[Rt-commit] rt branch, remove-delegation, updated. rt-3.8.8-725-g69f7b53
Jesse Vincent
jesse at bestpractical.com
Sun Sep 12 09:37:19 EDT 2010
The branch, remove-delegation has been updated
via 69f7b530b88eefe3bafe3fcc3b5daa5afee35a85 (commit)
via f362507c65aae202fcf24afcadc885ea921eea83 (commit)
via 5e6912a5c96b88c4ed8f75f55c85ca624b08baec (commit)
via 8d517208dded9209599cdc08ae94bdefe24aeb88 (commit)
via e41f5b3edd5ec5afad038ded9e0ed0f4ea5605d5 (commit)
via d9c39cc1a98a290df8e30878d57b1b15368c4271 (commit)
from a2f5c421711acf53426c23cc763d87af6976eb4b (commit)
Summary of changes:
UPGRADING | 2 +
etc/schema.Informix | 2 -
etc/schema.Oracle | 4 +-
etc/schema.Pg | 2 -
etc/schema.SQLite | 4 +-
etc/schema.Sybase | 2 -
etc/schema.mysql-4.0 | 2 -
etc/schema.mysql-4.1 | 2 -
etc/upgrade/3.9.2/content | 31 ++
etc/upgrade/3.9.3/schema.Oracle | 2 +
etc/upgrade/3.9.3/schema.Pg | 2 +
etc/upgrade/{3.3.11 => 3.9.3}/schema.SQLite | 0
etc/upgrade/3.9.3/schema.mysql | 2 +
lib/RT/ACE_Overlay.pm | 144 +--------
lib/RT/ACL_Overlay.pm | 66 ----
lib/RT/CachedGroupMember_Overlay.pm | 59 +----
lib/RT/GroupMember_Overlay.pm | 10 -
lib/RT/Group_Overlay.pm | 55 ----
lib/RT/Principal_Overlay.pm | 35 --
lib/RT/Shredder/CachedGroupMember.pm | 8 -
lib/RT/System.pm | 3 -
lib/RT/User_Overlay.pm | 67 ----
share/html/User/Delegation.html | 107 -------
share/html/User/Elements/DelegateRights | 110 -------
share/html/User/Elements/GroupTabs | 84 -----
share/html/User/Elements/Tabs | 8 -
share/html/User/Groups/Members.html | 160 ----------
share/html/User/Groups/Modify.html | 157 ---------
share/html/User/Groups/index.html | 67 ----
t/api/ace.t | 237 --------------
t/delegation/cleanup_stalled.t | 458 ---------------------------
t/delegation/revocation.t | 135 --------
32 files changed, 48 insertions(+), 1979 deletions(-)
create mode 100644 etc/upgrade/3.9.2/content
create mode 100644 etc/upgrade/3.9.3/schema.Oracle
create mode 100644 etc/upgrade/3.9.3/schema.Pg
copy etc/upgrade/{3.3.11 => 3.9.3}/schema.SQLite (100%)
create mode 100644 etc/upgrade/3.9.3/schema.mysql
delete mode 100755 share/html/User/Delegation.html
delete mode 100755 share/html/User/Elements/DelegateRights
delete mode 100755 share/html/User/Elements/GroupTabs
delete mode 100755 share/html/User/Groups/Members.html
delete mode 100755 share/html/User/Groups/Modify.html
delete mode 100755 share/html/User/Groups/index.html
delete mode 100644 t/api/ace.t
delete mode 100644 t/delegation/cleanup_stalled.t
delete mode 100644 t/delegation/revocation.t
- Log -----------------------------------------------------------------
commit d9c39cc1a98a290df8e30878d57b1b15368c4271
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Tue Sep 7 14:10:32 2010 -0400
First pass of removing RT's delegation feature
diff --git a/lib/RT/ACE_Overlay.pm b/lib/RT/ACE_Overlay.pm
index aa75672..6ef9c54 100755
--- a/lib/RT/ACE_Overlay.pm
+++ b/lib/RT/ACE_Overlay.pm
@@ -187,8 +187,6 @@ PARAMS is a parameter hash with the following elements:
PrincipalId => The id of an RT::Principal object
PrincipalType => "User" "Group" or any Role type
RightName => the name of a right. in any case
- DelegatedBy => The Principal->Id of the user delegating the right
- DelegatedFrom => The id of the ACE which this new ACE is delegated from
Either:
@@ -289,8 +287,7 @@ sub Create {
RightName => $args{'RightName'},
ObjectType => $args{'ObjectType'},
ObjectId => $args{'ObjectId'},
- DelegatedBy => 0,
- DelegatedFrom => 0 );
+ );
if ( $self->Id ) {
return ( 0, $self->loc('That principal already has that right') );
}
@@ -300,8 +297,7 @@ sub Create {
RightName => $args{'RightName'},
ObjectType => ref( $args{'Object'} ),
ObjectId => $args{'Object'}->id,
- DelegatedBy => 0,
- DelegatedFrom => 0 );
+ );
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
RT::Principal->InvalidateACLCache();
@@ -316,106 +312,6 @@ sub Create {
# }}}
-# {{{ sub Delegate
-
-=head2 Delegate <PARAMS>
-
-This routine delegates the current ACE to a principal specified by the
-B<PrincipalId> parameter.
-
-Returns an error if the current user doesn't have the right to be delegated
-or doesn't have the right to delegate rights.
-
-Always returns a tuple of (ReturnValue, Message)
-
-
-=cut
-
-sub Delegate {
- my $self = shift;
- my %args = ( PrincipalId => undef,
- @_ );
-
- unless ( $self->Id ) {
- return ( 0, $self->loc("Right not loaded.") );
- }
- my $princ_obj;
- ( $princ_obj, $args{'PrincipalType'} ) =
- $self->_CanonicalizePrincipal( $args{'PrincipalId'},
- $args{'PrincipalType'} );
-
- unless ( $princ_obj->id ) {
- return ( 0,
- $self->loc( 'Principal [_1] not found.', $args{'PrincipalId'} )
- );
- }
-
- # }}}
-
- # {{{ Check the ACL
-
- # First, we check to se if the user is delegating rights and
- # they have the permission to
- unless ( $self->CurrentUser->HasRight(Right => 'DelegateRights', Object => $self->Object) ) {
- return ( 0, $self->loc("Permission Denied") );
- }
-
- unless ( $self->PrincipalObj->IsGroup ) {
- return ( 0, $self->loc("System Error") );
- }
- unless ( $self->PrincipalObj->Object->HasMemberRecursively(
- $self->CurrentUser->PrincipalObj
- )
- ) {
- return ( 0, $self->loc("Permission Denied") );
- }
-
- # }}}
-
- my $concurrency_check = RT::ACE->new($RT::SystemUser);
- $concurrency_check->Load( $self->Id );
- unless ( $concurrency_check->Id ) {
- $RT::Logger->crit(
- "Trying to delegate a right which had already been deleted");
- return ( 0, $self->loc('Permission Denied') );
- }
-
- my $delegated_ace = RT::ACE->new( $self->CurrentUser );
-
- # Make sure the right doesn't already exist.
- $delegated_ace->LoadByCols( PrincipalId => $princ_obj->Id,
- PrincipalType => 'Group',
- RightName => $self->__Value('RightName'),
- ObjectType => $self->__Value('ObjectType'),
- ObjectId => $self->__Value('ObjectId'),
- DelegatedBy => $self->CurrentUser->PrincipalId,
- DelegatedFrom => $self->id );
- if ( $delegated_ace->Id ) {
- return ( 0, $self->loc('That principal already has that right') );
- }
- my $id = $delegated_ace->SUPER::Create(
- PrincipalId => $princ_obj->Id,
- PrincipalType => 'Group', # do we want to hardcode this?
- RightName => $self->__Value('RightName'),
- ObjectType => $self->__Value('ObjectType'),
- ObjectId => $self->__Value('ObjectId'),
- DelegatedBy => $self->CurrentUser->PrincipalId,
- DelegatedFrom => $self->id );
-
- #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
- # TODO what about the groups key cache?
- RT::Principal->InvalidateACLCache();
-
- if ( $id > 0 ) {
- return ( $id, $self->loc('Right Delegated') );
- }
- else {
- return ( 0, $self->loc('System error. Right not delegated.') );
- }
-}
-
-# }}}
-
# {{{ sub Delete
=head2 Delete { InsideTransaction => undef}
@@ -437,11 +333,7 @@ sub Delete {
# A user can delete an ACE if the current user has the right to modify it and it's not a delegated ACE
# or if it's a delegated ACE and it was delegated by the current user
- unless (
- ( $self->CurrentUser->HasRight(Right => 'ModifyACL', Object => $self->Object)
- && $self->__Value('DelegatedBy') == 0 )
- || ( $self->__Value('DelegatedBy') == $self->CurrentUser->PrincipalId )
- ) {
+ unless ($self->CurrentUser->HasRight(Right => 'ModifyACL', Object => $self->Object)) {
return ( 0, $self->loc('Permission Denied') );
}
$self->_Delete(@_);
@@ -457,33 +349,8 @@ sub _Delete {
$RT::Handle->BeginTransaction() unless $InsideTransaction;
- my $delegated_from_this = RT::ACL->new($RT::SystemUser);
- $delegated_from_this->Limit( FIELD => 'DelegatedFrom',
- OPERATOR => '=',
- VALUE => $self->Id );
-
- my $delete_succeeded = 1;
- my $submsg;
- while ( my $delegated_ace = $delegated_from_this->Next ) {
- ( $delete_succeeded, $submsg ) =
- $delegated_ace->_Delete( InsideTransaction => 1 );
- last unless ($delete_succeeded);
- }
-
- unless ($delete_succeeded) {
- $RT::Handle->Rollback() unless $InsideTransaction;
- return ( 0, $self->loc('Right could not be revoked') );
- }
-
my ( $val, $msg ) = $self->SUPER::Delete(@_);
- # If we're revoking delegation rights (see above), we may need to
- # revoke all rights delegated by the recipient.
