[Rt-commit] r15714 - rt/branches/3.999-DANGEROUS/lib/RT/Model
ruz at bestpractical.com
ruz at bestpractical.com
Tue Sep 2 23:10:17 EDT 2008
Author: ruz
Date: Tue Sep 2 23:10:17 2008
New Revision: 15714
Modified:
rt/branches/3.999-DANGEROUS/lib/RT/Model/Template.pm
rt/branches/3.999-DANGEROUS/lib/RT/Model/TemplateCollection.pm
Log:
Template
* delete current_user_has_queue_right
** add instead current_user_has_right and has_right
as other models do
* get rid of custom create method
* move all acl checks into check_*_rights functions
* update docs
* make name mandatory column
Modified: rt/branches/3.999-DANGEROUS/lib/RT/Model/Template.pm
==============================================================================
--- rt/branches/3.999-DANGEROUS/lib/RT/Model/Template.pm (original)
+++ rt/branches/3.999-DANGEROUS/lib/RT/Model/Template.pm Tue Sep 2 23:10:17 2008
@@ -79,7 +79,7 @@
use Jifty::DBI::Schema;
use Jifty::DBI::Record schema {
column queue => references RT::Model::Queue;
- column name => max_length is 200, type is 'varchar(200)', default is '';
+ column name => max_length is 200, type is 'varchar(200)', is mandatory;
column
description => max_length is 255,
type is 'varchar(255)', default is '';
@@ -89,46 +89,16 @@
column last_updated_by => references RT::Model::User;
column created => type is 'timestamp';
column creator => references RT::Model::User;
-
};
-sub _set {
- my $self = shift;
-
- unless ( $self->current_user_has_queue_right('ModifyTemplate') ) {
- return ( 0, _('Permission Denied') );
- }
- return $self->SUPER::_set(@_);
-}
-
-
-
-=head2 _value
-
-Takes the name of a table column.
-Returns its value as a string, if the user passes an ACL check
-
-
-
-
-
-=cut
-
-sub _value {
- my $self = shift;
-
- unless ( $self->current_user_has_queue_right('ShowTemplate') ) {
- return undef;
- }
- return $self->__value(@_);
-
-}
-
+=head2 load <identifer>
+Load a template, either by number (id) or by name.
-=head2 load <identifer>
+Note that loading by name is ambiguose and can B<randomly> load
+either global or queue template when both exist.
-Load a template, either by number or by name
+See also L</load_global_template> and L</load_queue_template>.
=cut
@@ -143,8 +113,6 @@
return $self->load_by_id($identifier);
}
-
-
=head2 load_global_template name
Load the global template with the name name
@@ -154,13 +122,10 @@
sub load_global_template {
my $self = shift;
my $id = shift;
-
return ( $self->load_queue_template( queue => 0, name => $id ) );
}
-
-
-=head2 load_queue_template (queue => QUEUEID, name => name)
+=head2 load_queue_template (queue => QUEUEID, name => name)
Loads the queue template named name for queue QUEUE.
@@ -175,11 +140,8 @@
);
return ( $self->load_by_cols( name => $args{'name'}, queue => $args{'queue'} ) );
-
}
-
-
=head2 create
Takes a paramhash of content, queue, name and description.
@@ -188,73 +150,8 @@
queue should be 0 for a global template and the queue # for a queue-specific
template.
-Returns the Template's id # if the create was successful. Returns undef for
-unknown database failure.
-
-
-=cut
-
-sub create {
- my $self = shift;
- my %args = (
- content => undef,
- queue => 0,
- description => '[no description]',
- type => 'Action', #By default, template are 'Action' templates
- name => undef,
- @_
- );
-
- unless ( $args{'queue'} ) {
- unless (
- $self->current_user->has_right(
- right => 'ModifyTemplate',
- object => RT->system
- )
- )
- {
- return ( undef, _('Permission Denied') );
- }
- $args{'queue'} = 0;
- } else {
- my $queue_obj = RT::Model::Queue->new( current_user => $self->current_user );
- $queue_obj->load( $args{'queue'} )
- || return ( undef, _('Invalid queue') );
-
- unless ( $queue_obj->current_user_has_right('ModifyTemplate') ) {
- return ( undef, _('Permission Denied') );
- }
- $args{'queue'} = $queue_obj->id;
- }
-
- my $result = $self->SUPER::create(
- content => $args{'content'},
- queue => $args{'queue'},
- description => $args{'description'},
- name => $args{'name'},
- );
-
- return ($result);
-
-}
-
-
-
-=head2 delete
-
-Delete this template.
-
-=cut
-
-sub delete {
- my $self = shift;
-
- unless ( $self->current_user_has_queue_right('ModifyTemplate') ) {
- return ( 0, _('Permission Denied') );
- }
-
- return ( $self->SUPER::delete(@_) );
-}
+Returns the Template's id if the create was successful. Returns undef on error.
