[Rt-commit] rt branch, rightsmatrix, updated. rt-3.8.8-613-gec2817c
Thomas Sibley
trs at bestpractical.com
Thu Sep 2 17:03:44 EDT 2010
The branch, rightsmatrix has been updated
via ec2817c0918e961e3ea92c240a88d7fde3b4243f (commit)
from 23162aa0f996c7d763a5e051f3c1e9c3c9796781 (commit)
Summary of changes:
lib/RT/CustomField_Overlay.pm | 18 ++++++++
lib/RT/Dashboard.pm | 13 ++++++
lib/RT/Group_Overlay.pm | 27 ++++++++++++-
lib/RT/Queue_Overlay.pm | 43 +++++++++++++++++++
lib/RT/System.pm | 52 +++++++++++++++++++++++
share/html/Admin/Elements/EditRights | 57 +++++++++++++++++++++----
share/html/NoAuth/css/base/rights-editor.css | 9 ++++-
7 files changed, 208 insertions(+), 11 deletions(-)
- Log -----------------------------------------------------------------
commit ec2817c0918e961e3ea92c240a88d7fde3b4243f
Author: Thomas Sibley <trs at bestpractical.com>
Date: Thu Sep 2 17:05:45 2010 -0400
Lump rights into 3 categories for display in the rights editor
diff --git a/lib/RT/CustomField_Overlay.pm b/lib/RT/CustomField_Overlay.pm
index d35b2a6..2cceb76 100755
--- a/lib/RT/CustomField_Overlay.pm
+++ b/lib/RT/CustomField_Overlay.pm
@@ -170,6 +170,13 @@ our $RIGHTS = {
ModifyCustomField => 'Add, delete and modify custom field values for objects' #loc_pair
};
+our $RIGHT_CATEGORIES = {
+ SeeCustomField => 'General',
+ AdminCustomField => 'Admin',
+ AdminCustomFieldValues => 'Admin',
+ ModifyCustomField => 'Staff',
+};
+
# Tell RT::ACE that this sort of object can get acls granted
$RT::ACE::OBJECT_TYPES{'RT::CustomField'} = 1;
@@ -195,6 +202,17 @@ sub AvailableRights {
return $RIGHTS;
}
+=head2 RightCategories
+
+Returns a hashref where the keys are rights for this type of object and the
+values are the category (General, Staff, Admin) the right falls into.
+
+=cut
+
+sub RightCategories {
+ return $RIGHT_CATEGORIES;
+}
+
=head1 NAME
RT::CustomField_Overlay - overlay for RT::CustomField
diff --git a/lib/RT/Dashboard.pm b/lib/RT/Dashboard.pm
index 401933a..aa0f4fb 100644
--- a/lib/RT/Dashboard.pm
+++ b/lib/RT/Dashboard.pm
@@ -88,6 +88,19 @@ RT::System::AddRights(
DeleteOwnDashboard => 'Delete personal dashboards', #loc_pair
);
+RT::System::AddRightCategories(
+ SubscribeDashboard => 'Staff',
+
+ SeeDashboard => 'General',
+ CreateDashboard => 'Admin',
+ ModifyDashboard => 'Admin',
+ DeleteDashboard => 'Admin',
+
+ SeeOwnDashboard => 'Staff',
+ CreateOwnDashboard => 'Staff',
+ ModifyOwnDashboard => 'Staff',
+ DeleteOwnDashboard => 'Staff',
+);
=head2 ObjectName
diff --git a/lib/RT/Group_Overlay.pm b/lib/RT/Group_Overlay.pm
index 12141f9..603fd35 100755
--- a/lib/RT/Group_Overlay.pm
+++ b/lib/RT/Group_Overlay.pm
@@ -81,7 +81,7 @@ use RT::GroupMembers;
use RT::Principals;
use RT::ACL;
-use vars qw/$RIGHTS/;
+use vars qw/$RIGHTS $RIGHT_CATEGORIES/;
$RIGHTS = {
AdminGroup => 'Modify group metadata or delete group', # loc_pair
@@ -100,6 +100,20 @@ $RIGHTS = {
DeleteGroupDashboard => 'Delete dashboards for this group', #loc_pair
};
+$RIGHT_CATEGORIES = {
+ AdminGroup => 'Admin',
+ AdminGroupMembership => 'Admin',
+ DelegateRights => 'Staff',
+ ModifyOwnMembership => 'Staff',
+ EditSavedSearches => 'Admin',
+ ShowSavedSearches => 'Staff',
+ SeeGroup => 'Staff',
+ SeeGroupDashboard => 'Staff',
+ CreateGroupDashboard => 'Admin',
+ ModifyGroupDashboard => 'Admin',
+ DeleteGroupDashboard => 'Admin',
+};
+
# Tell RT::ACE that this sort of object can get acls granted
$RT::ACE::OBJECT_TYPES{'RT::Group'} = 1;
@@ -137,6 +151,17 @@ sub AvailableRights {
return($RIGHTS);
}
+=head2 RightCategories
+
+Returns a hashref where the keys are rights for this type of object and the
+values are the category (General, Staff, Admin) the right falls into.
