
+
+    my $acl = $self->new_alias('ACL');
+    $self->limit(
+        alias    => $acl,
+        column   => 'right_name',
+        operator => ( $args{right} ? '=' : 'IS NOT' ),
+        value => $args{right} || 'NULL',
+        entry_aggregator => 'OR'
+    );
+    if ( $args{'include_superusers'} and $args{'right'} ) {
+        $self->limit(
+            alias            => $acl,
+            column           => 'right_name',
+            operator         => '=',
+            value            => 'SuperUser',
+            entry_aggregator => 'OR'
+        );
+    }
+    return $acl;
+}
+
+sub _get_equiv_objects {
+    my $self = shift;
+    my %args = (
+        object                => undef,
+        include_system_rights => undef,
+        equiv_objects         => [],
+        @_
+    );
+    return () unless $args{'object'};
+
+    my @objects = ( $args{'object'} );
+    if ( UNIVERSAL::isa( $args{'object'}, 'RT::Model::Ticket' ) ) {
+
+        # If we're looking at ticket rights, we also want to look at the associated queue rights.
+        # this is a little bit hacky, but basically, now that we've done the ticket roles magic,
+        # we load the queue object and ask all the rest of our questions about the queue.
+
+        # XXX: This should be abstracted into object itself
+        if ( $args{'object'}->id ) {
+            push @objects, $args{'object'}->acl_equivalence_objects;
+        } else {
+            push @objects, 'RT::Model::Queue';
+        }
+    }
+
+    if ( $args{'include_system_rights'} ) {
+        push @objects, 'RT::System';
+    }
+    push @objects, @{ $args{'equiv_objects'} };
+    return grep $_, @objects;
+}
+
+1;

Modified: rt/3.999/trunk/lib/RT/Model/GroupCollection.pm
==============================================================================
--- rt/3.999/trunk/lib/RT/Model/GroupCollection.pm	(original)
+++ rt/3.999/trunk/lib/RT/Model/GroupCollection.pm	Fri Mar 27 19:25:48 2009
@@ -73,7 +73,7 @@
 
 package RT::Model::GroupCollection;
 
-use base qw/RT::SearchBuilder/;
+use base qw/RT::IsPrincipalCollection RT::SearchBuilder/;
 
 use RT::Model::UserCollection;
 
@@ -90,38 +90,6 @@
         column => 'name',
         order  => 'ASC'
     );
-
-    # XXX: this code should be generalized
-    $self->{'princalias'} = $self->join(
-        alias1  => 'main',
-        column1 => 'id',
-        table2  => 'Principals',
-        column2 => 'id'
-    );
-
-    # even if this condition is useless and ids in the Groups table
-    # only match principals with type 'Group' this could speed up
-    # searches in some DBs.
-    $self->limit(
-        alias  => $self->{'princalias'},
-        column => 'type',
-        value  => 'Group',
-    );
-
-}
-
-
-=head2 principals_alias
-
-Returns the string that represents this Users object's primary "Principals" alias.
-
-=cut
-
-# XXX: should be generalized, code duplication
-sub principals_alias {
-    my $self = shift;
-    return ( $self->{'princalias'} );
-
 }
 
 
@@ -163,6 +131,58 @@
     #$self->limit(column => 'instance', operator => '=', value => '');
 }
 
+=head2 limit_to_roles
+
+Limits the set of groups found to role groups for an instance of a model. Takes:
+
+=over 4
+
+=item model - mandatory name of a model, for example: 'RT::Model::Ticket';
+
+=item instance - optional id of the model record;
+
+=item type - optional type of the role groups, for example 'cc';
+
+=item subclause and entry_aggregator - use to combine with different conditions;
+by default aggregator is 'OR' and subclause matches name of the method, so you can
+call this method multiple times and get role of groups of different models.
+
+=cut
+
+sub limit_to_roles {
+    my $self  = shift;
+    my %args = (
+        model            => undef,
+        type             => undef,
+        instance         => undef,
+        entry_aggregator => 'OR',
+        subclause        => 'limit_to_roles',
+        @_
+    );
+    $self->open_paren( $args{'subclause'} );
+    $self->limit(
+        subclause        => $args{'subclause'},
+        entry_aggregator => $args{'entry_aggregator'},
+        column           => 'domain',
+        operator         => '=',
+        value            => $args{'model'} .'-Role',
+    );
+    $self->limit(
+        subclause        => $args{'subclause'},
+        entry_aggregator => 'AND',
+        column           => 'instance',
+        operator         => '=',
+        value            => $args{'instance'},
+    ) if defined $args{'instance'};
+    $self->limit(
+        subclause        => $args{'subclause'},
+        entry_aggregator => 'AND',
+        column           => 'type',
+        operator         => '=',
+        value            => $args{'type'},
+    ) if defined $args{'type'};
+    $self->close_paren( $args{'subclause'} );
+}
 
