[Rt-commit] r18992 - rt/3.999/trunk/lib/RT/IsPrincipal

[ruz at bestpractical.com]

Author: ruz
Date: Tue Mar 31 05:18:27 2009
New Revision: 18992

Modified:
   rt/3.999/trunk/lib/RT/IsPrincipal/HasMembers.pm

Log:
* fix logic in ACL checks on add_member

Modified: rt/3.999/trunk/lib/RT/IsPrincipal/HasMembers.pm
==============================================================================
--- rt/3.999/trunk/lib/RT/IsPrincipal/HasMembers.pm	(original)
+++ rt/3.999/trunk/lib/RT/IsPrincipal/HasMembers.pm	Tue Mar 31 05:18:27 2009
@@ -221,26 +221,15 @@
     # We should only allow membership changes if the user has the right
     # to modify group membership or the user is the principal in question
     # and the user has the right to modify his own membership
-    return ( 0, _("Permission Denied") )
-        unless $self->current_user_has_right('AdminGroupMembership');
-
-    if ( blessed $new_member ) {
-        $self->_add_member( principal => $new_member )
-            if $new_member == $self->current_user->id
-                && $self->current_user_has_right('ModifyOwnMembership');
+    return $self->_add_member( principal => $new_member )
+        if $self->current_user_has_right('AdminGroupMembership');
 
-        return ( 0, _("Permission Denied") )
+    if ( $self->current_user->id == (blessed $new_member? $new_member->id : $new_member) ) {
+        return $self->_add_member( principal => $new_member )
+            if $self->current_user_has_right('ModifyOwnMembership');
     }
 
-    unless ( $new_member == $self->current_user->user_object->id
-        && $self->current_user_has_right('ModifyOwnMembership') )
-    {
-
-        #User has no permission to be doing this
-        return ( 0, _("Permission Denied") );
-    }
-
-    $self->_add_member( principal => $new_member );
+    return ( 0, _("Permission Denied") )
 }
 
 # A helper subroutine for add_member that bypasses the ACL checks