[Bps-public-commit] rt-extension-rightsdebugger branch, master, updated. 65986e1f5d43914fc9a07b501fa7b92b6b6ddb25

Shawn Moore shawn at bestpractical.com
Thu Mar 9 17:23:18 EST 2017

The branch, master has been updated
       via  65986e1f5d43914fc9a07b501fa7b92b6b6ddb25 (commit)
       via  e1ecc8a06fd817247943a55ec96fded180af787e (commit)
       via  3e6e6db77fe6cd0c4b93f197d23240b1f85b7cf2 (commit)
      from  3123dc04c2e43da999cad7c5d35e5e5ead2c12e8 (commit)

Summary of changes:
 html/Admin/RightsDebugger/index.html | 38 ++++++++++++++++++++++++++++++++++++
 lib/RT/Extension/RightsDebugger.pm   |  2 +-
 static/css/rights-debugger.css       | 10 ++++++++++
 3 files changed, 49 insertions(+), 1 deletion(-)

- Log -----------------------------------------------------------------
commit 3e6e6db77fe6cd0c4b93f197d23240b1f85b7cf2
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Thu Mar 9 21:02:23 2017 +0000

    Add %s for RightName LIKE inner-role query

diff --git a/lib/RT/Extension/RightsDebugger.pm b/lib/RT/Extension/RightsDebugger.pm
index 2af6187..895ee23 100644
--- a/lib/RT/Extension/RightsDebugger.pm
+++ b/lib/RT/Extension/RightsDebugger.pm
@@ -256,7 +256,7 @@ sub InnerRoleQuery {
         push @query, qq[ ( ];
         for my $term (split ' ', $args{right_search}) {
-            my $quoted = $RT::Handle->Quote($term);
+            my $quoted = $RT::Handle->Quote('%' . $term . '%');
             push @query, qq[
                 main.RightName $LIKE $quoted OR

commit e1ecc8a06fd817247943a55ec96fded180af787e
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Thu Mar 9 21:29:53 2017 +0000

    Don't let the zebra stripes fill the whole page width

diff --git a/static/css/rights-debugger.css b/static/css/rights-debugger.css
index e8e0a24..eca2f0d 100644
--- a/static/css/rights-debugger.css
+++ b/static/css/rights-debugger.css
@@ -1,3 +1,7 @@
+#rights-debugger {
+    display: inline-block;
 #rights-debugger .search input, 
 #rights-debugger .results .result .cell {
     display: inline-block;

commit 65986e1f5d43914fc9a07b501fa7b92b6b6ddb25
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Thu Mar 9 22:13:18 2017 +0000

    Add usage help doc
    It's in a titlebox so it can be dismissed indefinitely by closing it

diff --git a/html/Admin/RightsDebugger/index.html b/html/Admin/RightsDebugger/index.html
index 21d0b21..f949089 100644
--- a/html/Admin/RightsDebugger/index.html
+++ b/html/Admin/RightsDebugger/index.html
@@ -1,6 +1,44 @@
 <& /Admin/Elements/Header, Title => loc("Rights Debugger") &>
 <& /Elements/Tabs &>
+<div class="help">
+<&| /Widgets/TitleBox, title => loc('Usage Help') &>
+<p>The Rights Debugger lets you search your configured permissions based
+on several different criteria. Each permission consists of a "Principal"
+(which user, group, or role has the permission), an "Object" (what
+record they have permissions on), and a "Right" (the name of the
+permission). Rights Debugger lets you filter your permissions for any
+combination of those three.</p>
+<p>The "Right" field lets you specify partial and/or multiple rights
+(e.g. searching <kbd>Ticket</kbd> will match both "ShowTicket" and
+"ModifyTicket", while <kbd>ShowAsset ShowCatalog</kbd> will show results
+for both rights). Since "SuperUser" provides every other right, it will
+also be included in results when applicable.</p>
+<p>The "Principal" and "Object" search fields by default work based on
+filtering. For example typing Principal <kbd>arch</kbd> will show
+permissions granted to the user "Archibald", the Group "Monarchs", the
+custom role "Researcher", and so on. You can also filter using other RT
+concepts by providing search terms like <kbd>user</kbd>,
+<kbd>article</kbd>, and so on.</p>
+<p>Alternatively, these two search fields support a special mode where
+you may specify a unique record directly using syntax like
+<kbd>group:Sales</kbd>. This will show recursive memberships (such as
+rights granted to any groups that the Sales group is a member of). It
+will also show rights granted by being a member of an individual
+ticket's or asset's role groups. Similarly, searching for a specific
+ticket with syntax like <kbd>t:10</kbd> will show you the permissions
+for that single ticket and its queue.</p>
+<p>For example, to help answer the question "why can Joe see asset #39?"
+you may specify principal <kbd>user:Joe</kbd>, object <kbd>asset
+#39</kbd>, right <kbd>ShowAsset</kbd>. This will produce multiple
+results if Joe has access due to multiple different reasons.</p>
 <form action="<%RT->Config->Get('WebPath')%>/Helpers/RightsDebugger/Search" id="rights-debugger">
   <div class="search">
     <input value="<% $ARGS{Principal} %>" type="text" name="principal" placeholder="Principal">
diff --git a/static/css/rights-debugger.css b/static/css/rights-debugger.css
index eca2f0d..e2ba5bd 100644
--- a/static/css/rights-debugger.css
+++ b/static/css/rights-debugger.css
@@ -80,3 +80,9 @@
 #rights-debugger .results .result .primary .detail {
     display: none;
+#comp-Admin-RightsDebugger kbd {
+    border: 1px dashed #AAA;
+    background-color: #F6F6F6;
+    padding: 1px;


More information about the Bps-public-commit mailing list