[Rt-commit] rt branch, 4.2/allow_type_for_cf_canonicalize, created. rt-4.2.12-119-g68b6a66

Jim Brandt jbrandt at bestpractical.com
Wed May 4 13:19:12 EDT 2016


The branch, 4.2/allow_type_for_cf_canonicalize has been created
        at  68b6a66f75aeaf0911bf98668825f5881277bae1 (commit)

- Log -----------------------------------------------------------------
commit 1e2b566543d20aa4dd9cf9da95e0c33a678c4c35
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Wed May 4 11:15:10 2016 -0400

    Add test demonstrating incorrect datetime CF values
    
    Reported on issues ticket 31674.

diff --git a/t/customfields/group_rights.t b/t/customfields/group_rights.t
new file mode 100644
index 0000000..051fa67
--- /dev/null
+++ b/t/customfields/group_rights.t
@@ -0,0 +1,68 @@
+use strict;
+use warnings;
+
+use RT::Test tests => undef;
+
+# These tests catch a previous issue that resulted in the CF
+# canonicalize call failing because an internal cf object lacked
+# sufficient context to properly do a rights check.
+
+my $general = RT::Test->load_or_create_queue( Name => 'General' );
+my $staff1 = RT::Test->load_or_create_user( EmailAddress => 'staff1 at example.com', Name => 'staff1', Timezone => 'America/New_York');
+my $staff2 = RT::Test->load_or_create_user( EmailAddress => 'staff2 at example.com', Name => 'staff2', Timezone => 'America/New_York');
+
+my $group = RT::Test->load_or_create_group(
+    'Staff',
+    Members => [$staff1, $staff2],
+);
+
+ok( RT::Test->add_rights( { Principal => $group, Object => $general,
+    Right => [ qw(ModifyTicket CreateTicket SeeQueue ShowTicket SeeCustomField ModifyCustomField) ] } ));
+
+my $cf_name = 'A Date and Time';
+my $cf;
+{
+    $cf = RT::CustomField->new(RT->SystemUser);
+    ok(
+        $cf->Create(
+            Name       => $cf_name,
+            Type       => 'DateTime',
+            MaxValues  => 1,
+            LookupType => RT::Ticket->CustomFieldLookupType,
+        ),
+        'create cf date'
+    );
+    ok( $cf->AddToObject($general), 'date cf apply to queue' );
+}
+
+diag "Confirm DateTime CF is properly created for root";
+{
+    my $ticket = RT::Ticket->new( RT::CurrentUser->new( RT->SystemUser ) );
+    my ($id) = $ticket->Create(
+        Queue                   => $general->id,
+        Subject                 => 'Test',
+        'CustomField-'. $cf->id => '2016-05-01 00:00:00',
+    );
+    my $cf_value = $ticket->CustomFieldValues($cf_name)->First;
+
+    is( $cf_value->Content, '2016-05-01 04:00:00', 'got correct value for datetime' );
+}
+
+diag "Confirm DateTime CF is properly created for staff1";
+{
+    my $ticket = RT::Ticket->new( RT::CurrentUser->new( $staff1 ) );
+    my ($id) = $ticket->Create(
+        Queue                   => $general->id,
+        Subject                 => 'Test',
+        'CustomField-'. $cf->id => '2016-05-01 00:00:00',
+    );
+    my $cf_value = $ticket->CustomFieldValues($cf_name)->First;
+
+    is( $cf_value->Content, '2016-05-01 04:00:00', 'correct value' );
+
+    $ticket = RT::Ticket->new( RT::CurrentUser->new( $staff2 ) );
+    $ticket->Load($id);
+    is( $ticket->FirstCustomFieldValue($cf_name), '2016-05-01 04:00:00', 'staff2 gets correct value' );
+}
+
+done_testing;

commit 68b6a66f75aeaf0911bf98668825f5881277bae1
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Wed May 4 11:17:33 2016 -0400

    Call __Value for CF Type to avoid permission check
    
    d3928d7b refactored canonicalization for CFs and,
    recognizing that a newly created CF object would not have
    sufficient context to pass the rights check, called
    _Value('Type') rather than Type to avoid it. However, _Value
    implements the 'SeeCustomField' rights check and was
    therefore causing canonicalization to fail, resulting in
    incorrect datetime CF value setting for non-root users.
    
    Call __Value (note the extra underscore) which is the
    underlying method that does not require the rights check.
    
    Fixes: I#31674

diff --git a/lib/RT/CustomField.pm b/lib/RT/CustomField.pm
index e0fc1b6..de08394 100644
--- a/lib/RT/CustomField.pm
+++ b/lib/RT/CustomField.pm
@@ -1700,7 +1700,7 @@ sub _CanonicalizeValue {
     my $self = shift;
     my $args = shift;
 
-    my $type = $self->_Value('Type');
+    my $type = $self->__Value('Type');
     return 1 unless $type;
 
     my $method = '_CanonicalizeValue'. $type;

-----------------------------------------------------------------------


More information about the rt-commit mailing list