[Rt-commit] rt branch, 3.8-trunk, updated. rt-3.8.7-258-g017617d
Ruslan Zakirov
ruz at bestpractical.com
Fri Mar 19 14:21:21 EDT 2010
The branch, 3.8-trunk has been updated
via 017617dd1f66de2bb802165e3de286d61011910f (commit)
via ee7ae4585f7f0f5c40fb5e0a79a90af9635ad6e0 (commit)
via 429546a56de61ef6be1dd52badafe873d180c757 (commit)
via 6b9652b414b52920f1859ed6ffdc09bbbfebbc6e (commit)
via c4eff8bdb869d00572463d332defa95087ab7758 (commit)
from 434bf80cd9d3f00898c41ffe2e99ec290e8dfb25 (commit)
Summary of changes:
lib/RT/Test.pm | 7 +
lib/RT/Tickets_Overlay.pm | 38 +++++--
t/api/rights.t | 227 ++++++++++++++++++++++++---------------
t/api/rights_show_ticket.t | 262 ++++++++++++++++++++++++++++++++++++++++++++
4 files changed, 437 insertions(+), 97 deletions(-)
create mode 100644 t/api/rights_show_ticket.t
- Log -----------------------------------------------------------------
commit c4eff8bdb869d00572463d332defa95087ab7758
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Mar 19 18:32:39 2010 +0300
refactor test so it's readable
diff --git a/t/api/rights.t b/t/api/rights.t
index 7bd332f..a38bcea 100644
--- a/t/api/rights.t
+++ b/t/api/rights.t
@@ -47,96 +47,151 @@
#
# END BPS TAGGED BLOCK }}}
-use RT;
-use RT::Test tests => 26;
+use RT::Test tests => 30;
-use RT::I18N;
use strict;
-no warnings 'once';
+use warnings;
-use RT::Queue;
-use RT::ACE;
-use RT::User;
-use RT::Group;
-use RT::Ticket;
+# clear all global right
+{
+ my $acl = RT::ACL->new($RT::SystemUser);
+ $acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' );
+ $acl->LimitToObject( $RT::System );
+ while( my $ace = $acl->Next ) {
+ $ace->Delete;
+ }
+}
+my $queue = RT::Test->load_or_create_queue( Name => 'Regression' );
+ok $queue && $queue->id, 'loaded or created queue';
+my $qname = $queue->Name;
+
+my $user = RT::Test->load_or_create_user(
+ Name => 'user', Password => 'password',
+);
+ok $user && $user->id, 'loaded or created user';
+
+{
+ ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ),
+ "user can't own ticket"
+ );
+ ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
+ "user can't reply to ticket"
+ );
+}
-# clear all global right
-my $acl = RT::ACL->new($RT::SystemUser);
-$acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' );
-$acl->LimitToObject( $RT::System );
-while( my $ace = $acl->Next ) {
- $ace->Delete;
+{
+ my $group = RT::Group->new( $RT::SystemUser );
+ ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'Owner' ),
+ "load queue owners role group"
+ );
+ my $ace = RT::ACE->new( $RT::SystemUser );
+ my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
+ Right => 'ReplyToTicket', Object => $queue
+ );
+ ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" );
+ ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ),
+ "role group can reply to ticket"
+ );
+ ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
+ "user can't reply to ticket"
+ );
+}
+
+my $ticket;
+{
+ # new ticket
+ $ticket = RT::Ticket->new($RT::SystemUser);
+ my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test');
+ ok( $ticket_id, 'new ticket created' );
+ is( $ticket->Owner, $RT::Nobody->Id, 'owner of the new ticket is nobody' );
+
+ ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ),
+ "user can't reply to ticket"
+ );
+ my ($status, $msg) = $ticket->SetOwner( $user->id );
+ ok( !$status, "no permissions to be an owner" );
+}
+
+{
+ my ($status, $msg) = $user->PrincipalObj->GrantRight(
+ Object => $queue, Right => 'OwnTicket'
+ );
+ ok( $status, "successfuly granted right: $msg" );
+ ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ),
+ "user can own ticket"
+ );
+ ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ),
+ "user can own ticket"
+ );
+
+ ($status, $msg) = $ticket->SetOwner( $user->id );
+ ok( $status, "successfuly set owner: $msg" );
