[Rt-commit] rt branch, 4.2/public-user-history, created. rt-4.1.8-577-g0e8a723
Alex Vandiver
alexmv at bestpractical.com
Mon Jun 10 21:21:20 EDT 2013
The branch, 4.2/public-user-history has been created
at 0e8a72352f4255785c6a30ef7ceb267564a40b60 (commit)
- Log -----------------------------------------------------------------
commit f771c4884af058db892353db2c3796479664662e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 19:40:01 2013 -0400
Move transaction ACLs onto the ticket object's CurrentUserCanSee
diff --git a/lib/RT/Ticket.pm b/lib/RT/Ticket.pm
index bcfcfcbe..2668cdc 100644
--- a/lib/RT/Ticket.pm
+++ b/lib/RT/Ticket.pm
@@ -2883,7 +2883,28 @@ Returns true if the current user can see the ticket, using ShowTicket
sub CurrentUserCanSee {
my $self = shift;
- return $self->CurrentUserHasRight('ShowTicket');
+ my ($what, $txn) = @_;
+ return 0 unless $self->CurrentUserHasRight('ShowTicket');
+
+ return 1 if $what ne "Transaction";
+
+ # If it's a comment, we need to be extra special careful
+ my $type = $txn->__Value('Type');
+ if ( $type eq 'Comment' ) {
+ unless ( $self->CurrentUserHasRight('ShowTicketComments') ) {
+ return 0;
+ }
+ } elsif ( $type eq 'CommentEmailRecord' ) {
+ unless ( $self->CurrentUserHasRight('ShowTicketComments')
+ && $self->CurrentUserHasRight('ShowOutgoingEmail') ) {
+ return 0;
+ }
+ } elsif ( $type eq 'EmailRecord' ) {
+ unless ( $self->CurrentUserHasRight('ShowOutgoingEmail') ) {
+ return 0;
+ }
+ }
+ return 1;
}
=head2 Reminders
diff --git a/lib/RT/Transaction.pm b/lib/RT/Transaction.pm
index 0702001..a7fe4c8 100644
--- a/lib/RT/Transaction.pm
+++ b/lib/RT/Transaction.pm
@@ -1217,26 +1217,9 @@ custom implementations.
sub CurrentUserCanSee {
my $self = shift;
- # If it's a comment, we need to be extra special careful
- my $type = $self->__Value('Type');
- if ( $type eq 'Comment' ) {
- unless ( $self->CurrentUserHasRight('ShowTicketComments') ) {
- return 0;
- }
- }
- elsif ( $type eq 'CommentEmailRecord' ) {
- unless ( $self->CurrentUserHasRight('ShowTicketComments')
- && $self->CurrentUserHasRight('ShowOutgoingEmail') ) {
- return 0;
- }
- }
- elsif ( $type eq 'EmailRecord' ) {
- unless ( $self->CurrentUserHasRight('ShowOutgoingEmail') ) {
- return 0;
- }
- }
# Make sure the user can see the custom field before showing that it changed
- elsif ( $type eq 'CustomField' and my $cf_id = $self->__Value('Field') ) {
+ my $type = $self->__Value('Type');
+ if ( $type eq 'CustomField' and my $cf_id = $self->__Value('Field') ) {
my $cf = RT::CustomField->new( $self->CurrentUser );
$cf->SetContextObject( $self->Object );
$cf->Load( $cf_id );
@@ -1248,7 +1231,7 @@ sub CurrentUserCanSee {
return 1 if $self->{ _object_is_readable };
# Defer to the object in question
- return $self->Object->CurrentUserCanSee("Transaction");
+ return $self->Object->CurrentUserCanSee("Transaction", $self);
}
commit d368bd39884aca597e90be16909eec98ab7d9413
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 20:12:30 2013 -0400
Allow transactions of public user attributes to be seen, as a right
diff --git a/lib/RT/System.pm b/lib/RT/System.pm
index c4ccf23..abb0712 100644
--- a/lib/RT/System.pm
+++ b/lib/RT/System.pm
@@ -80,6 +80,7 @@ use RT::ACL;
use RT::ACE;
__PACKAGE__->AddRight( Admin => SuperUser => 'Do anything and everything'); # loc_pair
+__PACKAGE__->AddRight( Staff => ShowUserHistory => 'Show history of public user properties'); # loc_pair
__PACKAGE__->AddRight( Admin => AdminUsers => 'Create, modify and delete users'); # loc_pair
__PACKAGE__->AddRight( Staff => ModifySelf => "Modify one's own RT account"); # loc_pair
__PACKAGE__->AddRight( Staff => ShowArticlesMenu => 'Show Articles menu'); # loc_pair
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index 0355bc2..9101aab 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -1252,26 +1252,29 @@ public, ourself, or we have AdminUsers
sub CurrentUserCanSee {
my $self = shift;
- my ($what) = @_;
+ my ($what, $txn) = @_;
- # If it's public, fine. Note that $what may be "transaction", which
- # doesn't have an Accessible value, and thus falls through below.
