[Rt-commit] rt branch, 4.2/extensible-acl-object-targets, created. rt-4.0.6-446-g88900fe
Thomas Sibley
trs at bestpractical.com
Wed Aug 15 18:00:06 EDT 2012
The branch, 4.2/extensible-acl-object-targets has been created
at 88900fe198347a6bd8ef06ecdafb0e0acf0f434a (commit)
- Log -----------------------------------------------------------------
commit 88900fe198347a6bd8ef06ecdafb0e0acf0f434a
Author: Thomas Sibley <trs at bestpractical.com>
Date: Tue Aug 14 19:01:50 2012 -0700
Global availability for all object types on which rights can be granted
Extensions can introduce new object types on which rights may be granted
by adding an entry to %RT::ACE::OBJECT_TYPES. All core classes upon
which rights are hung (RT::System, RT::Queue, RT::CustomField, and
RT::Class) already do this.
RT::System now uses the same metadata to determine which classes it
should collect available rights from instead of using a hardcoded list
of core classes. RT::System's available rights are used in the global
rights admin pages.
Extensions will now see their rights grantable at the global level in
the admin interface.
diff --git a/lib/RT/System.pm b/lib/RT/System.pm
index ad4a2c1..fcffa2e 100644
--- a/lib/RT/System.pm
+++ b/lib/RT/System.pm
@@ -73,6 +73,7 @@ use warnings;
use base qw/RT::Record/;
use RT::ACL;
+use RT::ACE;
# System rights are rights granted to the whole system
# XXX TODO Can't localize these outside of having an object around.
@@ -118,31 +119,48 @@ those rights globally.
=cut
-
-use RT::CustomField;
-use RT::Queue;
-use RT::Group;
-use RT::Class;
sub AvailableRights {
my $self = shift;
- my $queue = RT::Queue->new(RT->SystemUser);
- my $group = RT::Group->new(RT->SystemUser);
- my $cf = RT::CustomField->new(RT->SystemUser);
- my $class = RT::Class->new(RT->SystemUser);
-
- my $qr = $queue->AvailableRights();
- my $gr = $group->AvailableRights();
- my $cr = $cf->AvailableRights();
- my $clr = $class->AvailableRights();
-
- # Build a merged list of all system wide rights, queue rights and group rights.
- my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
+ # Build a merged list of all system wide rights, queue rights, group rights, etc.
+ my %rights = (
+ %{ $RIGHTS },
+ %{ $self->_ForAllACEObjectTypes('AvailableRights') },
+ );
delete $rights{ExecuteCode} if RT->Config->Get('DisallowExecuteCode');
return(\%rights);
}
+sub _ForAllACEObjectTypes {
+ my $self = shift;
+ my $method = shift;
+ return {} unless $method;
+
+ my %data;
+ for my $class (keys %RT::ACE::OBJECT_TYPES) {
+ next unless $RT::ACE::OBJECT_TYPES{$class};
+
+ # Skip ourselves otherwise we'd loop infinitely
+ next if $class eq 'RT::System';
+
+ my $object = $class->new(RT->SystemUser);
+
+ unless ($object->can($method)) {
+ RT->Logger->error("RT::ACE object type $class doesn't support the $method method! Skipping.");
+ next;
+ }
+
+ # embrace and extend
+ %data = (
+ %data,
+ %{ $object->$method || {} },
+ );
+ }
+
+ return \%data;
+}
+
=head2 RightCategories
Returns a hashref where the keys are rights for this type of object and the
@@ -153,20 +171,13 @@ values are the category (General, Staff, Admin) the right falls into.
sub RightCategories {
my $self = shift;
- my $queue = RT::Queue->new(RT->SystemUser);
- my $group = RT::Group->new(RT->SystemUser);
- my $cf = RT::CustomField->new(RT->SystemUser);
- my $class = RT::Class->new(RT->SystemUser);
-
- my $qr = $queue->RightCategories();
- my $gr = $group->RightCategories();
- my $cr = $cf->RightCategories();
- my $clr = $class->RightCategories();
+ # Build a merged list of all right categories system wide, per-queue, per-group, etc.
+ my %categories = (
+ %{ $RIGHT_CATEGORIES },
+ %{ $self->_ForAllACEObjectTypes('RightCategories') },
+ );
- # Build a merged list of all system wide rights, queue rights and group rights.
- my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
-
- return(\%rights);
+ return \%categories;
}
=head2 AddRights C<RIGHT>, C<DESCRIPTION> [, ...]
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list