[Rt-commit] rt branch, 3.9-trunk, updated. rt-3.8.8-717-g96acb1b

Thomas Sibley trs at bestpractical.com
Tue Sep 7 12:29:00 EDT 2010 

The branch, 3.9-trunk has been updated
       via  96acb1b150afc409a9cc94df664faf7ed795ff09 (commit)
       via  1e13c5e996e3123d0e956fd8877eee56293c67ee (commit)
       via  d767fd5d0924666abb5ab864005210553d3717c9 (commit)
       via  5740b7ad08bbf4b45154555e8f6d49d917670159 (commit)
      from  229f48969a89ebc89a2dd8ee578439a1937a7bb9 (commit)

Summary of changes:
 lib/RT/Interface/Web.pm                      |   17 +++++++++++++-
 lib/RT/Principal_Overlay.pm                  |    6 +++++
 lib/RT/Users_Overlay.pm                      |    5 ++-
 share/html/NoAuth/css/base/rights-editor.css |   29 ++++++++++++++++++++++++++
 4 files changed, 53 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit 5740b7ad08bbf4b45154555e8f6d49d917670159
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Fri Sep 3 16:59:24 2010 -0400

    Revoking an invalid right shouldn't be an error condition
    
    Instead, warn appropriately and then return success.  HasRight and
    friends check for right validity as well, so there's no harm in ignoring
    invalid rights in RevokeRight.

diff --git a/lib/RT/Principal_Overlay.pm b/lib/RT/Principal_Overlay.pm
index e57f6a3..65992b5 100755
--- a/lib/RT/Principal_Overlay.pm
+++ b/lib/RT/Principal_Overlay.pm
@@ -210,6 +210,12 @@ sub RevokeRight {
         PrincipalType => $type,
         PrincipalId   => $self->Id
     );
+
+    if ( not $status and $msg =~ /Invalid right/ ) {
+        $RT::Logger->warn("Tried to revoke the invalid right '$args{Right}', ignoring it.");
+        return (1);
+    }
+
     return ($status, $msg) unless $status;
     return $ace->Delete;
 }

commit d767fd5d0924666abb5ab864005210553d3717c9
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Tue Sep 7 10:54:23 2010 -0400

    Return the group members alias from within WhoHaveGroupRight
    
    This lets us extend the query outside of the methods provided without
    duplicating a join.

diff --git a/lib/RT/Users_Overlay.pm b/lib/RT/Users_Overlay.pm
index decfe4b..1896d0c 100755
--- a/lib/RT/Users_Overlay.pm
+++ b/lib/RT/Users_Overlay.pm
@@ -461,6 +461,7 @@ sub _JoinGroupMembersForGroupRights
                   VALUE => "$group_members.GroupId",
                   QUOTEVALUE => 0,
                 );
+    return $group_members;
 }
 
 # XXX: should be generalized
@@ -504,7 +505,7 @@ sub WhoHaveGroupRight
     }
     $self->_AddSubClause( "WhichObject", "($check_objects)" );
     
-    $self->_JoinGroupMembersForGroupRights( %args, ACLAlias => $acl );
+    my $group_members = $self->_JoinGroupMembersForGroupRights( %args, ACLAlias => $acl );
     # Find only members of groups that have the right.
     $self->Limit( ALIAS => $acl,
                   FIELD => 'PrincipalType',
@@ -517,7 +518,7 @@ sub WhoHaveGroupRight
                   OPERATOR => '!=',
                   VALUE => $RT::SystemUser->id
                 );
-    return;
+    return $group_members;
 }
 
 # {{{ WhoBelongToGroups

commit 1e13c5e996e3123d0e956fd8877eee56293c67ee
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Tue Sep 7 10:57:01 2010 -0400

    Actually restrict the user list in the rights editor to those with rights
    
    We limit on groups of domain ACLEquivalence and type UserEquiv in order
    to do this.

diff --git a/lib/RT/Interface/Web.pm b/lib/RT/Interface/Web.pm
index a946176..cdc8634 100755
--- a/lib/RT/Interface/Web.pm
+++ b/lib/RT/Interface/Web.pm
@@ -2230,12 +2230,25 @@ sub GetPrincipalsMap {
             $Users->OrderBy( FIELD => 'Name', ORDER => 'ASC' );
 
             # Only show users who have rights granted on this object
-            $Users->WhoHaveGroupRight(
+            my $group_members = $Users->WhoHaveGroupRight(
                 Right   => '',
                 Object  => $object,
-                IncludeSystemRights => 0
+                IncludeSystemRights => 0,
+                IncludeSubgroupMembers => 0,
             );
 
+            # Limit to UserEquiv groups
+            my $groups = $Users->NewAlias('Groups');
+            $Users->Join(
+                ALIAS1 => $groups,
+                FIELD1 => 'id',
+                ALIAS2 => $group_members,
+                FIELD2 => 'GroupId'
+            );
+            $Users->Limit( ALIAS => $groups, FIELD => 'Domain', VALUE => 'ACLEquivalence' );
+            $Users->Limit( ALIAS => $groups, FIELD => 'Type', VALUE => 'UserEquiv' );
+
+
             my $display = sub {
                 $m->scomp('/Elements/ShowUser', User => $_[0], NoEscape => 1)
             };

commit 96acb1b150afc409a9cc94df664faf7ed795ff09
Author: Thomas Sibley <trs at bestpractical.com>
Date:   Tue Sep 7 11:50:37 2010 -0400

    Kill the orange from the rights editor UI

diff --git a/share/html/NoAuth/css/base/rights-editor.css b/share/html/NoAuth/css/base/rights-editor.css
index 937123c..b8fc3b6 100644
--- a/share/html/NoAuth/css/base/rights-editor.css
+++ b/share/html/NoAuth/css/base/rights-editor.css
@@ -70,4 +70,33 @@ li.category ~ li.category {
 
 .category-tabs {
     width: 100%;
+    border: none;
+    background: none;
+}
+
+.category-tabs .ui-tabs-nav {
+    border: none;
+    background: none;
 }
+
+.category-tabs .ui-tabs-panel {
+    background: none;
+    border: 1px solid #aaa;
+}
+
+.rights-editor li.ui-tabs-selected {
+    background: white !important;
+    color: #222 !important;
+    border-color: #aaa !important; 
+}
+
+.rights-editor .ui-state-active a,
+.rights-editor .ui-state-hover a {
+    color: #222 !important;
+}
+
+.rights-editor .category-tabs li.ui-state-hover {
+    background: #f6f6f6;
+    border-color: #aaa !important;
+}
+

-----------------------------------------------------------------------

More information about the Rt-commit mailing list