- if ( $self->_Accessible( $what, 'public' ) ) {
- return 1;
- }
+ # If it's a public property, fine
+ return 1 if $self->_Accessible( $what, 'public' );
- # Users can see their own properties
- elsif ( defined($self->Id) && $self->CurrentUser->Id == $self->Id ) {
- return 1;
- }
+ # Users can see all of their own properties
+ return 1 if defined($self->Id) and $self->CurrentUser->Id == $self->Id;
# If the user has the admin users right, that's also enough
- elsif ( $self->CurrentUser->HasRight( Right => 'AdminUsers', Object => $RT::System) ) {
- return 1;
- }
- else {
- return 0;
+ return 1 if $self->CurrentUserHasRight( 'AdminUsers' );
+
+ # Transactions of public properties are visible to users with ShowUserHistory
+ if ($what eq "Transaction" and $self->CurrentUserHasRight( 'ShowUserHistory' )) {
+ my $type = $txn->__Value('Type');
+ my $field = $txn->__Value('Field');
+ return 1 if $type eq "Set" and $self->_Accessible( $field, 'public' );
+
+ # RT::Transaction->CurrentUserCanSee deals with ensuring we meet
+ # the ACLs on CFs, so allow them here
+ return 1 if $type eq "CustomField";
}
+
+ return 0;
}
=head2 CurrentUserCanModify RIGHT
commit b83f7a7691ef49ce91d69c842b07cd2e9fed950f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 21:01:11 2013 -0400
Add a tab to view user history from the summary page, if the user has rights
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index 9595c65..babfb99 100644
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -898,15 +898,22 @@ my $build_main_nav = sub {
}
- if ( $request_path =~ m{^/User/Summary.html} ) {
+ if ( $request_path =~ m{^/User/(Summary|History)\.html} ) {
my $admin = $session{'CurrentUser'}->HasRight(
Object => $RT::System, Right => 'AdminUsers'
);
my $config = $session{'CurrentUser'}->HasRight(
Object => $RT::System, Right => 'ShowConfigTab'
);
+ my $history = $session{'CurrentUser'}->HasRight(
+ Object => $RT::System, Right => 'ShowUserHistory'
+ );
+ PageMenu()->child( display => title => loc('Summary'), path => '/User/Summary.html?id=' . $DECODED_ARGS->{'id'} )
+ if ($admin && $config) or $history;
PageMenu()->child( edit => title => loc('Edit'), path => '/Admin/Users/Modify.html?id=' . $DECODED_ARGS->{'id'} )
if $admin && $config;
+ PageMenu()->child( history => title => loc('History'), path => '/User/History.html?id=' . $DECODED_ARGS->{'id'} )
+ if ($admin && $config) or $history;
}
if ( $request_path =~ /^\/(?:index.html|$)/ ) {
diff --git a/share/html/User/History.html b/share/html/User/History.html
new file mode 100644
index 0000000..0e767aa
--- /dev/null
+++ b/share/html/User/History.html
@@ -0,0 +1,67 @@
+%# BEGIN BPS TAGGED BLOCK {{{
+%#
+%# COPYRIGHT:
+%#
+%# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
+%# <sales at bestpractical.com>
+%#
+%# (Except where explicitly superseded by other copyright notices)
+%#
+%#
+%# LICENSE:
+%#
+%# This work is made available to you under the terms of Version 2 of
+%# the GNU General Public License. A copy of that license should have
+%# been provided with this software, but in any event can be snarfed
+%# from www.gnu.org.
+%#
+%# This work is distributed in the hope that it will be useful, but
+%# WITHOUT ANY WARRANTY; without even the implied warranty of
+%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+%# General Public License for more details.
+%#
+%# You should have received a copy of the GNU General Public License
+%# along with this program; if not, write to the Free Software
+%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+%# 02110-1301 or visit their web page on the internet at
+%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+%#
+%#
+%# CONTRIBUTION SUBMISSION POLICY:
+%#
+%# (The following paragraph is not intended to limit the rights granted
+%# to you to modify and distribute this software under the terms of
+%# the GNU General Public License and is only of importance to you if
+%# you choose to contribute your changes and enhancements to the
+%# community by submitting them to Best Practical Solutions, LLC.)
+%#
+%# By intentionally submitting any modifications, corrections or
+%# derivatives to this work, or any other work intended for use with
+%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+%# you are the copyright holder for those contributions and you grant
+%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+%# royalty-free, perpetual, license to use, copy, create derivative
+%# works based on those contributions, and sublicense and distribute
+%# those contributions and any derivatives thereof.
+%#
+%# END BPS TAGGED BLOCK }}}
+<& /Elements/Header, Title => loc('History of the user [_1]', $User->Format) &>
+<& /Elements/Tabs &>
+
+<& /Elements/ShowHistory,
+ Object => $User,
+ ShowDisplayModes => 0,
+ DisplayPath => 'History.html',
+&>
+
+<%INIT>
+my $User = RT::User->new( $session{'CurrentUser'} );
+my ($status, $msg) = $User->Load($id);
+unless ($status) {
+ RT->Logger->error("Unable to load user $id: $msg");
+ Abort("Unable to load User $id");
+}
+</%INIT>
+<%ARGS>
+$id => undef
+</%ARGS>
commit 1663dc1508c974b29e1b1d3f00d60d5b0fbcb90c
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 21:03:03 2013 -0400
Merge user summary and user admin tabs if the user has rights to both
This reduces confusion caused as the tabs change wildly upon clicking
"edit."