+ is( $ticket->Owner, $user->id, "set correct owner" );
+
+ ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ),
+ "user is owner and can reply to ticket"
+ );
}
-my $rand_name = "rights". int rand($$);
-# create new queue to be shure we don't mess with rights
-my $queue = RT::Queue->new($RT::SystemUser);
-my ($queue_id) = $queue->Create( Name => $rand_name);
-ok( $queue_id, 'queue created for rights tests' );
-
-# new privileged user to check rights
-my $user = RT::User->new( $RT::SystemUser );
-my ($user_id) = $user->Create( Name => $rand_name,
- EmailAddress => $rand_name .'@localhost',
- Privileged => 1,
- Password => 'qwe123',
- );
-ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can't own ticket" );
-ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" );
-
-my $group = RT::Group->new( $RT::SystemUser );
-ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'Owner' ), "load queue owners role group" );
-my $ace = RT::ACE->new( $RT::SystemUser );
-my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ReplyToTicket', Object => $queue );
-ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" );
-ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ), "role group can reply to ticket" );
-ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" );
-
-# new ticket
-my $ticket = RT::Ticket->new($RT::SystemUser);
-my ($ticket_id) = $ticket->Create( Queue => $queue_id, Subject => 'test');
-ok( $ticket_id, 'new ticket created' );
-is( $ticket->Owner, $RT::Nobody->Id, 'owner of the new ticket is nobody' );
-
-my $status;
-($status, $msg) = $user->PrincipalObj->GrantRight( Object => $queue, Right => 'OwnTicket' );
-ok( $status, "successfuly granted right: $msg" );
-ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can own ticket" );
-
-($status, $msg) = $ticket->SetOwner( $user_id );
-ok( $status, "successfuly set owner: $msg" );
-is( $ticket->Owner, $user_id, "set correct owner" );
-
-ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ), "user is owner and can reply to ticket" );
-
-# Testing of EquivObjects
-$group = RT::Group->new( $RT::SystemUser );
-ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'AdminCc' ), "load queue AdminCc role group" );
-$ace = RT::ACE->new( $RT::SystemUser );
-($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ModifyTicket', Object => $queue );
-ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" );
-ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ), "role group can modify ticket" );
-ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is not AdminCc and can't modify ticket" );
-($status, $msg) = $ticket->AddWatcher(Type => 'AdminCc', PrincipalId => $user->PrincipalId);
-ok( $status, "successfuly added user as AdminCc");
-ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is AdminCc and can modify ticket" );
-
-my $ticket2 = RT::Ticket->new($RT::SystemUser);
-my ($ticket2_id) = $ticket2->Create( Queue => $queue_id, Subject => 'test2');
-ok( $ticket2_id, 'new ticket created' );
-ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ), "user is not AdminCc and can't modify ticket2" );
-
-# now we can finally test EquivObjects
-my $equiv = [ $ticket ];
-ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv ),
- "user is not AdminCc but can modify ticket2 because of EquivObjects" );
-
-# the first a third test below are the same, so they should both pass
-my $equiv2 = [];
-ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ),
- "user is not AdminCc and can't modify ticket2" );
-ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => $equiv2 ),
- "user is AdminCc and can modify ticket" );
-ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ),
- "user is not AdminCc and can't modify ticket2 (same question different answer)" );
+{
+ # Testing of EquivObjects
+ my $group = RT::Group->new( $RT::SystemUser );
+ ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'AdminCc' ),
+ "load queue AdminCc role group"
+ );
+ my $ace = RT::ACE->new( $RT::SystemUser );
+ my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
+ Right => 'ModifyTicket', Object => $queue
+ );
+ ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" );
+ ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ),
+ "role group can modify ticket"
+ );
+ ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
+ "user is not AdminCc and can't modify ticket"
+ );
+}
+
+{
+ my ($status, $msg) = $ticket->AddWatcher(
+ Type => 'AdminCc', PrincipalId => $user->PrincipalId
+ );
+ ok( $status, "successfuly added user as AdminCc");
+ ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
+ "user is AdminCc and can modify ticket"
+ );
+}
+
+my $ticket2;
+{
+ $ticket2 = RT::Ticket->new($RT::SystemUser);
+ my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2');
+ ok( $id, 'new ticket created' );
+ ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ),
+ "user is not AdminCc and can't modify ticket2"
+ );
+
+ # now we can finally test EquivObjectsa
+ my $has = $user->HasRight(
+ Right => 'ModifyTicket',
+ Object => $ticket2,
+ EquivObjects => [$ticket],
+ );
+ ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" );
+}
+
+{
+ # the first a third test below are the same, so they should both pass
+ # make sure passed equive list is not changed
+ my @list = ();
+ ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
+ "user is not AdminCc and can't modify ticket2"
+ );
+ ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ),
+ "user is AdminCc and can modify ticket"
+ );
+ ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
+ "user is not AdminCc and can't modify ticket2 (same question different answer)"
+ );
+}
commit 6b9652b414b52920f1859ed6ffdc09bbbfebbc6e
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Mar 19 18:34:18 2010 +0300
use our own SUBCLAUSE for ACL checks
diff --git a/lib/RT/Tickets_Overlay.pm b/lib/RT/Tickets_Overlay.pm
index b53a6e2..8fd98f8 100755
--- a/lib/RT/Tickets_Overlay.pm
+++ b/lib/RT/Tickets_Overlay.pm
@@ -3033,16 +3033,18 @@ sub CurrentUserCanSee {
return unless @queues;
if ( @queues == 1 ) {
- $self->_SQLLimit(
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
ALIAS => 'main',
FIELD => 'Queue',
VALUE => $_[0],
ENTRYAGGREGATOR => $ea,
);
} else {
- $self->_OpenParen;
+ $self->SUPER::_OpenParen('ACL');
foreach my $q ( @queues ) {
- $self->_SQLLimit(
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
ALIAS => 'main',
FIELD => 'Queue',
VALUE => $q,
@@ -3050,25 +3052,27 @@ sub CurrentUserCanSee {
);
$ea = 'OR';
}
- $self->_CloseParen;
+ $self->SUPER::_CloseParen('ACL');
}
return 1;
};
- $self->_OpenParen;
+ $self->SUPER::_OpenParen('ACL');
my $ea = 'AND';
$ea = 'OR' if $limit_queues->( $ea, @direct_queues );
while ( my ($role, $queues) = each %roles ) {
- $self->_OpenParen;
+ $self->SUPER::_OpenParen('ACL');
if ( $role eq 'Owner' ) {
- $self->_SQLLimit(
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
FIELD => 'Owner',
VALUE => $id,
ENTRYAGGREGATOR => $ea,
);
}
else {
- $self->_SQLLimit(
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
ALIAS => $cgm_alias,
FIELD => 'MemberId',
OPERATOR => 'IS NOT',
@@ -3076,7 +3080,8 @@ sub CurrentUserCanSee {
QUOTEVALUE => 0,
ENTRYAGGREGATOR => $ea,
);
- $self->_SQLLimit(
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
ALIAS => $role_group_alias,
FIELD => 'Type',
VALUE => $role,
@@ -3085,9 +3090,9 @@ sub CurrentUserCanSee {
}
$limit_queues->( 'AND', @$queues ) if ref $queues;
$ea = 'OR' if $ea eq 'AND';
- $self->_CloseParen;
+ $self->SUPER::_CloseParen('ACL');
}
- $self->_CloseParen;
+ $self->SUPER::_CloseParen('ACL');
}
return $self->{'_sql_current_user_can_see_applied'} = 1;
}
commit 429546a56de61ef6be1dd52badafe873d180c757
