[Rt-commit] rt branch 5.0/record-acl-changes created. rt-5.0.3-216-g117ddb518a
BPS Git Server
git at git.bestpractical.com
Thu Dec 15 20:47:27 UTC 2022
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/record-acl-changes has been created
at 117ddb518ac36ee9d86312cbb496668e05dd7ef3 (commit)
- Log -----------------------------------------------------------------
commit 117ddb518ac36ee9d86312cbb496668e05dd7ef3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Fri Dec 16 04:29:30 2022 +0800
Add system CurrentUserCanSee to make transaction's CurrentUserCanSee work
As we have system transactions to keep track of global ACL changes, we
need the corresponding RT::System::CurrentUserCanSee, which is called in
RT::Transaction::CurrentUserCanSee.
diff --git a/lib/RT/System.pm b/lib/RT/System.pm
index b07ea86abf..fc1ebca085 100644
--- a/lib/RT/System.pm
+++ b/lib/RT/System.pm
@@ -448,6 +448,20 @@ sub ExternalStorageURLFor {
return $self->ExternalStorage->DownloadURLFor($Object);
}
+=head2 CurrentUserCanSee TYPE, OBJECT
+
+Return false if TYPE is "Transaction" and current user is not "SuperUser",
+returns true otherwise.
+
+=cut
+
+sub CurrentUserCanSee {
+ my $self = shift;
+ my ( $what, $txn ) = @_;
+ return 1 unless ( $what // '' ) eq 'Transaction';
+ return $self->CurrentUserHasRight('SuperUser') ? 1 : 0;
+}
+
RT::Base->_ImportOverlays();
1;
commit 62fb013808ef232114e8686e6f17c33b23555c17
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Nov 10 03:49:53 2022 +0800
Update txn ids in tests because of new added acl transactions
diff --git a/t/web/download_user_info.t b/t/web/download_user_info.t
index 79e381cbc3..d461e90059 100644
--- a/t/web/download_user_info.t
+++ b/t/web/download_user_info.t
@@ -62,9 +62,9 @@ EOF
my $transaction_info_tsv = <<EOF;
Ticket Id\tid\tCreated\tDescription\tOldValue\tNewValue\tContent
-1\t32\t$date_created\tTicket created\t\t\tThis transaction appears to have no content
-1\t34\t$date_commented\tComments added\t\t\tTest - Comment
-1\t35\t$date_correspondence\tCorrespondence added\t\t\tTest - Reply
+1\t37\t$date_created\tTicket created\t\t\tThis transaction appears to have no content
+1\t39\t$date_commented\tComments added\t\t\tTest - Comment
+1\t40\t$date_correspondence\tCorrespondence added\t\t\tTest - Reply
EOF
is $agent->content, $transaction_info_tsv,
commit 6aaed23ef091d095b70ed9303c8bd64c6c78e8dc
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Nov 10 03:31:26 2022 +0800
Record ACL changes in transactions
diff --git a/lib/RT/ACE.pm b/lib/RT/ACE.pm
index 86bd562655..c093e9c1d1 100644
--- a/lib/RT/ACE.pm
+++ b/lib/RT/ACE.pm
@@ -193,6 +193,7 @@ sub Create {
PrincipalType => undef,
RightName => undef,
Object => undef,
+ RecordTransaction => 1,
@_
);
@@ -272,6 +273,7 @@ sub Create {
$princ_obj->DisplayName, $args{'RightName'}, $args{'ObjectType'}, $args{'ObjectId'}) );
}
+ $RT::Handle->BeginTransaction if $args{RecordTransaction};
my $id = $self->SUPER::Create( PrincipalId => $princ_obj->id,
PrincipalType => $args{'PrincipalType'},
RightName => $args{'RightName'},
@@ -280,6 +282,26 @@ sub Create {
);
if ( $id ) {
+ if ( $args{RecordTransaction} ) {
+ my $txn = RT::Transaction->new( $self->CurrentUser );
+ my ( $ret, $msg ) = $txn->Create(
+ ObjectType => $self->ObjectType,
+ ObjectId => $self->ObjectId,
+ Type => 'GrantRight',
+ Field => $self->PrincipalId,
+ NewValue => $args{'RightName'},
+ );
+
+ if ( $ret ) {
+ $RT::Handle->Commit;
+ }
+ else {
+ RT->Logger->error("Could not create GrantRight transaction: $msg");
+ $RT::Handle->Rollback;
+ return ( 0, $self->loc('System error. Right not granted.') );
+ }
+ }
+
RT::ACE->InvalidateCaches(
Action => "Grant",
RightName => $self->RightName,
@@ -323,6 +345,7 @@ sub Delete {
sub _Delete {
my $self = shift;
my %args = ( InsideTransaction => undef,
+ RecordTransaction => 1,
@_ );
my $InsideTransaction = $args{'InsideTransaction'};
@@ -334,8 +357,24 @@ sub _Delete {
my ( $val, $msg ) = $self->SUPER::Delete(@_);
if ($val) {
- RT::ACE->InvalidateCaches( Action => "Revoke", RightName => $right );
+ if ( $args{RecordTransaction} ) {
+ my $txn = RT::Transaction->new( $self->CurrentUser );
+ my ( $ret, $msg ) = $txn->Create(
+ ObjectType => $self->ObjectType,
+ ObjectId => $self->ObjectId,
+ Type => 'RevokeRight',
+ Field => $self->PrincipalId,
+ OldValue => $right,
+ );
+
+ if ( !$ret ) {
+ RT->Logger->error("Could not create RevokeRight transaction: $msg");
+ $RT::Handle->Rollback unless $InsideTransaction;
+ return ( 0, $self->loc('Right could not be revoked') );
+ }
+ }
$RT::Handle->Commit() unless $InsideTransaction;
+ RT::ACE->InvalidateCaches( Action => "Revoke", RightName => $right );
return ( $val, $self->loc("Revoked right '[_1]' from [_2].", $right, $self->PrincipalObj->DisplayName));
}
diff --git a/lib/RT/Transaction.pm b/lib/RT/Transaction.pm
index 4f1286bf1b..526a90bfb0 100644
--- a/lib/RT/Transaction.pm
+++ b/lib/RT/Transaction.pm
@@ -1438,7 +1438,30 @@ sub _CanonicalizeRoleName {
DeleteConfig => sub {
my $self = shift;
return ('[_1] deleted', $self->Field); #loc()
- }
+ },
+ GrantRight => sub {
+ my $self = shift;
+ my $principal = RT::Principal->new( $self->CurrentUser );
+ $principal->Load( $self->Field );
+ return (
+ "Granted right '[_1]' to [_2] '[_3]'",
+ $self->NewValue,
+ $principal->Object->Domain eq 'ACLEquivalence' ? 'user' : 'group',
+ $principal->DisplayName,
+ ); #loc()
+ },
+ RevokeRight => sub {
+ my $self = shift;
+ my $principal = RT::Principal->new( $self->CurrentUser );
+ $principal->Load( $self->Field );
+ return (
+ "Revoked right '[_1]' from [_2] '[_3]'",
+ $self->OldValue,
+ $principal->Object->Domain eq 'ACLEquivalence' ? 'user' : 'group',
+ $principal->DisplayName,
+ ); #loc()
+ },
+
);
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list