[Rt-commit] r13753 - in rt/3.8/trunk: . share/html/Dashboards share/html/Dashboards/Elements t/web
sartak at bestpractical.com
sartak at bestpractical.com
Thu Jul 3 03:39:32 EDT 2008
Author: sartak
Date: Thu Jul 3 03:39:32 2008
New Revision: 13753
Modified:
rt/3.8/trunk/ (props changed)
rt/3.8/trunk/lib/RT/Dashboard.pm
rt/3.8/trunk/lib/RT/Group_Overlay.pm
rt/3.8/trunk/lib/RT/SharedSetting.pm
rt/3.8/trunk/share/html/Dashboards/Elements/DashboardsForObject
rt/3.8/trunk/share/html/Dashboards/Elements/Tabs
rt/3.8/trunk/share/html/Dashboards/Modify.html
rt/3.8/trunk/t/web/dashboards-groups.t
rt/3.8/trunk/t/web/dashboards.t
Log:
r63653 at onn: sartak | 2008-07-03 03:39:19 -0400
Rework the dashboard rights so personal and group dashboards make sense.
Modified: rt/3.8/trunk/lib/RT/Dashboard.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Dashboard.pm (original)
+++ rt/3.8/trunk/lib/RT/Dashboard.pm Thu Jul 3 03:39:32 2008
@@ -74,10 +74,17 @@
use base qw/RT::SharedSetting/;
my %new_rights = (
- SeeDashboard => 'View dashboards', #loc_pair
- ModifyDashboard => 'Create and modify dashboards', #loc_pair
SubscribeDashboard => 'Subscribe to email dashboards', #loc_pair
- DeleteDashboard => 'Delete dashboards', #loc_pair
+
+ SeeDashboard => 'View system dashboards', #loc_pair
+ CreateDashboard => 'Create system dashboards', #loc_pair
+ ModifyDashboard => 'Modify system dashboards', #loc_pair
+ DeleteDashboard => 'Delete system dashboards', #loc_pair
+
+ SeeOwnDashboard => 'View personal dashboards', #loc_pair
+ CreateOwnDashboard => 'Create personal dashboards', #loc_pair
+ ModifyOwnDashboard => 'Modify personal dashboards', #loc_pair
+ DeleteOwnDashboard => 'Delete personal dashboards', #loc_pair
);
use RT::System;
@@ -211,23 +218,24 @@
}
# _PrivacyObjects: returns a list of objects that can be used to load
-# dashboards from. If the Modify parameter is true, then check write rights.
-# Otherwise, check read rights.
+# dashboards from. If the Modify parameter is true, then check modify rights.
+# If the Create parameter is true, then check create rights. Otherwise, check
+# read rights.
sub _PrivacyObjects {
my $self = shift;
my %args = @_;
- my ($local_right, $system_right) = $args{Modify}
- ? ('ModifyDashboard', 'SuperUser')
- : ('SeeDashboard', 'SeeDashboard');
-
my $CurrentUser = $self->CurrentUser;
my @objects;
+ my $prefix = $args{Modify} ? "Modify"
+ : $args{Create} ? "Create"
+ : "See";
+
push @objects, $CurrentUser->UserObj
if $self->CurrentUser->HasRight(
- Right => $local_right,
+ Right => "${prefix}OwnDashboard",
Object => $RT::System,
);
@@ -238,14 +246,14 @@
push @objects, grep {
$self->CurrentUser->HasRight(
- Right => $local_right,
+ Right => "${prefix}GroupDashboard",
Object => $_,
)
} @{ $groups->ItemsArrayRef };
push @objects, RT::System->new($CurrentUser)
if $CurrentUser->HasRight(
- Right => $system_right,
+ Right => "${prefix}Dashboard",
Object => $RT::System,
);
@@ -257,7 +265,7 @@
sub _CurrentUserCan {
my $self = shift;
my $privacy = shift || $self->Privacy;
- my %rights = @_;
+ my %args = @_;
if (!defined($privacy)) {
$RT::Logger->debug("No privacy provided to $self->_CurrentUserCan");
@@ -267,26 +275,28 @@
my $object = $self->_GetObject($privacy);
return 0 unless $object;
- my $right;
-
- if ($object->isa('RT::System')) { $right = $rights{System} }
- elsif ($object->isa('RT::User')) { $right = $rights{User} }
- elsif ($object->isa('RT::Group')) { $right = $rights{Group} }
+ my $level;
- $right ||= $rights{Right};
-
- if (!$right) {
- $RT::Logger->error("No right provided for object $object");
+ if ($object->isa('RT::User')) { $level = 'Own' }
+ elsif ($object->isa('RT::Group')) { $level = 'Group' }
+ elsif ($object->isa('RT::System')) { $level = '' }
+ else {
+ $RT::Logger->error("Unknown object $object from privacy $privacy");
return 0;
}
