[Rt-commit] rtir branch 5.0-trunk updated. 5.0.1-29-g415c4875

BPS Git Server git at git.bestpractical.com
Wed Nov 3 21:13:09 UTC 2021 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rtir".

The branch, 5.0-trunk has been updated
       via  415c48751d56749fff79ed8dd06cca0ac1336124 (commit)
       via  7a79427483a87e52436196da56ef9a412ea7a450 (commit)
       via  47f2e0a078aa5715e7b25abadd4cfa9e8e93d69a (commit)
      from  5a3da1da1861ac9d5140bccc355a0e2633bcdb86 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 415c48751d56749fff79ed8dd06cca0ac1336124
Merge: 5a3da1da 7a794274
Author: Jim Brandt <jbrandt at bestpractical.com>
Date:   Wed Nov 3 16:59:33 2021 -0400

    Merge branch '5.0/validate-get-rtir-default-queue' into 5.0-trunk

diff --cc t/web/custom_frontpage.t
index 32b9370c,2c15903c..5f201e66
--- a/t/web/custom_frontpage.t
+++ b/t/web/custom_frontpage.t
@@@ -32,26 -28,34 +32,46 @@@ $m->field ( "ValueOfAttachment" => 'stu
  $m->field ( "SavedSearchDescription" => 'stupid tickets');
  $m->click_button (name => 'SavedSearchSave');
  
 -$m->get ( $url.'RTIR/Prefs/Home.html' );
 +$m->get_ok( $url . "Dashboards/Modify.html?Create=1" );
 +$m->form_name('ModifyDashboard');
 +$m->field( Name => 'My RTIR homepage' );
 +$m->click_button( value => 'Create' );
 +
 +$m->follow_link_ok( { text => 'Content' } );
  $m->content_contains('stupid tickets', 'saved search listed in rt at a glance items');
  
+ # Grant rights for RTIR Constituency to get around warnings on create page
+ my $constituency_cf = RT::CustomField->new(RT->SystemUser);
+ $constituency_cf->Load('RTIR Constituency');
+ $user_obj->PrincipalObj->GrantRight( Right => 'SeeCustomField', Object => $constituency_cf );
+ 
+ diag 'Test RTIR_DefaultQueue setting with and without SeeQueue rights';
+ 
+ $m->submit_form_ok( { form_name => 'CreateTicketInQueue' }, 'Try to create ticket' );
+ $m->text_contains( 'Permission Denied', 'No permission to create ticket without SeeQueue' );
+ $m->warning_like( qr/Permission Denied/, 'Permission denied warning' );
+ 
+ my $default_queue = RT::Queue->new( RT->SystemUser );
+ ok( $default_queue->Load( RT->Config->Get('RTIR_DefaultQueue') ), 'Loaded RTIR default queue');
+ 
+ $user_obj->PrincipalObj->GrantRight( Right => 'SeeQueue', Object => $default_queue );
+ $m->submit_form_ok( { form_name => 'CreateTicketInQueue' }, 'Try to create ticket' );
+ $m->text_lacks( 'Permission Denied', 'Has permission to view create page' );
+ my $form          = $m->form_name('TicketCreate');
+ is( $form->value('Queue'), $default_queue->Id, 'Queue selection dropdown populated and pre-selected with ' . $default_queue->Name );
+ 
  ok $m->login('root', 'password', logout => 1), 'we did log in as root';
  
 +$m->get_ok( $url . "Dashboards/Modify.html?Create=1" );
 +$m->form_name('ModifyDashboard');
 +$m->field( Name => 'My RTIR homepage' );
 +$m->click_button( value => 'Create' );
 +
 +my ($id) = ( $m->uri =~ /id=(\d+)/ );
 +ok( $id, "got a dashboard ID, $id" );
 +
  my $args = {
      UpdateSearches => "Save",
 -    dashboard_id   => "RTIR_HomepageSettings",
      body           => [],
      sidebar        => [],
  };

commit 7a79427483a87e52436196da56ef9a412ea7a450
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Wed Nov 3 04:06:26 2021 +0800

    Add tests for default RTIR queue rights check

diff --git a/t/web/custom_frontpage.t b/t/web/custom_frontpage.t
index 437c8e37..2c15903c 100644
--- a/t/web/custom_frontpage.t
+++ b/t/web/custom_frontpage.t
@@ -31,6 +31,26 @@ $m->click_button (name => 'SavedSearchSave');
 $m->get ( $url.'RTIR/Prefs/Home.html' );
 $m->content_contains('stupid tickets', 'saved search listed in rt at a glance items');
 
