[Rt-commit] rt branch, 4.2/cf-limits-with-role-rights, created. rt-4.1.19-27-g90c8ecc

Alex Vandiver alexmv at bestpractical.com
Tue Aug 20 21:03:26 EDT 2013 

The branch, 4.2/cf-limits-with-role-rights has been created
        at  90c8ecc8b66c99a6994c104a00628e64659f3af0 (commit)

- Log -----------------------------------------------------------------
commit 717c30d34d03e0779896597a279b8773701786b1
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Aug 20 20:47:43 2013 -0400

    Switch two locations which call ->Type directly to examining $type

diff --git a/lib/RT/SearchBuilder.pm b/lib/RT/SearchBuilder.pm
index 94f299a..251bcd0 100644
--- a/lib/RT/SearchBuilder.pm
+++ b/lib/RT/SearchBuilder.pm
@@ -602,7 +602,7 @@ sub _LimitCustomField {
             $date->Set( Format => 'unknown', Value => $value );
             if ( $date->Unix ) {
                 if (
-                       $cf->Type eq 'Date'
+                       $type eq 'Date'
                            # Heuristics to determine if a date, and not
                            # a datetime, was entered:
                     || $value =~ /^\s*(?:today|tomorrow|yesterday)\s*$/i
@@ -619,7 +619,7 @@ sub _LimitCustomField {
             }
 
             # Recurse if day equality is being checked on a datetime
-            if ( $cf->Type eq 'DateTime' and $op eq '=' && $value !~ /:/ ) {
+            if ( $type eq 'DateTime' and $op eq '=' && $value !~ /:/ ) {
                 my $date = RT::Date->new( $self->CurrentUser );
                 $date->Set( Format => 'unknown', Value => $value );
                 my $daystart = $date->ISO;

commit 90c8ecc8b66c99a6994c104a00628e64659f3af0
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Aug 20 20:22:50 2013 -0400

    Avoid warnings and build better queries on CF limits with role rights
    
    It is possible to create limits on custom fields which you don't have
    global rights on, only role rights (via a queue, for instance).  Due to
    the lack of context object when loading CFs in a search context (as
    there is no clear queue/ticket to use), a simple ->Load returns an
    object which the current user has no rights on.  This causes warnings
    when attempting to inspect properties of the CF to determine how to
    build the query.
    
    As $cf never escapes beyond _LimitCustomField and _CustomFieldJoin, and
    is only used to better be able to build optimal queries, simply load as
    the system user.  This does not impact the results returned, but merely
    allows more optimal queries to be generated.
    
    The other possibility would be to switch to calling ->__Value() for all
    accesses, to skip access control.  However, this is complicated by calls
    to non-column methods such as ->SingleValue; as such, loading as the
    system user was deemed a cleaner solution.

diff --git a/lib/RT/SearchBuilder.pm b/lib/RT/SearchBuilder.pm
index 251bcd0..ee1e69d 100644
--- a/lib/RT/SearchBuilder.pm
+++ b/lib/RT/SearchBuilder.pm
@@ -480,7 +480,7 @@ sub _LimitCustomField {
     if (blessed($cf) and $cf->id) {
         $cfkey ||= $cf->id;
     } elsif ($cf =~ /^\d+$/) {
-        my $obj = RT::CustomField->new( $self->CurrentUser );
+        my $obj = RT::CustomField->new( RT->SystemUser );
         $obj->Load($cf);
         if ($obj->id) {
             $cf = $obj;

-----------------------------------------------------------------------

More information about the Rt-commit mailing list