[Rt-commit] rt branch, experimental--saved-search-rights, created. rt-3.8.8-133-gc5365a7
Shawn Moore
sartak at bestpractical.com
Fri Jul 9 12:31:48 EDT 2010
The branch, experimental--saved-search-rights has been created
at c5365a7d202a1e037060058da8b66b0d22b978f6 (commit)
- Log -----------------------------------------------------------------
commit 6b31fb4ae6683ac6ff50e1b5a74b0b366d88c105
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Fri Jul 9 12:32:31 2010 -0400
Add ACL methods to RT::SavedSearch
These seem slightly wrong given that there are all sorts of
SavedSearch ACLs
diff --git a/lib/RT/SavedSearch.pm b/lib/RT/SavedSearch.pm
index 746e4c2..b55cd0a 100644
--- a/lib/RT/SavedSearch.pm
+++ b/lib/RT/SavedSearch.pm
@@ -126,6 +126,69 @@ sub Type {
return $self->{'Type'};
}
+# ACLs
+
+sub _CurrentUserCan {
+ my $self = shift;
+ my $privacy = shift || $self->Privacy;
+ my %args = @_;
+
+ if (!defined($privacy)) {
+ $RT::Logger->debug("No privacy provided to $self->_CurrentUserCan");
+ return 0;
+ }
+
+ my $object = $self->_GetObject($privacy);
+ return 0 unless $object;
+
+ my $level;
+
+ # users are mildly special-cased, since we actually have to check that
+ # the user is operating on himself
+ if ($object->isa('RT::User')) {
+ return 0 unless $object->Id == $self->CurrentUser->Id;
+ }
+
+ my $right = $args{FullRight}
+ || join('', $args{Right}, 'SavedSearch');
+
+ # all rights, except group rights, are global
+ $object = $RT::System unless $object->isa('RT::Group');
+
+ return $self->CurrentUser->HasRight(
+ Right => $right,
+ Object => $object,
+ );
+}
+
+sub CurrentUserCanSee {
+ my $self = shift;
+ my $privacy = shift;
+
+ $self->_CurrentUserCan($privacy, Right => 'Load');
+}
+
+sub CurrentUserCanCreate {
+ my $self = shift;
+ my $privacy = shift;
+
+ $self->_CurrentUserCan($privacy, Right => 'Create');
+}
+
+sub CurrentUserCanModify {
+ my $self = shift;
+ my $privacy = shift;
+
+ $self->_CurrentUserCan($privacy, FullRight => 'EditSavedSearches');
+}
+
+sub CurrentUserCanDelete {
+ my $self = shift;
+ my $privacy = shift;
+
+ $self->_CurrentUserCan($privacy, FullRight => 'EditSavedSearches');
+}
+
### Internal methods
# _PrivacyObjects: returns a list of objects that can be used to load, create,
commit c5365a7d202a1e037060058da8b66b0d22b978f6
Author: Shawn M Moore <sartak at bestpractical.com>
Date: Fri Jul 9 12:32:54 2010 -0400
Instead of _PrivacyObjects use the ObjectsFor* methods for Searches
diff --git a/share/html/Admin/Users/MyRT.html b/share/html/Admin/Users/MyRT.html
index 4e98ba0..92999ec 100644
--- a/share/html/Admin/Users/MyRT.html
+++ b/share/html/Admin/Users/MyRT.html
@@ -94,7 +94,7 @@ push @items, map {["component-$_", $_]} sort keys %allowed_components;
my $sys = RT::System->new( RT::CurrentUser->new($UserObj) );
my @objs = ($sys);
-push @objs, RT::SavedSearch->new( RT::CurrentUser->new( $UserObj ) )->_PrivacyObjects;
+push @objs, RT::SavedSearch->new( RT::CurrentUser->new( $UserObj ) )->ObjectsForLoading;
for my $object (@objs) {
for ($m->comp("/Search/Elements/SearchesForObject", Object => $object)) {
diff --git a/share/html/Dashboards/Queries.html b/share/html/Dashboards/Queries.html
index 23ed8b6..e0c1814 100644
--- a/share/html/Dashboards/Queries.html
+++ b/share/html/Dashboards/Queries.html
@@ -119,9 +119,7 @@ for my $dashboard (@{ $dashboards || [] }) {
# add saved searches
my @objs = RT::System->new($session{'CurrentUser'});
-push @objs, RT::SavedSearch->new( $session{CurrentUser} )->_PrivacyObjects
- if $session{'CurrentUser'}->HasRight( Right => 'LoadSavedSearch',
- Object => $RT::System );
+push @objs, RT::SavedSearch->new( $session{CurrentUser} )->ObjectsForLoading;
for my $object (@objs) {
for ($m->comp("/Search/Elements/SearchesForObject", Object => $object)) {
diff --git a/share/html/Elements/SavedSearches b/share/html/Elements/SavedSearches
index bcb10e5..102bde4 100644
