[Rt-commit] rt branch, 4.2/cf-limits-with-role-rights, created. rt-4.1.19-27-ga4c8bfa
Alex Vandiver
alexmv at bestpractical.com
Mon Aug 26 12:22:33 EDT 2013
The branch, 4.2/cf-limits-with-role-rights has been created
at a4c8bfa4cbbe1744f79bcb5fa9c78da83733648c (commit)
- Log -----------------------------------------------------------------
commit 717c30d34d03e0779896597a279b8773701786b1
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Aug 20 20:47:43 2013 -0400
Switch two locations which call ->Type directly to examining $type
diff --git a/lib/RT/SearchBuilder.pm b/lib/RT/SearchBuilder.pm
index 94f299a..251bcd0 100644
--- a/lib/RT/SearchBuilder.pm
+++ b/lib/RT/SearchBuilder.pm
@@ -602,7 +602,7 @@ sub _LimitCustomField {
$date->Set( Format => 'unknown', Value => $value );
if ( $date->Unix ) {
if (
- $cf->Type eq 'Date'
+ $type eq 'Date'
# Heuristics to determine if a date, and not
# a datetime, was entered:
|| $value =~ /^\s*(?:today|tomorrow|yesterday)\s*$/i
@@ -619,7 +619,7 @@ sub _LimitCustomField {
}
# Recurse if day equality is being checked on a datetime
- if ( $cf->Type eq 'DateTime' and $op eq '=' && $value !~ /:/ ) {
+ if ( $type eq 'DateTime' and $op eq '=' && $value !~ /:/ ) {
my $date = RT::Date->new( $self->CurrentUser );
$date->Set( Format => 'unknown', Value => $value );
my $daystart = $date->ISO;
commit a4c8bfa4cbbe1744f79bcb5fa9c78da83733648c
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Tue Aug 20 20:22:50 2013 -0400
Avoid warnings and build better queries on CF limits with role rights
It is possible to create limits on custom fields which you don't have
global rights on, only role rights (via a queue, for instance). Due to
the lack of context object when loading CFs in a search context (as
there is no clear queue/ticket to use), a simple ->Load returns an
object which the current user has no rights on. This causes warnings
when attempting to inspect properties of the CF to determine how to
build the query.
As $cf never escapes beyond _LimitCustomField and _CustomFieldJoin, and
is only used to better be able to build optimal queries, simply load as
the system user. This does not impact the results returned, but merely
allows more optimal queries to be generated.
The other possibility would be to switch to calling ->__Value() for all
accesses, to skip access control. However, this is complicated by calls
to non-column methods such as ->SingleValue; as such, loading as the
system user was deemed a cleaner solution.
diff --git a/lib/RT/SearchBuilder.pm b/lib/RT/SearchBuilder.pm
index 251bcd0..f399e78 100644
--- a/lib/RT/SearchBuilder.pm
+++ b/lib/RT/SearchBuilder.pm
@@ -480,7 +480,11 @@ sub _LimitCustomField {
if (blessed($cf) and $cf->id) {
$cfkey ||= $cf->id;
} elsif ($cf =~ /^\d+$/) {
- my $obj = RT::CustomField->new( $self->CurrentUser );
+ # Intentionally load as the system user, so we can build better
+ # queries; this is necessary as we don't have a context object
+ # which might grant the user rights to see the CF. This object
+ # is only used to inspect the properties of the CF itself.
+ my $obj = RT::CustomField->new( RT->SystemUser );
$obj->Load($cf);
if ($obj->id) {
$cf = $obj;
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list