[Rt-commit] rt branch, 3.9-double_acl_cache, updated. rt-3.9.6-143-geb35a23

Ruslan Zakirov ruz at bestpractical.com
Mon Nov 29 20:06:01 EST 2010 

The branch, 3.9-double_acl_cache has been updated
       via  eb35a233da94b452c5eceb4343874617104f7ea3 (commit)
      from  789f7b1099d1b6f3509de4aa92161786184ba3fa (commit)

Summary of changes:
 lib/RT/Principal_Overlay.pm |   18 +++++++++++++++---
 share/html/Elements/Tabs    |    7 ++++++-
 2 files changed, 21 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit eb35a233da94b452c5eceb4343874617104f7ea3
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date:   Tue Nov 30 04:05:30 2010 +0300

    handle special ExecuteCode right

diff --git a/lib/RT/Principal_Overlay.pm b/lib/RT/Principal_Overlay.pm
index e6fc204..b216c14 100755
--- a/lib/RT/Principal_Overlay.pm
+++ b/lib/RT/Principal_Overlay.pm
@@ -334,9 +334,18 @@ sub HasRight {
 Returns a hash reference with all rights this principal has on an
 object. Takes Object as a named argument.
 
-Results are cached and re-used until L</InvalidateACLCache> called.
-Caching makes L</HasRight> calls for this principal and the same
-object much faster as well.
+Main use case of this method is the following:
+
+    $ticket->CurrentUser->PrincipalObj->HasRights( Object => $ticket );
+    ...
+    $ticket->CurrentUserHasRight('A');
+    ...
+    $ticket->CurrentUserHasRight('Z');
+
+Results are cached and the cache is used in this and, as well, in L</HasRight>
+method speeding it up. Don't use hash reference returned by this method
+directly for rights checks as it's more complicated then it seems, especially
+considering config options like 'DisallowExecuteCode'.
 
 =cut
 
@@ -408,6 +417,9 @@ sub HasRights {
         $res{$_} = 1 foreach @$rights;
     }
 
+    delete $res{'ExecuteCode'} if 
+        RT->Config->Get('DisallowExecuteCode');
+
     $_ACL_CACHE->store( $cache_key, \%res );
     return \%res;
 }
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index f3725f6..ca3de22 100755
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -326,7 +326,12 @@ if ( $request_path !~ qr{^/SelfService/} ) {
             my %can = %{ $obj->CurrentUser->PrincipalObj->HasRights( Object => $obj ) };
             $can{'_ModifyOwner'} = $can{'OwnTicket'} || $can{'TakeTicket'} || $can{'StealTicket'};
             my $can = sub {
-                $can{$_[0]} || $can{'SuperUser'}
+                unless ($_[0] eq 'ExecuteCode') {
+                    return $can{$_[0]} || $can{'SuperUser'};
+                } else {
+                    return !RT->Config->Get('DisallowExecuteCode')
+                        && ( $can{'ExecuteCode'} || $can{'SuperUser'} );
+                }
             };
 
             # comment out until we can do it for an individual custom field

-----------------------------------------------------------------------

More information about the Rt-commit mailing list