+
+=cut
+
+sub RightCategories {
+ return $RIGHT_CATEGORIES;
+}
+
# {{{ sub SelfDescription
diff --git a/lib/RT/Queue_Overlay.pm b/lib/RT/Queue_Overlay.pm
index cd039e8..cf655d0 100755
--- a/lib/RT/Queue_Overlay.pm
+++ b/lib/RT/Queue_Overlay.pm
@@ -119,6 +119,37 @@ our $RIGHTS = {
};
+our $RIGHT_CATEGORIES = {
+ SeeQueue => 'General',
+ AdminQueue => 'Admin',
+ ShowACL => 'Admin',
+ ModifyACL => 'Admin',
+ ModifyQueueWatchers => 'Admin',
+ SeeCustomField => 'General',
+ ModifyCustomField => 'Staff',
+ AssignCustomFields => 'Admin',
+ ModifyTemplate => 'Admin',
+ ShowTemplate => 'Admin',
+ ModifyScrips => 'Admin',
+ ShowScrips => 'Admin',
+ ShowTicket => 'General',
+ ShowTicketComments => 'Staff',
+ ShowOutgoingEmail => 'Staff',
+ Watch => 'General',
+ WatchAsAdminCc => 'Staff',
+ CreateTicket => 'General',
+ ReplyToTicket => 'General',
+ CommentOnTicket => 'General',
+ OwnTicket => 'Admin',
+ ModifyTicket => 'Staff',
+ ModifyTicketStatus => 'Staff',
+ DeleteTicket => 'Staff',
+ RejectTicket => 'Staff',
+ TakeTicket => 'Staff',
+ StealTicket => 'Staff',
+ ForwardMessage => 'Staff',
+};
+
# Tell RT::ACE that this sort of object can get acls granted
$RT::ACE::OBJECT_TYPES{'RT::Queue'} = 1;
@@ -186,6 +217,18 @@ sub AvailableRights {
return($RIGHTS);
}
+=head2 RightCategories
+
+Returns a hashref where the keys are rights for this type of object and the
+values are the category (General, Staff, Admin) the right falls into.
+
+=cut
+
+sub RightCategories {
+ return $RIGHT_CATEGORIES;
+}
+
+
# {{{ ActiveStatusArray
sub lifecycle {
diff --git a/lib/RT/System.pm b/lib/RT/System.pm
index b5ee5c6..9280645 100755
--- a/lib/RT/System.pm
+++ b/lib/RT/System.pm
@@ -93,6 +93,21 @@ our $RIGHTS = {
ExecuteCode => "allow writing Perl code in templates, scrips, etc", # loc_pair
};
+our $RIGHT_CATEGORIES = {
+ SuperUser => 'Admin',
+ AdminAllPersonalGroups => 'Admin',
+ AdminOwnPersonalGroups => 'Admin',
+ AdminUsers => 'Admin',
+ ModifySelf => 'Staff',
+ DelegateRights => 'Admin',
+ ShowConfigTab => 'Admin',
+ ShowApprovalsTab => 'Admin',
+ ShowGlobalTemplates => 'Staff',
+ LoadSavedSearch => 'General',
+ CreateSavedSearch => 'General',
+ ExecuteCode => 'Admin',
+};
+
# Tell RT::ACE that this sort of object can get acls granted
$RT::ACE::OBJECT_TYPES{'RT::System'} = 1;
@@ -131,6 +146,30 @@ sub AvailableRights {
return(\%rights);
}
+=head2 RightCategories
+
+Returns a hashref where the keys are rights for this type of object and the
+values are the category (General, Staff, Admin) the right falls into.
+
+=cut
+
+sub RightCategories {
+ my $self = shift;
+
+ my $queue = RT::Queue->new($RT::SystemUser);
+ my $group = RT::Group->new($RT::SystemUser);
+ my $cf = RT::CustomField->new($RT::SystemUser);
+
+ my $qr = $queue->RightCategories();
+ my $gr = $group->RightCategories();
+ my $cr = $cf->RightCategories();
+
+ # Build a merged list of all system wide rights, queue rights and group rights.
+ my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr});
+
+ return(\%rights);
+}
+
=head2 AddRights C<RIGHT>, C<DESCRIPTION> [, ...]
Adds the given rights to the list of possible rights. This method
@@ -146,6 +185,19 @@ sub AddRights {
map { lc($_) => $_ } keys %new);
}
+=head2 AddRightCategories C<RIGHT>, C<CATEGORY> [, ...]
+
+Adds the given right and category pairs to the list of right categories. This
+method should be called during server startup, not at runtime.
