[Rt-devel] PATCH: don't link Admin/Users/Modify if the user doesn't have the required privilege

David Schweikert dws at ee.ethz.ch
Fri Apr 21 10:15:21 EDT 2006


Hi,

On the Ticket page, if you click on the "More about Requestor" link, you
get to the Admin/Users/Modify.html page, but if you don't have the
AdminUsers privilege, you only get a blank page.

This patch removes the link if the user doesn't have that privilege.


--- share/html/Ticket/Elements/ShowRequestor	2006-01-12 04:04:46.000000000 +0100
+++ share/html/Ticket/Elements/ShowRequestor	2006-04-21 16:10:13.943128000 +0200
@@ -49,6 +49,7 @@
 while (my $requestor=$people->Next) {
 my $name=$requestor->RealName || $requestor->EmailAddress;	
 my $tickets = RT::Tickets->new($session{'CurrentUser'});
+my $has_right_adminusers = $session{'CurrentUser'}->HasRight(Object => $RT::System, Right => 'AdminUsers');
 $tickets->LimitWatcher(TYPE => 'Requestor', VALUE => $requestor->EmailAddress );
 $tickets->LimitStatus( VALUE => 'open');
 $tickets->LimitStatus( VALUE => 'new');
@@ -58,7 +59,7 @@
 </%PERL>
 
 % unless ($requestor->Privileged) {
-<&| /Widgets/TitleBox, title_href => "$RT::WebPath/Admin/Users/Modify.html?id=".$requestor->id, title=> loc("More about [_1]", $name) &>
+<&| /Widgets/TitleBox, title_href => $has_right_adminusers ? "$RT::WebPath/Admin/Users/Modify.html?id=".$requestor->id : undef, title=> loc("More about [_1]", $name) &>
 
 %# Additional information about this user.  Empty by default.
 <& /Elements/Callback, _CallbackName => 'AboutThisUser', requestor => $requestor, %ARGS &>



Cheers
David
-- 
David Schweikert        | phone: +41 44 632 7019
System manager ISG.EE   | walk:  ETH Zentrum, ETL F24.1
ETH Zurich, Switzerland | web:   http://people.ee.ethz.ch/dws


More information about the Rt-devel mailing list