[Rt-commit] rt branch, 4.4/serialize-json-initialdata, updated. rt-4.4.1-389-g59515a1
Shawn Moore
shawn at bestpractical.com
Tue Mar 21 16:20:30 EDT 2017
The branch, 4.4/serialize-json-initialdata has been updated
via 59515a18a0a35dce12fe638c958dd6fb06e4a67a (commit)
via 9f2c59a29a58298c5d413bcb99a9c43abf80ade7 (commit)
via 93f6030f327935e19d745d3dcb048993165abaaa (commit)
via 3d348e09c206e6c707d89d87178605d977629034 (commit)
via de14acfa99e623bc6247b4d0868fe98e5f6d192e (commit)
via b0da91f7008d601f97633a78d7079457922a3524 (commit)
via 61415c774a9ba69ad38c4c02f9196918f6cd80e0 (commit)
from 1cf2af194b19b068a0a0b3fbc064019823a0ba72 (commit)
Summary of changes:
lib/RT/Group.pm | 6 +--
lib/RT/Handle.pm | 78 +++++++++++++++++++++--------------
lib/RT/Migrate/Serializer/JSON.pm | 85 ++++++++++++++++++++++++++-------------
t/api/initialdata-roundtrip.t | 49 +++++++++++++++++++++-
4 files changed, 154 insertions(+), 64 deletions(-)
- Log -----------------------------------------------------------------
commit 61415c774a9ba69ad38c4c02f9196918f6cd80e0
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 19:26:50 2017 +0000
Insert @Members later, after queues, assets, custom roles etc have been created
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 24baf62..89702f6 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -1047,33 +1047,6 @@ sub InsertData {
}
$RT::Logger->debug("done.");
}
- if ( @Members ) {
- $RT::Logger->debug("Adding users and groups to groups...");
- for my $item (@Members) {
- my $group = RT::Group->new(RT->SystemUser);
- $group->LoadUserDefinedGroup( delete $item->{Group} );
- unless ($group->Id) {
- RT->Logger->error("Unable to find group '$group' to add members to");
- next;
- }
-
- my $class = delete $item->{Class} || 'RT::User';
- my $member = $class->new( RT->SystemUser );
- $item->{Domain} = 'UserDefined' if $member->isa("RT::Group");
- $member->LoadByCols( %$item );
- unless ($member->Id) {
- RT->Logger->error("Unable to find $class '".($item->{id} || $item->{Name})."' to add to ".$group->Name);
- next;
- }
-
- my ( $return, $msg) = $group->AddMember( $member->PrincipalObj->Id );
- unless ( $return ) {
- $RT::Logger->error( $msg );
- } else {
- $RT::Logger->debug( $return ."." );
- }
- }
- }
if ( @Queues ) {
$RT::Logger->debug("Creating queues...");
for my $item (@Queues) {
@@ -1301,6 +1274,34 @@ sub InsertData {
$RT::Logger->debug("done.");
}
+ if ( @Members ) {
+ $RT::Logger->debug("Adding users and groups to groups...");
+ for my $item (@Members) {
+ my $group = RT::Group->new(RT->SystemUser);
+ $group->LoadUserDefinedGroup( delete $item->{Group} );
+ unless ($group->Id) {
+ RT->Logger->error("Unable to find group '$group' to add members to");
+ next;
+ }
+
+ my $class = delete $item->{Class} || 'RT::User';
+ my $member = $class->new( RT->SystemUser );
+ $item->{Domain} = 'UserDefined' if $member->isa("RT::Group");
+ $member->LoadByCols( %$item );
+ unless ($member->Id) {
+ RT->Logger->error("Unable to find $class '".($item->{id} || $item->{Name})."' to add to ".$group->Name);
+ next;
+ }
+
+ my ( $return, $msg) = $group->AddMember( $member->PrincipalObj->Id );
+ unless ( $return ) {
