[Rt-commit] rt branch, 4.4/serialize-json-initialdata, updated. rt-4.4.1-401-g480b8f0

Shawn Moore shawn at bestpractical.com
Wed Mar 22 15:26:43 EDT 2017


The branch, 4.4/serialize-json-initialdata has been updated
       via  480b8f0f1b0e8d302a888982133cb57df9c87b85 (commit)
      from  c4eddbd1ab6fd489b8a4cfe59a22bcb04ac0c5fd (commit)

Summary of changes:
 lib/RT/Migrate/Serializer.pm  | 27 ++++++++++++++++
 t/api/initialdata-roundtrip.t | 72 +++++++++++++++++++++++++++++++++++++++----
 2 files changed, 93 insertions(+), 6 deletions(-)

- Log -----------------------------------------------------------------
commit 480b8f0f1b0e8d302a888982133cb57df9c87b85
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Wed Mar 22 18:42:53 2017 +0000

    Avoid serializing ACLs and GroupMembers if either parent is disabled

diff --git a/lib/RT/Migrate/Serializer.pm b/lib/RT/Migrate/Serializer.pm
index ecab02b..7907d3a 100644
--- a/lib/RT/Migrate/Serializer.pm
+++ b/lib/RT/Migrate/Serializer.pm
@@ -383,6 +383,18 @@ sub Process {
                # Disabled for OCFV means "old value" which we want to keep
                # in the history
                && !$obj->isa('RT::ObjectCustomFieldValue');
+
+        if ($obj->isa('RT::ACE')) {
+            my $principal = $obj->PrincipalObj;
+            return if $principal->Disabled;
+
+            # [issues.bestpractical.com #32662]
+            return if $principal->Object->Domain eq 'ACLEquivalence'
+                   && $principal->Object->InstanceObj->Disabled;
+
+            return if !$obj->Object->isa('RT::System')
+                   && $obj->Object->Disabled;
+        }
     }
 
     return $self->SUPER::Process( @_ );
@@ -417,6 +429,17 @@ sub Observe {
         return 0 if $obj->Status eq "deleted" and not $self->{FollowDeleted};
         return $self->{FollowAssets};
     } elsif ($obj->isa("RT::ACE")) {
+        if (!$self->{FollowDisabled}) {
+            my $principal = $obj->PrincipalObj;
+            return 0 if $principal->Disabled;
+
+            # [issues.bestpractical.com #32662]
+            return 0 if $principal->Object->Domain eq 'ACLEquivalence'
+                     && $principal->Object->InstanceObj->Disabled;
+
+            return 0 if !$obj->Object->isa('RT::System')
+                     && $obj->Object->Disabled;
+        }
         return $self->{FollowACL};
     } elsif ($obj->isa("RT::Transaction")) {
         return $self->{FollowTransactions};
@@ -429,6 +452,10 @@ sub Observe {
         } elsif ($grp->Domain eq "SystemInternal") {
             return 0 if $grp->UID eq $from;
         }
+        if (!$self->{FollowDisabled}) {
+            return 0 if $grp->Disabled
+                     || $obj->MemberObj->Disabled;
+        }
     }
 
     return 1;
diff --git a/t/api/initialdata-roundtrip.t b/t/api/initialdata-roundtrip.t
index c6af165..915b5cf 100644
--- a/t/api/initialdata-roundtrip.t
+++ b/t/api/initialdata-roundtrip.t
@@ -538,6 +538,30 @@ my @tests = (
             );
             ok($ok, $msg);
 