- if ($val and ($self->RightName() eq 'DelegateRights' or
- $self->RightName() eq 'SuperUser')) {
- $val = $self->PrincipalObj->_CleanupInvalidDelegations( InsideTransaction => 1 );
- }
-
if ($val) {
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
@@ -647,10 +514,7 @@ sub _Set {
sub _Value {
my $self = shift;
- if ( $self->__Value('DelegatedBy') eq $self->CurrentUser->PrincipalId ) {
- return ( $self->__Value(@_) );
- }
- elsif ( $self->PrincipalObj->IsGroup
+ if ( $self->PrincipalObj->IsGroup
&& $self->PrincipalObj->Object->HasMemberRecursively(
$self->CurrentUser->PrincipalObj
)
diff --git a/lib/RT/ACL_Overlay.pm b/lib/RT/ACL_Overlay.pm
index 0633e11..18decf8 100755
--- a/lib/RT/ACL_Overlay.pm
+++ b/lib/RT/ACL_Overlay.pm
@@ -210,72 +210,6 @@ sub LimitToPrincipal {
-# {{{ ExcludeDelegatedRights
-
-=head2 ExcludeDelegatedRights
-
-Don't list rights which have been delegated.
-
-=cut
-
-sub ExcludeDelegatedRights {
- my $self = shift;
- $self->DelegatedBy(Id => 0);
- $self->DelegatedFrom(Id => 0);
-}
-# }}}
-
-# {{{ DelegatedBy
-
-=head2 DelegatedBy { Id => undef }
-
-Limit the ACL to rights delegated by the principal whose Principal Id is
-B<Id>
-
-Id is not optional.
-
-=cut
-
-sub DelegatedBy {
- my $self = shift;
- my %args = (
- Id => undef,
- @_
- );
- $self->Limit(
- FIELD => 'DelegatedBy',
- OPERATOR => '=',
- VALUE => $args{'Id'},
- ENTRYAGGREGATOR => 'OR'
- );
-
-}
-
-# }}}
-
-# {{{ DelegatedFrom
-
-=head2 DelegatedFrom { Id => undef }
-
-Limit the ACL to rights delegate from the ACE which has the Id specified
-by the Id parameter.
-
-Id is not optional.
-
-=cut
-
-sub DelegatedFrom {
- my $self = shift;
- my %args = (
- Id => undef,
- @_);
- $self->Limit(FIELD => 'DelegatedFrom', OPERATOR=> '=', VALUE => $args{'Id'}, ENTRYAGGREGATOR => 'OR');
-
-}
-
-# }}}
-
-
# {{{ sub Next
sub Next {
my $self = shift;
diff --git a/lib/RT/CachedGroupMember_Overlay.pm b/lib/RT/CachedGroupMember_Overlay.pm
index a6e6f2e..c331f0d 100755
--- a/lib/RT/CachedGroupMember_Overlay.pm
+++ b/lib/RT/CachedGroupMember_Overlay.pm
@@ -210,40 +210,12 @@ sub Delete {
}
}
}
- my $err = $self->SUPER::Delete();
- unless ($err) {
+ my $ret = $self->SUPER::Delete();
+ unless ($ret) {
$RT::Logger->error( "Couldn't delete CachedGroupMember " . $self->Id );
return (undef);
}
-
- # Unless $self->GroupObj still has the member recursively $self->MemberObj
- # (Since we deleted the database row above, $self no longer counts)
- unless ( $self->GroupObj->Object->HasMemberRecursively( $self->MemberId ) ) {
-
-
- # Find all ACEs granted to $self->GroupId
- my $acl = RT::ACL->new($RT::SystemUser);
- $acl->LimitToPrincipal( Id => $self->GroupId );
-
-
- while ( my $this_ace = $acl->Next() ) {
- # Find all ACEs which $self-MemberObj has delegated from $this_ace
- my $delegations = RT::ACL->new($RT::SystemUser);
- $delegations->DelegatedFrom( Id => $this_ace->Id );
- $delegations->DelegatedBy( Id => $self->MemberId );
-
- # For each delegation
- while ( my $delegation = $delegations->Next ) {
- # WHACK IT
- my $del_ret = $delegation->_Delete(InsideTransaction => 1);
- unless ($del_ret) {
- $RT::Logger->crit("Couldn't delete an ACL delegation that we know exists ". $delegation->Id);
- return(undef);
- }
- }
- }
- }
- return ($err);
+ return $ret;
}
# }}}
@@ -286,31 +258,6 @@ sub SetDisabled {
}
}
}
-
- # Unless $self->GroupObj still has the member recursively $self->MemberObj
- # (Since we SetDisabledd the database row above, $self no longer counts)
- unless ( $self->GroupObj->Object->HasMemberRecursively( $self->MemberId ) ) {
- # Find all ACEs granted to $self->GroupId
- my $acl = RT::ACL->new($RT::SystemUser);
- $acl->LimitToPrincipal( Id => $self->GroupId );
-
- while ( my $this_ace = $acl->Next() ) {
- # Find all ACEs which $self-MemberObj has delegated from $this_ace
- my $delegations = RT::ACL->new($RT::SystemUser);
- $delegations->DelegatedFrom( Id => $this_ace->Id );
- $delegations->DelegatedBy( Id => $self->MemberId );
-
- # For each delegation, blow away the delegation
- while ( my $delegation = $delegations->Next ) {
- # WHACK IT
- my $del_ret = $delegation->_Delete(InsideTransaction => 1);
- unless ($del_ret) {
- $RT::Logger->crit("Couldn't delete an ACL delegation that we know exists ". $delegation->Id);
- return(undef);
- }
- }
- }
- }
return ($err);
}
diff --git a/lib/RT/GroupMember_Overlay.pm b/lib/RT/GroupMember_Overlay.pm
index 50b0c0f..c78ce38 100755
--- a/lib/RT/GroupMember_Overlay.pm
+++ b/lib/RT/GroupMember_Overlay.pm
@@ -334,16 +334,6 @@ sub Delete {
return (undef);
}
- # Since this deletion may have changed the former member's
- # delegation rights, we need to ensure that no invalid delegations
- # remain.
- $err = $self->MemberObj->_CleanupInvalidDelegations(InsideTransaction => 1);
- unless ($err) {
- $RT::Logger->warning("Unable to revoke delegated rights for principal ".$self->Id);
- $RT::Handle->Rollback();
- return (undef);
- }
-
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
RT::Principal->InvalidateACLCache();
diff --git a/lib/RT/Group_Overlay.pm b/lib/RT/Group_Overlay.pm
index dc13082..88f572d 100755
--- a/lib/RT/Group_Overlay.pm
+++ b/lib/RT/Group_Overlay.pm
@@ -87,8 +87,6 @@ $RIGHTS = {
AdminGroup => 'Modify group metadata or delete group', # loc_pair
AdminGroupMembership =>
'Modify membership roster for this group', # loc_pair
- DelegateRights =>
- "Delegate specific rights which have been granted to you.", # loc_pair
ModifyOwnMembership => 'Join or leave this group', # loc_pair
EditSavedSearches => 'Edit saved searches for this group', # loc_pair
ShowSavedSearches => 'Display saved searches for this group', # loc_pair
@@ -103,7 +101,6 @@ $RIGHTS = {
$RIGHT_CATEGORIES = {
AdminGroup => 'Admin',
AdminGroupMembership => 'Admin',
- DelegateRights => 'Staff',
ModifyOwnMembership => 'Staff',
EditSavedSearches => 'Admin',
ShowSavedSearches => 'Staff',
@@ -1227,58 +1224,6 @@ sub _DeleteMember {
# }}}
-# {{{ sub _CleanupInvalidDelegations
-
-=head2 _CleanupInvalidDelegations { InsideTransaction => undef }
-
-Revokes all ACE entries delegated by members of this group which are
-inconsistent with their current delegation rights. Does not perform
-permission checks. Should only ever be called from inside the RT
-library.
-
-If called from inside a transaction, specify a true value for the
-InsideTransaction parameter.
-
-Returns a true value if the deletion succeeded; returns a false value
-and logs an internal error if the deletion fails (should not happen).
-
-=cut
-
-# XXX Currently there is a _CleanupInvalidDelegations method in both
-# RT::User and RT::Group. If the recursive cleanup call for groups is
-# ever unrolled and merged, this code will probably want to be
-# factored out into RT::Principal.
-
-sub _CleanupInvalidDelegations {
- my $self = shift;
- my %args = ( InsideTransaction => undef,
- @_ );
-
- unless ( $self->Id ) {
- $RT::Logger->warning("Group not loaded.");
- return (undef);
- }
-
- my $in_trans = $args{InsideTransaction};
-
- # TODO: Can this be unrolled such that the number of DB queries is constant rather than linear in exploded group size?
- my $members = $self->DeepMembersObj();
- $members->LimitToUsers();
- $RT::Handle->BeginTransaction() unless $in_trans;
- while ( my $member = $members->Next()) {
- my $ret = $member->MemberObj->_CleanupInvalidDelegations(InsideTransaction => 1,
- Object => $args{Object});
- unless ($ret) {
- $RT::Handle->Rollback() unless $in_trans;
- return (undef);
- }
- }
- $RT::Handle->Commit() unless $in_trans;
- return(1);
-}
-
-# }}}
-
# {{{ ACL Related routines
# {{{ sub _Set
diff --git a/lib/RT/Principal_Overlay.pm b/lib/RT/Principal_Overlay.pm
index 65992b5..fee67de 100755
--- a/lib/RT/Principal_Overlay.pm
+++ b/lib/RT/Principal_Overlay.pm
@@ -222,41 +222,6 @@ sub RevokeRight {
# }}}
-# {{{ sub _CleanupInvalidDelegations
-
-=head2 sub _CleanupInvalidDelegations { InsideTransaction => undef }
-
-Revokes all ACE entries delegated by this principal which are
-inconsistent with this principal's current delegation rights. Does
-not perform permission checks, but takes no action and returns success
-if this principal still retains DelegateRights. Should only ever be
-called from inside the RT library.
-
-If this principal is a group, recursively calls this method on each
-cached user member of itself.
-
-If called from inside a transaction, specify a true value for the
-InsideTransaction parameter.
-
-Returns a true value if the deletion succeeded; returns a false value
-and logs an internal error if the deletion fails (should not happen).
-
-=cut
-
-# This is currently just a stub for the methods of the same name in
-# RT::User and RT::Group.
