[Rt-commit] rt branch, 4.0/rest-delete-ticket-fix, created. rt-4.0.1rc1-18-g4f9162d

? sunnavy sunnavy at bestpractical.com
Wed Jun 22 06:02:24 EDT 2011


The branch, 4.0/rest-delete-ticket-fix has been created
        at  4f9162d82ad9b66d9f31a6e61f52f31def89beb3 (commit)

- Log -----------------------------------------------------------------
commit 4f9162d82ad9b66d9f31a6e61f52f31def89beb3
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Jun 22 17:57:04 2011 +0800

    rest fix: check "DeleteTicket" right if we are deleting a ticket.

diff --git a/share/html/REST/1.0/Forms/ticket/default b/share/html/REST/1.0/Forms/ticket/default
index 48aec8b..0e953cb 100755
--- a/share/html/REST/1.0/Forms/ticket/default
+++ b/share/html/REST/1.0/Forms/ticket/default
@@ -81,11 +81,18 @@ if ($id ne 'new') {
     if (!$ticket->Id) {
         return [ "# Ticket $id does not exist.", [], {}, 1 ];
     }
-    elsif (!$ticket->CurrentUserHasRight('ShowTicket') ||
-           (%data && !$ticket->CurrentUserHasRight('ModifyTicket')))
-    {
-        my $act = %data ? "modify" : "display";
-        return [ "# You are not allowed to $act ticket $id.", [], {}, 1 ];
+    elsif ( %data ) {
+        if ( $data{status} && $data{status} eq 'deleted' && ! grep { $_ ne 'id' && $_ ne 'status' } keys %data ) {
+            if ( !$ticket->CurrentUserHasRight('DeleteTicket') ) {
+                return [ "# You are not allowed to delete ticket $id.", [], {}, 1 ];
+            }
+        }
+        elsif ( !$ticket->CurrentUserHasRight('ModifyTicket') ) {
+                return [ "# You are not allowed to modify ticket $id.", [], {}, 1 ];
+        }
+    }
+    elsif (!$ticket->CurrentUserHasRight('ShowTicket')) {
+        return [ "# You are not allowed to display ticket $id.", [], {}, 1 ];
     }
 }
 else {

-----------------------------------------------------------------------


More information about the Rt-commit mailing list