 =head2 limit_to_roles_for_queue QUEUE_ID
 
@@ -232,8 +252,8 @@
         recursively  => undef,
         @_
     );
-    my $members;
 
+    my $members;
     if ( $args{'recursively'} ) {
         $members = $self->new_alias('CachedGroupMembers');
     } else {
@@ -285,59 +305,18 @@
     );
 }
 
-=head2 withright { right => RIGHTNAME, object => RT::Record, include_system_rights => 1, include_superusers => 0, equiv_objects => [ ] }
-
-
-Find all groups which have RIGHTNAME for RT::Record. Optionally include global rights and superusers. By default, include the global rights, but not the superusers.
-
-
-
-=cut
-
-#XXX: should be generilized
-sub with_right {
-    my $self = shift;
-    my %args = (
-        right                    => undef,
-        object                   => => undef,
-        include_system_rights    => 1,
-        include_superusers       => undef,
-        include_subgroup_members => 0,
-        equiv_objects            => [],
-        @_
-    );
-
-    my $from_role = $self->clone;
-    $from_role->with_role_right(%args);
-
-    my $from_group = $self->clone;
-    $from_group->with_group_right(%args);
-
-    #XXX: DIRTY HACK
-    use Jifty::DBI::Collection::Union;
-    my $union = new Jifty::DBI::Collection::Union;
-    $union->add($from_role);
-    $union->add($from_group);
-    %$self = %$union;
-    bless $self, ref($union);
-
-    return;
-}
-
-#XXX: methods are active aliases to Users class to prevent code duplication
-# should be generalized
 sub _join_groups {
     my $self = shift;
     my %args = (@_);
-    return 'main' unless $args{'include_subgroup_members'};
-    return $self->RT::Model::UserCollection::_join_groups(%args);
+    return 'main' unless $args{'recursive'};
+    return $self->SUPER::_join_groups(%args);
 }
 
 sub _join_group_members {
     my $self = shift;
     my %args = (@_);
-    return 'main' unless $args{'include_subgroup_members'};
-    return $self->RT::Model::UserCollection::_join_group_members(%args);
+    return 'main' unless $args{'recursive'};
+    return $self->SUPER::_join_group_members(%args);
 }
 
 sub _join_group_members_for_group_rights {
@@ -345,7 +324,7 @@
     my %args          = (@_);
     my $group_members = $self->_join_group_members(%args);
     unless ( $group_members eq 'main' ) {
-        return $self->RT::Model::UserCollection::_join_group_members_for_group_rights(%args);
+        return $self->SUPER::_join_group_members_for_group_rights(%args);
     }
     $self->limit(
         alias       => $args{'aclalias'},
@@ -354,47 +333,6 @@
         quote_value => 0,
     );
 }
-sub _join_acl { return (shift)->RT::Model::UserCollection::_join_acl(@_) }
-
-sub _role_clauses {
-    return (shift)->RT::Model::UserCollection::_RoleClauses(@_);
-}
-
-sub who_have_role_right_splitted {
-    return (shift)->RT::Model::UserCollection::_who_have_role_rightSplitted(@_);
-}
-
-sub _get_equiv_objects {
-    return (shift)->RT::Model::UserCollection::_get_equiv_objects(@_);
-}
-
-sub with_group_right {
-    return (shift)->RT::Model::UserCollection::who_have_group_right(@_);
-}
-
-sub with_role_right {
-    return (shift)->RT::Model::UserCollection::who_have_role_right(@_);
-}
-
-
-=head2 limit_to_enabled
-
-Only find items that haven\'t been disabled
-
-=cut
-
-sub limit_to_enabled {
-    my $self = shift;
-
-    $self->limit(
-        alias    => $self->principals_alias,
-        column   => 'disabled',
-        value    => '0',
-        operator => '=',
-    );
-}
-
-
 
 sub next {
     my $self = shift;
@@ -421,9 +359,7 @@
         $self->limit_to_enabled();
     }
 