+
+=cut
+
+sub AddRightCategories {
+ my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__;
+ my %new = @_;
+ $RIGHT_CATEGORIES = { %$RIGHT_CATEGORIES, %new };
+}
+
sub _Init {
my $self = shift;
$self->SUPER::_Init (@_) if @_ && $_[0];
diff --git a/share/html/Admin/Elements/EditRights b/share/html/Admin/Elements/EditRights
index 0878f3b..85feff3 100644
--- a/share/html/Admin/Elements/EditRights
+++ b/share/html/Admin/Elements/EditRights
@@ -25,6 +25,7 @@ unless ( $AddPrincipal ) {
<script type="text/javascript">
jQuery(function() {
jQuery(".rights-editor").tabs();
+ jQuery(".rights-editor .category-tabs").tabs();
});
</script>
@@ -66,15 +67,31 @@ for my $category (@$Principals) {
</ul>
<%perl>
-# Find all our available rights
-my %available_rights;
+# Find all our available rights...
+my (%available_rights, %categories);
if ( blessed($Context) and $Context->can('AvailableRights') ) {
%available_rights = %{$Context->AvailableRights};
-}
-else {
+} else {
%available_rights = ( loc('System Error') => loc("No rights found") );
}
+# ...and their categories
+if ( blessed($Context) and $Context->can('RightCategories') ) {
+ my %right_categories = %{$Context->RightCategories};
+
+ for my $right (keys %available_rights) {
+ push @{$categories{$right_categories{$right}}}, $right;
+ }
+}
+
+my %category_desc = (
+ 'General' => 'General rights',
+ 'Staff' => 'Rights for Staff',
+ 'Admin' => 'Rights for Administrators',
+);
+
+my %catsort = ( General => 1, Staff => 2, Admin => 3, );
+
# Find all the current rights
my %current_rights;
for my $collection (map { $_->[1] } @$Principals) {
@@ -101,9 +118,17 @@ for my $category (@$Principals) {
</%perl>
<div id="<% $id %>">
- <h3><&|/l&>Rights for</&> <% $loc ? loc($display) : $display %></h3>
+ <h3><% $loc ? loc($display) : $display %></h3>
+ <div class="category-tabs">
+ <ul>
+% for my $category (sort { $catsort{$a} <=> $catsort{$b} } keys %categories) {
+ <li><a href="#<% "$id-$category" %>"><% loc($category_desc{$category} || 'Miscellaneous') %></a></li>
+% }
+ </ul>
+% for my $category (sort { $catsort{$a} <=> $catsort{$b} } keys %categories) {
+ <div id="<% "$id-$category" %>">
<ul class="rights-list">
-% for my $right (sort keys %available_rights) {
+% for my $right (sort @{$categories{$category}}) {
<li>
<input type="checkbox" class="checkbox"
name="SetRights-<% $acldesc %>"
@@ -114,8 +139,11 @@ for my $category (@$Principals) {
<% loc($available_rights{$right}) %>
</label>
</li>
-% }
+% }
</ul>
+ </div>
+% }
+ </div>
<input type="hidden" name="CheckACL" value="<% $acldesc %>" />
</div>
<%perl>
@@ -127,8 +155,16 @@ if ( $AddPrincipal ) {
</%perl>
<div id="acl-addprincipal">
<h3><&|/l&>Add rights for this</&> <% loc($AddPrincipal) %></h3>
+ <div class="category-tabs">
+ <ul>
+% for my $category (sort { $catsort{$a} <=> $catsort{$b} } keys %categories) {
+ <li><a href="#acl-addprincipal-<% $category %>"><% loc($category_desc{$category} || 'Miscellaneous') %></a></li>
+% }
+ </ul>
+% for my $category (sort { $catsort{$a} <=> $catsort{$b} } keys %categories) {
+ <div id="acl-addprincipal-<% $category %>">
<ul class="rights-list">
-% for my $right (sort keys %available_rights) {
+% for my $right (sort @{$categories{$category}}) {
<li>
<input type="checkbox" class="checkbox"
name="SetRights-<% $acldesc %>"
@@ -138,8 +174,11 @@ if ( $AddPrincipal ) {
<% loc($available_rights{$right}) %>
</label>
</li>
-% }
+% }
</ul>
+ </div>
+% }
+ </div>
</div>
% }
</div>
diff --git a/share/html/NoAuth/css/base/rights-editor.css b/share/html/NoAuth/css/base/rights-editor.css
index 82d7a56..5b5c216 100644
--- a/share/html/NoAuth/css/base/rights-editor.css
+++ b/share/html/NoAuth/css/base/rights-editor.css
@@ -7,6 +7,7 @@
.rights-editor {
border: none;
background: transparent;
+ width: 100%;
}
/* Position and style the left tabs */
@@ -15,6 +16,7 @@
background: transparent;
border: none;
color: black;
+ width: 25%;
}
.rights-editor > .ui-tabs-nav li {
@@ -43,7 +45,8 @@ li.category ~ li.category {
/* Position the outer-most panel */
.rights-editor > .ui-tabs-panel {
position: static;
- float: right;
+ float: left;
+ width: 72%;
}
.rights-editor .ui-tabs-panel {
@@ -57,3 +60,7 @@ li.category ~ li.category {
.rights-editor ul.rights-list {
list-style: none;
}
+
+.category-tabs {
+ width: 100%;
+}
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list