+ $RT::Logger->error( $msg );
+ } else {
+ $RT::Logger->debug( $return ."." );
+ }
+ }
+ }
+
if ( @ACL ) {
$RT::Logger->debug("Creating ACL...");
for my $item (@ACL) {
commit b0da91f7008d601f97633a78d7079457922a3524
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 19:36:12 2017 +0000
Improve export/import of group membership
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 89702f6..8b4b46e 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -1277,10 +1277,16 @@ sub InsertData {
if ( @Members ) {
$RT::Logger->debug("Adding users and groups to groups...");
for my $item (@Members) {
+ my $name = delete $item->{Group};
+ my $domain = delete $item->{GroupDomain} || 'UserDefined';
+
my $group = RT::Group->new(RT->SystemUser);
- $group->LoadUserDefinedGroup( delete $item->{Group} );
+ $group->LoadByCols(
+ Name => $name,
+ Domain => $domain,
+ );
unless ($group->Id) {
- RT->Logger->error("Unable to find group '$group' to add members to");
+ RT->Logger->error("Unable to find $domain group '$name' to add members to");
next;
}
diff --git a/lib/RT/Migrate/Serializer/JSON.pm b/lib/RT/Migrate/Serializer/JSON.pm
index fe5bddc..329bc6b 100644
--- a/lib/RT/Migrate/Serializer/JSON.pm
+++ b/lib/RT/Migrate/Serializer/JSON.pm
@@ -126,12 +126,14 @@ sub Observe {
my $obj = $args{object};
- # avoid serializing ACLEquivalence, etc
if ($obj->isa("RT::Group")) {
- return 0 unless $obj->Domain eq 'UserDefined';
+ return 0 if $obj->Domain eq 'ACLEquivalence'
+ || $obj->Domain =~ /^RT::(Queue|Catalog)-Role$/;
}
if ($obj->isa("RT::GroupMember")) {
- return 0 unless $obj->GroupObj->Object->Domain eq 'UserDefined';
+ my $domain = $obj->GroupObj->Object->Domain;
+ return 0 if $domain eq 'ACLEquivalence'
+ || $domain eq 'SystemInternal';
}
return $self->SUPER::Observe(%args);
@@ -330,6 +332,8 @@ sub CanonicalizeGroupMembers {
for my $record (values %{ $self->{Records}{'RT::GroupMember'} }) {
my $group = $self->_GetObjectByRef(delete $record->{GroupId});
$record->{Group} = $group->Object->Name;
+ $record->{GroupDomain} = $group->Object->Domain
+ unless $group->Object->Domain eq 'UserDefined';
my $member = $self->_GetObjectByRef(delete $record->{MemberId});
$record->{Class} = ref($member->Object);
@@ -445,6 +449,10 @@ sub ShouldExcludeObject {
return 1 if $class eq 'RT::Queue'
&& $record->{Name} eq '___Approvals';
+ return 1 if $class eq 'RT::GroupMember'
+ && $record->{Group} eq 'Owner' && $record->{GroupDomain} eq 'RT::System-Role'
+ && $record->{Class} eq 'RT::User' && $record->{Name} eq 'Nobody';
+
return 0;
}
commit de14acfa99e623bc6247b4d0868fe98e5f6d192e
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 19:39:46 2017 +0000
Refactor ShouldExcludeObject for clarity
diff --git a/lib/RT/Migrate/Serializer/JSON.pm b/lib/RT/Migrate/Serializer/JSON.pm
index 329bc6b..1354a10 100644
--- a/lib/RT/Migrate/Serializer/JSON.pm
+++ b/lib/RT/Migrate/Serializer/JSON.pm
@@ -436,22 +436,27 @@ sub ShouldExcludeObject {
my $id = shift;
my $record = shift;
- return 1 if $class eq 'RT::User'
- && ($record->{Name} eq 'RT__System' || $record->{Name} eq 'Nobody');
-
- return 1 if $class eq 'RT::ACE'
- && ((($record->{UserId}||'') eq 'Nobody' && $record->{RightName} eq 'OwnTicket')
