[Rt-commit] rt branch, 4.0/group-dashboards, updated. rt-4.0.1-132-gf6cb772

Alex Vandiver alexmv at bestpractical.com
Mon Jul 18 17:04:53 EDT 2011 

The branch, 4.0/group-dashboards has been updated
       via  f6cb772b25445c69f3024ede7a020d3657134d1d (commit)
       via  9cdbe85361145fe3b058157862ad30f1e5966876 (commit)
       via  66262242cc17df86f6e5ab69b9518de564fac96e (commit)
       via  db7b47776c8e8747bd8869af24ba21fa0581784a (commit)
      from  0707c1866ed8b1556ab29a5abd9b2668302d0788 (commit)

Summary of changes:
 lib/RT/Dashboard.pm                             |    6 +++-
 lib/RT/Groups.pm                                |    5 +++
 share/html/Dashboards/Elements/ListOfDashboards |    7 ++++-
 share/html/Elements/Tabs                        |    2 +-
 t/api/group-rights.t                            |    9 +++++-
 t/web/dashboards-groups.t                       |   36 +++++++++++++++++++----
 6 files changed, 55 insertions(+), 10 deletions(-)

- Log -----------------------------------------------------------------
commit db7b47776c8e8747bd8869af24ba21fa0581784a
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Mon Jul 18 15:52:46 2011 -0400

    Prevent disabled groups from allowing rights in ForWhichCurrentUserHasRight

diff --git a/lib/RT/Groups.pm b/lib/RT/Groups.pm
index b5df742..e4b916f 100644
--- a/lib/RT/Groups.pm
+++ b/lib/RT/Groups.pm
@@ -362,6 +362,11 @@ sub ForWhichCurrentUserHasRight {
         TABLE2 => 'CachedGroupMembers',
         FIELD2 => 'GroupId',
     );
+    $self->Limit(
+        ALIAS => $member,
+        FIELD => 'Disabled',
+        VALUE => '0',
+    );
 
     # ...with the current user in it
     $self->Limit(
diff --git a/t/api/group-rights.t b/t/api/group-rights.t
index ce5aad7..ead94ef 100644
--- a/t/api/group-rights.t
+++ b/t/api/group-rights.t
@@ -128,3 +128,10 @@ $hackers->PrincipalObj->RevokeRight(  Right => 'RTxGroupRight', Object => RT->Sy
 $employees->PrincipalObj->GrantRight( Right => 'RTxGroupRight', Object => RT->System);
 CheckRights($eric,    Employees => 1, Hackers => 1, Other => 1 );
 CheckRights($herbert, Employees => 1, Hackers => 1, Other => 1 );
+
+
+# Disable the employees group.  Neither eric nor herbert will see the
+# right anywhere.
+$employees->SetDisabled(1);
+CheckRights($eric);
+CheckRights($herbert);

commit 66262242cc17df86f6e5ab69b9518de564fac96e
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Mon Jul 18 15:53:38 2011 -0400

    Add a plan back to the testfile

diff --git a/t/api/group-rights.t b/t/api/group-rights.t
index ead94ef..0494c28 100644
--- a/t/api/group-rights.t
+++ b/t/api/group-rights.t
@@ -1,6 +1,6 @@
 use strict;
 use warnings;
-use RT::Test nodata => 1, no_plan => 1;
+use RT::Test nodata => 1, tests => 114;
 
 RT::Group->AddRights(
     'RTxGroupRight' => 'Just a right for testing rights',

commit 9cdbe85361145fe3b058157862ad30f1e5966876
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Mon Jul 18 17:02:23 2011 -0400

    Rather than create two identically-named "inner dashboards", name them differently

diff --git a/t/web/dashboards-groups.t b/t/web/dashboards-groups.t
index 382dd12..17ec369 100644
--- a/t/web/dashboards-groups.t
+++ b/t/web/dashboards-groups.t
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 use strict;
 
-use RT::Test nodata => 1, tests => 39;
+use RT::Test nodata => 1, tests => 40;
 my ($baseurl, $m) = RT::Test->started_ok;
 
 my $url = $m->rt_base_url;
@@ -64,18 +64,21 @@ $user_obj->PrincipalObj->GrantRight(Right => 'CreateGroupDashboard', Object => $
 $m->follow_link_ok({ id => 'home-dashboard_create'});
 $m->form_name('ModifyDashboard');
 is_deeply([$m->current_form->find_input('Privacy')->possible_values], ["RT::User-" . $user_obj->Id, "RT::Group-" . $inner_group->Id], "the only selectable privacies are user and inner group (not outer group)");
-$m->field("Name" => 'inner dashboard');
+$m->field("Name" => 'broken dashboard');
 $m->field("Privacy" => "RT::Group-" . $inner_group->Id);
 $m->content_lacks('Delete', "Delete button hidden because we are creating");
-
 $m->click_button(value => 'Create');
-
 $m->content_contains("saved", "we lack SeeGroupDashboard, so we end up back at the index.");
+
 $user_obj->PrincipalObj->GrantRight(
     Right  => 'SeeGroupDashboard',
     Object => $inner_group,
 );
-$m->reload;
+$m->follow_link_ok({ id => 'home-dashboard_create'});
+$m->form_name('ModifyDashboard');
+$m->field("Name" => 'inner dashboard');
+$m->field("Privacy" => "RT::Group-" . $inner_group->Id);
+$m->click_button(value => 'Create');
 $m->content_lacks("Permission denied", "we now have SeeGroupDashboard");
 $m->content_contains("Saved dashboard inner dashboard");
 $m->content_lacks('Delete', "Delete button hidden because we lack DeleteDashboard");

commit f6cb772b25445c69f3024ede7a020d3657134d1d
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Mon Jul 18 17:03:05 2011 -0400

