[rt-users] rt 4.0.5 - Autocomplete field type for external custom field does not work for non root user

Jim Lesinski jim.lesinski at gmail.com
Tue Mar 13 11:33:38 EDT 2012


Absolutely no problem. Do you want me to do anything with the original
ticket?  [rt3 #19056]

It seems that these two issues I am experiencing are related to the same
underlying issue. I can open a separate ticket for this or update that
ticket if you feel it is appropriate.


On Tue, Mar 13, 2012 at 11:28 AM, Kevin Falcone
<falcone at bestpractical.com>wrote:

> On Mon, Mar 12, 2012 at 10:47:10PM -0400, Jim Lesinski wrote:
> >    Yep. In fact I was just looking at this issue and I traced the error
> out to line 311 in
> >    Principals.pm, which is the section of code below. If I just stick a
> "return 1;" above that
> >    section of code everything works. Coincidentally, I believe that this
> will also fix another
> >    bug I submitted [rt3 #19056] regarding permissions and the
> autocomplete custom field when not
> >    using a custom data source.
> >    Anyway, it has something to do with this bit of code about caching
> but my perl is to newb for
> >    a proper fix :)
> >    Hope that is helpful.
>
> Do you mind turning your replication recipe into a real bug report at
> rt-bugs @ bestpractical.com ?  Mention that you tested the branch and
> it didn't help, it sounds like we need some extensions to that branch.
>
> Thanks for finding some interesting corner cases
>
> -kevin
>
> >
> >  # Construct a hashkeys to cache decisions:
> >
> >
> >  # 1) full_hashkey - key for any result and for full combination of uid,
> right and objects
> >
> >
> >  # 2) short_hashkey - one key for each object to store positive results
> only, it applies
> >
> >
> >  # only to direct group rights and partly to role rights
> >
> >
> >  ****my $full_hashkey = join (";:;", $self->id, $args{'Right'});
> >
> >
> >  ****foreach ( @{ $args{'EquivObjects'} } ) {
> >
> >
> >  ********my $ref_id = $self->_ReferenceId($_);
> >
> >
> >  ********$full_hashkey .= ";:;".$ref_id;
> >
> >
> >
> >  ********my $short_hashkey = join(";:;", $self->id, $args{'Right'},
> $ref_id);
> >
> >
> >  ********my $cached_answer = $_ACL_CACHE->fetch($short_hashkey);
> >
> >
> >  ********return $cached_answer > 0 if defined $cached_answer;
> >
> >
> >  ****}
> >
> >
> >
> >  ****{
> >
> >
> >  ********my $cached_answer = $_ACL_CACHE->fetch($full_hashkey);
> >
> >
> >  ********return $cached_answer > 0 if defined $cached_answer;
> >
> >
> >  ****}
> >
> >
> >
> >  ****my ( $hitcount, $via_obj ) = $self->_HasRight(%args);
> >
> >
> >
> >  ****$_ACL_CACHE->set( $full_hashkey => $hitcount ? 1 : -1 );
> >
> >
> >  ****$_ACL_CACHE->set( join(';:;',  $self->id, $args{'Right'},$via_obj)
> => 1 )
> >
> >
> >  ********if $via_obj && $hitcount;
> >
> >
> >
> >  ****return ($hitcount);
> >
> >
> >    On Mon, Mar 12, 2012 at 10:22 PM, Kevin Falcone <[1]
> falcone at bestpractical.com> wrote:
> >
> >      On Mon, Mar 12, 2012 at 06:52:00PM -0400, Jim Lesinski wrote:
> >      > get the branch name to work because it included a forward slash
> so I used the commit id...
> >      > Maybe someone can chime in?
> >      > This didn't work: git format-patch
> rt-4.0.5..4.0/context-on-custom-fields --stdout >
> >      > fields.patch
> >      > git format-patch
> >      >
> 94acf9055ccb6a7368d539dcc8f1d2684016e8ef..2b3265a91a4e5e8cdf724ea218ea30fa501f73b2
> >      --stdout >
> >      > fields.patch
> >
> >      It's not the forward slash, those are absolutely legal, the problem
> is
> >      that you had no local copy of the branch.
> >
> >      git checkout 4.0/context-on-custom-fields
> >      git format-patch 4.0-trunk or git format-patch rt-4.0.5
> >      will get you the 4 patches (your --stdout > file.patch would work
> >      too). Although your incant *should* have created the correct set of
> >      files.
> >
> >      After applying the patches, clearing your mason cache and restarting
> >      apache, are you still seeing a warning in the debug logs?
> >
> >      -kevin
> >      > 5. Change to the RequestTracker install directory
> >      > cd /opt/rt4
> >      > 6. This shows what changes are in the patch:
> >      > git apply --stat /tmp/patch/stable/fields.patch
> >      > 7. This allows you to try out the patch:
> >      > git apply --check /tmp/patch/stable/fields.patch
> >      > 8. And Finally this applies the patch:
> >      > git apply -v /tmp/patch/stable/fields.patch
> >      > On Mon, Mar 5, 2012 at 12:11 PM, Kevin Falcone <[2][2]
