[Rt-commit] rt branch, 4.4/custom-role-rights, updated. rt-4.4.4-470-g973e194207
? sunnavy
sunnavy at bestpractical.com
Mon May 24 15:04:02 EDT 2021
The branch, 4.4/custom-role-rights has been updated
via 973e194207b382ab03eb5e2ce267dfe65259185a (commit)
from 1bd54a46ea00fc895bf156678aac5c981dde567f (commit)
Summary of changes:
lib/RT/Asset.pm | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
- Log -----------------------------------------------------------------
commit 973e194207b382ab03eb5e2ce267dfe65259185a
Author: sunnavy <sunnavy at bestpractical.com>
Date: Tue May 25 02:54:00 2021 +0800
Remove "ModifyAsset" requirement for asset custom role member changes
This is to be consistent with ticket custom roles and custom fields.
Asset core roles like "Owner", "HeldBy" and "Contact" are still guarded
by "ModifyAsset".
diff --git a/lib/RT/Asset.pm b/lib/RT/Asset.pm
index 34304fab29..62a793de6e 100644
--- a/lib/RT/Asset.pm
+++ b/lib/RT/Asset.pm
@@ -541,9 +541,6 @@ sub AddRoleMember {
my $self = shift;
my %args = @_;
- return (0, $self->loc("No permission to modify this asset"))
- unless $self->CurrentUserHasRight("ModifyAsset");
-
return $self->_AddRoleMember(ACL => sub { $self->_HasModifyRoleMemberRight(@_) }, @_);
}
@@ -556,9 +553,6 @@ Checks I<ModifyAsset> before calling L<RT::Record::Role::Roles/_DeleteRoleMember
sub DeleteRoleMember {
my $self = shift;
- return (0, $self->loc("No permission to modify this asset"))
- unless $self->CurrentUserHasRight("ModifyAsset");
-
return $self->_DeleteRoleMember(ACL => sub { $self->_HasModifyRoleMemberRight(@_) }, @_);
}
@@ -570,7 +564,7 @@ sub _HasModifyRoleMemberRight {
return $role->CurrentUserHasRight('ModifyCustomRole');
}
- return 1;
+ return $self->CurrentUserHasRight("ModifyAsset");
}
=head2 RoleGroup
-----------------------------------------------------------------------
More information about the rt-commit
mailing list