-
-sub _CleanupInvalidDelegations {
- my $self = shift;
- unless ( $self->Id ) {
- $RT::Logger->warning("Principal not loaded.");
- return (undef);
- }
- return ($self->Object->_CleanupInvalidDelegations(@_));
-}
-
-# }}}
-
# {{{ sub HasRight
=head2 sub HasRight (Right => 'right' Object => undef)
diff --git a/lib/RT/Shredder/CachedGroupMember.pm b/lib/RT/Shredder/CachedGroupMember.pm
index 8190cf1..2a6d98e 100644
--- a/lib/RT/Shredder/CachedGroupMember.pm
+++ b/lib/RT/Shredder/CachedGroupMember.pm
@@ -85,16 +85,8 @@ sub __DependsOn
my $acl = RT::ACL->new( $self->CurrentUser );
$acl->LimitToPrincipal( Id => $self->GroupId );
- # look into all rights that have group
- while( my $ace = $acl->Next ) {
- my $delegations = RT::ACL->new( $self->CurrentUser );
- $delegations->DelegatedFrom( Id => $ace->Id );
- $delegations->DelegatedBy( Id => $self->MemberId );
- push( @$list, $delegations );
- }
}
-# XXX: Do we need to delete records if user lost right 'DelegateRights'?
$deps->_PushDependencies(
BaseObject => $self,
diff --git a/lib/RT/System.pm b/lib/RT/System.pm
index 8bee2d8..1927ccc 100755
--- a/lib/RT/System.pm
+++ b/lib/RT/System.pm
@@ -83,8 +83,6 @@ our $RIGHTS = {
'Create, delete and modify the members of personal groups', # loc_pair
AdminUsers => 'Create, delete and modify users', # loc_pair
ModifySelf => "Modify one's own RT account", # loc_pair
- DelegateRights =>
- "Delegate specific rights which have been granted to you.", # loc_pair
ShowConfigTab => "Show Configuration tab", # loc_pair
ShowApprovalsTab => "Show Approvals tab", # loc_pair
ShowGlobalTemplates => "Show global templates", # loc_pair
@@ -99,7 +97,6 @@ our $RIGHT_CATEGORIES = {
AdminOwnPersonalGroups => 'Admin',
AdminUsers => 'Admin',
ModifySelf => 'Staff',
- DelegateRights => 'Admin',
ShowConfigTab => 'Admin',
ShowApprovalsTab => 'Admin',
ShowGlobalTemplates => 'Staff',
diff --git a/lib/RT/User_Overlay.pm b/lib/RT/User_Overlay.pm
index bd02621..14ee24f 100755
--- a/lib/RT/User_Overlay.pm
+++ b/lib/RT/User_Overlay.pm
@@ -1359,73 +1359,6 @@ sub WatchedQueues {
}
-=head2 _CleanupInvalidDelegations { InsideTransaction => undef }
-
-Revokes all ACE entries delegated by this user which are inconsistent
-with their current delegation rights. Does not perform permission
-checks. Should only ever be called from inside the RT library.
-
-If called from inside a transaction, specify a true value for the
-InsideTransaction parameter.
-
-Returns a true value if the deletion succeeded; returns a false value
-and logs an internal error if the deletion fails (should not happen).
-
-=cut
-
-# XXX Currently there is a _CleanupInvalidDelegations method in both
-# RT::User and RT::Group. If the recursive cleanup call for groups is
-# ever unrolled and merged, this code will probably want to be
-# factored out into RT::Principal.
-
-sub _CleanupInvalidDelegations {
- my $self = shift;
- my %args = ( InsideTransaction => undef,
- @_ );
-
- unless ( $self->Id ) {
- $RT::Logger->warning("User not loaded.");
- return (undef);
- }
-
- my $in_trans = $args{InsideTransaction};
-
- return(1) if ($self->HasRight(Right => 'DelegateRights',
- Object => $RT::System));
-
- # Look up all delegation rights currently posessed by this user.
- my $deleg_acl = RT::ACL->new($RT::SystemUser);
- $deleg_acl->LimitToPrincipal(Type => 'User',
- Id => $self->PrincipalId,
- IncludeGroupMembership => 1);
- $deleg_acl->Limit( FIELD => 'RightName',
- OPERATOR => '=',
- VALUE => 'DelegateRights' );
- my @allowed_deleg_objects = map {$_->Object()}
- @{$deleg_acl->ItemsArrayRef()};
-
- # Look up all rights delegated by this principal which are
- # inconsistent with the allowed delegation objects.
- my $acl_to_del = RT::ACL->new($RT::SystemUser);
- $acl_to_del->DelegatedBy(Id => $self->Id);
- foreach (@allowed_deleg_objects) {
- $acl_to_del->LimitNotObject($_);
- }
-
- # Delete all disallowed delegations
- while ( my $ace = $acl_to_del->Next() ) {
- my $ret = $ace->_Delete(InsideTransaction => 1);
- unless ($ret) {
- $RT::Handle->Rollback() unless $in_trans;
- $RT::Logger->warning("Couldn't delete delegated ACL entry ".$ace->Id);
- return (undef);
- }
- }
-
- $RT::Handle->Commit() unless $in_trans;
- return (1);
-}
-
sub _Set {
my $self = shift;
diff --git a/share/html/User/Delegation.html b/share/html/User/Delegation.html
deleted file mode 100755
index 5f9683c..0000000
--- a/share/html/User/Delegation.html
+++ /dev/null
@@ -1,107 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => loc("Delegate rights") &>
-<& /User/Elements/Tabs,
- current_tab => 'User/Delegation.html',
- Title => loc("Delegate rights") &>
-
-<& /Elements/ListActions, actions => \@results &>
-
-<form method="post">
-<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::System' &>
-<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::Queue' &>
-<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::Group' &>
-
-<& /Elements/Submit, Label => loc('Modify Rights') &>
-</form>
-<%INIT>
-
-my (@results, $arg);
-foreach $arg (keys %ARGS) {
- next unless ($arg =~ /^Delegate-Existing-ACE-(\d+)-to-(\d+)-as-(\d+)$/);
- my $parent = $1;
- my $principal = $2;
- my $delegation = $3;
- unless ($ARGS{"Delegate-ACE-$1-to-$2"}) {
- my $ace_to_del = RT::ACE->new($session{'CurrentUser'});
- $ace_to_del->Load($delegation);
- my ($delval, $delmsg) = $ace_to_del->Delete();
- push (@results, $delmsg);
- }
-}
-
-foreach $arg (keys %ARGS) {
- next unless ($arg =~ /^Delegate-ACE-(\d+)-to-(\d+)$/);
- my $parent = $1;
- my $principal = $2;
- # if we already delegate it, we just don't care
- next if (grep /^Delegate-Existing-ACE-$parent-to-$principal-/, keys %ARGS);
- my $ace = RT::ACE->new($session{'CurrentUser'});
- $ace->Load($1);
- unless ($ace->Id) {
- push (@results, loc('Right not found'));
- next;
- }
- my ($delid, $delmsg) = $ace->Delegate(PrincipalId => $principal);
- push (@results, $delmsg);
-}
-
-my $personalgroups = RT::Groups->new($session{'CurrentUser'});
-$personalgroups->LimitToPersonalGroupsFor($session{'CurrentUser'}->PrincipalId);
-
-my $objects;
-my $acl = RT::ACL->new ($session{'CurrentUser'});
-$acl->ExcludeDelegatedRights();
-$acl->LimitToPrincipal(Id => $session{'CurrentUser'}->PrincipalId,
- IncludeGroupMembership => 1
- );
-
-while(my $right = $acl->Next) {
- push @{$objects->{$right->ObjectType}{$right->ObjectId}},$right;
-}
-</%INIT>
diff --git a/share/html/User/Elements/DelegateRights b/share/html/User/Elements/DelegateRights
deleted file mode 100755
index d88aa38..0000000
--- a/share/html/User/Elements/DelegateRights
+++ /dev/null
@@ -1,110 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<h2><%$sectionheading%></h2>
-<%perl>
-
-foreach my $object (keys %{$objects->{$ObjectType}}) {
-unless ($ObjectType eq 'RT::System') {
-my $object_obj = @{$objects->{$ObjectType}{$object}}[0]->Object;
-
-</%perl>
-<h3><% $object_obj->Name %></h3>
-% }
-<table width="100%" border="0" cellspacing="0" cellpadding="3">
-<tr>
- <th width="15%"><&|/l&>Personal Groups</&>:</th>
-% while (my $pg = $personalgroups->Next) {
-<th><%$pg->Name%></th>
-% }
-</tr>
-<%perl>
-my $i;
-foreach my $right (@{$objects->{$ObjectType}{$object}}) {
-my $delegations = RT::ACL->new($session{'CurrentUser'});
-$delegations->DelegatedBy( Id => $session{'CurrentUser'}->PrincipalId);
-$delegations->DelegatedFrom ( Id => $right->Id);
-
-my $del_hash = {};
-while ( my $delegation = $delegations->Next) {
- $del_hash->{$delegation->PrincipalId} = $delegation;
-}
-</%perl>
-% $i++;
-%
-<tr class="<%($i%2) && 'oddline'%>">
-<td>
-<% loc($right->RightName) %><br />
-<div align="right"><font size="-2" color="#999999"><&|/l, $right->PrincipalObj->Object->SelfDescription &>as granted to [_1]</&></font></div>
- </td>
-% while (my $pg = $personalgroups->Next) {
-<td align="center">
- <input name="Delegate-ACE-<% $right->Id %>-to-<% $pg->PrincipalId%>" type="checkbox" value="1" <%$ del_hash->{$pg->PrincipalId} && 'checked="checked"' %> />
-% if ( $del_hash->{$pg->PrincipalId}) {
-<input type="hidden" class="hidden" name="Delegate-Existing-ACE-<% $right->Id %>-to-<% $pg->PrincipalId%>-as-<%$del_hash->{$pg->PrincipalId}->Id%>" />
-% }
-</td>
-% }
-<td> </td>
-</tr>
-%}
-</table>
-% }
-<%init>
-
-my ($frendly_type) = ($ObjectType =~ /^RT::(.*)$/);
-my $sectionheading = loc("$frendly_type rights");
-# 'System rights' # loc
-# 'Group rights' # loc
-# 'Queue rights' # loc
-
-</%init>
-<%args>
-$ObjectType => undef
-$objects => undef
-$personalgroups => undef
-</%args>
