[Rt-commit] r2341 - in rt/branches/QUEBEC-EXPERIMENTAL: .
html/Search
clkao at bestpractical.com
clkao at bestpractical.com
Fri Mar 11 18:58:39 EST 2005
Author: clkao
Date: Fri Mar 11 18:58:39 2005
New Revision: 2341
Modified:
rt/branches/QUEBEC-EXPERIMENTAL/ (props changed)
rt/branches/QUEBEC-EXPERIMENTAL/html/Search/Build.html
Log:
r2469 at ab: clkao | 2005-03-12 07:41:47 +0800
Properly check permission with the correct object on savesearch.
Modified: rt/branches/QUEBEC-EXPERIMENTAL/html/Search/Build.html
==============================================================================
--- rt/branches/QUEBEC-EXPERIMENTAL/html/Search/Build.html (original)
+++ rt/branches/QUEBEC-EXPERIMENTAL/html/Search/Build.html Fri Mar 11 18:58:39 2005
@@ -758,13 +758,13 @@
# {{{ if we're asked to save the current search, save it
if ( $ARGS{'Save'} ) {
- # permission check
- if ($search->Object->isa('RT::System')) {
- unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
- Abort("No permission to save system-wide searches");
- }
- }
if ( $search && $search->id ) {
+ # permission check
+ if ($search->Object->isa('RT::System')) {
+ unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
+ Abort("No permission to save system-wide searches");
+ }
+ }
# This search is based on a previously loaded search -- so
# just update the current search object with new values
@@ -787,6 +787,13 @@
my $container_object = _load_container_object ($obj_type, $obj_id);
if ( $container_object->id ) {
+ # permission check
+ if ($container_object->isa('RT::System')) {
+ unless ($session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) {
+ Abort("No permission to save system-wide searches");
+ }
+ }
+
my $name = $obj_type eq 'RT::System' ? "Search - $Description" : 'SavedSearch';
# If we got one or the other, add the saerch
my ( $search_id, $search_msg ) = $container_object->AddAttribute(
More information about the Rt-commit
mailing list