-    return ( $self->SUPER::_do_search(@_) );
-
+    return $self->SUPER::_do_search(@_);
 }
 
 1;
-

Modified: rt/3.999/trunk/lib/RT/Model/UserCollection.pm
==============================================================================
--- rt/3.999/trunk/lib/RT/Model/UserCollection.pm	(original)
+++ rt/3.999/trunk/lib/RT/Model/UserCollection.pm	Fri Mar 27 19:25:48 2009
@@ -67,7 +67,7 @@
 use strict;
 
 package RT::Model::UserCollection;
-use base qw/RT::SearchBuilder/;
+use base qw/IsPrincipalCollection RT::SearchBuilder/;
 
 sub _init {
     my $self = shift;
@@ -81,39 +81,10 @@
         order  => 'ASC'
     );
 
-    $self->{'princ_alias'} = $self->new_alias('Principals');
-
-    # XXX: should be generalized
-    $self->join(
-        alias1  => 'main',
-        column1 => 'id',
-        alias2  => $self->principals_alias,
-        column2 => 'id'
-    );
-    $self->limit(
-        alias  => $self->principals_alias,
-        column => 'type',
-        value  => 'User',
-    );
-
     return (@result);
 }
 
 
-=head2 principals_alias
-
-Returns the string that represents this Users object's primary "Principals" alias.
-
-=cut
-
-# XXX: should be generalized
-sub principals_alias {
-    my $self = shift;
-    return ( $self->{'princ_alias'} );
-
-}
-
-
 =head2 _do_search
 
   A subclass of Jifty::DBI::_do_search that makes sure that _disabled rows never get seen unless
@@ -129,30 +100,8 @@
         $self->limit_to_enabled();
     }
     return ( $self->SUPER::_do_search(@_) );
-
-}
-
-
-=head2 limit_to_enabled
-
-Only find items that haven\'t been disabled
-
-=cut
-
-# XXX: should be generalized
-sub limit_to_enabled {
-    my $self = shift;
-
-    $self->limit(
-        alias    => $self->principals_alias,
-        column   => 'disabled',
-        value    => '0',
-        operator => '='
-    );
 }
 
-
-
 =head2 limit_to_email
 
 Takes one argument. an email address. limits the returned set to
@@ -168,39 +117,6 @@
 
 
 
-=head2 member_of_group PRINCIPAL_ID
-
-takes one argument, a group's principal id. Limits the returned set
-to members of a given group
-
-=cut
-
-sub member_of_group {
-    my $self  = shift;
-    my $group = shift;
-
-    return _("No group specified") if ( !defined $group );
-
-    my $groupalias = $self->new_alias('CachedGroupMembers');
-
-    # join the principal to the groups table
-    $self->join(
-        alias1  => $self->principals_alias,
-        column1 => 'id',
-        alias2  => $groupalias,
-        column2 => 'member_id'
-    );
-
-    $self->limit(
-        alias    => "$groupalias",
-        column   => 'group_id',
-        value    => "$group",
-        operator => "="
-    );
-}
-
-
-
 =head2 limit_to_privileged
 