diff --git a/share/html/User/Elements/GroupTabs b/share/html/User/Elements/GroupTabs
deleted file mode 100755
index f83f8b4..0000000
--- a/share/html/User/Elements/GroupTabs
+++ /dev/null
@@ -1,84 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<& /User/Elements/Tabs,
- subtabs => $tabs,
- current_tab => 'User/Groups/',
- current_subtab => $current_subtab,
- Title => $Title &>
-
-<%INIT>
-my $tabs;
-if ( $GroupObj and $GroupObj->id ) {
- $tabs->{"this"} = {
- title => $GroupObj->Name,
- path => "User/Groups/Modify.html?id=" . $GroupObj->id,
- subtabs => {
- Basics => { title => loc('Basics'),
- path => "User/Groups/Modify.html?id=" . $GroupObj->id
- },
-
- Members => { title => loc('Members'),
- path => "User/Groups/Members.html?id=" . $GroupObj->id
- },
-
- } };
- $tabs->{'this'}->{'current_subtab'} = $current_subtab;
- $current_subtab = "User/Groups/Modify.html?id=" . $GroupObj->id,
-}
-$tabs->{"A"} = { title => loc('Select group'),
- path => "User/Groups/index.html" };
-$tabs->{"B"} = { title => loc('New group'),
- path => "User/Groups/Modify.html?Create=1",
- separator => 1 };
-
-</%INIT>
-<%ARGS>
-$GroupObj => undef
-$current_subtab => undef
-$Title => undef
-</%ARGS>
diff --git a/share/html/User/Elements/Tabs b/share/html/User/Elements/Tabs
index 6517be8..a9cf747 100755
--- a/share/html/User/Elements/Tabs
+++ b/share/html/User/Elements/Tabs
@@ -61,14 +61,6 @@ my $tabs = {
title => loc('About me'),
path => 'User/Prefs.html',
},
- g => {
- title => loc('Personal Groups'),
- path => 'User/Groups/',
- },
- h => {
- title => loc('Delegation'),
- path => 'User/Delegation.html',
- },
f => {
title => loc('Search options'),
path => 'Prefs/SearchOptions.html',
diff --git a/share/html/User/Groups/Members.html b/share/html/User/Groups/Members.html
deleted file mode 100755
index eb10e65..0000000
--- a/share/html/User/Groups/Members.html
+++ /dev/null
@@ -1,160 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => $title &>
-<& /User/Elements/GroupTabs,
- GroupObj => $Group,
- current_subtab => "User/Groups/Members.html?id=".$Group->id,
- Title => $title &>
-<& /Elements/ListActions, actions => \@results &>
-
-
-
-<form action="<%RT->Config->Get('WebPath')%>/User/Groups/Members.html" method="post">
-<input type="hidden" class="hidden" name="id" value="<%$Group->Id%>" />
-<table width="100%">
-<tr>
-<td>
-<&|/l&>Add members</&>
-</td>
-<td>
-<&|/l&>Current members</&>
-</td>
-</tr>
-
-<tr>
-<td valign="top">
-<& /Admin/Elements/SelectNewGroupMembers, Name => "AddMembers", Group => $Group &>
-</td>
-<td valign="top">
-
-% if ($Group->MembersObj->Count == 0 ) {
-<em><&|/l&>(No members)</&></em>
-% } else {
-<em><&|/l&>(Check box to delete)</&></em>
-<br />
-<br />
-<&|/l&>Users</&>
-% my $UserMembers = $Group->MembersObj;
-% $UserMembers->LimitToUsers();
-<ul>
-% while (my $member = $UserMembers->Next()) {
-<li><input type="checkbox" class="checkbox" name="DeleteMember-<%$member->MemberId%>" value="1" />
-<& /Elements/ShowUser, User => $member->MemberObj->Object &>
-% }
-</ul>
-<&|/l&>Groups</&>
-<ul>
-% my $GroupMembers = $Group->MembersObj;
-% $GroupMembers->LimitToGroups();
-% while (my $member = $GroupMembers->Next()) {
-<li><input type="checkbox" class="checkbox" name="DeleteMember-<%$member->MemberId%>" value="1" />
-<%$member->MemberObj->Object->Name%>
-% }
-</ul>
-% }
-</td>
-</tr>
-</table>
-<& /Elements/Submit, Label => loc('Modify Members') &>
-</form>
-
-
-<%INIT>
-
-my $Group = RT::Group->new($session{'CurrentUser'});
-$Group->Load($id) ;
-
-unless ($Group->id) {
- Abort(loc('Could not load group'));
-}
-
-my (@results);
-
-foreach my $key (keys %ARGS) {
-
-if ($key =~ /^DeleteMember-(\d+)$/) {
- my $mem_id = $1;
- my ($val,$msg) = $Group->DeleteMember($mem_id);
- push (@results, $msg);
-}
-}
-
-# Make sure AddMembers is always an array
-my @AddMembersUsers = (ref $AddMembersUsers eq 'ARRAY') ? @{$AddMembersUsers} : ($AddMembersUsers);
-my @AddMembersGroups = (ref $AddMembersGroups eq 'ARRAY') ? @{$AddMembersGroups} : ($AddMembersGroups);
-
-foreach my $member (@AddMembersUsers, @AddMembersGroups) {
- next unless ($member);
-
- my $principal;
-
- if ($member =~ /^Group-(\d+)$/) {
- $principal = RT::Group->new($session{'CurrentUser'});
- $principal->Load($1);
- } elsif ($member =~ /^User-(\d+)$/) {
- $principal = RT::User->new($session{'CurrentUser'});
- $principal->Load($1);
- } else {
- next;
- }
-
-
- my ($val, $msg) = $Group->AddMember($principal->PrincipalId);
- push (@results, $msg);
-}
-
-
-my $title = loc('Editing membership for personal group [_1]', $Group->Name);
-
-</%INIT>
-
-<%ARGS>
-$AddMembersUsers => undef
-$AddMembersGroups => undef
-$id => undef
-</%ARGS>
diff --git a/share/html/User/Groups/Modify.html b/share/html/User/Groups/Modify.html
deleted file mode 100755
index 3d61f73..0000000
--- a/share/html/User/Groups/Modify.html
+++ /dev/null
@@ -1,157 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => $title &>
-
-<& /User/Elements/GroupTabs,
- GroupObj => $Group,
- current_subtab => $current_tab,
- Title => $title &>
-
-<& /Elements/ListActions, actions => \@results &>
-
-
-<form action="<%RT->Config->Get('WebPath')%>/User/Groups/Modify.html" method="post">
-
-%unless ($Group->Id) {
-<input type="hidden" class="hidden" name="id" value="new" />
-% } else {
-<input type="hidden" class="hidden" name="id" value="<%$Group->Id%>" />
-% }
-<table>
-<tr><td align="right">
-<&|/l&>Name</&>:
-</td>
-<td><input name="Name" value="<%$Group->Name%>" /></td>
-</tr><tr>
-<td align="right">
-<&|/l&>Description</&>:</td><td colspan="3"><input name="Description" value="<%$Group->Description%>" size="60" /></td>
-</tr><tr>
-<td colspan="2">
-<input type="hidden" class="hidden" name="SetEnabled" value="1" />
-<input type="checkbox" class="checkbox" name="Enabled" value="1" <%$EnabledChecked%> /> <&|/l&>Enabled (Unchecking this box disables this group)</&><br />
-</tr>
-</table>
-<& /Elements/Submit, Label => loc('Save Changes'), Reset => 1 &>
-</form>
-<%INIT>
-
-my $current_tab;
-my ($title, @results, $Disabled, $EnabledChecked);
-
-my $Group = RT::Group->new($session{'CurrentUser'});
-
-if ($Create) {
- $current_tab = 'User/Groups/Modify.html?Create=1';
- $title = loc("Create a new personal group");
-}
-else {
- if ( defined ($id) && $id eq 'new' ) {
-
- my ( $id, $msg ) = $Group->CreatePersonalGroup(
- Name => "$Name",
- PrincipalId => $session{'CurrentUser'}->PrincipalId
- );
- unless ($id) {
- Abort( loc("Could not create group") );
- }
- $id = $Group->Id;
- }
- else {
- $Group->Load($id) || Abort( loc('Could not load group') );
- }
-
- if ($id) {
- $title = loc( "Modify the group [_1]", $Group->Name );
-
- }
-
- # If the create failed
- else {
- $title = loc("Create a new personal group");
- $Create = 1;
- }
-
- $current_tab = 'User/Groups/Modify.html?id=' . $Group->Id;
-}
-
-if ($id) {
-
- my @fields = qw(Description Name );
- my @fieldresults = UpdateRecordObject ( AttributesRef => \@fields,
- Object => $Group,
- ARGSRef => \%ARGS );
- push (@results, at fieldresults);
-}
-
-#we're asking about enabled on the web page but really care about disabled.
-if ($Enabled == 1) {
- $Disabled = 0;
-}
-else {
- $Disabled = 1;
-}
-if ( ($SetEnabled) and ( $Disabled != $Group->Disabled) ) {
- my ($code, $msg) = $Group->SetDisabled($Disabled);
- push @results, loc('Enabled status [_1]', loc_fuzzy($msg));
-}
-
-unless ($Group->Disabled()) {
- $EnabledChecked = 'checked="checked"';
-}
-
-</%INIT>
-
-
-<%ARGS>
-$Create => undef
-$Name => undef
-$Description => undef
-$SetEnabled => undef
-$Enabled => undef
-$id => undef
-</%ARGS>
diff --git a/share/html/User/Groups/index.html b/share/html/User/Groups/index.html
deleted file mode 100755
index 796d926..0000000
--- a/share/html/User/Groups/index.html
+++ /dev/null
@@ -1,67 +0,0 @@
-%# BEGIN BPS TAGGED BLOCK {{{
-%#
-%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2010 Best Practical Solutions, LLC
-%# <jesse at bestpractical.com>
-%#
-%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
-%# LICENSE:
-%#
-%# This work is made available to you under the terms of Version 2 of
-%# the GNU General Public License. A copy of that license should have
-%# been provided with this software, but in any event can be snarfed
-%# from www.gnu.org.
-%#
-%# This work is distributed in the hope that it will be useful, but
-%# WITHOUT ANY WARRANTY; without even the implied warranty of
-%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-%# General Public License for more details.