# users are mildly special-cased, since we actually have to check that
- # the user has the global right, and that the user is operating on himself
+ # the user is operating on himself
if ($object->isa('RT::User')) {
return 0 unless $object->Id == $self->CurrentUser->Id;
- $object = $RT::System;
}
+ my $right = $args{FullRight}
+ || join('', $args{Right}, $level, 'Dashboard');
+
+ # all rights, except group rights, are global
+ $object = $RT::System unless $object->isa('RT::Group');
+
return $self->CurrentUser->HasRight(
Right => $right,
Object => $object,
@@ -294,41 +304,38 @@
}
sub CurrentUserCanSee {
- my $self = shift;
+ my $self = shift;
my $privacy = shift;
- $self->_CurrentUserCan($privacy,
- Right => 'SeeDashboard',
- );
+ $self->_CurrentUserCan($privacy, Right => 'See');
}
-sub CurrentUserCanSubscribe {
- my $self = shift;
+sub CurrentUserCanCreate {
+ my $self = shift;
my $privacy = shift;
- $self->_CurrentUserCan($privacy,
- Right => 'SubscribeDashboard',
- );
+ $self->_CurrentUserCan($privacy, Right => 'Create');
}
sub CurrentUserCanModify {
- my $self = shift;
+ my $self = shift;
my $privacy = shift;
- $self->_CurrentUserCan($privacy,
- Right => 'ModifyDashboard',
- System => 'SuperUser',
- );
+ $self->_CurrentUserCan($privacy, Right => 'Modify');
}
sub CurrentUserCanDelete {
- my $self = shift;
+ my $self = shift;
my $privacy = shift;
- $self->_CurrentUserCan($privacy,
- Right => 'DeleteDashboard',
- System => 'SuperUser',
- );
+ $self->_CurrentUserCan($privacy, Right => 'Delete');
+}
+
+sub CurrentUserCanSubscribe {
+ my $self = shift;
+ my $privacy = shift;
+
+ $self->_CurrentUserCan($privacy, FullRight => 'SubscribeDashboard');
}
eval "require RT::Dashboard_Vendor";
Modified: rt/3.8/trunk/lib/RT/Group_Overlay.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Group_Overlay.pm (original)
+++ rt/3.8/trunk/lib/RT/Group_Overlay.pm Thu Jul 3 03:39:32 2008
@@ -94,10 +94,10 @@
ShowSavedSearches => 'Display saved searches for this group', # loc_pair
SeeGroup => 'Make this group visible to user', # loc_pair
- SeeDashboard => 'View dashboards', #loc_pair
- ModifyDashboard => 'Create and modify dashboards', #loc_pair
- SubscribeDashboard => 'Subscribe to email dashboards', #loc_pair
- DeleteDashboard => 'Delete dashboards', #loc_pair
+ SeeGroupDashboard => 'View dashboards for this group', #loc_pair
+ CreateGroupDashboard => 'Create dashboards for this group', #loc_pair
+ ModifyGroupDashboard => 'Modify dashboards for this group', #loc_pair
+ DeleteGroupDashboard => 'Delete dashboards for this group', #loc_pair
};
# Tell RT::ACE that this sort of object can get acls granted
Modified: rt/3.8/trunk/lib/RT/SharedSetting.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/SharedSetting.pm (original)
+++ rt/3.8/trunk/lib/RT/SharedSetting.pm Thu Jul 3 03:39:32 2008
@@ -185,7 +185,7 @@
unless $object;
return (0, $self->loc("Permission denied"))
- unless $self->CurrentUserCanModify($privacy);
+ unless $self->CurrentUserCanCreate($privacy);
my ($att_id, $att_msg) = $self->SaveAttribute($object, \%args);
@@ -358,7 +358,8 @@
return 0;
}
-sub CurrentUserCanSee { 1 }
+sub CurrentUserCanSee { 1 }
+sub CurrentUserCanCreate { 1 }
sub CurrentUserCanModify { 1 }
sub CurrentUserCanDelete { 1 }
Modified: rt/3.8/trunk/share/html/Dashboards/Elements/DashboardsForObject
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Elements/DashboardsForObject (original)
+++ rt/3.8/trunk/share/html/Dashboards/Elements/DashboardsForObject Thu Jul 3 03:39:32 2008
@@ -58,8 +58,12 @@
while (my $attr = $Object->Attributes->Next) {
if ($attr->Name =~ /^Dashboard\b/) {
my $dashboard = RT::Dashboard->new($session{'CurrentUser'});
- my ($ok) = $dashboard->Load($privacy, $attr->id);
- next if !$ok;
+ my ($ok, $msg) = $dashboard->Load($privacy, $attr->id);
+
+ if (!$ok) {
+ $RT::Logger->debug("Unable to load dashboard $ok (privacy $privacy): $msg");
