[Rt-commit] rt branch, 4.4-trunk, updated. rt-4.4.4-22-gd49581e1d

? sunnavy sunnavy at bestpractical.com
Thu Apr 11 16:27:35 EDT 2019


The branch, 4.4-trunk has been updated
       via  d49581e1dcfc83ca8d7a7a338b536c0390549fd6 (commit)
       via  91fae5fbb958897da845cd10d486837d2b59b68b (commit)
       via  83227fc27401a12a39caeb83c7a920dc1400e5a8 (commit)
       via  d4f3ce719cd8deb4aa6121fc152221e957c121d5 (commit)
       via  ae26a8c8d8bea5f82859231b61dae729c42c6059 (commit)
      from  36d27303e5eca3c2e72b9e2d6b0c1e9fffd51a25 (commit)

Summary of changes:
 docs/UPGRADING-4.4                      | 18 ++++++++++++++++++
 lib/RT/SavedSearch.pm                   | 32 ++++++++++++++++++++++++++++++++
 share/html/Search/Elements/EditSearches | 13 +++++++++----
 t/api/savedsearch.t                     | 14 +++++++++++++-
 4 files changed, 72 insertions(+), 5 deletions(-)

- Log -----------------------------------------------------------------
commit ae26a8c8d8bea5f82859231b61dae729c42c6059
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Apr 5 13:39:57 2019 -0400

    Add ObjectsForCreating method
    
    This method is mentioned as a wrapper in the comment for the
    internal _PrivacyObjects method, but didn't previously exist. Add it
    to provide a wrapper that performs rights checks consistent
    with creating saved searches.

diff --git a/lib/RT/SavedSearch.pm b/lib/RT/SavedSearch.pm
index 79474ea56..a2ef3f718 100644
--- a/lib/RT/SavedSearch.pm
+++ b/lib/RT/SavedSearch.pm
@@ -190,6 +190,38 @@ sub ObjectsForLoading {
     return grep { $self->CurrentUserCanSee($_) } $self->_PrivacyObjects( "SavedSearch" );
 }
 
+=head2 ObjectsForCreating
+
+In the context of the current user, load a list of objects that could have searches
+saved under, including the current user and groups. This method considers both rights
+and group membership when creating the list of objects for saved searches.
+
+=cut
+
+sub ObjectsForCreating {
+    my $self = shift;
+    my @objects = $self->_PrivacyObjects( );
+    my @create_objects;
+
+    foreach my $object ( @objects ) {
+        # Users need ModifySelf to save personal searches
+        if ( ref $object
+             && ref $object eq 'RT::User'
+             && $self->CurrentUser->HasRight( Right => 'ModifySelf', Object => $object ) ) {
+            push @create_objects, $object;
+        }
+
+        # On groups, the EditSavedSearches right manages create and edit
+        if ( ref $object
+             && ref $object eq 'RT::Group'
+             && $self->CurrentUser->HasRight( Right => 'EditSavedSearches', Object => $object ) ) {
+            push @create_objects, $object;
+        }
+    }
+
+    return @create_objects;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

commit d4f3ce719cd8deb4aa6121fc152221e957c121d5
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Apr 5 14:08:12 2019 -0400

    Add tests for ObjectsForCreating

diff --git a/t/api/savedsearch.t b/t/api/savedsearch.t
index 2e924bf7b..9693fcc9f 100644
--- a/t/api/savedsearch.t
+++ b/t/api/savedsearch.t
@@ -2,7 +2,7 @@ use strict;
 use warnings;
 BEGIN { $ENV{'LANG'} = 'C' }
 
-use RT::Test tests => 27;
+use RT::Test tests => undef;
 
 use_ok('RT::SavedSearch');
 use_ok('RT::SavedSearches');
@@ -25,11 +25,22 @@ $searchuser->PrincipalObj->GrantRight(Right => 'ModifySelf');
 my $ingroup = RT::Group->new(RT->SystemUser);
 $ingroup->CreateUserDefinedGroup(Name => 'searchgroup1'.$$);
 $ingroup->AddMember($searchuser->Id);
+
+diag('Check saved search rights');
+my @create_objects = RT::SavedSearch->new($searchuser)->ObjectsForCreating;
+
+is( scalar @create_objects, 1, 'Got one Privacy option for saving searches');
+is( $create_objects[0]->Id, $searchuser->Id, 'Privacy option is personal saved search');
+
 $searchuser->PrincipalObj->GrantRight(Right => 'EditSavedSearches',
                                       Object => $ingroup);
 $searchuser->PrincipalObj->GrantRight(Right => 'ShowSavedSearches',
                                       Object => $ingroup);
 
+ at create_objects = RT::SavedSearch->new($searchuser)->ObjectsForCreating;
+is( scalar @create_objects, 2, 'Got two Privacy options for saving searches');
+is( $create_objects[1]->Id, $ingroup->Id, 'Second Privacy option is group saved search');
+
 # This is the group whose searches searchuser should not be able to see.
 my $outgroup = RT::Group->new(RT->SystemUser);
 $outgroup->CreateUserDefinedGroup(Name => 'searchgroup2'.$$);
@@ -179,3 +190,4 @@ ok($ret, "Deleted genericsearch");
 $allsearches->LimitToPrivacy('RT::User-'.$curruser->Id);
 is($allsearches->Count, 1, "Found all searchuser's searches after deletion");
 
+done_testing();

commit 83227fc27401a12a39caeb83c7a920dc1400e5a8
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Apr 5 14:10:30 2019 -0400

    For saved searches, split objects lists for creating and loading
    
    Different rights manage creating/editing saved searches and
    loading them, so split loading the list of valid objects into
    two different data structures.
    