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Mar 19 18:37:23 2010 +0300
if no right granted then bail out asap
diff --git a/lib/RT/Tickets_Overlay.pm b/lib/RT/Tickets_Overlay.pm
index 8fd98f8..486d0cd 100755
--- a/lib/RT/Tickets_Overlay.pm
+++ b/lib/RT/Tickets_Overlay.pm
@@ -3013,6 +3013,17 @@ sub CurrentUserCanSee {
}
}
+ unless ( @direct_queues || keys %roles ) {
+ $self->SUPER::Limit(
+ SUBCLAUSE => 'ACL',
+ ALIAS => 'main',
+ FIELD => 'id',
+ VALUE => 0,
+ ENTRYAGGREGATOR => 'AND',
+ );
+ return $self->{'_sql_current_user_can_see_applied'} = 1;
+ }
+
{
my $join_roles = keys %roles;
$join_roles = 0 if $join_roles == 1 && $roles{'Owner'};
commit ee7ae4585f7f0f5c40fb5e0a79a90af9635ad6e0
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Mar 19 18:38:20 2010 +0300
make granting rights to roles much easier in Test->{add,set}_rights
diff --git a/lib/RT/Test.pm b/lib/RT/Test.pm
index 12b12ba..a5ca328 100644
--- a/lib/RT/Test.pm
+++ b/lib/RT/Test.pm
@@ -630,6 +630,13 @@ sub add_rights {
if ( $principal =~ /^(everyone|(?:un)?privileged)$/i ) {
$principal = RT::Group->new( $RT::SystemUser );
$principal->LoadSystemInternalGroup($1);
+ } elsif ( $principal =~ /^(Owner|Requestor|(?:Admin)?Cc)$/i ) {
+ $principal = RT::Group->new( $RT::SystemUser );
+ $principal->LoadByCols(
+ Domain => (ref($e->{'Object'})||'RT::System').'-Role',
+ Type => $1,
+ ref($e->{'Object'})? (Instance => $e->{'Object'}->id): (),
+ );
} else {
die "principal is not an object, but also is not name of a system group";
}
commit 017617dd1f66de2bb802165e3de286d61011910f
Author: Ruslan Zakirov <ruz at bestpractical.com>
Date: Fri Mar 19 18:39:49 2010 +0300
add tests for ShowTicket right and tickets collections
diff --git a/t/api/rights_show_ticket.t b/t/api/rights_show_ticket.t
new file mode 100644
index 0000000..3e1d074
--- /dev/null
+++ b/t/api/rights_show_ticket.t
@@ -0,0 +1,262 @@
+#!/usr/bin/perl -w
+
+use RT::Test tests => 264;
+
+use strict;
+use warnings;
+
+
+my $queue_a = RT::Test->load_or_create_queue( Name => 'A' );
+ok $queue_a && $queue_a->id, 'loaded or created queue_a';
+my $qa_id = $queue_a->id;
+
+my $queue_b = RT::Test->load_or_create_queue( Name => 'B' );
+ok $queue_b && $queue_b->id, 'loaded or created queue_b';
+my $qb_id = $queue_b->id;
+
+my $user_a = RT::Test->load_or_create_user(
+ Name => 'user_a', Password => 'password',
+);
+ok $user_a && $user_a->id, 'loaded or created user';
+
+my $user_b = RT::Test->load_or_create_user(
+ Name => 'user_b', Password => 'password',
+);
+ok $user_b && $user_b->id, 'loaded or created user';
+
+foreach my $option (0 .. 1 ) { RT->Config->Set( 'UseSQLForACLChecks' => $option );
+
+diag "Testing with UseSQLForACLChecks => $option";
+
+# Global Cc has right, a User is nobody
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Right => [qw(ShowTicket)] },
+ );
+ create_tickets_set();
+ have_no_rights($user_a, $user_b);
+}
+
+# Global Cc has right, a User is Queue Cc
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Right => [qw(ShowTicket)] },
+ );
+ create_tickets_set();
+ have_no_rights($user_a, $user_b);
+
+ my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id );
+ ok($status, "user A is now queue A watcher");
+
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ my $found = 0;
+ while ( my $t = $tickets->Next ) {
+ $found++;
+ is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" );
+ }
+ is($found, 2, "user sees tickets");
+ }
+ have_no_rights( $user_b );
+}
+
+# global Cc has right, a User is ticket Cc
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Right => [qw(ShowTicket)] },
+ );
+ my @tickets = create_tickets_set();
+ have_no_rights($user_a, $user_b);
+
+ my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id );
+ ok($status, "user A is now queue A watcher");
+
