[Bps-public-commit] RT-Extension-MergeUsers branch acl-and-owner-in-search created. 1.07-3-g27833c2
BPS Git Server
git at git.bestpractical.com
Fri May 5 20:27:15 UTC 2023
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "RT-Extension-MergeUsers".
The branch, acl-and-owner-in-search has been created
at 27833c2b128853709436fff81e07d32bf6b28973 (commit)
- Log -----------------------------------------------------------------
commit 27833c2b128853709436fff81e07d32bf6b28973
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 6 04:22:23 2023 +0800
Cover merged user ids for ticket owner searches
E.g. alice2 is merged into alice.
Previously ticket searches like "Owner = 'alice'" didn't return tickets
owned by "alice2". This commit fixes it.
diff --git a/lib/RT/Extension/MergeUsers.pm b/lib/RT/Extension/MergeUsers.pm
index 9857c5c..be9eb9a 100644
--- a/lib/RT/Extension/MergeUsers.pm
+++ b/lib/RT/Extension/MergeUsers.pm
@@ -713,6 +713,27 @@ sub TweakRoleLimitArgs {
};
}
+{
+ package RT::Tickets;
+ no warnings 'redefine';
+
+ my $orig_limit = RT::Tickets->can('Limit');
+ *Limit = sub {
+ my $self = shift;
+ my %args = @_;
+ if ( $args{FIELD} eq 'Owner'
+ && ( $args{OPERATOR} || '=' ) =~ /^!?=$/
+ && $args{VALUE} =~ /^(\d+)$/ )
+ {
+ my @ids = RT::Principal->Ids($1);
+ if ( @ids > 1 ) {
+ $args{OPERATOR} = ( $args{OPERATOR} || '=' ) eq '=' ? 'IN' : 'NOT IN';
+ $args{VALUE} = \@ids;
+ }
+ }
+ return $orig_limit->( $self, %args );
+ };
+}
=head1 AUTHOR
commit eb16219201b9fd86467bb973144fc7e353c4b857
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 6 04:11:56 2023 +0800
Cover merged user ids for ACL check in searches
E.g. alice2 is merged into alice, and alice2 is a member of group
"Admin", which has "ShowTicket" granted.
Previously ticket searches by "alice" didn't honor the "ShowTicket"
right on "Admin" and returned incorrect results.
This commit fixes cases like above.
diff --git a/lib/RT/Extension/MergeUsers.pm b/lib/RT/Extension/MergeUsers.pm
index 1c3b269..9857c5c 100644
--- a/lib/RT/Extension/MergeUsers.pm
+++ b/lib/RT/Extension/MergeUsers.pm
@@ -691,6 +691,29 @@ sub TweakRoleLimitArgs {
};
}
+{
+ package RT::ACL;
+ no warnings 'redefine';
+
+ my $orig_limit = RT::ACL->can('Limit');
+ *Limit = sub {
+ my $self = shift;
+ my %args = @_;
+ if ( $args{FIELD} eq 'MemberId'
+ && ( $args{OPERATOR} || '=' ) =~ /^!?=$/
+ && $args{VALUE} =~ /^(\d+)$/ )
+ {
+ my @ids = RT::Principal->Ids($1);
+ if ( @ids > 1 ) {
+ $args{OPERATOR} = ( $args{OPERATOR} || '=' ) eq '=' ? 'IN' : 'NOT IN';
+ $args{VALUE} = \@ids;
+ }
+ }
+ return $orig_limit->( $self, %args );
+ };
+}
+
+
=head1 AUTHOR
Best Practical Solutions, LLC E<lt>modules at bestpractical.comE<gt>
commit eca79b7bd21854005278dae5bbd1325fc56bd11d
Author: sunnavy <sunnavy at bestpractical.com>
Date: Sat May 6 02:59:03 2023 +0800
Abstract RT::Principal::Ids to get merge user ids
diff --git a/lib/RT/Extension/MergeUsers.pm b/lib/RT/Extension/MergeUsers.pm
index 2b2f8b3..1c3b269 100644
--- a/lib/RT/Extension/MergeUsers.pm
+++ b/lib/RT/Extension/MergeUsers.pm
@@ -494,6 +494,23 @@ my $orig_has_right = \&RT::Principal::HasRight;
return 0;
};
+sub Ids {
+ my $self = shift;
+ my $id = shift;
+ my @ids = $id;
+
+ my $principal = RT::Principal->new( RT->SystemUser );
+ $principal->Load($id);
+
+ if ( $principal->IsUser ) {
+
+ # Not call GetMergedUsers as we don't want to create the attribute here
+ my $merged_users = $principal->Object->FirstAttribute('MergedUsers');
+ push @ids, @{ $merged_users->Content } if $merged_users;
+ }
+ return @ids;
+}
+
{
package RT::Group;
my $orig_delete_member = \&RT::Group::DeleteMember;
@@ -553,16 +570,8 @@ my $orig_has_right = \&RT::Principal::HasRight;
FIELD2 => 'GroupId',
);
- my $principal = RT::Principal->new( $self->CurrentUser );
- $principal->Load($args{'PrincipalId'});
- my @ids = $args{'PrincipalId'};
- if ( $principal->IsUser ) {
-
- # Not call GetMergedUsers as we don't want to create the attribute here
- my $merged_users = $principal->Object->FirstAttribute('MergedUsers');
- push @ids, @{ $merged_users->Content } if $merged_users;
- }
+ my @ids = RT::Principal->Ids( $args{'PrincipalId'} );
$self->Limit(ALIAS => $members, FIELD => 'MemberId', OPERATOR => 'IN', VALUE => \@ids);
$self->Limit(ALIAS => $members, FIELD => 'Disabled', VALUE => 0)
if $args{'Recursively'};
@@ -587,15 +596,8 @@ my $orig_has_right = \&RT::Principal::HasRight;
DISTINCT => $members eq 'GroupMembers',
);
- my $principal = RT::Principal->new( $self->CurrentUser );
- $principal->Load($args{'PrincipalId'});
- my @ids = $args{'PrincipalId'};
- if ( $principal->IsUser ) {
+ my @ids = RT::Principal->Ids( $args{'PrincipalId'} );
- # Not call GetMergedUsers as we don't want to create the attribute here
- my $merged_users = $principal->Object->FirstAttribute('MergedUsers');
- push @ids, @{ $merged_users->Content } if $merged_users;
- }
$self->Limit(
LEFTJOIN => $members_alias,
ALIAS => $members_alias,
-----------------------------------------------------------------------
hooks/post-receive
--
RT-Extension-MergeUsers
More information about the Bps-public-commit
mailing list