- || (($record->{UserId}||'') eq 'RT_System' && $record->{RightName} eq 'SuperUser'));
-
- return 1 if $class eq 'RT::Group'
- && ($record->{Domain} eq 'RT::System-Role' || $record->{Domain} eq 'SystemInternal');
-
- return 1 if $class eq 'RT::Queue'
- && $record->{Name} eq '___Approvals';
-
- return 1 if $class eq 'RT::GroupMember'
- && $record->{Group} eq 'Owner' && $record->{GroupDomain} eq 'RT::System-Role'
- && $record->{Class} eq 'RT::User' && $record->{Name} eq 'Nobody';
+ if ($class eq 'RT::User') {
+ return 1 if $record->{Name} eq 'RT__System'
+ || $record->{Name} eq 'Nobody';
+ }
+ elsif ($class eq 'RT::ACE') {
+ return 1 if ($record->{UserId}||'') eq 'Nobody' && $record->{RightName} eq 'OwnTicket';
+ return 1 if ($record->{UserId}||'') eq 'RT_System' && $record->{RightName} eq 'SuperUser';
+ }
+ elsif ($class eq 'RT::Group') {
+ return 1 if $record->{Domain} eq 'RT::System-Role'
+ || $record->{Domain} eq 'SystemInternal';
+ }
+ elsif ($class eq 'RT::Queue') {
+ return 1 if $record->{Name} eq '___Approvals';
+ }
+ elsif ($class eq 'RT::GroupMember') {
+ return 1 if $record->{Group} eq 'Owner'
+ && $record->{GroupDomain} eq 'RT::System-Role'
+ && $record->{Class} eq 'RT::User'
+ && $record->{Name} eq 'Nobody';
+ }
return 0;
}
commit 3d348e09c206e6c707d89d87178605d977629034
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 19:52:04 2017 +0000
Allow RT::Group->InstanceObj to return catalogs, assets, etc
Without this, ->InstanceObj returns undef when trying to work backwards
from an asset role group back to its asset
diff --git a/lib/RT/Group.pm b/lib/RT/Group.pm
index 1593700..a165777 100644
--- a/lib/RT/Group.pm
+++ b/lib/RT/Group.pm
@@ -1329,10 +1329,8 @@ sub InstanceObj {
my $class;
if ( $self->Domain eq 'ACLEquivalence' ) {
$class = "RT::User";
- } elsif ($self->Domain eq 'RT::Queue-Role') {
- $class = "RT::Queue";
- } elsif ($self->Domain eq 'RT::Ticket-Role') {
- $class = "RT::Ticket";
+ } else {
+ $class = $self->RoleClass;
}
return unless $class;
commit 93f6030f327935e19d745d3dcb048993165abaaa
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 19:53:40 2017 +0000
Serialize role members but not role groups
diff --git a/lib/RT/Migrate/Serializer/JSON.pm b/lib/RT/Migrate/Serializer/JSON.pm
index 1354a10..8315eb8 100644
--- a/lib/RT/Migrate/Serializer/JSON.pm
+++ b/lib/RT/Migrate/Serializer/JSON.pm
@@ -127,8 +127,7 @@ sub Observe {
my $obj = $args{object};
if ($obj->isa("RT::Group")) {
- return 0 if $obj->Domain eq 'ACLEquivalence'
- || $obj->Domain =~ /^RT::(Queue|Catalog)-Role$/;
+ return 0 if $obj->Domain eq 'ACLEquivalence';
}
if ($obj->isa("RT::GroupMember")) {
my $domain = $obj->GroupObj->Object->Domain;
@@ -317,7 +316,17 @@ sub CanonicalizeUsers {
sub CanonicalizeGroups {
my $self = shift;
- for my $group (values %{ $self->{Records}{'RT::Group'} }) {
+ for my $id (keys %{ $self->{Records}{'RT::Group'} }) {
+ my $group = $self->{Records}{'RT::Group'}{$id};
+
+ # no need to serialize this because role groups are automatically
+ # created; but we can't exclude this in ->Observe because then we
+ # lose out on the group members