+In list context returns a message as well.
=head2 is_empty
@@ -493,19 +390,124 @@
return ( $rv, $msg );
}
+=head2 rights
+
+=head3 current_user_has_right right
+
+Returns true if the current user has the right on this template.
+Returns false otherwise.
+
+See also L</has_right>.
+
+=cut
+
+sub current_user_has_right {
+ my $self = shift;
+ my $right = shift;
+ return $self->has_right(
+ @_,
+ principal => $self->current_user,
+ right => $right,
+ );
+}
+
+=head3 has_right right => undef, principal => current_user
+
+Returns true if the principal has the right on this template.
+Returns false otherwise.
+
+Principal is the current user if not specified.
+
+=cut
+
+sub has_right {
+ my $self = shift;
+ my %args = (
+ right => undef,
+ principal => undef,
+ @_
+ );
+ my $queue = $self->queue;
+ return $queue->has_right( %args )
+ if $queue && $queue->id;
+
+ my $principal = delete( $args{'principal'} ) || $self->current_user;
+ return $principal->has_right( %args, object => RT->system );
+}
+=head3 check_create_rights
-=head2 current_user_has_queue_right
+User needs 'ModifyTemplate' right to create a template.
-Helper function to call the template's queue's current_user_has_queue_right with the passed in args.
+See also L<Jifty::Record/check_create_rights>.
=cut
-sub current_user_has_queue_right {
+sub check_create_rights {
my $self = shift;
- return ( $self->queue->current_user_has_right(@_) );
+ my %args = @_;
+
+ my $right = 'ModifyTemplate';
+ if ( !$args{'queue'} || (ref $args{'queue'} && !$args{'queue'}->id ) ) {
+ return $self->current_user->has_right(
+ right => $right,
+ object => RT->system,
+ );
+ } elsif ( ref $args{'queue'} ) {
+ return $args{'queue'}->has_right(
+ principal => $self->current_user,
+ right => $right,
+ );
+ } else {
+ my $queue = RT::Model::Queue->new( current_user => $self->current_user );
+ $queue->load( $args{'queue'} );
+ unless ( $queue->id ) {
+ Jifty->log->error(
+ $self->current_user->id ." tried to create a "
+ ."template in a queue '". $args{'queue'} ."' that doesn't exist"
+ );
+ return 0;
+ }
+
+ return $queue->current_user_has_right('ModifyTemplate');
+ }
+}
+
+=head3 check_read_rights
+
+User needs 'ShowTemplate' right to read properties of a template.
+
+See also L<Jifty::Record/check_read_rights>.
+
+=cut
+
+sub check_read_rights {
+ return $_[0]->current_user_has_right('ShowTemplate');
}
+=head3 check_update_rights
+
+User needs 'ModifyTemplate' right to update properties of a template.
+
+See also L<Jifty::Record/check_update_rights>.
+
+=cut
+
+sub check_update_rights {
+ return $_[0]->current_user_has_right('ModifyTemplate');
+}
+
+=head3 check_delete_rights
+
+User needs 'ModifyTemplate' right to delete a template.
+
+See also L<Jifty::Record/check_delete_rights>.
+
+=cut
+
+sub check_delete_rights {
+ return $_[0]->current_user_has_right('ModifyTemplate');
+}
sub queue_obj {
require Carp; Carp::confess("deprecated");
@@ -514,4 +516,5 @@
$q->load( $self->__value('queue') );
return $q;
}
+
1;
Modified: rt/branches/3.999-DANGEROUS/lib/RT/Model/TemplateCollection.pm
==============================================================================
--- rt/branches/3.999-DANGEROUS/lib/RT/Model/TemplateCollection.pm (original)
+++ rt/branches/3.999-DANGEROUS/lib/RT/Model/TemplateCollection.pm Tue Sep 2 23:10:17 2008
@@ -166,35 +166,10 @@
sub next {
my $self = shift;
-
my $templ = $self->SUPER::next();
- if ( ( defined($templ) ) and ( ref($templ) ) ) {
-
- # If it's part of a queue, and the user can read templates in
- # that queue, or the user can globally read templates, show it
- if ($templ->queue && $templ->current_user_has_queue_right('ShowTemplate')
- or $templ->current_user->has_right(
- object => RT->system,
- right => 'ShowTemplate'
- )
- )
- {
- return ($templ);
- }
-
- #If the user doesn't have the right to show this template
- else {
- return ( $self->next() );
- }
- }
-
- #if there never was any template
- else {
- return (undef);
- }
-
+ return $templ unless $templ;
+ return $templ if $templ->current_user_has_right('ShowTemplate');
+ return $self->next;
}
-
1;
-
More information about the Rt-commit
mailing list