[Rt-commit] r13696 - in rt/3.8/trunk: . share/html/Dashboards t/web

[sartak at bestpractical.com]

Author: sartak
Date: Mon Jun 30 16:13:27 2008
New Revision: 13696

Modified:
   rt/3.8/trunk/   (props changed)
   rt/3.8/trunk/lib/RT/Dashboard.pm
   rt/3.8/trunk/share/html/Dashboards/Modify.html
   rt/3.8/trunk/t/web/dashboards.t

Log:
 r63486 at onn:  sartak | 2008-06-30 16:12:43 -0400
 Check delete right *after* loading the Dashboard. Some other minor adjustments


Modified: rt/3.8/trunk/lib/RT/Dashboard.pm
==============================================================================
--- rt/3.8/trunk/lib/RT/Dashboard.pm	(original)
+++ rt/3.8/trunk/lib/RT/Dashboard.pm	Mon Jun 30 16:13:27 2008
@@ -259,6 +259,11 @@
     my $privacy = shift || $self->Privacy;
     my %rights  = @_;
 
+    if (!defined($privacy)) {
+        $RT::Logger->debug("No privacy provided to $self->_CurrentUserCan");
+        return 0;
+    }
+
     my $object = $self->_GetObject($privacy);
     return 0 unless $object;
 
@@ -276,7 +281,7 @@
     }
 
     # users are mildly special-cased, since we actually have to check that
-    # the user has the global right
+    # the user has the global right, and that the user is operating on himself
     if ($object->isa('RT::User')) {
         return 0 unless $object->Id == $self->CurrentUser->Id;
         $object = $RT::System;

Modified: rt/3.8/trunk/share/html/Dashboards/Modify.html
==============================================================================
--- rt/3.8/trunk/share/html/Dashboards/Modify.html	(original)
+++ rt/3.8/trunk/share/html/Dashboards/Modify.html	Mon Jun 30 16:13:27 2008
@@ -90,7 +90,6 @@
 
 Abort(loc("Permission denied")) if @privacies == 0;
 
-my $can_delete = $Dashboard->CurrentUserCanDelete;
 
 # user went directly to Modify.html
 $Create = 1 if !$id;
@@ -145,6 +144,8 @@
 
 }
 
+my $can_delete = $Dashboard->CurrentUserCanDelete;
+
 if (!$Create && !$tried_create && $id && $ARGS{'Delete'}) {
     my ($ok, $msg) = $Dashboard->Delete();
     $ok || Abort(loc("Couldn't delete dashboard [_1]: [_2]", $id, $msg));

Modified: rt/3.8/trunk/t/web/dashboards.t
==============================================================================
--- rt/3.8/trunk/t/web/dashboards.t	(original)
+++ rt/3.8/trunk/t/web/dashboards.t	Mon Jun 30 16:13:27 2008
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 use strict;
 
-use Test::More tests => 71;
+use Test::More tests => 76;
 use RT::Test;
 my ($baseurl, $m) = RT::Test->started_ok;
 
@@ -165,6 +165,7 @@
 $m->content_contains("Permission denied", "unable to delete dashboard because we lack DeleteDashboard");
 
 $user_obj->PrincipalObj->GrantRight(Right => 'DeleteDashboard', Object => $RT::System);
+
 $m->get_ok("/Dashboards/Modify.html?id=$id");
 $m->content_contains('Delete', "Delete button shows because we have DeleteDashboard");
 
@@ -173,5 +174,5 @@
 $m->content_contains("Deleted dashboard $id");
 
 $m->get("/Dashboards/Modify.html?id=$id");
-$m->content_contains("Could not load dashboard");
+$m->content_lacks("different dashboard", "dashboard was deleted");