-%#
-%# You should have received a copy of the GNU General Public License
-%# along with this program; if not, write to the Free Software
-%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-%# 02110-1301 or visit their web page on the internet at
-%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
-%# CONTRIBUTION SUBMISSION POLICY:
-%#
-%# (The following paragraph is not intended to limit the rights granted
-%# to you to modify and distribute this software under the terms of
-%# the GNU General Public License and is only of importance to you if
-%# you choose to contribute your changes and enhancements to the
-%# community by submitting them to Best Practical Solutions, LLC.)
-%#
-%# By intentionally submitting any modifications, corrections or
-%# derivatives to this work, or any other work intended for use with
-%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
-%# you are the copyright holder for those contributions and you grant
-%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
-%# royalty-free, perpetual, license to use, copy, create derivative
-%# works based on those contributions, and sublicense and distribute
-%# those contributions and any derivatives thereof.
-%#
-%# END BPS TAGGED BLOCK }}}
-<& /Elements/Header, Title => $title &>
-<& /User/Elements/GroupTabs,
- current_subtab => 'User/Groups/index.html',
- Title => $title &>
-
-<% $title %>:<br />
-<ul>
-%while ( my $Group = $Groups->Next) {
-<li><a href="Modify.html?id=<%$Group->id%>"><%$Group->Name || loc('(empty)')%></a><br />
-%}
-</ul>
-
-<%INIT>
-my $Groups = RT::Groups->new($session{'CurrentUser'});
-$Groups->LimitToPersonalGroupsFor($session{'CurrentUser'}->PrincipalId());
-my $title = loc('Personal Groups');
-
-</%INIT>
-<%ARGS>
-</%ARGS>
commit e41f5b3edd5ec5afad038ded9e0ed0f4ea5605d5
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 8 10:06:17 2010 -0400
Remove delegation tests
diff --git a/t/delegation/cleanup_stalled.t b/t/delegation/cleanup_stalled.t
deleted file mode 100644
index 750576d..0000000
--- a/t/delegation/cleanup_stalled.t
+++ /dev/null
@@ -1,458 +0,0 @@
-#!/usr/bin/perl -w
-use strict;
-use warnings;
-
-# Regression test suite for http://rt3.fsck.com/Ticket/Display.html?id=6184
-# and related corner cases related to cleanup of delegated ACEs when
-# the delegator loses the right to delegate. This causes complexities
-# due to the fact that multiple ACEs can grant different delegation
-# rights to a principal, and because DelegateRights and SuperUser can
-# themselves be delegated.
-
-# The case where the "parent" delegated ACE is removed is handled in
-# the embedded regression tests in lib/RT/ACE_Overlay.pm .
-
-
-use RT;
-
-use RT::Test nodata => 1, tests => 98;
-
-my ($u1, $u2, $g1, $g2, $g3, $pg1, $pg2, $ace, @groups, @users, @principals);
- at groups = (\$g1, \$g2, \$g3, \$pg1, \$pg2);
- at users = (\$u1, \$u2);
- at principals = (@groups, @users);
-
-my($ret, $msg);
-
-$u1 = RT::User->new($RT::SystemUser);
-( $ret, $msg ) = $u1->LoadOrCreateByEmail('delegtest1 at example.com');
-ok( $ret, "Load / Create test user 1: $msg" );
-$u1->SetPrivileged(1);
-$u2 = RT::User->new($RT::SystemUser);
-( $ret, $msg ) = $u2->LoadOrCreateByEmail('delegtest2 at example.com');
-ok( $ret, "Load / Create test user 2: $msg" );
-$u2->SetPrivileged(1);
-$g1 = RT::Group->new($RT::SystemUser);
-( $ret, $msg) = $g1->LoadUserDefinedGroup('dg1');
-unless ($ret) {
- ( $ret, $msg ) = $g1->CreateUserDefinedGroup( Name => 'dg1' );
-}
-ok( $ret, "Load / Create test group 1: $msg" );
-$g2 = RT::Group->new($RT::SystemUser);
-( $ret, $msg) = $g2->LoadUserDefinedGroup('dg2');
-unless ($ret) {
- ( $ret, $msg ) = $g2->CreateUserDefinedGroup( Name => 'dg2' );
-}
-ok( $ret, "Load / Create test group 2: $msg" );
-$g3 = RT::Group->new($RT::SystemUser);
-( $ret, $msg) = $g3->LoadUserDefinedGroup('dg3');
-unless ($ret) {
- ( $ret, $msg ) = $g3->CreateUserDefinedGroup( Name => 'dg3' );
-}
-ok( $ret, "Load / Create test group 3: $msg" );
-$pg1 = RT::Group->new($RT::SystemUser);
-( $ret, $msg ) = $pg1->LoadPersonalGroup( Name => 'dpg1',
- User => $u1->PrincipalId );
-unless ($ret) {
- ( $ret, $msg ) = $pg1->CreatePersonalGroup( Name => 'dpg1',
- PrincipalId => $u1->PrincipalId );
-}
-ok( $ret, "Load / Create test personal group 1: $msg" );
-$pg2 = RT::Group->new($RT::SystemUser);
-( $ret, $msg ) = $pg2->LoadPersonalGroup( Name => 'dpg2',
- User => $u2->PrincipalId );
-unless ($ret) {
- ( $ret, $msg ) = $pg2->CreatePersonalGroup( Name => 'dpg2',
- PrincipalId => $u2->PrincipalId );
-}
-ok( $ret, "Load / Create test personal group 2: $msg" );
-
-
-
-# Basic case: u has global DelegateRights through g1 and ShowConfigTab
-# through g2; then u is removed from g1.
-
-clear_acls_and_groups();
-
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights' );
-ok( $ret, "Grant DelegateRights to g1: $msg" );
-( $ret, $msg ) = $g2->PrincipalObj->GrantRight( Right => 'ShowConfigTab' );
-ok( $ret, "Grant ShowConfigTab to g2: $msg" );
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-ok(
- $u1->PrincipalObj->HasRight(
- Right => 'DelegateRights',
- Object => $RT::System
- ),
- "test user 1 has DelegateRights after joining g1"
-);
-( $ret, $msg ) = $g2->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g2: $msg" );
-ok(
- $u1->PrincipalObj->HasRight(
- Right => 'ShowConfigTab',
- Object => $RT::System
- ),
- "test user 1 has ShowConfigTab after joining g2"
-);
-
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'ShowConfigTab',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-ok(
- $pg1->PrincipalObj->HasRight(
- Right => 'ShowConfigTab',
- Object => $RT::System
- ),
- "Test personal group 1 has ShowConfigTab right after delegation"
-);
-
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete test user 1 from g1: $msg" );
-ok(
- not(
- $pg1->PrincipalObj->HasRight(
- Right => 'ShowConfigTab',
- Object => $RT::System
- )
- ),
- "Test personal group 1 lacks ShowConfigTab right after user removed from g1"
-);
-
-# Basic case: u has global DelegateRights through g1 and ShowConfigTab
-# through g2; then DelegateRights revoked from g1.
-
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-( $ret, $msg ) = $g1->PrincipalObj->RevokeRight( Right => 'DelegateRights' );
-ok( $ret, "Revoke DelegateRights from g1: $msg" );
-ok(
- not(
- $pg1->PrincipalObj->HasRight(
- Right => 'ShowConfigTab',
- Object => $RT::System
- )
- ),
- "Test personal group 1 lacks ShowConfigTab right after DelegateRights revoked from g1"
-);
-
-
-
-# Corner case - restricted delegation: u has DelegateRights on pg1
-# through g1 and AdminGroup on pg1 through g2; then DelegateRights
-# revoked from g1.
-
-clear_acls_and_groups();
-
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $pg1);
-ok( $ret, "Grant DelegateRights on pg1 to g1: $msg" );
-( $ret, $msg ) = $g2->PrincipalObj->GrantRight( Right => 'AdminGroup',
- Object => $pg1);
-ok( $ret, "Grant AdminGroup on pg1 to g2: $msg" );
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-( $ret, $msg ) = $g2->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g2: $msg" );
-ok( $u1->PrincipalObj->HasRight(
- Right => 'DelegateRights',
- Object => $pg1 ),
- "test user 1 has DelegateRights on pg1 after joining g1" );
-ok( not( $u1->PrincipalObj->HasRight(
- Right => 'DelegateRights',
- Object => $RT::System )),
- "Test personal group 1 lacks global DelegateRights after joining g1" );
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'AdminGroup',
- Object => $pg1,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate AdminGroup on pg1 to pg1: $msg" );
-ok( $pg1->PrincipalObj->HasRight(
- Right => 'AdminGroup',
- Object => $pg1 ),
- "Test personal group 1 has AdminGroup right on pg1 after delegation" );
-( $ret, $msg ) = $g1->PrincipalObj->RevokeRight ( Right => 'DelegateRights',
- Object => $pg1 );
-ok( $ret, "Revoke DelegateRights on pg1 from g1: $msg" );
-ok( not( $pg1->PrincipalObj->HasRight(
- Right => 'AdminGroup',
- Object => $pg1 )),
- "Test personal group 1 lacks AdminGroup right on pg1 after DelegateRights revoked from g1" );
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $pg1);
-
-# Corner case - restricted delegation: u has DelegateRights on pg1
-# through g1 and AdminGroup on pg1 through g2; then u removed from g1.
-
-ok( $ret, "Grant DelegateRights on pg1 to g1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate AdminGroup on pg1 to pg1: $msg" );
-ok( $pg1->PrincipalObj->HasRight(
- Right => 'AdminGroup',
- Object => $pg1 ),
- "Test personal group 1 has AdminGroup right on pg1 after delegation" );
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete test user 1 from g1: $msg" );
-ok( not( $pg1->PrincipalObj->HasRight(
- Right => 'AdminGroup',
- Object => $pg1 )),
- "Test personal group 1 lacks AdminGroup right on pg1 after user removed from g1" );
-
-clear_acls_and_groups();
-
-
-
-# Corner case - multiple delegation rights: u has global
-# DelegateRights directly and DelegateRights on pg1 through g1, and
-# AdminGroup on pg1 through g2; then u removed from g1 (delegation
-# should remain); then DelegateRights revoked from u (delegation
-# should not remain).
