[Rt-commit] r13635 - in rt/3.8/trunk: .
sartak at bestpractical.com
sartak at bestpractical.com
Thu Jun 26 20:08:14 EDT 2008
Author: sartak
Date: Thu Jun 26 20:08:07 2008
New Revision: 13635
Modified:
rt/3.8/trunk/ (props changed)
rt/3.8/trunk/lib/RT/Dashboard.pm
rt/3.8/trunk/lib/RT/SharedSetting.pm
Log:
r63280 at onn: sartak | 2008-06-26 17:46:31 -0400
Define the API for checking shared-setting ACLs, just need to fill in the details
Modified: rt/3.8/trunk/lib/RT/Dashboard.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Dashboard.pm (original)
+++ rt/3.8/trunk/lib/RT/Dashboard.pm Thu Jun 26 20:08:07 2008
@@ -252,6 +252,26 @@
return @objects;
}
+# ACLs
+
+sub CurrentUserCanSee {
+ my $self = shift;
+ my $privacy = shift || $self->Privacy;
+ return 1;
+}
+
+sub CurrentUserCanModify {
+ my $self = shift;
+ my $privacy = shift || $self->Privacy;
+ return 1;
+}
+
+sub CurrentUserCanDelete {
+ my $self = shift;
+ my $privacy = shift || $self->Privacy;
+ return 1;
+}
+
eval "require RT::Dashboard_Vendor";
die $@ if ($@ && $@ !~ qr{^Can't locate RT/Dashboard_Vendor.pm});
eval "require RT::Dashboard_Local";
Modified: rt/3.8/trunk/lib/RT/SharedSetting.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/SharedSetting.pm (original)
+++ rt/3.8/trunk/lib/RT/SharedSetting.pm Thu Jun 26 20:08:07 2008
@@ -152,10 +152,11 @@
=head2 Save
-Takes a privacy, a name, and any other arguments. Saves the given parameters to
-the appropriate user/group object, and loads the resulting object. Arguments
-are passed to the L</SaveAttribute> method, which does the actual update. Returns a
-tuple of status and message, where status is true on success. Defaults are:
+Creates a new shared setting. Takes a privacy, a name, and any other arguments.
+Saves the given parameters to the appropriate user/group object, and loads the
+resulting object. Arguments are passed to the L</SaveAttribute> method, which
+does the actual update. Returns a tuple of status and message, where status is
+true on success. Defaults are:
Privacy: CurrentUser only
Name: "new (ObjectName)"
@@ -177,7 +178,8 @@
return (0, $self->loc("Failed to load object for [_1]", $privacy))
unless $object;
- # XXX: check acls
+ return (0, $self->loc("Permission denied"))
+ unless $self->CurrentUserCanModify($privacy);
my ($att_id, $att_msg) = $self->SaveAttribute($object, \%args);
@@ -217,6 +219,9 @@
return(0, $self->loc("Could not load [_1] attribute", $self->ObjectName))
unless $self->{'Attribute'}->Id;
+ return (0, $self->loc("Permission denied"))
+ unless $self->CurrentUserCanModify;
+
my ($status, $msg) = $self->UpdateAttribute(\%args);
return (1, $self->loc("[_1] update: Nothing changed", ucfirst($self->ObjectName)))
@@ -247,6 +252,9 @@
sub Delete {
my $self = shift;
+ return (0, $self->loc("Permission denied"))
+ unless $self->CurrentUserCanDelete;
+
my ($status, $msg) = $self->{'Attribute'}->Delete;
if ($status) {
return (1, $self->loc("Deleted [_1]", $self->ObjectName));
@@ -344,6 +352,10 @@
return 0;
}
+sub CurrentUserCanSee { 1 }
+sub CurrentUserCanModify { 1 }
+sub CurrentUserCanDelete { 1 }
+
### Internal methods
# _GetObject: helper routine to load the correct object whose parameters
More information about the Rt-commit
mailing list