 Limits to users who can be made members of ACLs and groups
@@ -215,339 +131,7 @@
     unless ( $priv->id ) {
         Jifty->log->fatal("Couldn't find a privileged users group");
     }
-    $self->member_of_group( $priv->principal_id );
-}
-
-
-
-=head2 who_have_right { right => 'name', object => $rt_object , include_superusers => undef, include_subgroup_members => undef, include_system_rights => undef, equiv_objects => [ ] }
-
-
-find all users who the right right for this group, either individually
-or as members of groups
-
-If passed a queue object, with no id, it will find users who have that right for _any_ queue
-
-=cut
-
-# XXX: should be generalized
-sub _join_group_members {
-    my $self = shift;
-    my %args = (
-        include_subgroup_members => 1,
-        @_
-    );
-
-    my $principals = $self->principals_alias;
-
-    # The cachedgroupmembers table is used for unrolling group memberships
-    # to allow fast lookups. if we bind to CachedGroupMembers, we'll find
-    # all members of groups recursively. if we don't we'll find only 'direct'
-    # members of the group in question
-    my $group_members;
-    if ( $args{'include_subgroup_members'} ) {
-        $group_members = $self->new_alias('CachedGroupMembers');
-    } else {
-        $group_members = $self->new_alias('GroupMembers');
-    }
-
-    $self->join(
-        alias1  => $group_members,
-        column1 => 'member_id',
-        alias2  => $principals,
-        column2 => 'id'
-    );
-
-    return $group_members;
-}
-
-# XXX: should be generalized
-sub _join_groups {
-    my $self = shift;
-    my %args = (@_);
-
-    my $group_members = $self->_join_group_members(%args);
-    my $groups        = $self->new_alias('Groups');
-    $self->join(
-        alias1  => $groups,
-        column1 => 'id',
-        alias2  => $group_members,
-        column2 => 'group_id'
-    );
-
-    return $groups;
+    $self->member_of( $priv->principal_id );
 }
 
