[Rt-commit] rt branch, 4.4/serialize-json-initialdata, updated. rt-4.4.1-401-g480b8f0
Shawn Moore
shawn at bestpractical.com
Wed Mar 22 15:26:43 EDT 2017
The branch, 4.4/serialize-json-initialdata has been updated
via 480b8f0f1b0e8d302a888982133cb57df9c87b85 (commit)
from c4eddbd1ab6fd489b8a4cfe59a22bcb04ac0c5fd (commit)
Summary of changes:
lib/RT/Migrate/Serializer.pm | 27 ++++++++++++++++
t/api/initialdata-roundtrip.t | 72 +++++++++++++++++++++++++++++++++++++++----
2 files changed, 93 insertions(+), 6 deletions(-)
- Log -----------------------------------------------------------------
commit 480b8f0f1b0e8d302a888982133cb57df9c87b85
Author: Shawn M Moore <shawn at bestpractical.com>
Date: Wed Mar 22 18:42:53 2017 +0000
Avoid serializing ACLs and GroupMembers if either parent is disabled
diff --git a/lib/RT/Migrate/Serializer.pm b/lib/RT/Migrate/Serializer.pm
index ecab02b..7907d3a 100644
--- a/lib/RT/Migrate/Serializer.pm
+++ b/lib/RT/Migrate/Serializer.pm
@@ -383,6 +383,18 @@ sub Process {
# Disabled for OCFV means "old value" which we want to keep
# in the history
&& !$obj->isa('RT::ObjectCustomFieldValue');
+
+ if ($obj->isa('RT::ACE')) {
+ my $principal = $obj->PrincipalObj;
+ return if $principal->Disabled;
+
+ # [issues.bestpractical.com #32662]
+ return if $principal->Object->Domain eq 'ACLEquivalence'
+ && $principal->Object->InstanceObj->Disabled;
+
+ return if !$obj->Object->isa('RT::System')
+ && $obj->Object->Disabled;
+ }
}
return $self->SUPER::Process( @_ );
@@ -417,6 +429,17 @@ sub Observe {
return 0 if $obj->Status eq "deleted" and not $self->{FollowDeleted};
return $self->{FollowAssets};
} elsif ($obj->isa("RT::ACE")) {
+ if (!$self->{FollowDisabled}) {
+ my $principal = $obj->PrincipalObj;
+ return 0 if $principal->Disabled;
+
+ # [issues.bestpractical.com #32662]
+ return 0 if $principal->Object->Domain eq 'ACLEquivalence'
+ && $principal->Object->InstanceObj->Disabled;
+
+ return 0 if !$obj->Object->isa('RT::System')
+ && $obj->Object->Disabled;
+ }
return $self->{FollowACL};
} elsif ($obj->isa("RT::Transaction")) {
return $self->{FollowTransactions};
@@ -429,6 +452,10 @@ sub Observe {
} elsif ($grp->Domain eq "SystemInternal") {
return 0 if $grp->UID eq $from;
}
+ if (!$self->{FollowDisabled}) {
+ return 0 if $grp->Disabled
+ || $obj->MemberObj->Disabled;
+ }
}
return 1;
diff --git a/t/api/initialdata-roundtrip.t b/t/api/initialdata-roundtrip.t
index c6af165..915b5cf 100644
--- a/t/api/initialdata-roundtrip.t
+++ b/t/api/initialdata-roundtrip.t
@@ -538,6 +538,30 @@ my @tests = (
);
ok($ok, $msg);
+ my $enabled_group = RT::Group->new(RT->SystemUser);
+ ($ok, $msg) = $enabled_group->CreateUserDefinedGroup(
+ Name => 'Enabled Group',
+ );
+ ok($ok, $msg);
+
+ my $disabled_group = RT::Group->new(RT->SystemUser);
+ ($ok, $msg) = $disabled_group->CreateUserDefinedGroup(
+ Name => 'Disabled Group',
+ );
+ ok($ok, $msg);
+
+ my $enabled_user = RT::User->new(RT->SystemUser);
+ ($ok, $msg) = $enabled_user->Create(
+ Name => 'Enabled User',
+ );
+ ok($ok, $msg);
+
+ my $disabled_user = RT::User->new(RT->SystemUser);
+ ($ok, $msg) = $disabled_user->Create(
+ Name => 'Disabled User',
+ );
+ ok($ok, $msg);
+
for my $object ($enabled_cf, $disabled_cf,
$enabled_scrip, $disabled_scrip,
$enabled_class, $disabled_class,
@@ -556,11 +580,24 @@ my @tests = (
ok($ok, $msg);
}
- for my $object ($disabled_queue,
- $disabled_cf,
- $disabled_scrip,
- $disabled_class,
- $disabled_role) {
+ for my $principal ($enabled_group, $disabled_group,
+ $enabled_user, $disabled_user) {
+ ($ok, $msg) = $principal->PrincipalObj->GrantRight(Object => RT->System, Right => 'SeeQueue');
+ ok($ok, $msg);
+
+ for my $queue ($general, $disabled_queue) {
+ ($ok, $msg) = $principal->PrincipalObj->GrantRight(Object => $queue, Right => 'ShowTicket');
+ ok($ok, $msg);
+
+ ($ok, $msg) = $queue->AddWatcher(Type => 'AdminCc', PrincipalId => $principal->PrincipalId);
+ ok($ok, $msg);
+ }
+ }
+
+ for my $object ($disabled_queue, $disabled_cf,
+ $disabled_scrip, $disabled_class,
+ $disabled_role, $disabled_group,
+ $disabled_user) {
($ok, $msg) = $object->SetDisabled(1);
ok($ok, $msg);
}
@@ -606,9 +643,32 @@ my @tests = (
my $disabled_role = RT::CustomRole->new(RT->SystemUser);
$disabled_role->Load('Disabled Role');
+ my $enabled_group = RT::Group->new(RT->SystemUser);
+ $enabled_group->LoadUserDefinedGroup('Enabled Group');
+ ok($enabled_group->Id, 'loaded Enabled Group');
+ is($enabled_group->Name, 'Enabled Group', 'Enabled Group Name');
+ ok($enabled_group->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'Enabled Group has queue right');
+ ok($enabled_group->PrincipalObj->HasRight(Object => RT->System, Right => 'SeeQueue'), 'Enabled Group has global right');
+ ok($general->AdminCc->HasMember($enabled_group->PrincipalObj), 'Enabled Group still queue watcher');
+
+ my $disabled_group = RT::Group->new(RT->SystemUser);
+ $disabled_group->LoadUserDefinedGroup('Disabled Group');
+
+ my $enabled_user = RT::User->new(RT->SystemUser);
+ $enabled_user->Load('Enabled User');
+ ok($enabled_user->Id, 'loaded Enabled User');
+ is($enabled_user->Name, 'Enabled User', 'Enabled User Name');
+ ok($enabled_user->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'Enabled User has queue right');
+ ok($enabled_user->PrincipalObj->HasRight(Object => RT->System, Right => 'SeeQueue'), 'Enabled User has global right');
+ ok($general->AdminCc->HasMember($enabled_user->PrincipalObj), 'Enabled User still queue watcher');
+
+ my $disabled_user = RT::User->new(RT->SystemUser);
+ $disabled_user->Load('Disabled User');
+
for my $object ($disabled_queue, $disabled_cf,
$disabled_scrip, $disabled_class,
- $disabled_role) {
+ $disabled_role, $disabled_group,
+ $disabled_user) {
if ($from_initialdata) {
ok(!$object->Id, "disabled " . ref($object) . " excluded");
}
-----------------------------------------------------------------------
More information about the rt-commit
mailing list