[Rt-commit] rt branch, 4.0/display-actions-on-abort, created. rt-4.0.6-254-g8874c65
Alex Vandiver
alexmv at bestpractical.com
Tue Aug 7 20:19:55 EDT 2012
The branch, 4.0/display-actions-on-abort has been created
at 8874c65ffe575e2bc2d4904bd7b60332ad4d9f86 (commit)
- Log -----------------------------------------------------------------
commit e0e9e5e910f042a151463f67f9896022496893d0
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Aug 7 18:48:36 2012 -0400
Allow the passing of actions through to Abort
When a change causes a ticket to no longer be viewable to the user, the
results of the change are now at least displayed to the user.
diff --git a/share/html/Elements/Error b/share/html/Elements/Error
index 87dfd02..04998c7 100755
--- a/share/html/Elements/Error
+++ b/share/html/Elements/Error
@@ -52,6 +52,8 @@
<& /Elements/Tabs &>
% }
+<& /Elements/ListActions, actions => $Actions &>
+
<div class="error">
<%$Why%>
<br />
@@ -64,6 +66,7 @@ $m->abort();
</%cleanup>
<%args>
+$Actions => []
$Code => undef
$Details => ''
$Title => loc("RT Error")
diff --git a/share/html/Ticket/Display.html b/share/html/Ticket/Display.html
index 5e84a50..0b86e0f 100755
--- a/share/html/Ticket/Display.html
+++ b/share/html/Ticket/Display.html
@@ -177,10 +177,12 @@ if ($ARGS{'id'} eq 'new') {
push @Actions, ProcessObjectCustomFieldUpdates(ARGSRef => \%ARGS, TicketObj => $TicketObj );
push @Actions, ProcessTicketReminders( ARGSRef => \%ARGS, TicketObj => $TicketObj );
- # XXX: we shouldn't block actions here if user has no right to see the ticket,
- # but we should allow him to see actions he has done
unless ($TicketObj->CurrentUserHasRight('ShowTicket')) {
- Abort("No permission to view ticket");
+ if (@Actions) {
+ Abort("A change was applied successfully, but you no longer have permissions to view the ticket", Actions => \@Actions);
+ } else {
+ Abort("No permission to view ticket");
+ }
}
if ( $ARGS{'MarkAsSeen'} ) {
$TicketObj->SetAttribute(
diff --git a/share/html/Ticket/Modify.html b/share/html/Ticket/Modify.html
index d779b12..752b99d 100755
--- a/share/html/Ticket/Modify.html
+++ b/share/html/Ticket/Modify.html
@@ -83,10 +83,13 @@ push @results, ProcessObjectCustomFieldUpdates(Object => $TicketObj, ARGSRef =>
$TicketObj->ApplyTransactionBatch;
-# TODO: display the results, even if we can't display the ticket
unless ($TicketObj->CurrentUserHasRight('ShowTicket')) {
- Abort("No permission to view ticket");
-}
+ if (@results) {
+ Abort("A change was applied successfully, but you no longer have permissions to view the ticket", Actions => \@results);
+ } else {
+ Abort("No permission to view ticket");
+ }
+}
</%INIT>
<%ARGS>
diff --git a/share/html/Ticket/ModifyAll.html b/share/html/Ticket/ModifyAll.html
index 8619cd5..a645c81 100755
--- a/share/html/Ticket/ModifyAll.html
+++ b/share/html/Ticket/ModifyAll.html
@@ -215,10 +215,12 @@ unless ($OnlySearchForPeople or $OnlySearchForGroup or $ARGS{'AddMoreAttach'} )
$Ticket->ApplyTransactionBatch;
# If they've gone and moved the ticket to somewhere they can't see, etc...
-# TODO: display the results, even if we can't display the ticket.
-
unless ($Ticket->CurrentUserHasRight('ShowTicket')) {
- Abort("No permission to view ticket");
+ if (@results) {
+ Abort("A change was applied successfully, but you no longer have permissions to view the ticket", Actions => \@results);
+ } else {
+ Abort("No permission to view ticket");
+ }
}
diff --git a/share/html/m/ticket/show b/share/html/m/ticket/show
index f6ffe88..2b41fd8 100644
--- a/share/html/m/ticket/show
+++ b/share/html/m/ticket/show
@@ -112,10 +112,12 @@ if ($ARGS{'id'} eq 'new') {
push @Actions, ProcessObjectCustomFieldUpdates(ARGSRef => \%ARGS, TicketObj => $Ticket );
push @Actions, ProcessTicketReminders( ARGSRef => \%ARGS, TicketObj => $Ticket );
- # XXX: we shouldn't block actions here if user has no right to see the ticket,
- # but we should allow him to see actions he has done
unless ($Ticket->CurrentUserHasRight('ShowTicket')) {
- Abort("No permission to view ticket");
+ if (@Actions) {
+ Abort("A change was applied successfully, but you no longer have permissions to view the ticket", Actions => \@Actions);
+ } else {
+ Abort("No permission to view ticket");
+ }
}
if ( $ARGS{'MarkAsSeen'} ) {
$Ticket->SetAttribute(
commit 8874c65ffe575e2bc2d4904bd7b60332ad4d9f86
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Aug 7 20:15:27 2012 -0400
Descriptions of just-created transactions should always be readable
If a user had permissions to execute a change, they should always have
permission to read the description of the transaction that is returned.
This case is triggered when a user changes a ticket's queue to one they
do not have rights in, for example; without it, the UI merely displays
the unhelpful status change "Permission denied" in @Actions, despite an
action clearly having happened.
diff --git a/lib/RT/Ticket.pm b/lib/RT/Ticket.pm
index 91711e4..40d700f 100644
--- a/lib/RT/Ticket.pm
+++ b/lib/RT/Ticket.pm
@@ -3491,7 +3491,9 @@ sub _Set {
OldValue => $Old,
TimeTaken => $args{'TimeTaken'},
);
- return ( $Trans, scalar $TransObj->BriefDescription );
+ my $system_trans = RT::Transaction->new( RT->SystemUser );
+ $system_trans->Load( $Trans );
+ return ( $Trans, scalar $system_trans->BriefDescription );
}
else {
return ( $ret, $msg );
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list