+ next;
+ }
if ($Object->isa('RT::System')) {
push @{ $dashboards{system} }, $dashboard;
Modified: rt/3.8/trunk/share/html/Dashboards/Elements/Tabs
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Elements/Tabs (original)
+++ rt/3.8/trunk/share/html/Dashboards/Elements/Tabs Thu Jul 3 03:39:32 2008
@@ -96,7 +96,7 @@
path => "Dashboards/index.html" };
my $dashboard = RT::Dashboard->new($session{'CurrentUser'});
-my @objects = $dashboard->_PrivacyObjects(Modify => 1);
+my @objects = $dashboard->_PrivacyObjects(Create => 1);
if (@objects) {
$tabs->{"B"} = { title => loc('New dashboard'),
Modified: rt/3.8/trunk/share/html/Dashboards/Modify.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Modify.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/Modify.html Thu Jul 3 03:39:32 2008
@@ -83,16 +83,16 @@
my ($title, @results);
my $tried_create = 0;
+# user went directly to Modify.html
+$Create = 1 if !$id;
+
use RT::Dashboard;
my $Dashboard = RT::Dashboard->new($session{'CurrentUser'});
-my @privacies = $Dashboard->_PrivacyObjects(Modify => 1);
+my @privacies = $Dashboard->_PrivacyObjects(($Create ? 'Create' : 'Modify') => 1);
Abort(loc("Permission denied")) if @privacies == 0;
-# user went directly to Modify.html
-$Create = 1 if !$id;
-
if ($Create) {
$current_subtab = 'Dashboards/Modify.html?Create=1';
$title = loc("Create a new dashboard");
Modified: rt/3.8/trunk/t/web/dashboards-groups.t
==============================================================================
--- rt/3.8/trunk/t/web/dashboards-groups.t (original)
+++ rt/3.8/trunk/t/web/dashboards-groups.t Thu Jul 3 03:39:32 2008
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
-use Test::More tests => 38;
+use Test::More tests => 36;
use RT::Test;
my ($baseurl, $m) = RT::Test->started_ok;
@@ -26,7 +26,7 @@
# grant the user all these rights so we can make sure that the group rights
# are checked and not these as well
$user_obj->PrincipalObj->GrantRight(Right => $_, Object => $RT::System)
- for qw/SeeDashboard ModifyDashboard SubscribeDashboard DeleteDashboard/;
+ for qw/SubscribeDashboard CreateOwnDashboard SeeOwnDashboard ModifyOwnDashboard DeleteOwnDashboard/;
# }}}
# create and test groups (outer < inner < user) {{{
my $inner_group = RT::Group->new($RT::SystemUser);
@@ -63,7 +63,7 @@
is_deeply([$m->current_form->find_input('Privacy')->possible_values], ["RT::User-" . $user_obj->Id], "the only selectable privacy is user");
$m->content_lacks('Delete', "Delete button hidden because we are creating");
-$user_obj->PrincipalObj->GrantRight(Right => 'SubscribeDashboard', Object => $inner_group);
+$user_obj->PrincipalObj->GrantRight(Right => 'CreateGroupDashboard', Object => $inner_group);
$m->follow_link_ok({text => "New dashboard"});
$m->form_name('ModifyDashboard');
@@ -87,18 +87,13 @@
is($dashboard->PossibleHiddenSearches, 0, "all searches are visible");
$m->get_ok("/Dashboards/Modify.html?id=$id");
-$m->content_lacks("inner dashboard", "no SeeDashboard right");
+$m->content_lacks("inner dashboard", "no SeeGroupDashboard right");
$m->content_contains("Permission denied");
-$user_obj->PrincipalObj->GrantRight(Right => 'SeeDashboard', Object => $inner_group);
+$user_obj->PrincipalObj->GrantRight(Right => 'SeeGroupDashboard', Object => $inner_group);
$m->get_ok("/Dashboards/Modify.html?id=$id");
-$m->content_contains("inner dashboard", "we now have SeeDashboard right");
+$m->content_contains("inner dashboard", "we now have SeeGroupDashboard right");
$m->content_lacks("Permission denied");
-$m->content_lacks('Subscription', "Subscription link still hidden because we lack SubscribeDashboard on this dashboard's privacy");
-
-$user_obj->PrincipalObj->GrantRight(Right => 'SubscribeDashboard', Object => $inner_group);
-
-$m->get_ok("/Dashboards/Modify.html?id=$id");
