[Rt-commit] rt branch, 4.2/modifyticket-owner, created. rt-4.2.7-16-ga3a3720
Alex Vandiver
alexmv at bestpractical.com
Fri Oct 10 12:54:00 EDT 2014
The branch, 4.2/modifyticket-owner has been created
at a3a3720dfadcdeeefed110cd037b3167be75a596 (commit)
- Log -----------------------------------------------------------------
commit b564c89efd23aff3e73a73b2bb2f120abab736df
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Sep 29 15:51:10 2014 -0400
Set a fallback NewOwnerObj for Take/Steal, for OwnTicket checking
This ensures that _NewOwnerCanOwnTicket is called on Take/Steal
transactions, which check the OwnTicket property of the current user.
diff --git a/lib/RT/Ticket.pm b/lib/RT/Ticket.pm
index 50a2ba1..0d3f0a6 100644
--- a/lib/RT/Ticket.pm
+++ b/lib/RT/Ticket.pm
@@ -2172,6 +2172,9 @@ sub CurrentUserCanSetOwner {
@_);
my $OldOwnerObj = $self->OwnerObj;
+ $args{NewOwnerObj} ||= $self->CurrentUser->UserObj
+ if $args{Type} eq "Take" or $args{Type} eq "Steal";
+
# Confirm rights for new owner if we got one
if ( $args{'NewOwnerObj'} ){
my ($ok, $message) = $self->_NewOwnerCanOwnTicket($args{'NewOwnerObj'}, $OldOwnerObj);
commit a3a3720dfadcdeeefed110cd037b3167be75a596
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Mon Sep 29 15:51:28 2014 -0400
Allow ModifyTicket to change nobody -> someone else, without OwnTicket
Previously, CurrentUserCanSetOwner required OwnTicket if the ticket was
currently unowned, no matter if you were taking it yourself or assigning
it to someone else.
Allow nobody -> self with OwnTicket and (ModifyTicket, ReassignTicket,
or TakeTicket), and nobody -> someone else with ModifyTicket or
ReassignTicket. This also closes a bug where TakeTicket and OwnTicket
was enough to change the owner from Nobody to someone else.
Fixes I#30406.
diff --git a/lib/RT/Ticket.pm b/lib/RT/Ticket.pm
index 0d3f0a6..714c9df 100644
--- a/lib/RT/Ticket.pm
+++ b/lib/RT/Ticket.pm
@@ -2187,8 +2187,6 @@ sub CurrentUserCanSetOwner {
&& $args{Type} ne 'Take' && $args{Type} ne 'Steal';
# Ticket is unowned
- # Can set owner to yourself withn ModifyTicket or TakeTicket
- # and OwnTicket.
if ( $OldOwnerObj->Id == RT->Nobody->Id ) {
# Steal is not applicable for unowned tickets.
@@ -2196,11 +2194,23 @@ sub CurrentUserCanSetOwner {
return ( 0, $self->loc("You can only steal a ticket owned by someone else") )
}
- unless ( ( $self->CurrentUserHasRight('ModifyTicket')
- or $self->CurrentUserHasRight('ReassignTicket')
- or $self->CurrentUserHasRight('TakeTicket') )
- and $self->CurrentUserHasRight('OwnTicket') ) {
- return ( 0, $self->loc("Permission Denied") );
+ # Can set owner to yourself with ModifyTicket, ReassignTicket,
+ # or TakeTicket; in all of these cases, OwnTicket is checked by
+ # _NewOwnerCanOwnTicket above.
+ if ( $args{'Type'} eq 'Take'
+ or ( $args{'NewOwnerObj'}
+ and $args{'NewOwnerObj'}->id == $self->CurrentUser->id )) {
+ unless ( $self->CurrentUserHasRight('ModifyTicket')
+ or $self->CurrentUserHasRight('ReassignTicket')
+ or $self->CurrentUserHasRight('TakeTicket') ) {
+ return ( 0, $self->loc("Permission Denied") );
+ }
+ } else {
+ # Nobody -> someone else requires ModifyTicket or ReassignTicket
+ unless ( $self->CurrentUserHasRight('ModifyTicket')
+ or $self->CurrentUserHasRight('ReassignTicket') ) {
+ return ( 0, $self->loc("Permission Denied") );
+ }
}
}
-----------------------------------------------------------------------
More information about the rt-commit
mailing list