+ if ($group->{Domain} =~ /-Role$/) {
+ delete $self->{Records}{'RT::Group'}{$id};
+ next;
+ }
+
delete $group->{Principal};
delete $group->{PrincipalId};
@@ -453,7 +462,7 @@ sub ShouldExcludeObject {
}
elsif ($class eq 'RT::GroupMember') {
return 1 if $record->{Group} eq 'Owner'
- && $record->{GroupDomain} eq 'RT::System-Role'
+ && $record->{GroupDomain} =~ /-Role$/
&& $record->{Class} eq 'RT::User'
&& $record->{Name} eq 'Nobody';
}
commit 9f2c59a29a58298c5d413bcb99a9c43abf80ade7
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 20:00:29 2017 +0000
Support export/import of queue watcher groups
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index 8b4b46e..dc1aae4 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -1279,11 +1279,24 @@ sub InsertData {
for my $item (@Members) {
my $name = delete $item->{Group};
my $domain = delete $item->{GroupDomain} || 'UserDefined';
+ my $instance = delete $item->{GroupInstance};
+
+ if ($domain =~ /^(.+)-Role$/) {
+ my $class = $1;
+ if (!$class->DOES("RT::Record::Role::Roles")) {
+ RT->Logger->error("Invalid group domain '$domain' for group $name; skipping adding membership");
+ next;
+ }
+ my $object = $class->new(RT->SystemUser);
+ $object->Load($instance);
+ $instance = $object->Id;
+ }
my $group = RT::Group->new(RT->SystemUser);
$group->LoadByCols(
Name => $name,
Domain => $domain,
+ (defined $instance ? (Instance => $instance) : ()),
);
unless ($group->Id) {
RT->Logger->error("Unable to find $domain group '$name' to add members to");
diff --git a/lib/RT/Migrate/Serializer/JSON.pm b/lib/RT/Migrate/Serializer/JSON.pm
index 8315eb8..f70883b 100644
--- a/lib/RT/Migrate/Serializer/JSON.pm
+++ b/lib/RT/Migrate/Serializer/JSON.pm
@@ -339,14 +339,18 @@ sub CanonicalizeGroupMembers {
my $self = shift;
for my $record (values %{ $self->{Records}{'RT::GroupMember'} }) {
- my $group = $self->_GetObjectByRef(delete $record->{GroupId});
- $record->{Group} = $group->Object->Name;
- $record->{GroupDomain} = $group->Object->Domain
- unless $group->Object->Domain eq 'UserDefined';
-
- my $member = $self->_GetObjectByRef(delete $record->{MemberId});
- $record->{Class} = ref($member->Object);
- $record->{Name} = $member->Object->Name;
+ my $group = $self->_GetObjectByRef(delete $record->{GroupId})->Object;
+ my $domain = $group->Domain;
+
+ $record->{Group} = $group->Name;
+ $record->{GroupDomain} = $domain
+ unless $domain eq 'UserDefined';
+ $record->{GroupInstance} = \($group->InstanceObj->UID)
+ if $domain =~ /-Role$/;
+
+ my $member = $self->_GetObjectByRef(delete $record->{MemberId})->Object;
+ $record->{Class} = ref($member);
+ $record->{Name} = $member->Name;
}
}
diff --git a/t/api/initialdata-roundtrip.t b/t/api/initialdata-roundtrip.t
index 0216bb1..4b02d9a 100644
--- a/t/api/initialdata-roundtrip.t
+++ b/t/api/initialdata-roundtrip.t
@@ -41,6 +41,10 @@ my @tests = (
($ok, $msg) = $inner->CreateUserDefinedGroup(Name => 'Inner');
ok($ok, $msg);
+ my $unrelated = RT::Group->new(RT->SystemUser);
+ ($ok, $msg) = $unrelated->CreateUserDefinedGroup(Name => 'Unrelated');
+ ok($ok, $msg);
+
my $user = RT::User->new(RT->SystemUser);
($ok, $msg) = $user->Create(Name => 'User');
ok($ok, $msg);
