[Rt-commit] rt branch, 4.0/rest-delete-ticket-fix, created. rt-4.0.1rc1-18-g4f9162d
? sunnavy
sunnavy at bestpractical.com
Wed Jun 22 06:02:24 EDT 2011
The branch, 4.0/rest-delete-ticket-fix has been created
at 4f9162d82ad9b66d9f31a6e61f52f31def89beb3 (commit)
- Log -----------------------------------------------------------------
commit 4f9162d82ad9b66d9f31a6e61f52f31def89beb3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Wed Jun 22 17:57:04 2011 +0800
rest fix: check "DeleteTicket" right if we are deleting a ticket.
diff --git a/share/html/REST/1.0/Forms/ticket/default b/share/html/REST/1.0/Forms/ticket/default
index 48aec8b..0e953cb 100755
--- a/share/html/REST/1.0/Forms/ticket/default
+++ b/share/html/REST/1.0/Forms/ticket/default
@@ -81,11 +81,18 @@ if ($id ne 'new') {
if (!$ticket->Id) {
return [ "# Ticket $id does not exist.", [], {}, 1 ];
}
- elsif (!$ticket->CurrentUserHasRight('ShowTicket') ||
- (%data && !$ticket->CurrentUserHasRight('ModifyTicket')))
- {
- my $act = %data ? "modify" : "display";
- return [ "# You are not allowed to $act ticket $id.", [], {}, 1 ];
+ elsif ( %data ) {
+ if ( $data{status} && $data{status} eq 'deleted' && ! grep { $_ ne 'id' && $_ ne 'status' } keys %data ) {
+ if ( !$ticket->CurrentUserHasRight('DeleteTicket') ) {
+ return [ "# You are not allowed to delete ticket $id.", [], {}, 1 ];
+ }
+ }
+ elsif ( !$ticket->CurrentUserHasRight('ModifyTicket') ) {
+ return [ "# You are not allowed to modify ticket $id.", [], {}, 1 ];
+ }
+ }
+ elsif (!$ticket->CurrentUserHasRight('ShowTicket')) {
+ return [ "# You are not allowed to display ticket $id.", [], {}, 1 ];
}
}
else {
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list