-# XXX: should be generalized
-sub _join_acl {
-    my $self = shift;
-    my %args = (
-        right              => undef,
-        include_superusers => undef,
-        @_,
-    );
-
-    my $acl = $self->new_alias('ACL');
-    $self->limit(
-        alias    => $acl,
-        column   => 'right_name',
-        operator => ( $args{right} ? '=' : 'IS NOT' ),
-        value => $args{right} || 'NULL',
-        entry_aggregator => 'OR'
-    );
-    if ( $args{'include_superusers'} and $args{'right'} ) {
-        $self->limit(
-            alias            => $acl,
-            column           => 'right_name',
-            operator         => '=',
-            value            => 'SuperUser',
-            entry_aggregator => 'OR'
-        );
-    }
-    return $acl;
-}
-
-# XXX: should be generalized
-sub _get_equiv_objects {
-    my $self = shift;
-    my %args = (
-        object                => undef,
-        include_system_rights => undef,
-        equiv_objects         => [],
-        @_
-    );
-    return () unless $args{'object'};
-
-    my @objects = ( $args{'object'} );
-    if ( UNIVERSAL::isa( $args{'object'}, 'RT::Model::Ticket' ) ) {
-
-        # If we're looking at ticket rights, we also want to look at the associated queue rights.
-        # this is a little bit hacky, but basically, now that we've done the ticket roles magic,
-        # we load the queue object and ask all the rest of our questions about the queue.
-
-        # XXX: This should be abstracted into object itself
-        if ( $args{'object'}->id ) {
-            push @objects, $args{'object'}->acl_equivalence_objects;
-        } else {
-            push @objects, 'RT::Model::Queue';
-        }
-    }
-
-    if ( $args{'include_system_rights'} ) {
-        push @objects, 'RT::System';
-    }
-    push @objects, @{ $args{'equiv_objects'} };
-    return grep $_, @objects;
-}
-
-# XXX: should be generalized
-sub who_have_right {
-    my $self = shift;
-    my %args = (
-        right                    => undef,
-        object                   => undef,
-        include_system_rights    => undef,
-        include_superusers       => undef,
-        include_subgroup_members => 1,
-        equiv_objects            => [],
-        @_
-    );
-
-    if ( defined $args{'object_type'} || defined $args{'object_id'} ) {
-        Jifty->log->fatal( "who_have_right called with the Obsolete object_id/Object_type API" );
-        return (undef);
-    }
-
-    my $from_role = $self->clone;
-    $from_role->who_have_role_right(%args);
-
-    my $from_group = $self->clone;
-    $from_group->who_have_group_right(%args);
-
-    #XXX: DIRTY HACK
-    use Jifty::DBI::Collection::Union;
-    my $union = new Jifty::DBI::Collection::Union;
-    $union->add($from_role);
-    $union->add($from_group);
-    %$self = %$union;
-    bless $self, ref($union);
-
-    return;
-}
-
-
-# XXX: should be generalized
-sub who_have_role_right {
-    my $self = shift;
-    my %args = (
-        right                    => undef,
-        object                   => undef,
-        include_system_rights    => undef,
-        include_superusers       => undef,
-        include_subgroup_members => 1,
-        equiv_objects            => [],
-        @_
-    );
-
-    my $groups = $self->_join_groups(%args);
-    my $acl    = $self->_join_acl(%args);
-
-    my ( $check_roles, $check_objects ) = ( '', '' );
-
-    my @objects = $self->_get_equiv_objects(%args);
-
-    if (@objects) {
-        my @role_clauses;
-        my @object_clauses;
-        foreach my $obj (@objects) {
-            my $type = ref($obj) ? ref($obj) : $obj;
-            my $id;
-            $id = $obj->id
-                if ref($obj) && UNIVERSAL::can( $obj, 'id' ) && $obj->id;
-
-            my $role_clause = "$groups.domain = '$type-Role'";
-
-            # if we want mysql 4.0 use indexes here. we MUST convert that
-            # field to integer and drop this quotes.
-            $role_clause .= " AND $groups.instance = '$id'" if $id;
-            push @role_clauses, "($role_clause)";
-            my $object_clause = "$acl.object_type = '$type'";
-            $object_clause .= " AND $acl.object_id = $id" if $id;
-            push @object_clauses, "($object_clause)";
-
-        }
-
-        $check_roles .= join ' OR ', @role_clauses;
-        $check_objects = join ' OR ', @object_clauses;
-    } else {
-        if ( !$args{'include_system_rights'} ) {
-            $check_objects = "($acl.object_type != 'RT::System')";
-        }
-    }
-
-    $self->_add_subclause( "Whichobject", "($check_objects)" );
-    $self->_add_subclause( "WhichRole",   "($check_roles)" );
-
-    $self->limit(
-        alias       => $acl,
-        column      => 'type',
-        value       => "$groups.Type",
-        quote_value => 0,
-    );
-
-    # no system user
-    $self->limit(
-        alias    => $self->principals_alias,
-        column   => 'id',
-        operator => '!=',
-        value    => RT->system_user->id
-    );
-    return;
-}
-
-# XXX: should be generalized
-sub _join_group_members_for_group_rights {
-    my $self          = shift;
-    my %args          = (@_);
-    my $group_members = $self->_join_group_members(%args);
-    $self->limit(
-        alias       => $args{'aclalias'},
-        column      => 'principal',
-        value       => "$group_members.group_id",
-        quote_value => 0,
-    );
-}
-
-# XXX: should be generalized
-sub who_have_group_right {
-    my $self = shift;
-    my %args = (
-        right                    => undef,
-        object                   => undef,
-        include_system_rights    => undef,
-        include_superusers       => undef,
-        include_subgroup_members => 1,
-        equiv_objects            => [],
-        @_
-    );
-
-    # Find only rows where the Right granted is
-    # the one we're looking up or _possibly_ superuser
-    my $acl = $self->_join_acl(%args);
-
-    my ($check_objects) = ('');
-    my @objects = $self->_get_equiv_objects(%args);
-
-    if (@objects) {
-        my @object_clauses;
-        foreach my $obj (@objects) {
-            my $type = ref($obj) ? ref($obj) : $obj;
-            my $id;
-            $id = $obj->id
-                if ref($obj) && UNIVERSAL::can( $obj, 'id' ) && $obj->id;
-
-            my $object_clause = "$acl.object_type = '$type'";
-            $object_clause .= " AND $acl.object_id   = $id" if $id;
-            push @object_clauses, "($object_clause)";
-        }
-
-        $check_objects = join ' OR ', @object_clauses;
-    } else {
-        if ( !$args{'include_system_rights'} ) {
-            $check_objects = "($acl.object_type != 'RT::System')";
-        }
-    }
-    $self->_add_subclause( "Whichobject", "($check_objects)" );
-
-    $self->_join_group_members_for_group_rights( %args, aclalias => $acl );
-
-    # Find only members of groups that have the right.
-    $self->limit(
-        alias  => $acl,
-        column => 'type',
-        value  => 'Group',
-    );
-
-    # no system user
-    $self->limit(
-        alias    => $self->principals_alias,
-        column   => 'id',
-        operator => '!=',
-        value    => RT->system_user->id
-    );
-    return;
-}
-
-
-=head2 who_belong_to_groups { Groups => ARRAYREF, include_subgroup_members => 1 }
-
-=cut
-
-# XXX: should be generalized
-sub who_belong_to_groups {
-    my $self = shift;
-    my %args = (
-        groups                   => undef,
-        include_subgroup_members => 1,
-        @_
-    );
-
-    # Unprivileged users can't be granted real system rights.
-    # is this really the right thing to be saying?
-    $self->limit_to_privileged();
-
-    my $group_members = $self->_join_group_members(%args);
-
-    foreach my $groupid ( @{ $args{'groups'} } ) {
-        $self->limit(
-            alias            => $group_members,
-            column           => 'group_id',
-            value            => $groupid,
-            quote_value      => 0,
-            entry_aggregator => 'OR',
-        );
-    }
-}
-
-
 1;

