[Rt-commit] r8092 - rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT
ruz at bestpractical.com
ruz at bestpractical.com
Tue Jul 10 17:46:09 EDT 2007
Author: ruz
Date: Tue Jul 10 17:46:09 2007
New Revision: 8092
Modified:
rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/CustomFieldValue_Overlay.pm
Log:
* check AdminCustomField right when we create Custom Field Value
Modified: rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/CustomFieldValue_Overlay.pm
==============================================================================
--- rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/CustomFieldValue_Overlay.pm (original)
+++ rt/branches/3.7-EXPERIMENTAL-TUNIS/lib/RT/CustomFieldValue_Overlay.pm Tue Jul 10 17:46:09 2007
@@ -71,8 +71,20 @@
@_,
);
+ my $cf_id = ref $args{'CustomField'}? $args{'CustomField'}->id: $args{'CustomField'};
+
+ my $cf = RT::CustomField->new( $self->CurrentUser );
+ $cf->Load( $cf_id );
+ unless ( $cf->id ) {
+ return (0, $self->loc("Couldn't load Custom Field #[_1]", $cf_id));
+ }
+ unless ( $cf->CurrentUserHasRight('AdminCustomField') ) {
+ return (0, $self->loc('Permission denied'));
+ }
+
my ($id, $msg) = $self->SUPER::Create(
- map { $_ => $args{$_} } qw(CustomField Name Description SortOrder)
+ CustomField => $cf_id,
+ map { $_ => $args{$_} } qw(Name Description SortOrder)
);
return ($id, $msg) unless $id;
More information about the Rt-commit
mailing list