[Rt-commit] rt branch, 4.0/columnmap-cache-cf, updated. rt-4.0.8-65-g74d3205
Thomas Sibley
trs at bestpractical.com
Sat Nov 10 00:00:50 EST 2012
The branch, 4.0/columnmap-cache-cf has been updated
via 74d3205567d2c52549a7db68a7fd9e28499a65ef (commit)
from 15d4da6fb6707f26228c301cd33cbb2210c0dd41 (commit)
Summary of changes:
lib/RT/CustomField.pm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
- Log -----------------------------------------------------------------
commit 74d3205567d2c52549a7db68a7fd9e28499a65ef
Author: Thomas Sibley <trs at bestpractical.com>
Date: Fri Nov 9 20:53:16 2012 -0800
Return an empty OCFVs object from $CF->ValuesForObject if $CF isn't loaded
Otherwise the rights check spews: "[crit]: HasRight called with no valid
object".
The additional never-true ->Limit ensures the returned object remains
properly ACLed even if the caller subsequently ->Limits the object. All
of the current call sites use the collection right away without
modification, but a bit of future proofing while we're in here is a good
thing.
diff --git a/lib/RT/CustomField.pm b/lib/RT/CustomField.pm
index d065b7f..a64cd0a 100644
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@ -1649,12 +1649,12 @@ sub ValuesForObject {
my $object = shift;
my $values = RT::ObjectCustomFieldValues->new($self->CurrentUser);
- unless ($self->CurrentUserHasRight('SeeCustomField')) {
+ unless ($self->id and $self->CurrentUserHasRight('SeeCustomField')) {
# Return an empty object if they have no rights to see
+ $values->Limit( FIELD => "id", VALUE => 0, SUBCLAUSE => "ACL" );
return ($values);
}
-
-
+
$values->LimitToCustomField($self->Id);
$values->LimitToObject($object);
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list