-
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $pg1);
-ok( $ret, "Grant DelegateRights on pg1 to g1: $msg" );
-( $ret, $msg ) = $g2->PrincipalObj->GrantRight( Right => 'AdminGroup',
- Object => $pg1);
-ok( $ret, "Grant AdminGroup on pg1 to g2: $msg" );
-( $ret, $msg ) = $u1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $RT::System);
-ok( $ret, "Grant DelegateRights to user: $msg" );
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-( $ret, $msg ) = $g2->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g2: $msg" );
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'AdminGroup',
- Object => $pg1,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate AdminGroup on pg1 to pg1: $msg" );
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete test user 1 from g1: $msg" );
-ok( $pg1->PrincipalObj->HasRight(Right => 'AdminGroup',
- Object => $pg1),
- "Test personal group 1 retains AdminGroup right on pg1 after user removed from g1" );
-( $ret, $msg ) = $u1->PrincipalObj->RevokeRight( Right => 'DelegateRights',
- Object => $RT::System );
-ok( not ($pg1->PrincipalObj->HasRight(Right => 'AdminGroup',
- Object => $pg1)),
- "Test personal group 1 lacks AdminGroup right on pg1 after DelegateRights revoked");
-
-# Corner case - multiple delegation rights and selectivity: u has
-# DelegateRights globally and on g2 directly and DelegateRights on pg1
-# through g1, and AdminGroup on pg1 through g2; then global
-# DelegateRights revoked from u (delegation should remain),
-# DelegateRights on g2 revoked from u (delegation should remain), and
-# u removed from g1 (delegation should not remain).
-
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-( $ret, $msg ) = $u1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $RT::System);
-ok( $ret, "Grant DelegateRights to user: $msg" );
-( $ret, $msg ) = $u1->PrincipalObj->GrantRight( Right => 'DelegateRights',
- Object => $g2);
-ok( $ret, "Grant DelegateRights on g2 to user: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate AdminGroup on pg1 to pg1: $msg" );
-( $ret, $msg ) = $u1->PrincipalObj->RevokeRight( Right => 'DelegateRights',
- Object => $RT::System );
-ok( $pg1->PrincipalObj->HasRight(Right => 'AdminGroup',
- Object => $pg1),
- "Test personal group 1 retains AdminGroup right on pg1 after global DelegateRights revoked" );
-( $ret, $msg ) = $u1->PrincipalObj->RevokeRight( Right => 'DelegateRights',
- Object => $g2 );
-ok( $pg1->PrincipalObj->HasRight(Right => 'AdminGroup',
- Object => $pg1),
- "Test personal group 1 retains AdminGroup right on pg1 after DelegateRights on g2 revoked" );
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete test user 1 from g1: $msg" );
-ok( not ($pg1->PrincipalObj->HasRight(Right => 'AdminGroup',
- Object => $pg1)),
- "Test personal group 1 lacks AdminGroup right on pg1 after user removed from g1");
-
-
-
-# Corner case - indirect delegation rights: u has DelegateRights
-# through g1 via g3, and ShowConfigTab via g2; then g3 removed from
-# g1.
-
-clear_acls_and_groups();
-
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights' );
-ok( $ret, "Grant DelegateRights to g1: $msg" );
-( $ret, $msg ) = $g2->PrincipalObj->GrantRight( Right => 'ShowConfigTab' );
-ok( $ret, "Grant ShowConfigTab to g2: $msg" );
-( $ret, $msg ) = $g1->AddMember( $g3->PrincipalId );
-ok( $ret, "Add g3 to g1: $msg" );
-( $ret, $msg ) = $g3->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g3: $msg" );
-( $ret, $msg ) = $g2->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g2: $msg" );
-
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'ShowConfigTab',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-
-( $ret, $msg ) = $g1->DeleteMember( $g3->PrincipalId );
-ok( $ret, "Delete g3 from g1: $msg" );
-ok( not ($pg1->PrincipalObj->HasRight(Right => 'ShowConfigTab',
- Object => $RT::System)),
- "Test personal group 1 lacks ShowConfigTab right after g3 removed from g1");
-
-# Corner case - indirect delegation rights: u has DelegateRights
-# through g1 via g3, and ShowConfigTab via g2; then DelegateRights
-# revoked from g1.
-
-( $ret, $msg ) = $g1->AddMember( $g3->PrincipalId );
-ok( $ret, "Add g3 to g1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-( $ret, $msg ) = $g1->PrincipalObj->RevokeRight ( Right => 'DelegateRights' );
-ok( $ret, "Revoke DelegateRights from g1: $msg" );
-
-ok( not ($pg1->PrincipalObj->HasRight(Right => 'ShowConfigTab',
- Object => $RT::System)),
- "Test personal group 1 lacks ShowConfigTab right after DelegateRights revoked from g1");
-
-
-
-# Corner case - delegation of DelegateRights: u1 has DelegateRights
-# via g1 and delegates DelegateRights to pg1; u2 has DelegateRights
-# via pg1 and ShowConfigTab via g2; then u1 removed from g1.
-
-clear_acls_and_groups();
-
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'DelegateRights' );
-ok( $ret, "Grant DelegateRights to g1: $msg" );
-( $ret, $msg ) = $g2->PrincipalObj->GrantRight( Right => 'ShowConfigTab' );
-ok( $ret, "Grant ShowConfigTab to g2: $msg" );
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'DelegateRights',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g1->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate DelegateRights to pg1: $msg" );
-
-( $ret, $msg ) = $pg1->AddMember( $u2->PrincipalId );
-ok( $ret, "Add test user 2 to pg1: $msg" );
-( $ret, $msg ) = $g2->AddMember( $u2->PrincipalId );
-ok( $ret, "Add test user 2 to g2: $msg" );
-$ace = RT::ACE->new($u2);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'ShowConfigTab',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
-
-ok( $pg2->PrincipalObj->HasRight(Right => 'ShowConfigTab',
- Object => $RT::System),
- "Test personal group 2 has ShowConfigTab right after delegation");
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete u1 from g1: $msg" );
-ok( not ($pg2->PrincipalObj->HasRight(Right => 'ShowConfigTab',
- Object => $RT::System)),
- "Test personal group 2 lacks ShowConfigTab right after u1 removed from g1");
-
-# Corner case - delegation of DelegateRights: u1 has DelegateRights
-# via g1 and delegates DelegateRights to pg1; u2 has DelegateRights
-# via pg1 and ShowConfigTab via g2; then DelegateRights revoked from
-# g1.
-
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add u1 to g1: $msg" );
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'DelegateRights',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g1->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate DelegateRights to pg1: $msg" );
-$ace = RT::ACE->new($u2);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'ShowConfigTab',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g2->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
-
-( $ret, $msg ) = $g1->PrincipalObj->RevokeRight ( Right => 'DelegateRights' );
-ok( $ret, "Revoke DelegateRights from g1: $msg" );
-ok( not ($pg2->PrincipalObj->HasRight(Right => 'ShowConfigTab',
- Object => $RT::System)),
- "Test personal group 2 lacks ShowConfigTab right after DelegateRights revoked from g1");
-
-
-
-
-#######
-
-sub clear_acls_and_groups {
- # Revoke all rights granted to our cast
- my $acl = RT::ACL->new($RT::SystemUser);
- foreach (@principals) {
- $acl->LimitToPrincipal(Type => $$_->PrincipalObj->PrincipalType,
- Id => $$_->PrincipalObj->Id);
- }
- while (my $ace = $acl->Next()) {
- $ace->Delete();
- }
-
- # Remove all group memberships
- my $members = RT::GroupMembers->new($RT::SystemUser);
- foreach (@groups) {
- $members->LimitToMembersOfGroup( $$_->PrincipalId );
- }
- while (my $member = $members->Next()) {
- $member->Delete();
- }
-
- $acl->RedoSearch();
- is( $acl->Count() , 0,
- "All principals have no rights after clearing ACLs" );
- $members->RedoSearch();
- is( $members->Count() , 0,
- "All groups have no members after clearing groups" );
-}
diff --git a/t/delegation/revocation.t b/t/delegation/revocation.t
deleted file mode 100644
index 2cde33c..0000000
--- a/t/delegation/revocation.t
+++ /dev/null
@@ -1,135 +0,0 @@
-#!/usr/bin/perl -w
-
-use strict;
-use warnings;
-
-use RT;
-
-use RT::Test nodata => 1, tests => 22;
-
-my ($u1, $g1, $pg1, $pg2, $ace, @groups, @users, @principals);
- at groups = (\$g1, \$pg1, \$pg2);
- at users = (\$u1);
- at principals = (@groups, @users);
-
-my($ret, $msg);
-
-$u1 = RT::User->new($RT::SystemUser);
-( $ret, $msg ) = $u1->LoadOrCreateByEmail('delegtest1 at example.com');
-ok( $ret, "Load / Create test user 1: $msg" );
-$u1->SetPrivileged(1);
-
-$g1 = RT::Group->new($RT::SystemUser);
-( $ret, $msg) = $g1->LoadUserDefinedGroup('dg1');
-unless ($ret) {
- ( $ret, $msg ) = $g1->CreateUserDefinedGroup( Name => 'dg1' );
-}
-$pg1 = RT::Group->new($RT::SystemUser);
-( $ret, $msg ) = $pg1->LoadPersonalGroup( Name => 'dpg1',
- User => $u1->PrincipalId );
-unless ($ret) {
- ( $ret, $msg ) = $pg1->CreatePersonalGroup( Name => 'dpg1',
- PrincipalId => $u1->PrincipalId );
-}
-ok( $ret, "Load / Create test personal group 1: $msg" );
