[Rt-commit] rt branch, 4.0/dump-metadata-privatekey, created. rt-4.0.21-7-g9148dee
Alex Vandiver
alexmv at bestpractical.com
Mon Jul 21 14:47:19 EDT 2014
The branch, 4.0/dump-metadata-privatekey has been created
at 9148dee7cbd7d04e493569e08ff426f510e7e254 (commit)
- Log -----------------------------------------------------------------
commit 9148dee7cbd7d04e493569e08ff426f510e7e254
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Fri Apr 18 17:49:28 2014 -0400
Use explicit AdminUsers check in SetPrivateKey, not _Accessible
8ce033b3's addition of it to _Accessible was to leverage the code in
->CurrentUserCanModify, which is called by SetPrivateKey. The presence
of PrivateKey in _Accessible leads to problems in other code (such as
rt-dump-metadata) which assumes that _Accessible only contains true
columns.
Switch to an explicit ACL check in SetPrivateKey rather than inserting
into _Accessible and relying on CurrentUserCanModify.
Fixes I#22465.
diff --git a/lib/RT/User.pm b/lib/RT/User.pm
index 20ce784..bf6f9be 100644
--- a/lib/RT/User.pm
+++ b/lib/RT/User.pm
@@ -102,7 +102,6 @@ sub _OverlayAccessible {
AuthSystem => { public => 1, admin => 1 },
Gecos => { public => 1, admin => 1 },
PGPKey => { public => 1, admin => 1 },
- PrivateKey => { admin => 1 },
}
}
@@ -1652,7 +1651,8 @@ sub SetPrivateKey {
my $self = shift;
my $key = shift;
- unless ($self->CurrentUserCanModify('PrivateKey')) {
+ # Users should not be able to change their own PrivateKey values
+ unless ( $self->CurrentUser->HasRight(Right => 'AdminUsers', Object => $RT::System) ) {
return (0, $self->loc("Permission Denied"));
}
-----------------------------------------------------------------------
More information about the rt-commit
mailing list