[Rt-commit] rt branch, 4.2/resolve-roles, created. rt-4.2.10-237-g70df24a
Alex Vandiver
alexmv at bestpractical.com
Thu Apr 9 20:38:23 EDT 2015
The branch, 4.2/resolve-roles has been created
at 70df24ac785961aab56c604b31201e9d85c24272 (commit)
- Log -----------------------------------------------------------------
commit 95ee3a26fb2114f9cdd9b13f3406b85f7a8e9a7f
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Jul 10 12:02:52 2014 -0400
Allow objects to be passed to non-Single roles
Role resolution of Single roles (such as Owner) accepts RT::User
objects, but non-Single roles (such as Requestor) assume that any
reference is an array reference, and attempt to de-reference it.
Bring non-Single roles into parity with the other code, by only
attempting to de-reference array references as such, and by accepting
RT::User or RT::Group objects if they are found in the resulting list.
Their Principals are explicitly loaded as the current user, to prevent
elevated-privilege records from slipping into the data returned by the
method.
diff --git a/lib/RT/Record/Role/Roles.pm b/lib/RT/Record/Role/Roles.pm
index 725c0d7..52b6175 100644
--- a/lib/RT/Record/Role/Roles.pm
+++ b/lib/RT/Record/Role/Roles.pm
@@ -539,8 +539,15 @@ sub _ResolveRoles {
$roles->{$role} = [ $roles->{$role} ];
} else {
$roles->{$role} = [];
- my @values = ref $args{ $role } ? @{ $args{$role} } : ($args{$role});
+ my @values = ref $args{ $role } eq 'ARRAY' ? @{ $args{$role} } : ($args{$role});
for my $value (grep {defined} @values) {
+ if (Scalar::Util::blessed($value)
+ and ($value->isa("RT::User") or $value->isa("RT::Group"))) {
+ # Accept a user or group object
+ next unless $value->id;
+ $value = $value->PrincipalObj->id;
+ }
+
if ( $value =~ /^\d+$/ ) {
# This implicitly allows groups, if passed by id.
my $principal = RT::Principal->new( $self->CurrentUser );
commit 70df24ac785961aab56c604b31201e9d85c24272
Author: Alex Vandiver <alexmv at bestpractical.com>
Date: Thu Apr 9 17:38:01 2015 -0700
Re-load any RT::User objects passed into ResolveRoles, as CurrentUser
This prevents possibly-elevated objects that are passed in from being
returned as loaded by anything except the current user.
diff --git a/lib/RT/Record/Role/Roles.pm b/lib/RT/Record/Role/Roles.pm
index 52b6175..fdd314e 100644
--- a/lib/RT/Record/Role/Roles.pm
+++ b/lib/RT/Record/Role/Roles.pm
@@ -522,15 +522,16 @@ sub _ResolveRoles {
$value = $value->[0] if ref $value eq 'ARRAY';
if (Scalar::Util::blessed($value) and $value->isa("RT::User")) {
# Accept a user; it may not be loaded, which we catch below
- $roles->{$role} = $value->PrincipalObj;
- } else {
- # Try loading by id, name, then email. If all fail, catch that below
- my $user = RT::User->new( $self->CurrentUser );
- $user->Load( $value );
- # XXX: LoadOrCreateByEmail ?
- $user->LoadByEmail( $value ) unless $user->id;
- $roles->{$role} = $user->PrincipalObj;
+ $value = $value->PrincipalObj->id;
}
+
+ # Try loading by id, name, then email. If all fail, catch that below
+ my $user = RT::User->new( $self->CurrentUser );
+ $user->Load( $value );
+ # XXX: LoadOrCreateByEmail ?
+ $user->LoadByEmail( $value ) unless $user->id;
+ $roles->{$role} = $user->PrincipalObj;
+
unless (Scalar::Util::blessed($roles->{$role}) and $roles->{$role}->id) {
push @errors, $self->loc("Invalid value for [_1]",$self->loc($role));
$roles->{$role} = RT->Nobody->PrincipalObj;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list