[Rt-commit] rt branch, 4.0/admin-links-in-modify-people-fix, created. rt-4.0.0-267-ge896ce1

? sunnavy sunnavy at bestpractical.com
Wed May 11 01:59:58 EDT 2011 

The branch, 4.0/admin-links-in-modify-people-fix has been created
        at  e896ce1fca19a1d0afbb59615a16e4c599997430 (commit)

- Log -----------------------------------------------------------------
commit 2395d98ac8ee46efa944abc5aa0a2358393a0e2a
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed May 11 12:52:15 2011 +0800

    don't even show modify links if user lacks the rights

diff --git a/share/html/Ticket/Elements/EditWatchers b/share/html/Ticket/Elements/EditWatchers
index 83f59c2..cd82b4a 100755
--- a/share/html/Ticket/Elements/EditWatchers
+++ b/share/html/Ticket/Elements/EditWatchers
@@ -57,12 +57,17 @@
 <li>
 <input type="checkbox" class="checkbox" name="Ticket-DeleteWatcher-Type-<% $Watchers->Type %>-Principal-<% $watcher->MemberId %>" value="1" unchecked />
 % if ( $member->isa( 'RT::User' ) ) { 
+% if ( $session{CurrentUser}->HasRight( Right => 'AdminUsers', Object => $RT::System ) &&
+%      $session{CurrentUser}->HasRight( Right => 'ShowConfigTab', Object =>$RT::System ) ) {
 <a href="<% RT->Config->Get('WebPath') %>/Admin/Users/Modify.html?id=<% $watcher->MemberId %>">
 <& /Elements/ShowUser, User => $member &></a> <& /Elements/ShowUserEmailFrequency, User => $member, Ticket => $TicketObj &>
-% } else {
+% }} else {
+% if ( $session{CurrentUser}->HasRight( Right => 'AdminGroup', Object => $RT::System ) &&
+%      $session{CurrentUser}->HasRight( Right => 'ShowConfigTab', Object =>$RT::System ) ) {
 <a href="<% RT->Config->Get('WebPath') %>/Admin/Groups/Modify.html?id=<% $watcher->MemberId %>">
-<% $member->Name %></a>
-% }
+<% $member->Name %>
+</a>
+% } }
 </li>
 % }
 </ul>

commit e896ce1fca19a1d0afbb59615a16e4c599997430
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed May 11 13:52:17 2011 +0800

    admin links test in /Ticket/ModifyPeople.html, see #16907

diff --git a/t/web/ticket_modify_people.t b/t/web/ticket_modify_people.t
new file mode 100644
index 0000000..c0c27d6
--- /dev/null
+++ b/t/web/ticket_modify_people.t
@@ -0,0 +1,110 @@
+use strict;
+use warnings;
+
+use RT::Test tests => 20;
+
+my $root = RT::Test->load_or_create_user( Name => 'root' );
+my $group_foo = RT::Group->new($RT::SystemUser);
+my ( $ret, $msg ) = $group_foo->CreateUserDefinedGroup(
+    Name        => 'group_foo',
+    Description => 'group_foo',
+);
+ok( $ret, 'created group_foo' );
+
+my $ticket = RT::Test->create_ticket(
+    Subject   => 'test modify people',
+    Queue     => 'General',
+    Requestor => $root->id,
+    Cc        => $group_foo->id,
+);
+
+my $user = RT::Test->load_or_create_user(
+    Name     => 'user',
+    Password => 'password',
+);
+ok $user && $user->id, 'loaded or created user';
+
+ok(
+    RT::Test->set_rights(
+        { Principal => $user, Right => [qw(SeeQueue ShowTicket ModifyTicket)] },
+    ),
+    'set rights'
+);
+
+my ( $url, $m ) = RT::Test->started_ok;
+ok( $m->login( 'user', 'password' ), 'logged in' );
+$m->get_ok( $url . "/Ticket/ModifyPeople.html?id=" . $ticket->id );
+
+ok(
+    !$m->find_link(
+        text      => 'Enoch Root',
+        url_regex => qr!/Admin/Users/Modify\.html!,
+    ),
+    'no link to modify user'
+);
+
+ok(
+    !$m->find_link(
+        text      => 'group_foo',
+        url_regex => qr!/Admin/Groups/Modify\.html!,
+    ),
+    'no link to modify group'
+);
+
+ok( RT::Test->add_rights( { Principal => $user, Right => ['AdminUsers'] }, ),
+    'added AdminUsers right' );
+$m->reload;
+ok(
+    !$m->find_link(
+        text      => 'Enoch Root',
+        url_regex => qr!/Admin/Users/Modify\.html!,
+    ),
+    'still no link to modify user'
+);
+ok(
+    !$m->find_link(
+        text      => 'group_foo',
+        url_regex => qr!/Admin/Groups/Modify\.html!,
+    ),
+    'still no link to modify group'
+);
+
+ok(
+    RT::Test->add_rights( { Principal => $user, Right => ['ShowConfigTab'] }, ),
+    'added ShowConfigTab right',
+);
+
+$m->reload;
+ok(
+    $m->find_link(
+        text      => 'Enoch Root',
+        url_regex => qr!/Admin/Users/Modify\.html!,
+    ),
+    'got link to modify user'
+);
+
+ok(
+    !$m->find_link(
+        text      => 'group_foo',
+        url_regex => qr!/Admin/Groups/Modify\.html!,
+    ),
+    'still no link to modify group'
+);
+
+ok(
+    RT::Test->add_rights( { Principal => $user, Right => ['AdminGroup'] }, ),
+    'added AdminGroup right'
+);
+
+$m->reload;
+ok(
+    $m->find_link(
+        text      => 'group_foo',
+        url_regex => qr!/Admin/Groups/Modify\.html!,
+    ),
+    'got link to modify group'
+);
+
+
+# TODO test Add|Delete people
+

-----------------------------------------------------------------------

More information about the Rt-commit mailing list