[Rt-commit] rt branch, 4.4.1/custom-roles-email, created. rt-4.4.1rc1-1-g5d0a88d

Shawn Moore shawn at bestpractical.com
Fri Jun 10 16:08:05 EDT 2016


The branch, 4.4.1/custom-roles-email has been created
        at  5d0a88d47f141f37fdb8bb7c6e3428c122aff423 (commit)

- Log -----------------------------------------------------------------
commit 5d0a88d47f141f37fdb8bb7c6e3428c122aff423
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Fri Jun 10 20:03:19 2016 +0000

    Avoid failure to create tickets due to custom role rights
    
        For the common configuration of Everyone having the CreateTicket right
        but not ShowTicket, custom roles would cause ticket creation to fail.
        The current user couldn't access the ticket's queue ID (due to lacking
        ShowTicket), causing an internal inconsistency. Namely, the
        $queue->Roles return value includes the custom role, but trying to
        create the group failed because the custom role couldn't find the
        ObjectCustomRole object due to not having a queue ID.
    
    Fixes: I#32069

diff --git a/lib/RT/CustomRole.pm b/lib/RT/CustomRole.pm
index 9cf49e0..f1bb313 100644
--- a/lib/RT/CustomRole.pm
+++ b/lib/RT/CustomRole.pm
@@ -178,7 +178,10 @@ sub _RegisterAsRole {
             }
             elsif ($object->isa('RT::Ticket')) {
                 # see if the role has been applied to the ticket's queue
-                return $role->IsAdded($object->Queue);
+                # need to walk around ACLs because of the common case of
+                # (e.g. Everyone) having the CreateTicket right but not
+                # ShowTicket
+                return $role->IsAdded($object->__Value('Queue'));
             }
 
             return 0;

-----------------------------------------------------------------------


More information about the rt-commit mailing list