[Rt-commit] rt branch 5.0/add-disabled-articles-to-search updated. rt-5.0.5-36-gd4cd9cd15b

BPS Git Server git at git.bestpractical.com
Fri Jan 26 18:40:04 UTC 2024 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "rt".

The branch, 5.0/add-disabled-articles-to-search has been updated
       via  d4cd9cd15b8b422125f316dc50fa4edd6d4166e9 (commit)
      from  d8d29207881aca8a800fabfc8fa750cddf82e31f (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d4cd9cd15b8b422125f316dc50fa4edd6d4166e9
Author: Ronaldo Richieri <ronaldo at bestpractical.com>
Date:   Fri Jan 26 15:34:53 2024 -0300

    Add SeeDisabledArticles right to Classes
    
    In some cases, it is expected that users won't have access to disabled
    articles, even if they have SeeArticle right.
    
    This patch creates a new right, SeeDisabledArticles, and blocks users
    from seeing disabled articles unless they have this right.

diff --git a/lib/RT/Article.pm b/lib/RT/Article.pm
index c5bfe44a5f..05492feef6 100644
--- a/lib/RT/Article.pm
+++ b/lib/RT/Article.pm
@@ -466,6 +466,11 @@ Returns true if the current user can see the article, using ShowArticle
 
 sub CurrentUserCanSee {
     my $self = shift;
+
+    if ( $self->Disabled && !$self->CurrentUserHasRight('SeeDisabledArticles')) {
+        return 0;
+    }
+
     return $self->CurrentUserHasRight('ShowArticle');
 }
 
diff --git a/lib/RT/Articles.pm b/lib/RT/Articles.pm
index 6b40390017..c701606a75 100644
--- a/lib/RT/Articles.pm
+++ b/lib/RT/Articles.pm
@@ -980,6 +980,22 @@ sub CurrentUserCanSeeAll {
     return $self->CurrentUser->HasRight( Right => 'ShowArticle', Object => RT->System ) ? 1 : 0;
 }
 
+sub Next {
+    my $self = shift;
+
+    my $Article = $self->SUPER::Next;
+    return $Article unless $Article;
+
+    if ( $Article->CurrentUserCanSee ) {
+        # has rights
+        return $Article;
+    }
+    else {
+        # no rights, try the next one
+        return $self->Next;
+    }
+}
+
 RT::Base->_ImportOverlays();
 
 1;
diff --git a/lib/RT/Class.pm b/lib/RT/Class.pm
index 03a7926cc2..e64255b3fb 100644
--- a/lib/RT/Class.pm
+++ b/lib/RT/Class.pm
@@ -104,6 +104,7 @@ __PACKAGE__->AddRight( Admin   => AdminClass            => 'Modify metadata and
 __PACKAGE__->AddRight( Admin   => AdminTopics           => 'Modify topic hierarchy associated with this class'); # loc
 __PACKAGE__->AddRight( Admin   => ShowACL               => 'Display Access Control List'); # loc
 __PACKAGE__->AddRight( Admin   => ModifyACL             => 'Create, modify and delete Access Control List entries'); # loc
+__PACKAGE__->AddRight( Staff   => SeeDisabledArticles   => 'See disabled articles'); # loc
 __PACKAGE__->AddRight( Staff   => DisableArticle        => 'Disable articles in this class'); # loc
 
 # {{{ Create
diff --git a/share/html/Articles/Article/Display.html b/share/html/Articles/Article/Display.html
index 7061e1f0c2..5dae7108a2 100644
--- a/share/html/Articles/Article/Display.html
+++ b/share/html/Articles/Article/Display.html
@@ -94,7 +94,7 @@ unless ( $article->Id ) {
 
 }
 
-unless ( $article->CurrentUserHasRight('ShowArticle') ) {
+unless ( $article->CurrentUserCanSee ) {
     $m->comp( "/Elements/Error", Why => loc("Permission Denied") );
 }
 my $title = loc( "Article #[_1]: [_2]", $article->Id, $article->Name || loc("(no name)"));
diff --git a/share/html/Articles/Article/Elements/ShowSearchCriteria b/share/html/Articles/Article/Elements/ShowSearchCriteria
index c2f2578e8a..28ca29d189 100644
--- a/share/html/Articles/Article/Elements/ShowSearchCriteria
+++ b/share/html/Articles/Article/Elements/ShowSearchCriteria
@@ -99,6 +99,7 @@
   </div>
 </div>
 
+% if ($user_can_see_disabled) {
 <div class="form-row">
   <div class="label col-3"></div>
   <div class="value col-9">
@@ -108,6 +109,7 @@
     </div>
   </div>
 </div>
+% }
 
 <div class="form-row label">
   <h5><&|/l&>Content</&></h5>
@@ -244,6 +246,7 @@
 
 <& /Widgets/TitleBoxEnd &>
 <%init>
+my $user_can_see_disabled = 1;
 my @Classes =
  ( ref $ARGS{'Class'} eq 'ARRAY' )
       ? @{ $ARGS{'Class'} }
@@ -252,6 +255,12 @@ for (@Classes) {
   my $class = RT::Class->new( $session{'CurrentUser'} );
   $class->LoadById($_);
   $_ = $class;
+  # User must have SeeDisabledArticles right on all informed classes
+  # otherwise we will not show the FindDisabledArticles checkbox
+  unless ( $user_can_see_disabled == 0 ) {
+    $user_can_see_disabled = 0
+        unless $class->CurrentUserHasRight('SeeDisabledArticles');
+  }
 }
 
 for my $field ( qw/Class Name Summary Article/ ) {

-----------------------------------------------------------------------

Summary of changes:
 lib/RT/Article.pm                                       |  5 +++++
 lib/RT/Articles.pm                                      | 16 ++++++++++++++++
 lib/RT/Class.pm                                         |  1 +
 share/html/Articles/Article/Display.html                |  2 +-
 share/html/Articles/Article/Elements/ShowSearchCriteria |  9 +++++++++
 5 files changed, 32 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
rt

More information about the rt-commit mailing list