[Rt-commit] rt branch 5.0/remove-superuser-from-owner-list created. rt-5.0.5-42-g46e929d580
BPS Git Server
git at git.bestpractical.com
Thu Nov 9 21:30:11 UTC 2023
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".
The branch, 5.0/remove-superuser-from-owner-list has been created
at 46e929d580d2cba614f439057c39ece062d1acf3 (commit)
- Log -----------------------------------------------------------------
commit 46e929d580d2cba614f439057c39ece062d1acf3
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Nov 9 15:56:38 2023 -0500
Test HideSuperUserOwners config
diff --git a/t/web/ticket_owner.t b/t/web/ticket_owner.t
index e7b7f1a806..c471c11a70 100644
--- a/t/web/ticket_owner.t
+++ b/t/web/ticket_owner.t
@@ -23,11 +23,17 @@ my $user_c = RT::Test->load_or_create_user(
);
ok $user_c && $user_c->id, 'loaded or created user: ' . $user_c->Name;
-my ($baseurl, $agent_a) = RT::Test->started_ok;
+my $user_super = RT::Test->load_or_create_user(
+ Name => 'user_super', Password => 'password',
+);
+ok $user_super && $user_super->id, 'loaded or created user: ' . $user_super->Name;
+
+my ($baseurl, $agent_a) = RT::Test->started_ok( disable_config_cache => 1 );
ok( RT::Test->set_rights(
{ Principal => $user_a, Right => [qw(SeeQueue ShowTicket CreateTicket ReplyToTicket)] },
{ Principal => $user_b, Right => [qw(SeeQueue ShowTicket OwnTicket)] },
+ { Principal => $user_super, Right => [qw(SuperUser)] },
), 'set rights');
ok $agent_a->login('user_a', 'password'), 'logged in as user A';
@@ -40,6 +46,8 @@ diag "current user has no right to own, nobody selected as owner on create";
is $form->value('Owner'), RT->Nobody->id, 'correct owner selected';
ok !grep($_ == $user_a->id, $form->find_input('Owner')->possible_values),
'user A can not own tickets';
+ ok !grep($_ == $user_super->id, $form->find_input('Owner')->possible_values),
+ 'user Super is not shown on Owner input for normal users';
$agent_a->click('SubmitTicket');
$agent_a->content_like(qr/Ticket \d+ created in queue/i, 'created ticket');
@@ -509,4 +517,31 @@ diag "user can take/steal ticket with ReassignTicket+OwnTicket right";
ok !($agent_c->find_all_links( text => 'Steal' ))[0], 'no Steal link';
}
+diag 'Hide super users';
+{
+ my $agent_super = RT::Test::Web->new;
+ ok $agent_super->login('user_super', 'password'), 'logged in as user Super';
+
+ $agent_super->get_ok('/Ticket/Create.html?Queue=' . $queue->id, 'open ticket create page');
+ $agent_super->content_contains('Create a new ticket', 'opened create ticket page');
+ my $form = $agent_super->form_name('TicketCreate');
+ ok grep($_ == $user_super->id, $form->find_input('Owner')->possible_values),
+ 'user Super is shown on Owner input';
+
+ my $config = RT::Configuration->new( RT->SystemUser );
+ my ( $ret, $msg ) = $config->Create( Name => 'HideSuperUserOwners', Content => 1 );
+ ok( $ret, 'Updated config' );
+
+ $agent_super->reload;
+ $form = $agent_super->form_name('TicketCreate');
+ ok !grep($_ == $user_super->id, $form->find_input('Owner')->possible_values),
+ 'user Super is not shown on Owner input';
+
+ ok( $user_super->PrincipalObj->GrantRight( Object => RT->System, Right => 'OwnTicket' ) );
+ $agent_super->reload;
+ $form = $agent_super->form_name('TicketCreate');
+ ok grep($_ == $user_super->id, $form->find_input('Owner')->possible_values),
+ 'user Super is shown on Owner input with additional OwnTicket granted';
+}
+
done_testing;
