[Rt-commit] rt branch, 4.6/customrole-rights, repushed

Shawn Moore shawn at bestpractical.com
Wed Jun 7 12:56:12 EDT 2017 

The branch 4.6/customrole-rights was deleted and repushed:
       was baf5879124a1cd84e6704e3bd48c8e7b5fc745de
       now 27a1ff8d73ebd637b29e477579c740d83884548f

 1:  3eabe16 =  1:  3eabe16 Add CustomRoleObj method for loading by GroupType
 2:  1729648 =  2:  1729648 Add RT::Asset->RoleAddresses
 3:  26e7d74 =  3:  26e7d74 Factor out a LookupType role from CustomFields
 4:  396a5fd =  4:  396a5fd Allow RegisterLookupType to provide options besides just FriendlyName
 5:  4b228a0 =  5:  4b228a0 Add support for LookupType to custom roles
 6:  9247b2c =  6:  9247b2c Add custom roles to assets
 7:  d09f361 =  7:  d09f361 Support custom roles on asset creation
 8:  d0c69db =  8:  d0c69db Add API and web tests for interacting with custom roles on assets
 9:  bb684f6 =  9:  bb684f6 Relax requirements about role names
10:  03ded03 = 10:  03ded03 Add lookup type to custom role admin page listing
11:  8e35aa6 = 11:  8e35aa6 Exclude asset custom roles from ticket search
12:  c61e068 = 12:  c61e068 Remove custom role name uniqueness restriction
13:  57d7f2e = 13:  57d7f2e Factor out a ContextObject role from CFs for reuse in custom roles
14:  ff32705 ! 14:  1e2d9f7 Additional hookpoints and context required for custom role rights
    @@ -82,14 +82,22 @@
     --- a/lib/RT/Transaction.pm
     +++ b/lib/RT/Transaction.pm
     @@
    +     my $self = shift;
    +     my $role_name = shift;
    + 
    +-    if ($role_name =~ /^RT::CustomRole-(\d+)$/) {
    +-        my $role = RT::CustomRole->new($self->CurrentUser);
    +-        $role->Load($1);
    ++    if (my $role = $self->Object->CustomRoleObj($role_name)) {
    +         return $role->Name;
    +     }
    + 
    +@@
              return 0 unless $cf->CurrentUserCanSee;
          }
      
     +    # Ditto custom role
    -+    if ( ($type eq 'AddWatcher' || $type eq 'DelWatcher' || $type eq 'SetWatcher') && (my ($role_id) = $self->__Value('Field') =~ /^RT::CustomRole-(\d+)$/)) {
    -+        my $role = RT::CustomRole->new($self->CurrentUser);
    -+        $role->SetContextObject($self->Object);
    -+        $role->Load($role_id);
    ++    if ( ($type eq 'AddWatcher' || $type eq 'DelWatcher' || $type eq 'SetWatcher') && (my $role = $self->Object->CustomRoleObj($self->__Value('Field')))) {
     +        return 0 unless $role->CurrentUserCanSee;
     +    }
     +
15:  46e5b7a = 15:  bdb83b4 Provide context object for custom roles
16:  a24528b = 16:  ef64f1e Avoid throwing error on invalid roles
17:  c5d45f7 = 17:  dd1f5a3 Infrastructure for granting rights for custom roles
18:  baf5879 ! 18:  27a1ff8 Enforce SeeCustomRole and ModifyCustomRole
    @@ -30,10 +30,7 @@
          my $self = shift;
          my ($type, $principal) = @_;
      
    -+    if (my ($role_id) = $type =~ /^RT::CustomRole-(\d+)$/) {
    -+        my $role = RT::CustomRole->new($self->CurrentUser);
    -+        $role->SetContextObject($self);
    -+        $role->Load($role_id);
    ++    if (my $role = $self->CustomRoleObj($type)) {
     +        return $role->CurrentUserHasRight('ModifyCustomRole');
     +    }
     +
    @@ -84,10 +81,7 @@
          my $self = shift;
          my ($type, $principal) = @_;
      
    -+    if (my ($role_id) = $type =~ /^RT::CustomRole-(\d+)$/) {
    -+        my $role = RT::CustomRole->new($self->CurrentUser);
    -+        $role->SetContextObject($self);
    -+        $role->Load($role_id);
    ++    if (my $role = $self->CustomRoleObj($type)) {
     +        return $role->CurrentUserHasRight('ModifyCustomRole');
     +    }
     +
    @@ -149,6 +143,19 @@
      % }
      </select>
     
    +diff --git a/share/html/Asset/Elements/ShowPeople b/share/html/Asset/Elements/ShowPeople
    +--- a/share/html/Asset/Elements/ShowPeople
    ++++ b/share/html/Asset/Elements/ShowPeople
    +@@
    + </%init>
    + <table>
    + % for my $role ($AssetObj->Roles) {
    ++% my $custom_role = $AssetObj->CustomRoleObj($role);
    ++% next if $custom_role && !$custom_role->CurrentUserHasRight('SeeCustomRole');
    + <tr><td class="label"><% $AssetObj->LabelForRole($role) %>:
    + % if ($AssetObj->Role($role)->{Single}) {
    + %      my $users = $AssetObj->RoleGroup($role)->UserMembersObj(Recursively => 0);
    +
     diff --git a/share/html/Elements/SelectWatcherType b/share/html/Elements/SelectWatcherType
     --- a/share/html/Elements/SelectWatcherType
     +++ b/share/html/Elements/SelectWatcherType
    @@ -215,3 +222,23 @@
      </tr>
      % }
      
    +
    +diff --git a/t/customroles/web-assets.t b/t/customroles/web-assets.t
    +--- a/t/customroles/web-assets.t
    ++++ b/t/customroles/web-assets.t
    +@@
    +     }, "submitted rights form");
    +     $m->text_contains("Granted right 'ShowAsset' to Licensee");
    + 
    ++    my $privileged = RT::Group->new(RT->SystemUser);
    ++    $privileged->LoadSystemInternalGroup('Privileged');
    ++    $m->submit_form_ok({
    ++        with_fields => {
    ++            "SetRights-" . $privileged->Id . '-RT::Catalog-' . $catalog->id => 'SeeCustomRole',
    ++        },
    ++    }, "submitted rights form");
    ++    $m->text_contains("Granted right 'SeeCustomRole' to Privileged");
    ++
    +     RT::Principal::InvalidateACLCache();
    + }
    +

More information about the rt-commit mailing list