[Rt-commit] rt branch, 5.0/respect-admin-custom-roles-right, created. rt-5.0.0alpha1-161-g2c79b28c2f

? sunnavy sunnavy at bestpractical.com
Tue Apr 28 17:07:36 EDT 2020


The branch, 5.0/respect-admin-custom-roles-right has been created
        at  2c79b28c2f976680b9e0346c5bfbba3663ebad09 (commit)

- Log -----------------------------------------------------------------
commit 20d8b918f24a3950fde0b4dcc4fd65ec3cb60387
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Apr 29 04:49:58 2020 +0800

    Fix assignment because HiddenForURLs returns a hashref

diff --git a/share/html/Admin/CustomRoles/Visibility.html b/share/html/Admin/CustomRoles/Visibility.html
index 4423568e34..1a658b9774 100644
--- a/share/html/Admin/CustomRoles/Visibility.html
+++ b/share/html/Admin/CustomRoles/Visibility.html
@@ -116,7 +116,7 @@ if ( $Update ) {
     }
     else {
         push @results, loc('Unable to update visibility: [_1]', $msg);
-        %hidden = $role->HiddenForURLs;
+        %hidden = %{ $role->HiddenForURLs };
     }
 
     MaybeRedirectForResults(

commit 094fd0fc81cba7d77507d0b77ead41b349a53d29
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Apr 29 04:53:07 2020 +0800

    Respect AdminCustomRoles right on custom role update

diff --git a/lib/RT/CustomRole.pm b/lib/RT/CustomRole.pm
index 230ecbae45..f3ea32a1d9 100644
--- a/lib/RT/CustomRole.pm
+++ b/lib/RT/CustomRole.pm
@@ -715,6 +715,10 @@ sub SetHiddenForURLs {
     my $self   = shift;
     my $hidden = shift;
 
+    unless ( $self->CurrentUser->HasRight(Object => $RT::System, Right => 'AdminCustomRoles') ) {
+        return (0, $self->loc('Permission Denied'));
+    }
+
     return $self->SetAttribute(
         Name    => 'HiddenForURLs',
         Content => $hidden,
@@ -732,6 +736,17 @@ sub IsHiddenForURL {
     return $self->HiddenForURLs->{$url};
 }
 
+
+sub _Set {
+    my $self = shift;
+
+    unless ( $self->CurrentUser->HasRight( Object => $RT::System, Right => 'AdminCustomRoles' ) ) {
+        return ( 0, $self->loc('Permission Denied') );
+    }
+
+    return $self->SUPER::_Set(@_);
+}
+
 sub _CoreAccessible {
     {
         id =>

commit 2c79b28c2f976680b9e0346c5bfbba3663ebad09
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Apr 29 04:55:14 2020 +0800

    Use the same logic of "Basics" to show custom role "Visibility" page
    
    i.e. admins without "AdminCustomRoles" can view the "Visibility" page
    but can't update.

diff --git a/lib/RT/Interface/Web/MenuBuilder.pm b/lib/RT/Interface/Web/MenuBuilder.pm
index d1ba3faa00..2f40f6a452 100644
--- a/lib/RT/Interface/Web/MenuBuilder.pm
+++ b/lib/RT/Interface/Web/MenuBuilder.pm
@@ -1307,11 +1307,7 @@ sub _BuildAdminMenu {
             if ( $obj and $obj->id ) {
                 $page->child( basics       => title => loc('Basics'),       path => "/Admin/CustomRoles/Modify.html?id=".$id );
                 $page->child( 'applies-to' => title => loc('Applies to'),   path => "/Admin/CustomRoles/Objects.html?id=" . $id );
-
-                if ( $current_user->HasRight( Object => $obj, Right => 'AdminCustomRoles' ) ) {
-                    $page->child( 'visibility' => title => loc('Visibility'), path => "/Admin/CustomRoles/Visibility.html?id=" . $id );
-                }
-
+                $page->child( 'visibility' => title => loc('Visibility'),   path => "/Admin/CustomRoles/Visibility.html?id=" . $id );
             }
         }
     }

-----------------------------------------------------------------------


More information about the rt-commit mailing list