@@ -50,6 +54,9 @@ my @tests = (
($ok, $msg) = $inner->AddMember($user->PrincipalId);
ok($ok, $msg);
+
+ ($ok, $msg) = $general->AddWatcher(Type => 'AdminCc', PrincipalId => $outer->PrincipalId);
+ ok($ok, $msg);
},
present => sub {
my $outer = RT::Group->new(RT->SystemUser);
@@ -62,6 +69,11 @@ my @tests = (
ok($inner->Id, 'Loaded group');
is($inner->Name, 'Inner', 'Group name');
+ my $unrelated = RT::Group->new(RT->SystemUser);
+ $unrelated->LoadUserDefinedGroup('Unrelated');
+ ok($unrelated->Id, 'Loaded group');
+ is($unrelated->Name, 'Unrelated', 'Group name');
+
my $user = RT::User->new(RT->SystemUser);
$user->Load('User');
ok($user->Id, 'Loaded user');
@@ -72,6 +84,14 @@ my @tests = (
ok($outer->HasMemberRecursively($user->PrincipalId), 'outer hasmember user recursively');
ok(!$outer->HasMember($user->PrincipalId), 'outer does not have member user directly');
ok(!$inner->HasMember($outer->PrincipalId), 'inner does not have member outer');
+
+ ok($general->AdminCc->HasMember($outer->PrincipalId), 'queue AdminCc');
+ ok($general->AdminCc->HasMemberRecursively($inner->PrincipalId), 'queue AdminCc');
+ ok($general->AdminCc->HasMemberRecursively($user->PrincipalId), 'queue AdminCc');
+
+ ok(!$outer->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
+ ok(!$inner->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
+ ok(!$general->AdminCc->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
},
},
commit 59515a18a0a35dce12fe638c958dd6fb06e4a67a
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Tue Mar 21 20:18:32 2017 +0000
Handle group, role, and user ACLs
diff --git a/lib/RT/Handle.pm b/lib/RT/Handle.pm
index dc1aae4..0ac4ef6 100644
--- a/lib/RT/Handle.pm
+++ b/lib/RT/Handle.pm
@@ -1372,9 +1372,7 @@ sub InsertData {
$princ->LoadSystemInternalGroup( $item->{'GroupType'} );
} elsif ( $item->{'GroupDomain'} eq 'RT::System-Role' ) {
$princ->LoadRoleGroup( Object => RT->System, Name => $item->{'GroupType'} );
- } elsif ( $item->{'GroupDomain'} eq 'RT::Queue-Role' &&
- $item->{'Queue'} )
- {
+ } elsif ( $item->{'GroupDomain'} =~ /-Role$/ ) {
$princ->LoadRoleGroup( Object => $object, Name => $item->{'GroupType'} );
} else {
$princ->Load( $item->{'GroupId'} );
diff --git a/lib/RT/Migrate/Serializer/JSON.pm b/lib/RT/Migrate/Serializer/JSON.pm
index f70883b..e921a9f 100644
--- a/lib/RT/Migrate/Serializer/JSON.pm
+++ b/lib/RT/Migrate/Serializer/JSON.pm
@@ -274,17 +274,18 @@ sub CanonicalizeACLs {
my $object = $self->_GetObjectByRef(delete $ace->{Object});
if ($principal->IsGroup) {
- my $domain = $principal->Object->Domain;
+ my $group = $principal->Object;
+ my $domain = $group->Domain;
if ($domain eq 'ACLEquivalence') {
- $ace->{UserId} = $principal->Object->InstanceObj->Name;
+ $ace->{UserId} = $group->InstanceObj->Name;
}
else {
$ace->{GroupDomain} = $domain;
- if ($domain eq 'SystemInternal') {
- $ace->{GroupType} = $principal->Object->Name;
+ if ($domain eq 'UserDefined') {
+ $ace->{GroupId} = $group->Name;
}
- elsif ($domain eq 'RT::Queue-Role') {
- $ace->{Queue} = $principal->Object->Instance;
+ if ($domain eq 'SystemInternal' || $domain =~ /-Role$/) {
+ $ace->{GroupType} = $group->Name;
}
}
}