--- a/share/html/Elements/SavedSearches
+++ b/share/html/Elements/SavedSearches
@@ -19,7 +19,7 @@
% }
</&>
<%init>
-my @Objects = RT::SavedSearch->new($session{CurrentUser})->_PrivacyObjects;
+my @Objects = RT::SavedSearch->new($session{CurrentUser})->ObjectsForLoading;
push @Objects, RT::System->new( $session{'CurrentUser'} )
if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
Right => 'SuperUser' );
diff --git a/share/html/Prefs/MyRT.html b/share/html/Prefs/MyRT.html
index 433b7d1..6e19ada 100644
--- a/share/html/Prefs/MyRT.html
+++ b/share/html/Prefs/MyRT.html
@@ -115,9 +115,7 @@ my @items = map ["component-$_", $_], grep !$seen{$_}++, @{RT->Config->Get('Home
my $sys = RT::System->new($session{'CurrentUser'});
my @objs = ($sys);
-push @objs, RT::SavedSearch->new( $session{CurrentUser} )->_PrivacyObjects
- if $session{'CurrentUser'}->HasRight( Right => 'LoadSavedSearch',
- Object => $RT::System );
+push @objs, RT::SavedSearch->new( $session{CurrentUser} )->ObjectsForLoading;
my @sys_searches;
for my $object (@objs) {
diff --git a/share/html/Search/Elements/EditSearches b/share/html/Search/Elements/EditSearches
index 5d9eff3..cacc77a 100644
--- a/share/html/Search/Elements/EditSearches
+++ b/share/html/Search/Elements/EditSearches
@@ -50,7 +50,7 @@
%# Hide all the save functionality if the user shouldn't see it.
% if ( $can_modify ) {
<&|/l&>Privacy:</&>
-<& SelectSearchObject, Name => 'SavedSearchOwner', Objects => \@Objects, Object => ( $Object && $Object->id ) ? $Object->Object : '' &>
+<& SelectSearchObject, Name => 'SavedSearchOwner', Objects => \@SaveObjects, Object => ( $Object && $Object->id ) ? $Object->Object : '' &>
<br />
<&|/l&>Description</&>:
<input size="25" name="SavedSearchDescription" value="<% $Description || '' %>" />
@@ -75,7 +75,7 @@
<br />
<hr />
<&|/l&>Load saved search:</&>
-<& SelectSearchesForObjects, Name => 'SavedSearchLoad', Objects => \@Objects, SearchType => $Type &>
+<& SelectSearchesForObjects, Name => 'SavedSearchLoad', Objects => \@LoadObjects, SearchType => $Type &>
<input type="submit" value="<% loc('Load') %>" class="button" />
</&>
@@ -92,8 +92,11 @@ my $can_modify = $session{'CurrentUser'}->HasRight(
);
use RT::SavedSearch;
-my @Objects = RT::SavedSearch->new($session{CurrentUser})->_PrivacyObjects;
-push @Objects, RT::System->new( $session{'CurrentUser'} )
+my @LoadObjects = RT::SavedSearch->new($session{CurrentUser})->ObjectsForLoading;
+push @LoadObjects, RT::System->new( $session{'CurrentUser'} );
+
+my @SaveObjects = RT::SavedSearch->new($session{CurrentUser})->ObjectsForCreating;
+push @SaveObjects, RT::System->new( $session{'CurrentUser'} )
if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
Right => 'SuperUser' );
diff --git a/share/html/Widgets/SavedSearch b/share/html/Widgets/SavedSearch
index 6285b0b..9b6cf27 100644
--- a/share/html/Widgets/SavedSearch
+++ b/share/html/Widgets/SavedSearch
@@ -55,10 +55,6 @@ return \%ARGS;
<%init>
my @actions;
-my @Objects = RT::SavedSearch->new( $session{CurrentUser} )->_PrivacyObjects;
-push @Objects, RT::System->new($session{'CurrentUser'})
- if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
- Right => 'SuperUser' );
$self->{SearchId} ||= $args->{'SavedChartSearchId'} || 'new';
my $SearchParams = { map { $_ => $args->{$_} } @{$self->{SearchFields}} };
@@ -90,6 +86,11 @@ if ( my ( $container_object, $search_id ) = _parse_saved_search(
# look for the current one in the available saved searches
if ($self->{SearchId} eq 'new') {
+ my @Objects = RT::SavedSearch->new( $session{CurrentUser} )->ObjectsForLoading;
+ push @Objects, RT::System->new($session{'CurrentUser'})
+ if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
+ Right => 'SuperUser' );
+
for my $obj (@Objects) {
for ( $m->comp( "/Search/Elements/SearchesForObject", Object => $obj ) ) {
my ( $desc, $search ) = @$_;
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list