    Also use the corresponding wrapper methods to load the objects
    rather than calling the _PrivacyObjects method directly.
    
    This change fixes a bug in the Privacy menu. Previously it
    loaded all groups the user is a member of without checking the
    EditSavedSearches right. If the user then tried to save a search
    for a group without that right, they would receive an error and
    the search would not be saved. The dropdown now checks for this
    right and only shows group options that the user can save to based
    on rights.

diff --git a/share/html/Search/Elements/EditSearches b/share/html/Search/Elements/EditSearches
index e7de62bd0..6e7220eb1 100644
--- a/share/html/Search/Elements/EditSearches
+++ b/share/html/Search/Elements/EditSearches
@@ -51,7 +51,7 @@
 %# Hide all the save functionality if the user shouldn't see it.
 % if ( $can_modify ) {
 <span class="label"><&|/l&>Privacy</&>:</span>
-<& SelectSearchObject, Name => 'SavedSearchOwner', Objects => \@Objects, Object => ( $Object && $Object->id ) ? $Object->Object : '' &>
+<& SelectSearchObject, Name => 'SavedSearchOwner', Objects => \@CreateObjects, Object => ( $Object && $Object->id ) ? $Object->Object : '' &>
 <br />
 <span class="label"><&|/l&>Description</&>:</span>
 <input size="25" name="SavedSearchDescription" value="<% $Description || '' %>" />
@@ -76,7 +76,7 @@
 <br />
 <hr />
 <span class="label"><&|/l&>Load saved search</&>:</span>
-<& SelectSearchesForObjects, Name => 'SavedSearchLoad', Objects => \@Objects, SearchType => $Type &>
+<& SelectSearchesForObjects, Name => 'SavedSearchLoad', Objects => \@LoadObjects, SearchType => $Type &>
 <input type="submit" value="<% loc('Load') %>" id="SavedSearchLoadSubmit" name="SavedSearchLoadSubmit" class="button" />
 
 </&>
@@ -93,8 +93,13 @@ my $can_modify = $session{'CurrentUser'}->HasRight(
 );
 
 use RT::SavedSearch;
-my @Objects = RT::SavedSearch->new($session{CurrentUser})->_PrivacyObjects;
-push @Objects, RT::System->new( $session{'CurrentUser'} )
+my @LoadObjects = RT::SavedSearch->new($session{CurrentUser})->ObjectsForLoading;
+push @LoadObjects, RT::System->new( $session{'CurrentUser'} )
+    if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
+                                          Right => 'SuperUser' );
+
+my @CreateObjects = RT::SavedSearch->new($session{CurrentUser})->ObjectsForCreating;
+push @CreateObjects, RT::System->new( $session{'CurrentUser'} )
     if $session{'CurrentUser'}->HasRight( Object=> $RT::System,
                                           Right => 'SuperUser' );
 

commit 91fae5fbb958897da845cd10d486837d2b59b68b
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Fri Apr 5 14:46:33 2019 -0400

    Note behavior change in UPGRADING doc

diff --git a/docs/UPGRADING-4.4 b/docs/UPGRADING-4.4
index 1fc0fe133..d2da81603 100644
--- a/docs/UPGRADING-4.4
+++ b/docs/UPGRADING-4.4
@@ -615,4 +615,22 @@ now contains the reference to the message content as the name implies.
 
 =back
 
+=head1 UPGRADING FROM 4.4.4 AND EARLIER
+
+=over 4
+
+=item * Privacy Menu in Query Builder
+
+On the Query Builder, the Privacy menu loads groups you are a member of as potential
+places to save searches. However, it previously did not confirm the current user
+had the EditSavedSearches right, so you might try to save a search with a group
+and receive an error until that right was granted.
+
+This has been fixed, so now groups load only if you have rights to create the
+search via EditSavedSearches on the group or globally. This may change the groups
+that appear in the Privacy menu, but shouldn't change functionality since users
+without the correct rights were unable to create searches.
+
+=back
+
 =cut

commit d49581e1dcfc83ca8d7a7a338b536c0390549fd6
Merge: 36d27303e 91fae5fbb
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Fri Apr 12 04:17:17 2019 +0800

    Merge branch '4.4/edit-saved-searches-right' into 4.4-trunk


-----------------------------------------------------------------------


More information about the rt-commit mailing list