-$m->content_contains('Subscription', "We now have SubscribeDashboard on inner group");
+$m->content_contains('Subscription', "Subscription link not hidden because we have SubscribeDashboard");
Modified: rt/3.8/trunk/t/web/dashboards.t
==============================================================================
--- rt/3.8/trunk/t/web/dashboards.t (original)
+++ rt/3.8/trunk/t/web/dashboards.t Thu Jul 3 03:39:32 2008
@@ -1,7 +1,7 @@
#!/usr/bin/perl -w
use strict;
-use Test::More tests => 77;
+use Test::More tests => 80;
use RT::Test;
my ($baseurl, $m) = RT::Test->started_ok;
@@ -25,20 +25,27 @@
ok $m->login(customer => 'customer'), "logged in";
$m->get_ok($url."Dashboards/index.html");
-$m->content_lacks("New dashboard", "No 'new dashboard' link because we have no ModifyDashboard");
+$m->content_lacks("New dashboard", "No 'new dashboard' link because we have no CreateOwnDashboard");
$m->get_ok($url."Dashboards/Modify.html?Create=1");
$m->content_contains("Permission denied");
$m->content_lacks("Save Changes");
-$user_obj->PrincipalObj->GrantRight(Right => 'ModifyDashboard', Object => $RT::System);
+$user_obj->PrincipalObj->GrantRight(Right => 'ModifyOwnDashboard', Object => $RT::System);
+
+# Modify itself is no longer good enough, you need Create
+$m->get_ok($url."Dashboards/Modify.html?Create=1");
+$m->content_contains("Permission denied");
+$m->content_lacks("Save Changes");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'CreateOwnDashboard', Object => $RT::System);
$m->get_ok($url."Dashboards/Modify.html?Create=1");
$m->content_lacks("Permission denied");
$m->content_contains("Save Changes");
$m->get_ok($url."Dashboards/index.html");
-$m->content_contains("New dashboard", "'New dashboard' link because we now have ModifyDashboard");
+$m->content_contains("New dashboard", "'New dashboard' link because we now have ModifyOwnDashboard");
$m->follow_link_ok({text => "New dashboard"});
$m->form_name('ModifyDashboard');
@@ -47,15 +54,15 @@
$m->click_button(value => 'Save Changes');
$m->content_lacks("No permission to create dashboards");
$m->content_contains("Saved dashboard different dashboard");
-$m->content_lacks('Delete', "Delete button hidden because we lack DeleteDashboard");
+$m->content_lacks('Delete', "Delete button hidden because we lack DeleteOwnDashboard");
$m->get_ok($url."Dashboards/index.html");
-$m->content_lacks("different dashboard", "we lack SeeDashboard");
+$m->content_lacks("different dashboard", "we lack SeeOwnDashboard");
-$user_obj->PrincipalObj->GrantRight(Right => 'SeeDashboard', Object => $RT::System);
+$user_obj->PrincipalObj->GrantRight(Right => 'SeeOwnDashboard', Object => $RT::System);
$m->get_ok($url."Dashboards/index.html");
-$m->content_contains("different dashboard", "we now have SeeDashboard");
+$m->content_contains("different dashboard", "we now have SeeOwnDashboard");
$m->content_lacks("Permission denied");
$m->follow_link_ok({text => "different dashboard"});
@@ -162,12 +169,12 @@
is($user_obj->Attributes->Named('Subscription'), 0, "no more subscriptions");
$m->get_ok("/Dashboards/Modify.html?id=$id&Delete=1");
-$m->content_contains("Permission denied", "unable to delete dashboard because we lack DeleteDashboard");
+$m->content_contains("Permission denied", "unable to delete dashboard because we lack DeleteOwnDashboard");
-$user_obj->PrincipalObj->GrantRight(Right => 'DeleteDashboard', Object => $RT::System);
+$user_obj->PrincipalObj->GrantRight(Right => 'DeleteOwnDashboard', Object => $RT::System);
$m->get_ok("/Dashboards/Modify.html?id=$id");
-$m->content_contains('Delete', "Delete button shows because we have DeleteDashboard");
+$m->content_contains('Delete', "Delete button shows because we have DeleteOwnDashboard");
$m->form_name('ModifyDashboard');
$m->click_button(name => 'Delete');
More information about the Rt-commit
mailing list