diff --git a/t/web/ticket_owner_autocomplete.t b/t/web/ticket_owner_autocomplete.t
index 9b9651f016..aeb4addc77 100644
--- a/t/web/ticket_owner_autocomplete.t
+++ b/t/web/ticket_owner_autocomplete.t
@@ -2,7 +2,7 @@
use strict;
use warnings;
-use RT::Test nodata => 1, tests => 43;
+use RT::Test nodata => 1, tests => undef;
use JSON qw(from_json);
my $queue = RT::Test->load_or_create_queue( Name => 'Regression' );
@@ -18,12 +18,18 @@ my $user_b = RT::Test->load_or_create_user(
);
ok $user_b && $user_b->id, 'loaded or created user';
+my $user_super = RT::Test->load_or_create_user(
+ Name => 'user_super', Password => 'password',
+);
+ok $user_super && $user_super->id, 'loaded or created user: ' . $user_super->Name;
+
RT->Config->Set( AutocompleteOwners => 1 );
-my ($baseurl, $agent_a) = RT::Test->started_ok;
+my ($baseurl, $agent_a) = RT::Test->started_ok( disable_config_cache => 1 );
ok( RT::Test->set_rights(
{ Principal => $user_a, Right => [qw(SeeQueue ShowTicket CreateTicket ReplyToTicket)] },
{ Principal => $user_b, Right => [qw(SeeQueue ShowTicket OwnTicket)] },
+ { Principal => $user_super, Right => [qw(SuperUser)] },
), 'set rights');
ok $agent_a->login('user_a', 'password'), 'logged in as user A';
@@ -35,6 +41,7 @@ diag "current user has no right to own, nobody selected as owner on create";
my $form = $agent_a->form_name('TicketCreate');
is $form->value('Owner'), RT->Nobody->Name, 'correct owner selected';
autocomplete_lacks( 'RT::Queue-'.$queue->id, 'user_a' );
+ autocomplete_lacks( 'RT::Queue-'.$queue->id, 'user_super' );
$agent_a->click('SubmitTicket');
$agent_a->content_like(qr/Ticket \d+ created in queue/i, 'created ticket');
@@ -131,6 +138,31 @@ diag "on reply correct owner is selected";
is $ticket->Owner, $user_b->id, 'correct owner';
}
+diag 'Hide super users';
+{
+ my $agent_super = RT::Test::Web->new;
+ ok $agent_super->login('user_super', 'password'), 'logged in as user Super';
+
+ $agent_super->get_ok('/Ticket/Create.html?Queue=' . $queue->id, 'open ticket create page');
+ $agent_super->content_contains('Create a new ticket', 'opened create ticket page');
+ my $form = $agent_super->form_name('TicketCreate');
+ autocomplete_contains( 'RT::Queue-'.$queue->id, 'user_super', $agent_super );
+
+ my $config = RT::Configuration->new( RT->SystemUser );
+ my ( $ret, $msg ) = $config->Create( Name => 'HideSuperUserOwners', Content => 1 );
+ ok( $ret, 'Updated config' );
+
+ $agent_super->reload;
+ $form = $agent_super->form_name('TicketCreate');
+ autocomplete_lacks( 'RT::Queue-'.$queue->id, 'user_super', $agent_super );
+
+ ok( $user_super->PrincipalObj->GrantRight( Object => RT->System, Right => 'OwnTicket' ) );
+ $agent_super->reload;
+ $form = $agent_super->form_name('TicketCreate');
+ autocomplete_contains( 'RT::Queue-'.$queue->id, 'user_super', $agent_super );
+
+}
+
sub autocomplete {
my $limit = shift;
my $agent = shift;
@@ -174,3 +206,4 @@ sub autocomplete_lacks {
is((scalar grep { $seen{$_} } @$lacks), 0, "didn't get any unexpected values");
}
+done_testing;
commit d4375991e0b28683ac2ba16e224e48d153ab6a76
Author: sunnavy <sunnavy at bestpractical.com>
Date: Thu Nov 9 15:21:36 2023 -0500
Add HideSuperUserOwners config option to hide super users from owner inputs
diff --git a/etc/RT_Config.pm.in b/etc/RT_Config.pm.in
index 31e3163168..97336e159d 100644
--- a/etc/RT_Config.pm.in
+++ b/etc/RT_Config.pm.in
@@ -2705,6 +2705,19 @@ unread messages on tickets they are viewing.