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index babfb99..059cb00 100644
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -311,7 +311,7 @@ my $build_admin_menu = sub {
}
}
}
- if ( $request_path =~ m{^/Admin/Users} ) {
+ if ( $request_path =~ m{^(/Admin/Users|/User/(Summary|History)\.html)} ) {
if ( $DECODED_ARGS->{'id'} && $DECODED_ARGS->{'id'} =~ /^\d+$/ ) {
my $id = $DECODED_ARGS->{'id'};
my $obj = RT::User->new( $session{'CurrentUser'} );
@@ -898,22 +898,11 @@ my $build_main_nav = sub {
}
- if ( $request_path =~ m{^/User/(Summary|History)\.html} ) {
- my $admin = $session{'CurrentUser'}->HasRight(
- Object => $RT::System, Right => 'AdminUsers'
- );
- my $config = $session{'CurrentUser'}->HasRight(
- Object => $RT::System, Right => 'ShowConfigTab'
- );
- my $history = $session{'CurrentUser'}->HasRight(
- Object => $RT::System, Right => 'ShowUserHistory'
- );
- PageMenu()->child( display => title => loc('Summary'), path => '/User/Summary.html?id=' . $DECODED_ARGS->{'id'} )
- if ($admin && $config) or $history;
- PageMenu()->child( edit => title => loc('Edit'), path => '/Admin/Users/Modify.html?id=' . $DECODED_ARGS->{'id'} )
- if $admin && $config;
- PageMenu()->child( history => title => loc('History'), path => '/User/History.html?id=' . $DECODED_ARGS->{'id'} )
- if ($admin && $config) or $history;
+ if ( $request_path =~ m{^/User/(Summary|History)\.html} and not PageMenu()->child('summary') ) {
+ if ( $session{'CurrentUser'}->HasRight( Object => $RT::System, Right => 'ShowUserHistory' ) ) {
+ PageMenu()->child( display => title => loc('Summary'), path => '/User/Summary.html?id=' . $DECODED_ARGS->{'id'} );
+ PageMenu()->child( history => title => loc('History'), path => '/User/History.html?id=' . $DECODED_ARGS->{'id'} );
+ }
}
if ( $request_path =~ /^\/(?:index.html|$)/ ) {
commit fc83ecc3ab4d7416ab7209513aa58c64e65102d3
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 21:16:30 2013 -0400
Avoid showing the admin links unless the user has AdminUser
The user is already guaranteed to have ShowConfigTab if in this section,
but complex menu should be hidden onthe user summary pages unless the
user also has AdminUsers. This is easiest checked by looking for the
top-level admin menu's existance.
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index 059cb00..bf62a6e 100644
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -311,7 +311,7 @@ my $build_admin_menu = sub {
}
}
}
- if ( $request_path =~ m{^(/Admin/Users|/User/(Summary|History)\.html)} ) {
+ if ( $request_path =~ m{^(/Admin/Users|/User/(Summary|History)\.html)} and $admin->child("users") ) {
if ( $DECODED_ARGS->{'id'} && $DECODED_ARGS->{'id'} =~ /^\d+$/ ) {
my $id = $DECODED_ARGS->{'id'};
my $obj = RT::User->new( $session{'CurrentUser'} );
commit 0e8a72352f4255785c6a30ef7ceb267564a40b60
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Jun 10 21:15:58 2013 -0400
Rename "Basics" to "Edit" when approaching from the user summary direction
This clarifies what lies on the page if the user is examining the page
from having looked at the summary, and has not been placed in the
"admin" context via having approached the menus from that side.
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index bf62a6e..41b7fab 100644
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -898,8 +898,12 @@ my $build_main_nav = sub {
}
- if ( $request_path =~ m{^/User/(Summary|History)\.html} and not PageMenu()->child('summary') ) {
- if ( $session{'CurrentUser'}->HasRight( Object => $RT::System, Right => 'ShowUserHistory' ) ) {
+ if ( $request_path =~ m{^/User/(Summary|History)\.html} ) {
+ if (PageMenu()->child('summary')) {
+ # Already set up from having AdminUser and ShowConfigTab;
+ # but rename "Basics" to "Edit" in this context
+ PageMenu()->child( 'basics' )->title( loc('Edit') );
+ } elsif ( $session{'CurrentUser'}->HasRight( Object => $RT::System, Right => 'ShowUserHistory' ) ) {
PageMenu()->child( display => title => loc('Summary'), path => '/User/Summary.html?id=' . $DECODED_ARGS->{'id'} );
PageMenu()->child( history => title => loc('History'), path => '/User/History.html?id=' . $DECODED_ARGS->{'id'} );
}
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list