[Rt-commit] rt branch, 4.4.1/custom-roles-email, created. rt-4.4.1rc1-1-g5d0a88d
Shawn Moore
shawn at bestpractical.com
Fri Jun 10 16:08:05 EDT 2016
The branch, 4.4.1/custom-roles-email has been created
at 5d0a88d47f141f37fdb8bb7c6e3428c122aff423 (commit)
- Log -----------------------------------------------------------------
commit 5d0a88d47f141f37fdb8bb7c6e3428c122aff423
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Fri Jun 10 20:03:19 2016 +0000
Avoid failure to create tickets due to custom role rights
For the common configuration of Everyone having the CreateTicket right
but not ShowTicket, custom roles would cause ticket creation to fail.
The current user couldn't access the ticket's queue ID (due to lacking
ShowTicket), causing an internal inconsistency. Namely, the
$queue->Roles return value includes the custom role, but trying to
create the group failed because the custom role couldn't find the
ObjectCustomRole object due to not having a queue ID.
Fixes: I#32069
diff --git a/lib/RT/CustomRole.pm b/lib/RT/CustomRole.pm
index 9cf49e0..f1bb313 100644
--- a/lib/RT/CustomRole.pm
+++ b/lib/RT/CustomRole.pm
@@ -178,7 +178,10 @@ sub _RegisterAsRole {
}
elsif ($object->isa('RT::Ticket')) {
# see if the role has been applied to the ticket's queue
- return $role->IsAdded($object->Queue);
+ # need to walk around ACLs because of the common case of
+ # (e.g. Everyone) having the CreateTicket right but not
+ # ShowTicket
+ return $role->IsAdded($object->__Value('Queue'));
}
return 0;
-----------------------------------------------------------------------
More information about the rt-commit
mailing list