+# Grant rights for RTIR Constituency to get around warnings on create page
+my $constituency_cf = RT::CustomField->new(RT->SystemUser);
+$constituency_cf->Load('RTIR Constituency');
+$user_obj->PrincipalObj->GrantRight( Right => 'SeeCustomField', Object => $constituency_cf );
+
+diag 'Test RTIR_DefaultQueue setting with and without SeeQueue rights';
+
+$m->submit_form_ok( { form_name => 'CreateTicketInQueue' }, 'Try to create ticket' );
+$m->text_contains( 'Permission Denied', 'No permission to create ticket without SeeQueue' );
+$m->warning_like( qr/Permission Denied/, 'Permission denied warning' );
+
+my $default_queue = RT::Queue->new( RT->SystemUser );
+ok( $default_queue->Load( RT->Config->Get('RTIR_DefaultQueue') ), 'Loaded RTIR default queue');
+
+$user_obj->PrincipalObj->GrantRight( Right => 'SeeQueue', Object => $default_queue );
+$m->submit_form_ok( { form_name => 'CreateTicketInQueue' }, 'Try to create ticket' );
+$m->text_lacks( 'Permission Denied', 'Has permission to view create page' );
+my $form          = $m->form_name('TicketCreate');
+is( $form->value('Queue'), $default_queue->Id, 'Queue selection dropdown populated and pre-selected with ' . $default_queue->Name );
+
 ok $m->login('root', 'password', logout => 1), 'we did log in as root';
 
 my $args = {

commit 47f2e0a078aa5715e7b25abadd4cfa9e8e93d69a
Author: sunnavy <sunnavy at bestpractical.com>
Date:   Tue Nov 2 03:51:44 2021 +0800

    Load queue object in GetRTIRDefaultQueue to make sure it's valid and visible
    
    This mirrors a change in RT in commit 779c5ac7. It avoids defaulting
    the selected queue on the ticket create page to a queue the user
    doesn't have access to.

diff --git a/html/Callbacks/RTIR/Elements/Tabs/Privileged b/html/Callbacks/RTIR/Elements/Tabs/Privileged
index 419b62da..eabfbde0 100644
--- a/html/Callbacks/RTIR/Elements/Tabs/Privileged
+++ b/html/Callbacks/RTIR/Elements/Tabs/Privileged
@@ -608,7 +608,7 @@ PageWidgets()->child('simple_search')->raw_html( $m->scomp(
     SendTo => RT::IR->HREFTo('index.html', IncludeWebPath => 0),
     Placeholder => 'Search Incidents'
 ) );
-PageWidgets()->child( create_ticket => raw_html => $HTML::Mason::Commands::m->scomp('/Elements/CreateTicket', SendTo => '/RTIR/Create.html?Queue=' . RT::IR::GetRTIRDefaultQueue()) );
+PageWidgets()->child( create_ticket => raw_html => $HTML::Mason::Commands::m->scomp('/Elements/CreateTicket', SendTo => '/RTIR/Create.html?Queue=' . (RT::IR::GetRTIRDefaultQueue() // '')) );
 
 if ( $request_path =~ m{$re_rtir_path(?:Incident/)?Create\.html} ) {
     if ( $request_path =~ m{${re_rtir_path}Incident/Create\.html} ) {
diff --git a/lib/RT/IR.pm b/lib/RT/IR.pm
index 2fd6b31a..30efb3d1 100644
--- a/lib/RT/IR.pm
+++ b/lib/RT/IR.pm
@@ -281,7 +281,10 @@ sub GetRTIRDefaultQueue {
 
     $queue = RT->Config->Get( "RTIR_DefaultQueue", $HTML::Mason::Commands::session{'CurrentUser'} );
 
-    return $queue;
+    # Confirm the user can see and load the default queue
+    my $queue_obj = RT::Queue->new( $HTML::Mason::Commands::session{'CurrentUser'} );
+    $queue_obj->Load($queue);
+    return defined $queue_obj->Name ? $queue_obj->Id : undef;
 }
 
 =head2 Lifecycles

-----------------------------------------------------------------------

Summary of changes:
 html/Callbacks/RTIR/Elements/Tabs/Privileged |  2 +-
 lib/RT/IR.pm                                 |  5 ++++-
 t/web/custom_frontpage.t                     | 20 ++++++++++++++++++++
 3 files changed, 25 insertions(+), 2 deletions(-)


hooks/post-receive
-- 
rtir

More information about the rt-commit mailing list