[Bps-public-commit] rt-extension-rightsinspector branch, master, updated. b49108dbe2a73dbf0a3186e85869caf444dfdd68
Shawn Moore
shawn at bestpractical.com
Mon May 8 12:16:33 EDT 2017
The branch, master has been updated
via b49108dbe2a73dbf0a3186e85869caf444dfdd68 (commit)
from 92a94c60501abcbd0837ca1aa26110cb37c7a709 (commit)
Summary of changes:
html/Admin/RightsInspector/index.html | 4 ++++
lib/RT/Extension/RightsInspector.pm | 29 +++++++++++++++++++++++++++++
2 files changed, 33 insertions(+)
- Log -----------------------------------------------------------------
commit b49108dbe2a73dbf0a3186e85869caf444dfdd68
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Mon May 8 16:09:18 2017 +0000
Implement filtering out with !term
diff --git a/html/Admin/RightsInspector/index.html b/html/Admin/RightsInspector/index.html
index 0e3bbd7..a3f8470 100644
--- a/html/Admin/RightsInspector/index.html
+++ b/html/Admin/RightsInspector/index.html
@@ -32,6 +32,10 @@ ticket's or asset's role groups. Similarly, searching for a specific
ticket with syntax like <kbd>t:10</kbd> will show you the permissions
for that single ticket and its queue.</p>
+<p>Any word prefixed with a <kbd>!</kbd> will be filtered out from the
+search results, for example searching for right
+<kbd>ShowTicket !SuperUser</kbd>.</p>
+
<p>For example, to help answer the question "why can Joe see asset #39?"
you may specify principal <kbd>user:Joe</kbd>, object <kbd>asset
#39</kbd>, right <kbd>ShowAsset</kbd>. This will produce multiple
diff --git a/lib/RT/Extension/RightsInspector.pm b/lib/RT/Extension/RightsInspector.pm
index de55b68..8b98e86 100644
--- a/lib/RT/Extension/RightsInspector.pm
+++ b/lib/RT/Extension/RightsInspector.pm
@@ -316,10 +316,15 @@ sub Search {
principal => undef,
object => undef,
);
+ my %filter_out;
my %inner_role;
if ($args{right}) {
$has_search = 1;
+
+ push @{ $filter_out{right} }, $2
+ while $args{right} =~ s/( |^)!(\S+)/$1/;
+
for my $term (split ' ', $args{right}) {
$ACL->Limit(
FIELD => 'RightName',
@@ -338,6 +343,9 @@ sub Search {
}
if ($args{object}) {
+ push @{ $filter_out{object} }, $2
+ while $args{object} =~ s/( |^)!(\S+)/$1/;
+
if (my ($type, $identifier) = $args{object} =~ m{
^
\s*
@@ -384,6 +392,9 @@ sub Search {
my $principal_paren = 0;
if ($args{principal}) {
+ push @{ $filter_out{principal} }, $2
+ while $args{principal} =~ s/( |^)!(\S+)/$1/;
+
if (my ($type, $identifier) = $args{principal} =~ m{
^
\s*
@@ -504,6 +515,22 @@ sub Search {
$continueAfter = $ACE->Id;
my $serialized = $self->SerializeACE($ACE, \%primary_records, \%inner_role);
+ for my $key (keys %filter_out) {
+ for my $term (@{ $filter_out{$key} }) {
+ my $re = qr/\Q$term\E/i;
+ if ($key eq 'right') {
+ next ACE if $serialized->{right} =~ $re;
+ }
+ else {
+ my $record = $serialized->{$key};
+ next ACE if $record->{class} =~ $re
+ || $record->{id} =~ $re
+ || $record->{label} =~ $re
+ || $record->{detail} =~ $re;
+ }
+ }
+ }
+
KEY: for my $key (qw/principal object/) {
# filtering on the serialized record is hacky, but doing the
# searching in SQL is absolutely a nonstarter
@@ -511,6 +538,8 @@ sub Search {
if (my $term = $args{$key}) {
my $record = $serialized->{$key};
+ $term =~ s/^\s+//;
+ $term =~ s/\s+$//;
my $re = qr/\Q$term\E/i;
next KEY if $record->{class} =~ $re
|| $record->{id} =~ $re
-----------------------------------------------------------------------
More information about the Bps-public-commit
mailing list