[Rt-commit] rt branch, 4.4/groupdashboards-savedsearches-rights, created. rt-4.4.2-51-g1f4579b
Maureen Mirville
maureen at bestpractical.com
Fri Dec 15 16:05:28 EST 2017
The branch, 4.4/groupdashboards-savedsearches-rights has been created
at 1f4579b7148b46df80761fb7caf749b8357a3afa (commit)
- Log -----------------------------------------------------------------
commit 1f4579b7148b46df80761fb7caf749b8357a3afa
Author: Maureen E. Mirville <maureen at bestpractical.com>
Date: Fri Dec 15 14:15:22 2017 -0500
Fix bug on groups granted 'SeeGroupDashboard' or 'ShowSavedSearches'
Groups granted 'SeeGroupDashboard' or 'ShowSavedSearches' rights
on a second group, previously, could only see the dashboard or
saved searches if the group members were also in the second group.
This fix allows for members of one group with these rights on
another to view the dashboard or saved searches of the other group
without membership.
Fixes: I#188174
Fixes: I#188227
diff --git a/lib/RT/Dashboard.pm b/lib/RT/Dashboard.pm
index 7f76853..3f0de65 100644
--- a/lib/RT/Dashboard.pm
+++ b/lib/RT/Dashboard.pm
@@ -402,7 +402,34 @@ sub ObjectsForLoading {
FIELD => 'Name',
VALUE => 'Dashboard',
);
+ my $groups2 = RT::Groups->new($CurrentUser);
+ $groups2->LimitToUserDefinedGroups;
+ $groups2->ForWhichCurrentUserHasRight(
+ Right => 'SeeGroupDashboard',
+ IncludeSuperusers => 0,
+ );
+ my $attrs2 = $groups2->Join(
+ ALIAS1 => 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'Attributes',
+ FIELD2 => 'ObjectId',
+ );
+ $groups2->Limit(
+ ALIAS => $attrs2,
+ FIELD => 'ObjectType',
+ VALUE => 'RT::Group',
+ );
+ $groups2->Limit(
+ ALIAS => $attrs2,
+ FIELD => 'Name',
+ VALUE => 'Dashboard',
+ );
push @objects, @{ $groups->ItemsArrayRef };
+ push @objects, @{ $groups2->ItemsArrayRef };
+
+ # remove duplicates from @objects:
+ my %seen;
+ @objects = grep !$seen{$_->Id}++, @objects;
# Finally, if you have been granted the SeeDashboard right (which
# you could have by way of global user right or global group right),
diff --git a/lib/RT/SavedSearch.pm b/lib/RT/SavedSearch.pm
index 8bb1452..593b2aa 100644
--- a/lib/RT/SavedSearch.pm
+++ b/lib/RT/SavedSearch.pm
@@ -162,6 +162,10 @@ sub _PrivacyObjects {
my $groups = RT::Groups->new($CurrentUser);
$groups->LimitToUserDefinedGroups;
+ $groups->ForWhichCurrentUserHasRight(
+ Right => 'ShowSavedSearches',
+ IncludeSuperusers => 0,
+ );
$groups->WithCurrentUser;
if ($has_attr) {
my $attrs = $groups->Join(
@@ -181,8 +185,39 @@ sub _PrivacyObjects {
VALUE => $has_attr,
);
}
+ my $groupsB = RT::Groups->new($CurrentUser);
+ $groupsB->LimitToUserDefinedGroups;
+ $groupsB->ForWhichCurrentUserHasRight(
+ Right => 'ShowSavedSearches',
+ IncludeSuperusers => 0,
+ );
+ if ($has_attr) {
+ my $attrsB = $groupsB->Join(
+ ALIAS1 => 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'Attributes',
+ FIELD2 => 'ObjectId',
+ );
+ $groupsB->Limit(
+ ALIAS => $attrsB,
+ FIELD => 'ObjectType',
+ VALUE => 'RT::Group',
+ );
+ $groupsB->Limit(
+ ALIAS => $attrsB,
+ FIELD => 'Name',
+ VALUE => $has_attr,
+ );
+ }
+ my @objects = $CurrentUser->UserObj;
+ push @objects, @{ $groups->ItemsArrayRef };
+ push @objects, @{ $groupsB->ItemsArrayRef };
+
+ # remove duplicates:
+ my %seen;
+ @objects = grep !$seen{$_->Id}++, @objects;
- return ( $CurrentUser->UserObj, @{ $groups->ItemsArrayRef() } );
+ return @objects;
}
sub ObjectsForLoading {
diff --git a/lib/RT/SharedSetting.pm b/lib/RT/SharedSetting.pm
index 30f9e09..d713625 100644
--- a/lib/RT/SharedSetting.pm
+++ b/lib/RT/SharedSetting.pm
@@ -423,10 +423,9 @@ sub _GetObject {
}
if ( $obj_type eq 'RT::Group'
- && !$object->HasMemberRecursively($self->CurrentUser->PrincipalObj)
- && !$self->CurrentUser->HasRight( Object => $RT::System, Right => 'SuperUser' ) ) {
+ && !$self->CurrentUser->HasRight( Object => $object, Right => 'SeeGroupDashboard' ) ) {
$RT::Logger->debug("Permission denied, ".$self->CurrentUser->Name.
- " is not a member of group");
+ " does not have rights to see group dashboard" );
return undef;
}
-----------------------------------------------------------------------
More information about the rt-commit
mailing list