[Rt-commit] r2693 - in rt/branches/PLATANO-EXPERIMENTAL-CSS: . html/Search lib/RT/Interface

Sat Apr 16 04:14:57 EDT 2005

Author: jesse
Date: Sat Apr 16 04:14:56 2005
New Revision: 2693

Modified:
   rt/branches/PLATANO-EXPERIMENTAL-CSS/   (props changed)
   rt/branches/PLATANO-EXPERIMENTAL-CSS/html/Search/Build.html
   rt/branches/PLATANO-EXPERIMENTAL-CSS/lib/RT/Interface/Web.pm
Log:
 r13082 at hualien:  jesse | 2005-04-16 03:01:26 -0400
  r12976 at hualien:  jesse | 2005-04-16 02:17:39 -0400
   r6768 at hualien:  jesse | 2005-03-11 18:59:52 -0500
    r6766 at hualien (orig r2341):  clkao | 2005-03-11 18:58:39 -0500
     r2469 at ab:  clkao | 2005-03-12 07:41:47 +0800
     Properly check permission with the correct object on savesearch.
    
    r6767 at hualien (orig r2342):  clkao | 2005-03-11 18:59:06 -0500
     r2470 at ab:  clkao | 2005-03-12 07:56:47 +0800
     Move _parse_saved_search and _load_container_object to RT::Interface::Web.
    
   
  
 


Modified: rt/branches/PLATANO-EXPERIMENTAL-CSS/html/Search/Build.html
==============================================================================

--- rt/branches/PLATANO-EXPERIMENTAL-CSS/html/Search/Build.html	(original)
+++ rt/branches/PLATANO-EXPERIMENTAL-CSS/html/Search/Build.html	Sat Apr 16 04:14:56 2005
@@ -151,39 +151,6 @@
 # Clean unwanted junk from the format
 $Format = $m->comp( '/Elements/ScrubHTML', Content => $Format ) if ($Format);
 
-sub _load_container_object {
-    my ($obj_type, $obj_id) = @_;
-    if ( $obj_type eq 'RT::User' && $obj_id == $session{'CurrentUser'}->Id)  {
-	return $session{'CurrentUser'}->UserObj;
-    }
-    elsif ($obj_type eq 'RT::Group') {
-	my $group = RT::Group->new($session{'CurrentUser'});
-	$group->Load($obj_id);
-	return $group;
-    }
-    elsif ($obj_type eq 'RT::System') {
-	# XXX: check hasright
-	return RT::System->new($session{'CurrentUser'});
-    }
-    else {
-#	push( @actions, [ loc("error: Invalid object type"), -1 ] );
-    }
-
-}
-
-sub _parse_saved_search {
-    my $spec = shift;
-    if ($spec  !~ /^(.*?)-(\d+)-SavedSearch-(\d+)$/ ) {
-#	push( @actions, [ loc("error: Invalid argument"), -1 ] );
-	return;
-    }
-    my $obj_type  = $1;
-    my $obj_id    = $2;
-    my $search_id = $3;
-
-    return (_load_container_object ($obj_type, $obj_id), $search_id);
-}
-
 # {{{ If we're asked to delete the current search, make it go away and reset the search parameters
 if ( $ARGS{'Delete'} ) {
 
@@ -758,13 +725,13 @@
 
 # {{{ if we're asked to save the current search, save it
 if ( $ARGS{'Save'} ) {
-    # permission check
-    if ($search->Object->isa('RT::System')) {
-	unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
-	    Abort("No permission to save system-wide searches");
-	}
-    }
     if ( $search && $search->id ) {
+	# permission check
+	if ($search->Object->isa('RT::System')) {
+	    unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
+		Abort("No permission to save system-wide searches");
+	    }
+	}
 
         # This search is based on a previously loaded search -- so
         # just update the current search object with new values
@@ -787,6 +754,13 @@
         my $container_object = _load_container_object ($obj_type, $obj_id);
 
         if ( $container_object->id ) {
+	    # permission check
+	    if ($container_object->isa('RT::System')) {
+		unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
+		    Abort("No permission to save system-wide searches");
+		}
+	    }
+
 	    my $name = $obj_type eq 'RT::System' ? "Search - $Description" : 'SavedSearch';
             # If we got one or the other, add the saerch
             my ( $search_id, $search_msg ) = $container_object->AddAttribute(

Modified: rt/branches/PLATANO-EXPERIMENTAL-CSS/lib/RT/Interface/Web.pm
==============================================================================
--- rt/branches/PLATANO-EXPERIMENTAL-CSS/lib/RT/Interface/Web.pm	(original)
+++ rt/branches/PLATANO-EXPERIMENTAL-CSS/lib/RT/Interface/Web.pm	Sat Apr 16 04:14:56 2005
@@ -1508,6 +1508,49 @@
     };
 }
 
+=head2 _load_container_object ( $type, $id );
+
+Instantiate container object for saving searches.
+
+=cut
+
+sub _load_container_object {
+    my ($obj_type, $obj_id) = @_;
+    if ( $obj_type eq 'RT::User' && $obj_id == $session{'CurrentUser'}->Id)  {
+	return $session{'CurrentUser'}->UserObj;
+    }
+    elsif ($obj_type eq 'RT::Group') {
+	my $group = RT::Group->new($session{'CurrentUser'});
+	$group->Load($obj_id);
+	return $group;
+    }
+    elsif ($obj_type eq 'RT::System') {
+	# XXX: check hasright
+	return RT::System->new($session{'CurrentUser'});
+    }
+    else {
+    }
+}
+
+=head2 _parse_saved_search ( $arg );
+
+Given a serialization string for saved search, and returns the
+container object and the search id.
+
+=cut
+
+sub _parse_saved_search {
+    my $spec = shift;
+    if ($spec  !~ /^(.*?)-(\d+)-SavedSearch-(\d+)$/ ) {
+	return;
+    }
+    my $obj_type  = $1;
+    my $obj_id    = $2;
+    my $search_id = $3;
+
+    return (_load_container_object ($obj_type, $obj_id), $search_id);
+}
+
 eval "require RT::Interface::Web_Vendor";
 die $@ if ($@ && $@ !~ qr{^Can't locate RT/Interface/Web_Vendor.pm});
 eval "require RT::Interface::Web_Local";