Set($ShowUnreadMessageNotifications, 0);
+=item C<$HideSuperUserOwners>
+
+If set to 1, super users will be excluded from options on owner inputs.
+This only affects super user logins: on normal user logins, super users
+are excluded by default.
+
+If you additionally grant some super users "OwnTicket" right, they will
+not be excluded.
+
+=cut
+
+Set($HideSuperUserOwners, 0);
+
=item C<$AutocompleteOwners>
If set to 1, the owner drop-downs for ticket update/modify and the query
diff --git a/lib/RT/Config.pm b/lib/RT/Config.pm
index 04fbe3dcd5..024755e1ca 100644
--- a/lib/RT/Config.pm
+++ b/lib/RT/Config.pm
@@ -1750,6 +1750,9 @@ our %META;
HideTimeFieldsFromUnprivilegedUsers => {
Widget => '/Widgets/Form/Boolean',
},
+ HideSuperUserOwners => {
+ Widget => '/Widgets/Form/Boolean',
+ },
LoopsToRTOwner => {
Widget => '/Widgets/Form/Boolean',
},
diff --git a/share/html/Elements/SelectOwnerDropdown b/share/html/Elements/SelectOwnerDropdown
index 44dcee0f84..2f5a8063ed 100644
--- a/share/html/Elements/SelectOwnerDropdown
+++ b/share/html/Elements/SelectOwnerDropdown
@@ -63,8 +63,6 @@
<%INIT>
my %user_uniq_hash;
-my $isSU = $session{CurrentUser}
- ->HasRight( Right => 'SuperUser', Object => $RT::System );
foreach my $object (@$Objects) {
my $Users = RT::Users->new( $session{CurrentUser} );
$Users->LimitToPrivileged;
@@ -72,7 +70,9 @@ foreach my $object (@$Objects) {
Right => 'OwnTicket',
Object => $object,
IncludeSystemRights => 1,
- IncludeSuperusers => $isSU
+ IncludeSuperusers => RT->Config->Get('HideSuperUserOwners')
+ ? 0
+ : $session{CurrentUser}->HasRight( Right => 'SuperUser', Object => $RT::System ),
);
while ( my $User = $Users->Next() ) {
$user_uniq_hash{ $User->Id() } = $User;
diff --git a/share/html/Helpers/Autocomplete/Owners b/share/html/Helpers/Autocomplete/Owners
index 8f721bafad..8fee1ede67 100644
--- a/share/html/Helpers/Autocomplete/Owners
+++ b/share/html/Helpers/Autocomplete/Owners
@@ -66,8 +66,6 @@ $m->abort unless defined $return
my $CurrentUser = $session{'CurrentUser'};
my %user_uniq_hash;
-my $isSU = $session{CurrentUser}
- ->HasRight( Right => 'SuperUser', Object => $RT::System );
$m->callback( CallbackName => 'ModifyMaxResults', max => \$max );
$max //= 10;
@@ -104,7 +102,9 @@ foreach my $spec (map { [split /\-/, $_, 2] } split /\|/, $limit) {
Right => 'OwnTicket',
Object => $object,
IncludeSystemRights => 1,
- IncludeSuperusers => $isSU
+ IncludeSuperusers => RT->Config->Get('HideSuperUserOwners')
+ ? 0
+ : $session{CurrentUser}->HasRight( Right => 'SuperUser', Object => $RT::System )
);
while ( my $User = $Users->Next() ) {
-----------------------------------------------------------------------
hooks/post-receive
--
rt
More information about the rt-commit
mailing list