+            my $enabled_group = RT::Group->new(RT->SystemUser);
+            ($ok, $msg) = $enabled_group->CreateUserDefinedGroup(
+                Name => 'Enabled Group',
+            );
+            ok($ok, $msg);
+
+            my $disabled_group = RT::Group->new(RT->SystemUser);
+            ($ok, $msg) = $disabled_group->CreateUserDefinedGroup(
+                Name => 'Disabled Group',
+            );
+            ok($ok, $msg);
+
+            my $enabled_user = RT::User->new(RT->SystemUser);
+            ($ok, $msg) = $enabled_user->Create(
+                Name => 'Enabled User',
+            );
+            ok($ok, $msg);
+
+            my $disabled_user = RT::User->new(RT->SystemUser);
+            ($ok, $msg) = $disabled_user->Create(
+                Name => 'Disabled User',
+            );
+            ok($ok, $msg);
+
             for my $object ($enabled_cf, $disabled_cf,
                             $enabled_scrip, $disabled_scrip,
                             $enabled_class, $disabled_class,
@@ -556,11 +580,24 @@ my @tests = (
                 ok($ok, $msg);
             }
 
-            for my $object ($disabled_queue,
-                            $disabled_cf,
-                            $disabled_scrip,
-                            $disabled_class,
-                            $disabled_role) {
+            for my $principal ($enabled_group, $disabled_group,
+                               $enabled_user, $disabled_user) {
+                ($ok, $msg) = $principal->PrincipalObj->GrantRight(Object => RT->System, Right => 'SeeQueue');
+                ok($ok, $msg);
+
+                for my $queue ($general, $disabled_queue) {
+                    ($ok, $msg) = $principal->PrincipalObj->GrantRight(Object => $queue, Right => 'ShowTicket');
+                    ok($ok, $msg);
+
+                    ($ok, $msg) = $queue->AddWatcher(Type => 'AdminCc', PrincipalId => $principal->PrincipalId);
+                    ok($ok, $msg);
+                }
+            }
+
+            for my $object ($disabled_queue, $disabled_cf,
+                            $disabled_scrip, $disabled_class,
+                            $disabled_role, $disabled_group,
+                            $disabled_user) {
                 ($ok, $msg) = $object->SetDisabled(1);
                 ok($ok, $msg);
             }
@@ -606,9 +643,32 @@ my @tests = (
             my $disabled_role = RT::CustomRole->new(RT->SystemUser);
             $disabled_role->Load('Disabled Role');
 
+            my $enabled_group = RT::Group->new(RT->SystemUser);
+            $enabled_group->LoadUserDefinedGroup('Enabled Group');
+            ok($enabled_group->Id, 'loaded Enabled Group');
+            is($enabled_group->Name, 'Enabled Group', 'Enabled Group Name');
+            ok($enabled_group->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'Enabled Group has queue right');
+            ok($enabled_group->PrincipalObj->HasRight(Object => RT->System, Right => 'SeeQueue'), 'Enabled Group has global right');
+            ok($general->AdminCc->HasMember($enabled_group->PrincipalObj), 'Enabled Group still queue watcher');
+
+            my $disabled_group = RT::Group->new(RT->SystemUser);
+            $disabled_group->LoadUserDefinedGroup('Disabled Group');
+
+            my $enabled_user = RT::User->new(RT->SystemUser);
+            $enabled_user->Load('Enabled User');
+            ok($enabled_user->Id, 'loaded Enabled User');
+            is($enabled_user->Name, 'Enabled User', 'Enabled User Name');
+            ok($enabled_user->PrincipalObj->HasRight(Object => $general, Right => 'ShowTicket'), 'Enabled User has queue right');
+            ok($enabled_user->PrincipalObj->HasRight(Object => RT->System, Right => 'SeeQueue'), 'Enabled User has global right');
+            ok($general->AdminCc->HasMember($enabled_user->PrincipalObj), 'Enabled User still queue watcher');
+
+            my $disabled_user = RT::User->new(RT->SystemUser);
+            $disabled_user->Load('Disabled User');
+
             for my $object ($disabled_queue, $disabled_cf,
                             $disabled_scrip, $disabled_class,
-                            $disabled_role) {
+                            $disabled_role, $disabled_group,
+                            $disabled_user) {
                 if ($from_initialdata) {
                     ok(!$object->Id, "disabled " . ref($object) . " excluded");
                 }

-----------------------------------------------------------------------


More information about the rt-commit mailing list