Modified: rt/3.999/trunk/lib/RT/ScripAction/CreateTickets.pm
==============================================================================
--- rt/3.999/trunk/lib/RT/ScripAction/CreateTickets.pm	(original)
+++ rt/3.999/trunk/lib/RT/ScripAction/CreateTickets.pm	Fri Mar 27 19:25:48 2009
@@ -140,7 +140,7 @@
 	object =>$groups->first,
 	include_system_rights => undef,
 	include_superusers => 0,
-	include_subgroup_members => 0,
+	recursive => 0,
     );
  
      my @admins;

Modified: rt/3.999/trunk/t/api/groups.t
==============================================================================
--- rt/3.999/trunk/t/api/groups.t	(original)
+++ rt/3.999/trunk/t/api/groups.t	Fri Mar 27 19:25:48 2009
@@ -65,7 +65,7 @@
 $global_admin_cc->load_role(object => RT->system, type => 'admin_cc');
 ok($global_admin_cc->id, "Found the global admincc group");
 my $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'OwnTicket', object => $q);
+$groups->who_have_right(right => 'OwnTicket', object => $q);
 is($groups->count, 1);
 ($id, $msg) = $global_admin_cc->principal->grant_right(right =>'OwnTicket', object=> RT->system);
 ok ($id,$msg);
@@ -75,7 +75,7 @@
 ok ($testuser->has_right(object => $q, right => 'OwnTicket') , "The test user does have the right to own tickets now. thank god.");
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'OwnTicket', object => $q);
+$groups->who_have_right(right => 'OwnTicket', object => $q);
 ok ($id,$msg);
 is($groups->count, 3);
 
@@ -98,15 +98,15 @@
 *RTx::System::Record::id = *RTx::System::Record::id;
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'RTxGroupRight', object => $RTxSysObj);
+$groups->who_have_right(right => 'RTxGroupRight', object => $RTxSysObj);
 is($groups->count, 1, "RTxGroupRight found for RTxSysObj");
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'RTxGroupRight', object => $RTxObj);
+$groups->who_have_right(right => 'RTxGroupRight', object => $RTxObj);
 is($groups->count, 0, "RTxGroupRight not found for RTxObj");
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'RTxGroupRight', object => $RTxObj, equiv_objects => [ $RTxSysObj ]);
+$groups->who_have_right(right => 'RTxGroupRight', object => $RTxObj, equiv_objects => [ $RTxSysObj ]);
 is($groups->count, 1, "RTxGroupRight found for RTxObj using equiv_objects");
 
 use RT::Model::ACE;
@@ -119,11 +119,11 @@
 *RTx::System::Record::id = sub  { 5; };
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'RTxGroupRight', object => $RTxObj2);
+$groups->who_have_right(right => 'RTxGroupRight', object => $RTxObj2);
 is($groups->count, 1, "RTxGroupRight found for RTxObj2");
 
 $groups = RT::Model::GroupCollection->new(current_user => RT->system_user);
-$groups->with_right(right => 'RTxGroupRight', object => $RTxObj2, equiv_objects => [ $RTxSysObj ]);
+$groups->who_have_right(right => 'RTxGroupRight', object => $RTxObj2, equiv_objects => [ $RTxSysObj ]);
 is($groups->count, 1, "RTxGroupRight found for RTxObj2");
 
 


More information about the Rt-commit mailing list