@@ -294,7 +295,7 @@ sub CanonicalizeACLs {
unless ($object->isa('RT::System')) {
$ace->{ObjectType} = ref($object);
- $ace->{ObjectId} = $object->Id;
+ $ace->{ObjectId} = \($object->UID);
}
}
}
diff --git a/t/api/initialdata-roundtrip.t b/t/api/initialdata-roundtrip.t
index 4b02d9a..0c9ed5c 100644
--- a/t/api/initialdata-roundtrip.t
+++ b/t/api/initialdata-roundtrip.t
@@ -31,7 +31,7 @@ my @tests = (
},
},
{
- name => 'Group membership',
+ name => 'Group membership and ACLs',
create => sub {
my $outer = RT::Group->new(RT->SystemUser);
my ($ok, $msg) = $outer->CreateUserDefinedGroup(Name => 'Outer');
@@ -57,6 +57,15 @@ my @tests = (
($ok, $msg) = $general->AddWatcher(Type => 'AdminCc', PrincipalId => $outer->PrincipalId);
ok($ok, $msg);
+
+ ($ok, $msg) = $general->AdminCc->PrincipalObj->GrantRight(Object => $general, Right => 'ShowTicket');
+ ok($ok, $msg);
+
+ ($ok, $msg) = $inner->PrincipalObj->GrantRight(Object => $general, Right => 'ModifyTicket');
+ ok($ok, $msg);
+
+ ($ok, $msg) = $user->PrincipalObj->GrantRight(Object => $general, Right => 'OwnTicket');
+ ok($ok, $msg);
},
present => sub {
my $outer = RT::Group->new(RT->SystemUser);
@@ -92,6 +101,24 @@ my @tests = (
ok(!$outer->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
ok(!$inner->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
ok(!$general->AdminCc->HasMemberRecursively($unrelated->PrincipalId), 'unrelated group membership');
+
+ ok($general->AdminCc->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'AdminCc ShowTicket right');
+ ok($outer->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'outer ShowTicket right');
+ ok($inner->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'inner ShowTicket right');
+ ok($user->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'user ShowTicket right');
+ ok(!$unrelated->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'unrelated ShowTicket right');
+
+ ok(!$general->AdminCc->PrincipalObj->HasRight(Object => $general, Right => 'ModifyTicket'), 'AdminCc ModifyTicket right');
+ ok(!$outer->PrincipalObj->HasRight(Object => $general, Right => 'ModifyTicket'), 'outer ModifyTicket right');
+ ok($inner->PrincipalObj->HasRight(Object => $general, Right => 'ModifyTicket'), 'inner ModifyTicket right');
+ ok($user->PrincipalObj->HasRight(Object => $general, Right => 'ModifyTicket'), 'user ModifyTicket right');
+ ok(!$unrelated->PrincipalObj->HasRight(Object => $general, Right => 'ModifyTicket'), 'unrelated ModifyTicket right');
+
+ ok(!$general->AdminCc->PrincipalObj->HasRight(Object => $general, Right => 'OwnTicket'), 'AdminCc OwnTicket right');
+ ok(!$outer->PrincipalObj->HasRight(Object => $general, Right => 'OwnTicket'), 'outer OwnTicket right');
+ ok(!$inner->PrincipalObj->HasRight(Object => $general, Right => 'OwnTicket'), 'inner OwnTicket right');
+ ok($user->PrincipalObj->HasRight(Object => $general, Right => 'OwnTicket'), 'inner OwnTicket right');
+ ok(!$unrelated->PrincipalObj->HasRight(Object => $general, Right => 'OwnTicket'), 'unrelated OwnTicket right');
},
},
-----------------------------------------------------------------------
More information about the rt-commit
mailing list