[Rt-commit] r13632 - in rt/3.8/trunk: . share/html/Dashboards
sartak at bestpractical.com
sartak at bestpractical.com
Thu Jun 26 20:07:23 EDT 2008
Author: sartak
Date: Thu Jun 26 20:07:23 2008
New Revision: 13632
Modified:
rt/3.8/trunk/ (props changed)
rt/3.8/trunk/lib/RT/SharedSetting.pm
rt/3.8/trunk/share/html/Dashboards/Modify.html
rt/3.8/trunk/share/html/Dashboards/Queries.html
rt/3.8/trunk/share/html/Dashboards/Subscription.html
Log:
r63277 at onn: sartak | 2008-06-26 17:30:23 -0400
Remove the ACL checks from the view, they need to be in the API (and improved to handle groups)
Modified: rt/3.8/trunk/lib/RT/SharedSetting.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/SharedSetting.pm (original)
+++ rt/3.8/trunk/lib/RT/SharedSetting.pm Thu Jun 26 20:07:23 2008
@@ -177,13 +177,7 @@
return (0, $self->loc("Failed to load object for [_1]", $privacy))
unless $object;
- if ( $object->isa('RT::System') ) {
- return (0, $self->loc("No permission to save system-wide [_1]", $self->ObjectName))
- unless $self->CurrentUser->HasRight(
- Object => $RT::System,
- Right => 'SuperUser',
- );
- }
+ # XXX: check acls
my ($att_id, $att_msg) = $self->SaveAttribute($object, \%args);
@@ -363,36 +357,6 @@
return 0;
}
-sub CurrentUserCanSee {
- my $self = shift;
- my $privacy = $self->Privacy;
-
- if (!defined($privacy)) {
- $RT::Logger->error("CurrentUserCanSee called with a dashboard without privacy.");
- return 0;
- }
-
- return 1 if $privacy =~ /^RT::System/;
-
- return 1 if $privacy =~ /^RT::User-(\d+)/
- && $self->CurrentUser->Id == $1
- && $self->CurrentUser->HasRight(
- Right => 'SeeDashboard',
- Object => $RT::System,
- );
-
- if ($privacy =~ /^RT::Group-(\d+)/) {
- my $group = RT::Group->new($self->CurrentUser);
- $group->Load($1);
- return 1 if $self->CurrentUser->HasRight(
- Right => 'SeeDashboard',
- Object => $group,
- );
- }
-
- return 0;
-}
-
### Internal methods
# _GetObject: helper routine to load the correct object whose parameters
Modified: rt/3.8/trunk/share/html/Dashboards/Modify.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Modify.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/Modify.html Thu Jun 26 20:07:23 2008
@@ -88,7 +88,7 @@
my $Dashboard = RT::Dashboard->new($session{'CurrentUser'});
my @privacies = $Dashboard->_PrivacyObjects(Modify => 1);
-my $can_delete = $session{'CurrentUser'}->HasRight(Right => 'DeleteDashboard', Object => $RT::System);
+my $can_delete = 1; # XXX: acl check
# user went directly to Modify.html
$Create = 1 if !$id;
@@ -99,23 +99,18 @@
}
else {
if ($id eq 'new') {
- my ($val, $msg);
$tried_create = 1;
- if ($session{'CurrentUser'}->HasRight(Right => 'ModifyDashboard', Object => $RT::System)) {
- ($val, $msg) = $Dashboard->Save(
- Name => $ARGS{'Name'},
- Privacy => $ARGS{'Privacy'},
- );
- push @results, $msg;
- }
- else {
- $msg = "No permission to create dashboards";
- }
+ my ($val, $msg) = $Dashboard->Save(
+ Name => $ARGS{'Name'},
+ Privacy => $ARGS{'Privacy'},
+ );
if (!$val) {
Abort(loc("Dashboard could not be created: [_1]", $msg));
}
+
+ push @results, $msg;
$id = $Dashboard->Id;
}
else {
@@ -136,14 +131,8 @@
}
if (!$Create && !$tried_create && $id && $ARGS{'Save'}) {
- my ($ok, $msg);
- if ($session{'CurrentUser'}->HasRight(Right => 'ModifyDashboard', Object => $RT::System)) {
- ($ok, $msg) = $Dashboard->Update(Privacy => $ARGS{'Privacy'},
- Name => $ARGS{'Name'});
- }
- else {
- $msg = "No permission to update dashboards";
- }
+ my ($ok, $msg) = $Dashboard->Update(Privacy => $ARGS{'Privacy'},
+ Name => $ARGS{'Name'});
if ($ok) {
push @results, loc("Dashboard updated");
@@ -162,8 +151,6 @@
RT::Interface::Web::Redirect(RT->Config->Get('WebURL')."Dashboards/index.html?Deleted=$id");
}
-
-Abort(loc("Permission denied")) unless $Dashboard->CurrentUserCanSee;
</%INIT>
<%ARGS>
Modified: rt/3.8/trunk/share/html/Dashboards/Queries.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Queries.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/Queries.html Thu Jun 26 20:07:23 2008
@@ -134,13 +134,7 @@
[ reverse(split /-/, $_, 2), $desc_of{$_} ]
} @{ $self->{Current} } ];
- my ($ok, $msg);
- if ($session{'CurrentUser'}->HasRight(Right => 'ModifyDashboard', Object => $RT::System)) {
- ($ok, $msg) = $Dashboard->Update(Searches => $searches);
- }
- else {
- $msg = "No permission to update dashboards";
- }
+ my ($ok, $msg) = $Dashboard->Update(Searches => $searches);
if ($ok) {
push @results, loc("Dashboard updated");
Modified: rt/3.8/trunk/share/html/Dashboards/Subscription.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Subscription.html (original)
+++ rt/3.8/trunk/share/html/Dashboards/Subscription.html Thu Jun 26 20:07:23 2008
@@ -238,18 +238,13 @@
}
# create
else {
- if ($session{'CurrentUser'}->HasRight(Right => 'SubscribeDashboard', Object => $RT::System)) {
- ($val, $msg) = $SubscriptionObj->Create(
- Name => 'Subscription',
- Description => 'Subscription to dashboard ' . $DashboardId,
- ContentType => 'storable',
- Object => $session{'CurrentUser'}->UserObj,
- Content => \%fields,
- );
- }
- else {
- ($val, $msg) = (0, "No permission to subscribe to dashboards");
- }
+ my ($val, $msg) = $SubscriptionObj->Create(
+ Name => 'Subscription',
+ Description => 'Subscription to dashboard ' . $DashboardId,
+ ContentType => 'storable',
+ Object => $session{'CurrentUser'}->UserObj,
+ Content => \%fields,
+ );
if ($val) {
push @results, loc("Subscribed to dashboard [_1]", $DashboardObj->Name);
push @results, loc("Warning: you have no email address set, so you will not receive this dashboard until you have it set")
More information about the Rt-commit
mailing list