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ my $found = 0;
+ while ( my $t = $tickets->Next ) {
+ $found++;
+ is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" );
+ is( $t->id, $tickets[1]->id, "correct ticket");
+ }
+ is($found, 1, "user sees tickets");
+ }
+ have_no_rights($user_b);
+}
+
+# Queue Cc has right, a User is nobody
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] },
+ );
+ create_tickets_set();
+ have_no_rights($user_a, $user_b);
+}
+
+# Queue Cc has right, Users are Queue Ccs
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] },
+ );
+ create_tickets_set();
+ have_no_rights($user_a, $user_b);
+
+ my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id );
+ ok($status, "user A is now queue A watcher");
+
+ ($status, $msg) = $queue_b->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id );
+ ok($status, "user B is now queue B watcher");
+
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ my $found = 0;
+ while ( my $t = $tickets->Next ) {
+ $found++;
+ is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" );
+ }
+ is($found, 2, "user sees tickets");
+ }
+ have_no_rights( $user_b );
+}
+
+# Queue Cc has right, Users are ticket Ccs
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] },
+ );
+ my @tickets = create_tickets_set();
+ have_no_rights($user_a, $user_b);
+
+ my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id );
+ ok($status, "user A is now Cc on a ticket in queue A");
+
+ ($status, $msg) = $tickets[2]->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id );
+ ok($status, "user B is now Cc on a ticket in queue B");
+
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ my $found = 0;
+ while ( my $t = $tickets->Next ) {
+ $found++;
+ is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" );
+ is( $t->id, $tickets[1]->id, )
+ }
+ is($found, 1, "user sees tickets");
+ }
+ have_no_rights( $user_b );
+}
+
+# Users has direct right on queue
+{
+ cleanup();
+ RT::Test->set_rights(
+ { Principal => 'Everyone', Right => [qw(SeeQueue)] },
+ { Principal => $user_a, Object => $queue_a, Right => [qw(ShowTicket)] },
+ );
+ my @tickets = create_tickets_set();
+
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ my $found = 0;
+ while ( my $t = $tickets->Next ) {
+ $found++;
+ is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" );
+ }
+ is($found, 2, "user sees tickets");
+ }
+ have_no_rights( $user_b );
+}
+
+
+}
+
+sub have_no_rights {
+ $SIG{'INT'} = $SIG{'TERM'} = sub { print STDERR Carp::longmess('boo'); exit 1 };
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+ foreach my $u ( @_ ) {
+ foreach my $q (
+ '',
+ "Queue = $qa_id OR Queue = $qb_id",
+ "Queue = $qb_id OR Queue = $qa_id",
+ ) {
+ my $tickets = RT::Tickets->new( RT::CurrentUser->new( $u ) );
+ $q? $tickets->FromSQL($q) : $tickets->UnLimit;
+ ok(!$tickets->First, "no tickets");
+ }
+ }
+}
+
+sub create_tickets_set{
+ local $Test::Builder::Level = $Test::Builder::Level + 1;
+ my @res;
+ foreach my $q ($queue_a, $queue_b) {
+ foreach my $n (1 .. 2) {
+ my $ticket = RT::Ticket->new( $RT::SystemUser );
+ my ($tid) = $ticket->Create(
+ Queue => $q->id, Subject => $q->Name .' - '. $n
+ );
+ ok( $tid, "created ticket #$tid");
+ push @res, $ticket;
+ }
+ }
+ return @res;
+}
+
+sub cleanup { delete_tickets(); delete_watchers() };
+
+sub delete_tickets {
+ my $tickets = RT::Tickets->new( $RT::SystemUser );
+ $tickets->FromSQL( "Queue = $qa_id OR Queue = $qb_id" );
+ while ( my $ticket = $tickets->Next ) {
+ $ticket->Delete;
+ }
+}
+
+sub delete_watchers {
+ foreach my $q ($queue_a, $queue_b) {
+ foreach my $u ($user_a, $user_b) {
+ foreach my $t (qw(Cc AdminCc) ) {
+ $q->DeleteWatcher( Type => $t, PrincipalId => $u->id )
+ if $q->IsWatcher( Type => $t, PrincipalId => $u->id );
+ }
+ }
+ }
+}
+
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list