[Rt-devel] PATCH: don't link Admin/Users/Modify if the user doesn't
have the required privilege
David Schweikert
dws at ee.ethz.ch
Fri Apr 21 10:15:21 EDT 2006
Hi,
On the Ticket page, if you click on the "More about Requestor" link, you
get to the Admin/Users/Modify.html page, but if you don't have the
AdminUsers privilege, you only get a blank page.
This patch removes the link if the user doesn't have that privilege.
--- share/html/Ticket/Elements/ShowRequestor 2006-01-12 04:04:46.000000000 +0100
+++ share/html/Ticket/Elements/ShowRequestor 2006-04-21 16:10:13.943128000 +0200
@@ -49,6 +49,7 @@
while (my $requestor=$people->Next) {
my $name=$requestor->RealName || $requestor->EmailAddress;
my $tickets = RT::Tickets->new($session{'CurrentUser'});
+my $has_right_adminusers = $session{'CurrentUser'}->HasRight(Object => $RT::System, Right => 'AdminUsers');
$tickets->LimitWatcher(TYPE => 'Requestor', VALUE => $requestor->EmailAddress );
$tickets->LimitStatus( VALUE => 'open');
$tickets->LimitStatus( VALUE => 'new');
@@ -58,7 +59,7 @@
</%PERL>
% unless ($requestor->Privileged) {
-<&| /Widgets/TitleBox, title_href => "$RT::WebPath/Admin/Users/Modify.html?id=".$requestor->id, title=> loc("More about [_1]", $name) &>
+<&| /Widgets/TitleBox, title_href => $has_right_adminusers ? "$RT::WebPath/Admin/Users/Modify.html?id=".$requestor->id : undef, title=> loc("More about [_1]", $name) &>
%# Additional information about this user. Empty by default.
<& /Elements/Callback, _CallbackName => 'AboutThisUser', requestor => $requestor, %ARGS &>
Cheers
David
--
David Schweikert | phone: +41 44 632 7019
System manager ISG.EE | walk: ETH Zentrum, ETL F24.1
ETH Zurich, Switzerland | web: http://people.ee.ethz.ch/dws
More information about the Rt-devel
mailing list