[Rt-commit] rt branch, rightsmatrix, updated. rt-3.8.8-611-gc688bf7

Thomas Sibley trs at bestpractical.com
Thu Sep 2 13:26:52 EDT 2010


The branch, rightsmatrix has been updated
       via  c688bf7e5765a7f3f7364b0e5f3daca80a271abf (commit)
       via  b70294586642168f126bede4b3e715f55189e74a (commit)
       via  8e43a69bfd68427766376a3682c902f198e7161b (commit)
      from  d4b552a6c5415ade24c68a0cecffb8f527c3bfdc (commit)

Summary of changes:
 lib/RT/Interface/Web.pm                  |   34 +++++++++++++++++++++++++++++-
 share/html/Helpers/Autocomplete/Users    |    3 ++
 share/html/NoAuth/js/userautocomplete.js |   23 +++++++++++++++++--
 3 files changed, 56 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit 8e43a69bfd68427766376a3682c902f198e7161b
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Sep 2 12:23:43 2010 -0400

    Only autocomplete privileged users for the rights editor

diff --git a/share/html/Helpers/Autocomplete/Users b/share/html/Helpers/Autocomplete/Users
index b4046a5..5aecf07 100644
--- a/share/html/Helpers/Autocomplete/Users
+++ b/share/html/Helpers/Autocomplete/Users
@@ -53,6 +53,7 @@ $return => ''
 $term => undef
 $delim => undef
 $max => 10
+$privileged => undef
 </%ARGS>
 <%INIT>
 require JSON;
@@ -89,6 +90,8 @@ my %fields = %{ RT->Config->Get('UserAutocompleteFields')
 my $users = RT::Users->new( $CurrentUser );
 $users->RowsPerPage( $max );
 
+$users->LimitToPrivileged() if $privileged;
+
 while (my ($name, $op) = each %fields) {
     $op = 'STARTSWITH'
         unless $op =~ /^(?:LIKE|(?:START|END)SWITH)$/i;
diff --git a/share/html/NoAuth/js/userautocomplete.js b/share/html/NoAuth/js/userautocomplete.js
index 8944f5c..a1a799f 100644
--- a/share/html/NoAuth/js/userautocomplete.js
+++ b/share/html/NoAuth/js/userautocomplete.js
@@ -3,11 +3,15 @@ jQuery(function() {
     var multipleCompletion = new Array("Requestors", "To", "Bcc", "Cc", "AdminCc", "WatcherAddressEmail[123]", "UpdateCc", "UpdateBcc");
 
     // inputs with only a single email address allowed
-    var singleCompletion   = new Array("(Add|Delete)Requestor", "(Add|Delete)Cc", "(Add|Delete)AdminCc", "AddPrincipalForRights-user");
+    var singleCompletion   = new Array("(Add|Delete)Requestor", "(Add|Delete)Cc", "(Add|Delete)AdminCc");
+
+    // inputs for only privileged users
+    var privilegedCompletion = new Array("AddPrincipalForRights-user");
 
     // build up the regexps we'll use to match
-    var applyto  = new RegExp('^(' + multipleCompletion.concat(singleCompletion).join('|') + ')$');
+    var applyto  = new RegExp('^(' + multipleCompletion.concat(singleCompletion, privilegedCompletion).join('|') + ')$');
     var acceptsMultiple = new RegExp('^(' + multipleCompletion.join('|') + ')$');
+    var onlyPrivileged = new RegExp('^(' + privilegedCompletion.join('|') + ')$');
 
     var inputs = document.getElementsByTagName("input");
 
@@ -22,8 +26,14 @@ jQuery(function() {
             source: "<% RT->Config->Get('WebPath')%>/Helpers/Autocomplete/Users"
         };
 
+        var queryargs = [];
+
+        if (inputName.match(onlyPrivileged)) {
+            queryargs.push("privileged=1");
+        }
+
         if (inputName.match(acceptsMultiple)) {
-            options.source = options.source + "?delim=,";
+            queryargs.push("delim=,");
 
             options.focus = function () {
                 // prevent value inserted on focus
@@ -38,6 +48,10 @@ jQuery(function() {
                 return false;
             }
         }
+
+        if (queryargs.length)
+            options.source += "?" + queryargs.join("&");
+
         jQuery(input).autocomplete(options);
     }
 });

commit b70294586642168f126bede4b3e715f55189e74a
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Sep 2 13:27:21 2010 -0400

    Update ProcessACLChanges to deal with adding rights to new principals

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 780b85e..6d6014b 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -1374,6 +1374,37 @@ sub ProcessACLChanges {
     my $CheckACL = $ARGSref->{'CheckACL'};
     my @check = grep { defined } (ref $CheckACL eq 'ARRAY' ? @$CheckACL : $CheckACL);
 
+    # Check if we want to grant rights to a previously rights-less user
+    for my $type (qw(user group)) {
+        my $key = "AddPrincipalForRights-$type";
+
+        next unless $ARGSref->{$key};
+
+        my $principal;
+        if ( $type eq 'user' ) {
+            $principal = RT::User->new( $session{'CurrentUser'} );
+            $principal->Load( $ARGSref->{$key} );
+        }
+        else {
+            $principal = RT::Group->new( $session{'CurrentUser'} );
+            $principal->LoadUserDefinedGroup( $ARGSref->{$key} );
+        }
+
+        unless ($principal->PrincipalId) {
+            push @results, loc("Couldn't load the specified principal");
+            next;
+        }
+
+        my $principal_id = $principal->PrincipalId;
+
+        # Turn our addprincipal rights spec into a real one
+        for my $arg (keys %$ARGSref) {
+            next unless $arg =~ /^SetRights-addprincipal-(.+?-\d+)$/;
+            $ARGSref->{"SetRights-$principal_id-$1"} = $ARGSref->{$arg};
+            push @check, "$principal_id-$1";
+        }
+    }
+
     # Build our rights state for each Principal-Object tuple
     foreach my $arg ( keys %$ARGSref ) {
         next unless $arg =~ /^SetRights-(\d+-.+?-\d+)$/;
diff --git a/share/html/NoAuth/js/userautocomplete.js b/share/html/NoAuth/js/userautocomplete.js
index a1a799f..cc74868 100644
--- a/share/html/NoAuth/js/userautocomplete.js
+++ b/share/html/NoAuth/js/userautocomplete.js
@@ -28,6 +28,9 @@ jQuery(function() {
 
         var queryargs = [];
 
+        if (inputName.match("AddPrincipalForRights-user"))
+            queryargs.push("return=Name");
+
         if (inputName.match(onlyPrivileged)) {
             queryargs.push("privileged=1");
         }

commit c688bf7e5765a7f3f7364b0e5f3daca80a271abf
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Thu Sep 2 13:27:55 2010 -0400

    Don't include subgroup members when finding user groups with rights

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index 6d6014b..c20f675 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -2186,7 +2186,8 @@ sub GetPrincipalsMap {
             $groups->WithGroupRight(
                 Right   => '',
                 Object  => $object,
-                IncludeSystemRights => 0
+                IncludeSystemRights => 0,
+                IncludeSubgroupMembers => 0,
             );
 
             push @map, ['User Groups' => $groups => 'Name' => 0];

-----------------------------------------------------------------------


More information about the Rt-commit mailing list