[Rt-commit] r11224 - in rt/branches/3.8-TESTING: etc
ruz at bestpractical.com
ruz at bestpractical.com
Wed Mar 26 22:48:44 EDT 2008
Author: ruz
Date: Wed Mar 26 22:48:43 2008
New Revision: 11224
Modified:
rt/branches/3.8-TESTING/etc/initialdata
rt/branches/3.8-TESTING/lib/RT/Handle.pm
Log:
* create more system objects in the method
* add docs
* move code aorund so Suser has SU right asap
Modified: rt/branches/3.8-TESTING/etc/initialdata
==============================================================================
--- rt/branches/3.8-TESTING/etc/initialdata (original)
+++ rt/branches/3.8-TESTING/etc/initialdata Wed Mar 26 22:48:43 2008
@@ -12,30 +12,7 @@
);
@Groups = (
- { Name => '',
- Type => 'Owner', # loc
- Domain => 'RT::System-Role',
- Instance => '',
- Description => 'SystemRolegroup for internal use', # loc
- },
- { Name => '',
- Type => 'Requestor', # loc
- Domain => 'RT::System-Role',
- Instance => '',
- Description => 'SystemRolegroup for internal use', # loc
- },
- { Name => '',
- Type => 'Cc', # loc
- Domain => 'RT::System-Role',
- Instance => '',
- Description => 'SystemRolegroup for internal use', # loc
- },
- { Name => '',
- Type => 'AdminCc', # loc
- Domain => 'RT::System-Role',
- Instance => '',
- Description => 'Pseudogroup for internal use', # loc
- }, );
+);
@Queues = ({ Name => 'General',
Description => 'The default queue',
Modified: rt/branches/3.8-TESTING/lib/RT/Handle.pm
==============================================================================
--- rt/branches/3.8-TESTING/lib/RT/Handle.pm (original)
+++ rt/branches/3.8-TESTING/lib/RT/Handle.pm Wed Mar 26 22:48:43 2008
@@ -509,6 +509,15 @@
=head2 InsertInitialData
+Inserts system objects into RT's DB, like system user or 'nobody',
+internal groups and other records required. However, this method
+doesn't insert any real users like 'root' and you have to use
+InsertData or another way to do that.
+
+Takes no arguments. Returns status and message tuple.
+
+It's safe to call this method even if those objects already exist.
+
=cut
sub InsertInitialData {
@@ -546,25 +555,7 @@
return (0, "Couldn't load system user");
}
- foreach my $name (qw(Everyone Privileged Unprivileged)) {
- my $group = RT::Group->new( $RT::SystemUser );
- $group->LoadSystemInternalGroup( $name );
- if ( $group->id ) {
- push @warns, "System group '$name' already exists.";
- next;
- }
-
- $group = RT::Group->new( $RT::SystemUser );
- my ( $val, $msg ) = $group->_Create(
- Type => $name,
- Domain => 'SystemInternal',
- Description => 'Pseudogroup for internal use', # loc
- Name => '',
- Instance => '',
- );
- return ($val, $msg) unless $val;
- }
-
+ # grant SuperUser right to system user
{
my $test_ace = RT::ACE->new( $RT::SystemUser );
$test_ace->LoadByCols(
@@ -576,7 +567,6 @@
);
if ( $test_ace->id ) {
push @warns, "System user has global SuperUser right.";
-
} else {
my $ace = RT::ACE->new( $RT::SystemUser );
my ( $val, $msg ) = $ace->_BootstrapCreate(
@@ -591,6 +581,26 @@
DBIx::SearchBuilder::Record::Cachable->FlushCache;
}
+ # system groups
+ foreach my $name (qw(Everyone Privileged Unprivileged)) {
+ my $group = RT::Group->new( $RT::SystemUser );
+ $group->LoadSystemInternalGroup( $name );
+ if ( $group->id ) {
+ push @warns, "System group '$name' already exists.";
+ next;
+ }
+
+ $group = RT::Group->new( $RT::SystemUser );
+ my ( $val, $msg ) = $group->_Create(
+ Type => $name,
+ Domain => 'SystemInternal',
+ Description => 'Pseudogroup for internal use', # loc
+ Name => '',
+ Instance => '',
+ );
+ return ($val, $msg) unless $val;
+ }
+
# nobody
{
my $user = RT::User->new( $RT::SystemUser );
@@ -609,29 +619,40 @@
return ($val, $msg) unless $val;
}
- my $test_ace = RT::ACE->new( $RT::SystemUser );
- $test_ace->LoadByCols(
- PrincipalId => ACLEquivGroupId( $user->Id ),
- PrincipalType => 'Group',
- RightName => 'OwnTicket',
- ObjectType => 'RT::System',
- ObjectId => 1,
- );
- if ( $test_ace->id ) {
+ if ( $user->HasRight( Right => 'OwnTicket', Object => $RT::System ) ) {
push @warns, "User 'Nobody' has global OwnTicket right.";
} else {
- my $ace = RT::ACE->new( $RT::SystemUser );
- my ( $val, $msg ) = $ace->_BootstrapCreate(
- PrincipalId => ACLEquivGroupId( $user->Id ),
- PrincipalType => 'Group',
- RightName => 'OwnTicket',
- ObjectType => 'RT::System',
- ObjectId => 1,
+ my ( $val, $msg ) = $user->PrincipalObj->GrantRight(
+ Right => 'OwnTicket',
+ Object => $RT::System,
);
return ($val, $msg) unless $val;
}
}
+ # rerun to get init Nobody as well
+ RT::InitSystemObjects();
+
+ # system role groups
+ foreach my $name (qw(Owner Requestor Cc AdminCc)) {
+ my $group = RT::Group->new( $RT::SystemUser );
+ $group->LoadSystemRoleGroup( $name );
+ if ( $group->id ) {
+ push @warns, "System role '$name' already exists.";
+ next;
+ }
+
+ $group = RT::Group->new( $RT::SystemUser );
+ my ( $val, $msg ) = $group->_Create(
+ Type => $name,
+ Domain => 'RT::System-Role',
+ Description => 'SystemRolegroup for internal use', # loc
+ Name => '',
+ Instance => '',
+ );
+ return ($val, $msg) unless $val;
+ }
+
push @warns, "You appear to have a functional RT database."
if @warns;
More information about the Rt-commit
mailing list