-$pg2 = RT::Group->new($RT::SystemUser);
-( $ret, $msg ) = $pg2->LoadPersonalGroup( Name => 'dpg2',
- User => $u1->PrincipalId );
-unless ($ret) {
- ( $ret, $msg ) = $pg2->CreatePersonalGroup( Name => 'dpg2',
- PrincipalId => $u1->PrincipalId );
-}
-ok( $ret, "Load / Create test personal group 2: $msg" );
-
-clear_acls_and_groups();
-
-( $ret, $msg ) = $u1->PrincipalObj->GrantRight( Right => 'DelegateRights' );
-ok( $ret, "Grant DelegateRights to u1: $msg" );
-( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'ShowConfigTab' );
-ok( $ret, "Grant ShowConfigTab to g1: $msg" );
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-
-$ace = RT::ACE->new($u1);
-( $ret, $msg ) = $ace->LoadByValues(
- RightName => 'ShowConfigTab',
- Object => $RT::System,
- PrincipalType => 'Group',
- PrincipalId => $g1->PrincipalId
-);
-ok( $ret, "Look up ACE to be delegated: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
-
-ok(( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System ) and
- $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal groups have ShowConfigTab right after delegation" );
-
-( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
-ok( $ret, "Delete test user 1 from g1: $msg" );
-
-ok( not( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal group 1 lacks ShowConfigTab after user removed from g1" );
-ok( not( $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal group 2 lacks ShowConfigTab after user removed from g1" );
-
-( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
-ok( $ret, "Add test user 1 to g1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
-( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
-ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
-
-ok(( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System ) and
- $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal groups have ShowConfigTab right after delegation" );
-
-( $ret, $msg ) = $g1->PrincipalObj->RevokeRight( Right => 'ShowConfigTab' );
-ok( $ret, "Revoke ShowConfigTab from g1: $msg" );
-
-ok( not( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal group 1 lacks ShowConfigTab after user removed from g1" );
-ok( not( $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
- Object => $RT::System )),
- "Test personal group 2 lacks ShowConfigTab after user removed from g1" );
-
-
-
-#######
-
-sub clear_acls_and_groups {
- # Revoke all rights granted to our cast
- my $acl = RT::ACL->new($RT::SystemUser);
- foreach (@principals) {
- $acl->LimitToPrincipal(Type => $$_->PrincipalObj->PrincipalType,
- Id => $$_->PrincipalObj->Id);
- }
- while (my $ace = $acl->Next()) {
- $ace->Delete();
- }
-
- # Remove all group memberships
- my $members = RT::GroupMembers->new($RT::SystemUser);
- foreach (@groups) {
- $members->LimitToMembersOfGroup( $$_->PrincipalId );
- }
- while (my $member = $members->Next()) {
- $member->Delete();
- }
-
- $acl->RedoSearch();
- is( $acl->Count() , 0,
- "All principals have no rights after clearing ACLs" );
- $members->RedoSearch();
- is( $members->Count() , 0,
- "All groups have no members after clearing groups" );
-}
commit 8d517208dded9209599cdc08ae94bdefe24aeb88
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Wed Sep 8 10:06:31 2010 -0400
remove all ACEs that are DelegatedBy/DelegatedFrom from the ACL table,
then drop the columns (across two upgrades)
diff --git a/etc/upgrade/3.9.2/content b/etc/upgrade/3.9.2/content
new file mode 100644
index 0000000..9f7339e
--- /dev/null
+++ b/etc/upgrade/3.9.2/content
@@ -0,0 +1,31 @@
+ at Initial = (
+ sub {
+ use strict;
+ $RT::Logger->debug('Removing all delegated rights');
+
+
+ my $acl = RT::ACL->new($RT::SystemUser);
+ $acl->Limit(
+ CLAUSE => 'search',
+ FIELD => 'DelegatedBy',
+ OPERATOR => '>',
+ VALUE => '0'
+ );
+ $acl->Limit(
+ CLAUSE => 'search',
+ FIELD => 'DelegatedFrom',
+ OPERATOR => '>',
+ VALUE => '0',
+ ENTRYAGGREGATOR => 'OR',
+ );
+
+ while (my $ace = $acl->Next) {
+ my ($ok, $msg) = $ace->Delete();
+
+ if (!$ok) {
+ $RT::Logger->warn("Unable to delete ACE ".$ace->id.": ".$msg);
+ }
+ }
+ },
+);
+
diff --git a/etc/upgrade/3.9.3/schema.Oracle b/etc/upgrade/3.9.3/schema.Oracle
new file mode 100644
index 0000000..4ee50c4
--- /dev/null
+++ b/etc/upgrade/3.9.3/schema.Oracle
@@ -0,0 +1,2 @@
+ALTER TABLE ACL DROP COLUMN DelegatedBy;
+ALTER TABLE ACL DROP COLUMN DelegatedFrom;
diff --git a/etc/upgrade/3.9.3/schema.Pg b/etc/upgrade/3.9.3/schema.Pg
new file mode 100644
index 0000000..4ee50c4
--- /dev/null
+++ b/etc/upgrade/3.9.3/schema.Pg
@@ -0,0 +1,2 @@
+ALTER TABLE ACL DROP COLUMN DelegatedBy;
+ALTER TABLE ACL DROP COLUMN DelegatedFrom;
diff --git a/etc/upgrade/3.9.3/schema.SQLite b/etc/upgrade/3.9.3/schema.SQLite
new file mode 100644
index 0000000..e69de29
diff --git a/etc/upgrade/3.9.3/schema.mysql b/etc/upgrade/3.9.3/schema.mysql
new file mode 100644
index 0000000..4ee50c4
--- /dev/null
+++ b/etc/upgrade/3.9.3/schema.mysql
@@ -0,0 +1,2 @@
+ALTER TABLE ACL DROP COLUMN DelegatedBy;
+ALTER TABLE ACL DROP COLUMN DelegatedFrom;
commit 5e6912a5c96b88c4ed8f75f55c85ca624b08baec
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Sat Sep 11 22:11:20 2010 -0400
Update schema to remove the delegation columns
diff --git a/etc/schema.Informix b/etc/schema.Informix
index 6a4e533..810c4bc 100755
--- a/etc/schema.Informix
+++ b/etc/schema.Informix
@@ -149,8 +149,6 @@ CREATE TABLE ACL (
RightName VARCHAR(25) NOT NULL,
ObjectType VARCHAR(25) NOT NULL,
ObjectId INTEGER DEFAULT 0 NOT NULL,
- DelegatedBy INTEGER DEFAULT 0 NOT NULL,
- DelegatedFrom INTEGER DEFAULT 0 NOT NULL,
PRIMARY KEY (id)
);
CREATE INDEX ACL1 ON ACL(RightName, ObjectType, ObjectId, PrincipalType, PrincipalId);
diff --git a/etc/schema.Oracle b/etc/schema.Oracle
index 693e75a..c67a890 100755
--- a/etc/schema.Oracle
+++ b/etc/schema.Oracle
@@ -153,9 +153,7 @@ CREATE TABLE ACL (
PrincipalId NUMBER(11,0) NOT NULL,
RightName VARCHAR2(25) NOT NULL,
ObjectType VARCHAR2(25) NOT NULL,
- ObjectId NUMBER(11,0) DEFAULT 0 NOT NULL,
- DelegatedBy NUMBER(11,0) DEFAULT 0 NOT NULL,
- DelegatedFrom NUMBER(11,0) DEFAULT 0 NOT NULL
+ ObjectId NUMBER(11,0) DEFAULT 0 NOT NULL
);
CREATE INDEX ACL1 ON ACL(RightName, ObjectType, ObjectId, PrincipalType, PrincipalId);
diff --git a/etc/schema.Pg b/etc/schema.Pg
index 48525c8..7bfc5a4 100755
--- a/etc/schema.Pg
+++ b/etc/schema.Pg
@@ -254,8 +254,6 @@ CREATE TABLE ACL (
RightName varchar(25) NOT NULL ,
ObjectType varchar(25) NOT NULL ,
ObjectId integer NOT NULL DEFAULT 0,
- DelegatedBy integer NOT NULL DEFAULT 0,
- DelegatedFrom integer NOT NULL DEFAULT 0,
PRIMARY KEY (id)
);
diff --git a/etc/schema.SQLite b/etc/schema.SQLite
index ce75ccc..59949c6 100755
--- a/etc/schema.SQLite
+++ b/etc/schema.SQLite
@@ -164,9 +164,7 @@ CREATE TABLE ACL (
PrincipalId INTEGER,
RightName varchar(25) NOT NULL ,
ObjectType varchar(25) NOT NULL ,
- ObjectId INTEGER default 0,
- DelegatedBy integer NOT NULL default 0,
- DelegatedFrom integer NOT NULL default 0
+ ObjectId INTEGER default 0
) ;
diff --git a/etc/schema.Sybase b/etc/schema.Sybase
index 67a411d..cd3574d 100644
--- a/etc/schema.Sybase
+++ b/etc/schema.Sybase
@@ -169,8 +169,6 @@ CREATE TABLE rt3.ACL (
RightName varchar(25) NOT NULL ,
ObjectType varchar(25) NOT NULL ,
ObjectId integer NOT NULL ,
- DelegatedBy integer NOT NULL , #foreign key to principals with a userid
- DelegatedFrom integer NOT NULL , #foreign key to ACL
PRIMARY KEY (id)
) ;
diff --git a/etc/schema.mysql-4.0 b/etc/schema.mysql-4.0
index c4299d4..e9c6911 100755
--- a/etc/schema.mysql-4.0
+++ b/etc/schema.mysql-4.0
@@ -170,8 +170,6 @@ CREATE TABLE ACL (
RightName varchar(25) NOT NULL ,
ObjectType varchar(25) NOT NULL ,
ObjectId integer NOT NULL default 0,
- DelegatedBy integer NOT NULL default 0, #foreign key to principals with a userid
- DelegatedFrom integer NOT NULL default 0, #foreign key to ACL
PRIMARY KEY (id)
) TYPE=InnoDB;
diff --git a/etc/schema.mysql-4.1 b/etc/schema.mysql-4.1
index 0552ec1..4597c94 100755
--- a/etc/schema.mysql-4.1
+++ b/etc/schema.mysql-4.1
@@ -172,8 +172,6 @@ CREATE TABLE ACL (
RightName varchar(25) CHARACTER SET ascii NOT NULL,
ObjectType varchar(25) CHARACTER SET ascii NOT NULL,
ObjectId integer NOT NULL default 0,
- DelegatedBy integer NOT NULL default 0, #foreign key to principals with a userid
- DelegatedFrom integer NOT NULL default 0, #foreign key to ACL
PRIMARY KEY (id)
) TYPE=InnoDB CHARACTER SET utf8;
commit f362507c65aae202fcf24afcadc885ea921eea83
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Sat Sep 11 22:12:22 2010 -0400
Update UPGRADING to remove delegation.
diff --git a/UPGRADING b/UPGRADING
index 44b83b6..fd7dc4f 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -27,6 +27,8 @@ The deprecated classes RT::Action::Generic, RT::Condition::Generic and RT::Searc
have been removed, but you shouldn't have been using them anyway. You should have been using
RT::Action, RT::Condition and RT::Search, respectively.
+* The "Rights Delegation" feature has been removed.