    Make dashboards which are only visible from superuser rights not appear in the menu

diff --git a/lib/RT/Dashboard.pm b/lib/RT/Dashboard.pm
index 0756098..1aa9bf8 100644
--- a/lib/RT/Dashboard.pm
+++ b/lib/RT/Dashboard.pm
@@ -379,6 +379,10 @@ sub Subscription {
 
 sub ObjectsForLoading {
     my $self = shift;
+    my %args = (
+        IncludeSuperusers => 1,
+        @_
+    );
     my @objects;
 
     my $CurrentUser = $self->CurrentUser;
@@ -390,7 +394,7 @@ sub ObjectsForLoading {
     $groups->LimitToUserDefinedGroups;
     $groups->ForWhichCurrentUserHasRight(
         Right             => 'SeeGroupDashboard',
-        IncludeSuperusers => 1,
+        %args,
     );
     my $attrs = $groups->Join(
         ALIAS1 => 'main',
diff --git a/share/html/Dashboards/Elements/ListOfDashboards b/share/html/Dashboards/Elements/ListOfDashboards
index a871f79..3927e7a 100644
--- a/share/html/Dashboards/Elements/ListOfDashboards
+++ b/share/html/Dashboards/Elements/ListOfDashboards
@@ -49,7 +49,9 @@
 # put the list of dashboards into the navigation
 use RT::Dashboard;
 
-my @objs = RT::Dashboard->new($session{CurrentUser})->ObjectsForLoading;
+my @objs = RT::Dashboard->new($session{CurrentUser})->ObjectsForLoading(
+               IncludeSuperusers => $IncludeSuperusers
+           );
 
 my %dashboard_map;
 
@@ -75,3 +77,6 @@ $m->callback(%ARGS, dashboards => \@dashboards, CallbackName => 'ModifyDashboard
 
 return @dashboards;
 </%init>
+<%args>
+$IncludeSuperusers => 1
+</%args>
diff --git a/share/html/Elements/Tabs b/share/html/Elements/Tabs
index 865aace..ee02c32 100755
--- a/share/html/Elements/Tabs
+++ b/share/html/Elements/Tabs
@@ -61,7 +61,7 @@ my $query_string = sub {
 my $build_main_nav = sub {
 
     my $home = Menu->child( home => title => loc('Homepage'), path => '/' );
-    my @dashboards = $m->comp("/Dashboards/Elements/ListOfDashboards");
+    my @dashboards = $m->comp("/Dashboards/Elements/ListOfDashboards", IncludeSuperusers => 0);
     my $limit      = 7;
 
     my $more = 0;
diff --git a/t/web/dashboards-groups.t b/t/web/dashboards-groups.t
index 17ec369..0c16798 100644
--- a/t/web/dashboards-groups.t
+++ b/t/web/dashboards-groups.t
@@ -1,7 +1,7 @@
 #!/usr/bin/perl -w
 use strict;
 
-use RT::Test nodata => 1, tests => 40;
+use RT::Test nodata => 1, tests => 48;
 my ($baseurl, $m) = RT::Test->started_ok;
 
 my $url = $m->rt_base_url;
@@ -100,9 +100,11 @@ $m->content_contains('Subscription', "Subscription link not hidden because we ha
 
 
 $m->get_ok("/Dashboards/index.html");
-
 $m->content_contains("inner dashboard", "We can see the inner dashboard from the UI");
 
+$m->get_ok("/index.html");
+$m->content_contains("inner dashboard", "We can see the inner dashboard from the menu drop-down");
+
 my ($group) = grep {$_->isa("RT::Group") and $_->Id == $inner_group->Id}
     RT::Dashboard->new($currentuser)->_PrivacyObjects;
 ok($group, "Found the group in  the privacy objects list");
@@ -111,3 +113,22 @@ ok($group, "Found the group in  the privacy objects list");
 ($group) = grep {$_->isa("RT::Group") and $_->Id == $inner_group->Id}
     RT::Dashboard->new($currentuser)->ObjectsForLoading;
 ok($group, "Found the group in the objects for loading");
+
+
+# With superuser, the dashboards of groups we're not in should not show
+# up in the menu, but should in the dashboard list.
+$user_obj->PrincipalObj->RevokeRight(
+    Right  => 'SeeGroupDashboard',
+    Object => $inner_group,
+);
+$user_obj->PrincipalObj->GrantRight(
+    Right  => 'SuperUser',
+    Object => RT->System,
+);
+$inner_group->DeleteMember($user_obj->PrincipalObj->Id);
+ok(!$outer_group->HasMemberRecursively($user_obj->PrincipalId), "outer no longer has user recursively");
+ok(!$inner_group->HasMemberRecursively($user_obj->PrincipalId), "inner no longer has user recursively");
+$m->get_ok("/Dashboards/index.html");
+$m->content_contains("inner dashboard", "Superuser can see dashboards in their own groups");
+$m->get_ok("/index.html");
+$m->content_lacks("inner dashboard", "Also in the menu");

-----------------------------------------------------------------------

More information about the Rt-commit mailing list