[Rt-commit] rt branch, 4.0-trunk, updated. rt-4.0.19-74-g3ced8bd

Alex Vandiver alexmv at bestpractical.com
Fri Apr 18 19:57:10 EDT 2014 

The branch, 4.0-trunk has been updated
       via  3ced8bd4a5913cd8241f1ca3a5db212d267beea2 (commit)
       via  6dc19ce480ed5449e4867e07c44562e30e661e8f (commit)
      from  7e30f73680781683a0e7464ecd0330d98a8ab2bb (commit)

Summary of changes:
 lib/RT/Users.pm | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

- Log -----------------------------------------------------------------
commit 6dc19ce480ed5449e4867e07c44562e30e661e8f
Author: Craig Ringer <craig at 2ndquadrant.com>
Date:   Thu Mar 7 12:54:26 2013 +0800

    Allow RT::Users->WhoBelongToGroups to optionally return unprivileged users
    
    The WhoBelongToGroups filter should really not apply LimitToPrivileged at
    all, but we can't remove it without breaking security assumptions elsewhere
    in RT or in 3rd party code. So a new option IncludeUnprivileged is added, a
    boolean that defaults to false. It can be set to true to disable the
    LimitToPrivileged filter.
    
    The documentation of the method is amended to explain that it filters out
    unprivileged members by default.

diff --git a/lib/RT/Users.pm b/lib/RT/Users.pm
index 85a9b7b..a88f320 100644
--- a/lib/RT/Users.pm
+++ b/lib/RT/Users.pm
@@ -542,21 +542,31 @@ sub WhoHaveGroupRight
 }
 
 
-=head2 WhoBelongToGroups { Groups => ARRAYREF, IncludeSubgroupMembers => 1 }
+=head2 WhoBelongToGroups { Groups => ARRAYREF, IncludeSubgroupMembers => 1, IncludeUnprivileged => 0 }
+
+Return members who belong to any of the groups passed in the groups whose IDs
+are included in the Groups arrayref.
+
+If IncludeSubgroupMembers is true (default) then members of any group that's a
+member of one of the passed groups are returned. If it's cleared then only
+direct member users are returned.
+
+If IncludeUnprivileged is false (default) then only privileged members are
+returned; otherwise either privileged or unprivileged group members may be
+returned.
 
 =cut
 
-# XXX: should be generalized
 sub WhoBelongToGroups {
     my $self = shift;
     my %args = ( Groups                 => undef,
                  IncludeSubgroupMembers => 1,
+                 IncludeUnprivileged    => 0,
                  @_ );
 
-    # Unprivileged users can't be granted real system rights.
-    # is this really the right thing to be saying?
-    $self->LimitToPrivileged();
-
+    if (!$args{'IncludeUnprivileged'}) {
+        $self->LimitToPrivileged();
+    }
     my $group_members = $self->_JoinGroupMembers( %args );
 
     foreach my $groupid (@{$args{'Groups'}}) {

commit 3ced8bd4a5913cd8241f1ca3a5db212d267beea2
Merge: 7e30f73 6dc19ce
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Fri Apr 18 19:53:40 2014 -0400

    Merge branch '4.0/whobelongtogroups-unpriv' into 4.0-trunk


-----------------------------------------------------------------------

More information about the rt-commit mailing list