+
*******
UPGRADING FROM 3.8.8 and earlier - Changes:
commit 69f7b530b88eefe3bafe3fcc3b5daa5afee35a85
Author: Jesse Vincent <jesse at bestpractical.com>
Date: Sat Sep 11 22:21:36 2010 -0400
Removed api/ace.t as it tested ~only delegation.
diff --git a/t/api/ace.t b/t/api/ace.t
deleted file mode 100644
index 45aed33..0000000
--- a/t/api/ace.t
+++ /dev/null
@@ -1,237 +0,0 @@
-
-use strict;
-use warnings;
-use RT;
-use RT::Test nodata => 1, tests => 76;
-
-
-{
-
-ok(require RT::ACE);
-
-
-}
-
-{
-
-my $Queue = RT::Queue->new($RT::SystemUser);
-
-is ($Queue->AvailableRights->{'DeleteTicket'} , 'Delete tickets', "Found the delete ticket right");
-is ($RT::System->AvailableRights->{'SuperUser'}, 'Do anything and everything', "Found the superuser right");
-
-
-
-}
-
-{
-
-use_ok('RT::User');
-my $user_a = RT::User->new($RT::SystemUser);
-$user_a->Create( Name => 'DelegationA', Privileged => 1);
-ok ($user_a->Id, "Created delegation user a");
-
-my $user_b = RT::User->new($RT::SystemUser);
-$user_b->Create( Name => 'DelegationB', Privileged => 1);
-ok ($user_b->Id, "Created delegation user b");
-
-
-use_ok('RT::Queue');
-my $q = RT::Queue->new($RT::SystemUser);
-$q->Create(Name =>'DelegationTest');
-ok ($q->Id, "Created a delegation test queue");
-
-
-#------ First, we test whether a user can delegate a right that's been granted to him personally
-my ($val, $msg) = $user_a->PrincipalObj->GrantRight(Object => $RT::System, Right => 'AdminOwnPersonalGroups');
-ok($val, $msg);
-
-($val, $msg) = $user_a->PrincipalObj->GrantRight(Object =>$q, Right => 'OwnTicket');
-ok($val, $msg);
-
-ok($user_a->HasRight( Object => $RT::System, Right => 'AdminOwnPersonalGroups') ,"user a has the right 'AdminOwnPersonalGroups' directly");
-
-my $a_delegates = RT::Group->new($user_a);
-$a_delegates->CreatePersonalGroup(Name => 'Delegates');
-ok( $a_delegates->Id ,"user a creates a personal group 'Delegates'");
-ok( $a_delegates->AddMember($user_b->PrincipalId) ,"user a adds user b to personal group 'delegates'");
-
-ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to OwnTicket' in queue 'DelegationTest'");
-ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to 'OwnTicket' in queue 'DelegationTest'");
-ok(!$user_a->HasRight( Object => $RT::System, Right => 'DelegateRights') ,"user a does not have the right 'delegate rights'");
-
-
-my $own_ticket_ace = RT::ACE->new($user_a);
-my $user_a_equiv_group = RT::Group->new($user_a);
-$user_a_equiv_group->LoadACLEquivalenceGroup($user_a->PrincipalObj);
-ok ($user_a_equiv_group->Id, "Loaded the user A acl equivalence group");
-my $user_b_equiv_group = RT::Group->new($user_b);
-$user_b_equiv_group->LoadACLEquivalenceGroup($user_b->PrincipalObj);
-ok ($user_b_equiv_group->Id, "Loaded the user B acl equivalence group");
-$own_ticket_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $user_a_equiv_group->PrincipalId, Object=>$q, RightName => 'OwnTicket');
-
-ok ($own_ticket_ace->Id, "Found the ACE we want to test with for now");
-
-
-($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
-ok( !$val ,"user a tries and fails to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
-
-
-($val, $msg) = $user_a->PrincipalObj->GrantRight( Right => 'DelegateRights');
-ok($val, "user a is granted the right to 'delegate rights' - $msg");
-
-ok($user_a->HasRight( Object => $RT::System, Right => 'DelegateRights') ,"user a has the right 'DeletgateRights'");
-
-($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
-
-ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-my $delegated_ace = RT::ACE->new($user_a);
-$delegated_ace->LoadByValues ( Object => $q, RightName => 'OwnTicket', PrincipalType => 'Group',
-PrincipalId => $a_delegates->PrincipalId, DelegatedBy => $user_a->PrincipalId, DelegatedFrom => $own_ticket_ace->Id);
-ok ($delegated_ace->Id, "Found the delegated ACE");
-
-ok( $a_delegates->DeleteMember($user_b->PrincipalId) ,"user a removes b from pg 'delegates'");
-ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-ok( $a_delegates->AddMember($user_b->PrincipalId) ,"user a adds user b to personal group 'delegates'");
-ok( $user_b->HasRight(Right => 'OwnTicket', Object=> $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-ok( $delegated_ace->Delete ,"user a revokes pg 'delegates' right to 'OwnTickets' in queue 'DelegationTest'");
-ok( ! $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-
-($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
-ok( $val ,"user a delegates pg 'delegates' right to 'OwnTickets' in queue 'DelegationTest' - $msg");
-
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-
-($val, $msg) = $user_a->PrincipalObj->RevokeRight(Object=>$q, Right => 'OwnTicket');
-ok($val, "Revoked user a's right to own tickets in queue 'DelegationTest". $msg);
-
-ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest'");
-
- ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-
-($val, $msg) = $user_a->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
-ok($val, $msg);
-
- ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to own tickets in queue 'DelegationTest'");
-
- ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-
-# {{{ get back to a known clean state
-($val, $msg) = $user_a->PrincipalObj->RevokeRight( Object => $q, Right => 'OwnTicket');
-ok($val, "Revoked user a's right to own tickets in queue 'DelegationTest -". $msg);
-ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"make sure that user a can't own tickets in queue 'DelegationTest'");
-# }}}
-
-
-# {{{ Set up some groups and membership
-my $del1 = RT::Group->new($RT::SystemUser);
-($val, $msg) = $del1->CreateUserDefinedGroup(Name => 'Del1');
-ok( $val ,"create a group del1 - $msg");
-
-my $del2 = RT::Group->new($RT::SystemUser);
-($val, $msg) = $del2->CreateUserDefinedGroup(Name => 'Del2');
-ok( $val ,"create a group del2 - $msg");
-($val, $msg) = $del1->AddMember($del2->PrincipalId);
-ok( $val,"make del2 a member of del1 - $msg");
-
-my $del2a = RT::Group->new($RT::SystemUser);
-($val, $msg) = $del2a->CreateUserDefinedGroup(Name => 'Del2a');
-ok( $val ,"create a group del2a - $msg");
-($val, $msg) = $del2->AddMember($del2a->PrincipalId);
-ok($val ,"make del2a a member of del2 - $msg");
-
-my $del2b = RT::Group->new($RT::SystemUser);
-($val, $msg) = $del2b->CreateUserDefinedGroup(Name => 'Del2b');
-ok( $val ,"create a group del2b - $msg");
-($val, $msg) = $del2->AddMember($del2b->PrincipalId);
-ok($val ,"make del2b a member of del2 - $msg");
-
-($val, $msg) = $del2->AddMember($user_a->PrincipalId) ;
-ok($val,"make 'user a' a member of del2 - $msg");
-
-($val, $msg) = $del2b->AddMember($user_a->PrincipalId) ;
-ok($val,"make 'user a' a member of del2b - $msg");
-
-# }}}
-
-# {{{ Grant a right to a group and make sure that a submember can delegate the right and that it does not get yanked
-# when a user is removed as a submember, when they're a submember through another path
-($val, $msg) = $del1->PrincipalObj->GrantRight( Object=> $q, Right => 'OwnTicket');
-ok( $val ,"grant del1 the right to 'OwnTicket' in queue 'DelegationTest' - $msg");
-
-ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"make sure that user a can own tickets in queue 'DelegationTest'");
-
-my $group_ace= RT::ACE->new($user_a);
-$group_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $del1->PrincipalId, Object => $q, RightName => 'OwnTicket');
-
-ok ($group_ace->Id, "Found the ACE we want to test with for now");
-
-($val, $msg) = $group_ace->Delegate(PrincipalId => $a_delegates->PrincipalId);
-
-ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-
-
-($val, $msg) = $del2b->DeleteMember($user_a->PrincipalId);
-ok( $val ,"remove user a from group del2b - $msg");
-ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to own tickets in queue 'DelegationTest'");
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-
-# }}}
-
-# {{{ When a user is removed froom a group by the only path they're in there by, make sure the delegations go away
-($val, $msg) = $del2->DeleteMember($user_a->PrincipalId);
-ok( $val ,"remove user a from group del2 - $msg");
-ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest' ");
-ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest' ");
-# }}}
-
-($val, $msg) = $del2->AddMember($user_a->PrincipalId);
-ok( $val ,"make user a a member of group del2 - $msg");
-
-($val, $msg) = $del2->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
-ok($val, "grant the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
-
-my $del2_right = RT::ACE->new($user_a);
-$del2_right->LoadByValues( PrincipalId => $del2->PrincipalId, PrincipalType => 'Group', Object => $q, RightName => 'OwnTicket');
-ok ($del2_right->Id, "Found the right");
-
-($val, $msg) = $del2_right->Delegate(PrincipalId => $a_delegates->PrincipalId);
-ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' gotten via del2 to personal group 'delegates' - $msg");
-
-# They have it via del1 and del2
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-
-
-($val, $msg) = $del2->PrincipalObj->RevokeRight(Object=>$q, Right => 'OwnTicket');
-ok($val, "revoke the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
-ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does has the right to own tickets in queue 'DelegationTest' via del1");
-ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-
-($val, $msg) = $del2->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
-ok($val, "grant the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
-
-
-$group_ace= RT::ACE->new($user_a);
-$group_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $del1->PrincipalId, Object=>$q, RightName => 'OwnTicket');
-
-ok ($group_ace->Id, "Found the ACE we want to test with for now");
-
-($val, $msg) = $group_ace->Delegate(PrincipalId => $a_delegates->PrincipalId);
-
-ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
-
-ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
-
-($val, $msg) = $del2->DeleteMember($user_a->PrincipalId);
-ok( $val ,"remove user a from group del2 - $msg");
-
-ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest'");
-
-ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
-
-
-
-
-}
-
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list