[Rt-commit] rtir branch, 5.0/filter-queues-by-right-on-ticket-create, created. 5.0.0beta1-1-g2db7bbb9

? sunnavy sunnavy at bestpractical.com
Fri Jun 26 16:43:36 EDT 2020


The branch, 5.0/filter-queues-by-right-on-ticket-create has been created
        at  2db7bbb9fa1ee9e8da2655f7473cc57f62bc6a24 (commit)

- Log -----------------------------------------------------------------
commit 2db7bbb9fa1ee9e8da2655f7473cc57f62bc6a24
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Sat Jun 27 04:15:17 2020 +0800

    Filter queues by checking "CreateTicket" right on ticket create pages
    
    Because ShowAll is true by default, which could bypass right check,
    previously all the RTIR queues current user can see were rendered.

diff --git a/html/Callbacks/RTIR/Elements/Tabs/Privileged b/html/Callbacks/RTIR/Elements/Tabs/Privileged
index 4358e61f..44eca7d1 100644
--- a/html/Callbacks/RTIR/Elements/Tabs/Privileged
+++ b/html/Callbacks/RTIR/Elements/Tabs/Privileged
@@ -633,6 +633,7 @@ if ( $request_path =~ m{$re_rtir_path(?:Incident/)?Create\.html} ) {
             ObjectType       => 'Queue',
             CheckRight       => 'CreateTicket',
             CacheNeedsUpdate => RT->System->QueueCacheNeedsUpdate,
+            ShowAll          => 0,
         );
         ($queue) = map { $_->{Id} } grep { !RT::IR->OurQueue( $_->{Id} ) } @{ $session{$cache_key}{objects} };
     }
diff --git a/html/Callbacks/RTIR/Ticket/Create.html/Init b/html/Callbacks/RTIR/Ticket/Create.html/Init
index a8eaeb82..e680cfc4 100644
--- a/html/Callbacks/RTIR/Ticket/Create.html/Init
+++ b/html/Callbacks/RTIR/Ticket/Create.html/Init
@@ -54,6 +54,7 @@ my $cache_key = SetObjectSessionCache(
     ObjectType       => 'Queue',
     CheckRight       => 'CreateTicket',
     CacheNeedsUpdate => RT->System->QueueCacheNeedsUpdate,
+    ShowAll          => 0,
 );
 my ($queue) = map { $_->{Id} } grep { !RT::IR->OurQueue( $_->{Id} ) } @{ $session{$cache_key}{objects} };
 $ARGSRef->{Queue} = $queue if $queue;
diff --git a/html/RTIR/Create.html b/html/RTIR/Create.html
index 7d738d4b..6c9c7615 100644
--- a/html/RTIR/Create.html
+++ b/html/RTIR/Create.html
@@ -111,6 +111,7 @@
                 ShowNullOption => 0,
                 AutoSubmit     => 1,
                 LimitToConstituency => $limit_to_constituency,
+                ShowAll        => 0,
                 Constituency => $constituency,
             },
         },
@@ -425,6 +426,7 @@ unless ($Queue) {
     my $cache_key = SetObjectSessionCache(
         ObjectType       => 'Queue',
         CheckRight       => 'CreateTicket',
+        ShowAll          => 0,
         CacheNeedsUpdate => RT->System->QueueCacheNeedsUpdate,
     );
 
diff --git a/html/RTIR/Elements/CreateInRTIRQueue b/html/RTIR/Elements/CreateInRTIRQueue
index 9b6e042f..80235d09 100644
--- a/html/RTIR/Elements/CreateInRTIRQueue
+++ b/html/RTIR/Elements/CreateInRTIRQueue
@@ -60,6 +60,7 @@
                     Name => 'Queue',
                     Lifecycle => $Lifecycle,
                     ShowNullOption => 0,
+                    ShowAll => 0,
                     LimitToConstituency => $limit_to_constituency,
                     Constituency => $m->{'RTIR_ConstituencyFilter'} || $linked_constituency
                 &>
diff --git a/html/RTIR/Incident/Create.html b/html/RTIR/Incident/Create.html
index fd036c5f..3566ecb5 100644
--- a/html/RTIR/Incident/Create.html
+++ b/html/RTIR/Incident/Create.html
@@ -132,7 +132,7 @@ if ( $ChildObj && $ChildObj->id && !$ChildObj->CurrentUserHasRight('ModifyTicket
       <&|/l&>Queue</&>:
     </div>
     <div class="value col-9">
-      <& /RTIR/Elements/SelectRTIRQueue, Name => "Queue", Default => $queue, AutoSubmit => 1, ShowNullOption => 0,
+      <& /RTIR/Elements/SelectRTIRQueue, Name => "Queue", Default => $queue, AutoSubmit => 1, ShowNullOption => 0, ShowAll => 0,
                                          LimitToConstituency => $limit_to_constituency, Constituency => $constituency &>
     </div>
   </div>
diff --git a/html/RTIR/Investigation/Elements/Create b/html/RTIR/Investigation/Elements/Create
index 0de341bb..f8bbb86f 100644
--- a/html/RTIR/Investigation/Elements/Create
+++ b/html/RTIR/Investigation/Elements/Create
@@ -72,6 +72,7 @@
           Lifecycle => $QueueObj->Lifecycle,
           AutoSubmit => 1,
           ShowNullOption => 0,
+          ShowAll => 0,
           Constituency => $Constituency
       &>
     </div>

-----------------------------------------------------------------------


More information about the rt-commit mailing list