> falcone at bestpractical.com> wrote:
> >      >
> >      > On Mon, Mar 05, 2012 at 08:58:40AM -0500, Jim Lesinski wrote:
> >      > > I copied over the changed files from the branch you suggested
> into
> >      > > /local/lib/RT/CustomField.pm
> >      > > /local/lib/RT/Interface/Web.pm
> >      > > /local/lib/RT/Transaction.pm
> >      > > Then I cleared the mason cache and restarted apache. I ended up
> with this error.
> >      >
> >      > Unfortunately, 4.0/context-on-custom-fields predates some work we
> did
> >      > in 4.0.5, so copying the files will take out code we added later.
> >      > You really want to apply patches (or do a local merge of that
> branch)
> >      > rather than trying to pull full files out of it.
> >      >
> >      > Github will show you what changes you'd need to apply here, but
> I'm
> >      > not sure how to get it to give you a patch file.
> >      >
> >      > [3][3]
> https://github.com/bestpractical/rt/compare/stable...4.0%2Fcontext-on-custom-fields
> >      >
> >      > -kevin
> >      > > error: Undefined subroutine
> &HTML::Mason::Commands::MaybeRedirectToApproval called at
> >      > > /opt/rt4/share/html/Ticket/autohandler line 14.
> >      > > context: ...
> >      > > 10: |(?<!\.html))
> >      > > 11: $
> >      > > 12: }ix;
> >      > > 13:
> >      > > 14: MaybeRedirectToApproval(
> >      > > 15: Whitelist => $whitelist,
> >      > > 16: ARGSRef => \%ARGS,
> >      > > 17: );
> >      > > 18:
> >      > > ...
> >      > > code stack: /opt/rt4/share/html/Ticket/autohandler:14
> >      > > /opt/rt4/sbin/../local/lib/RT/Interface/Web.pm:538
> >      > > /opt/rt4/sbin/../local/lib/RT/Interface/Web.pm:285
> >      > > /opt/rt4/share/html/autohandler:53
> >      > >
> >      > > Have I done something wrong? Must I overwrite these files
> instead of adding to the local
> >      > > directory? I did move the files manually into my local copy of
> 4.0.5 but I thought that
> >      > would
> >      > > work.
> >      > > Thanks for the help. I am thinking a work around would be to
> just assign permissions to
> >      > the
> >      > > field. Maybe I should just wait for 4.0.6.
> >      > > Jim
> >      > > On Wed, Feb 29, 2012 at 6:29 AM, Ruslan Zakirov <[1][4][4]
> ruz at bestpractical.com> wrote:
> >      > >
> >      > > Hi,
> >      > >
> >      > > You need fixes from 4.0/context-on-custom-fields branch.
> >      > > On Tue, Feb 28, 2012 at 20:32, Jim Lesinski <[2][5][5]
> jim.lesinski at gmail.com> wrote:
> >      > > > I turned on debug (*new to me) and it looks like this is the
> relevant error
> >      > > > in the logs:
> >      > > >
> >      > > > Feb 28 11:22:11 buf-rtdev RT: Permission denied. User #63 has
> no
> >      > > > SeeCustomField right on CF #13
> >      > > >
> >      > > > If I assign SeeCustomField directly to the custom field (#13)
> for RTUser,
> >      > > > then the autocomplete value works.
> >      > > >
> >      > > > Maybe I am missing something here with permissions... Should
> I be assigning
> >      > > > group or specific user permissions on a field by field basis?
> Up until now I
> >      > > > had only put users in groups and assigned group permissions
> to queues. I do
> >      > > > have a couple nested groups as well, but no permissions
> explicitly defined
> >      > > > on a per field basis. It seems like it should be working
> though since it
> >      > > > does work for other field types, just not autocomplete.
> >      > > >
> >      > > >
> >      > > >
> >      > > >
> >      > > >
> >      > > > On Tue, Feb 28, 2012 at 10:46 AM, Ruslan Zakirov <[3][6][6]
> ruz at bestpractical.com>
> >      > > > wrote:
> >      > > >>
> >      > > >> Hi,
> >      > > >>
> >      > > >> Anything in debug logs when this doesn't work?
> >      > > >>
> >      > > >>
> >      > > >> On Tue, Feb 28, 2012 at 19:38, Jim Lesinski <[4][7][7]
> jim.lesinski at gmail.com>
> >      > > >> wrote:
> >      > > >> > The user (RTuser) is Privileged.
> >      > > >> >
> >      > > >> > Here is an outline of the permissions assigned to RTUser:
> >      > > >> >
> >      > > >> > RTUser is a member of a GroupA that has OwnTicket,
> StealTicket and
> >      > > >> > TakeTicket rights on the queue1.
> >      > > >> >
> >      > > >> > GroupA is a member of GroupB, which has CommentOnTicket,
> CreateTicket,
> >      > > >> > ReplyToTicket, Watch, SeeCustomField, SeeQueue, and
> ShowTicket
> >      > > >> > permissions
> >      > > >> > on queue1.
> >      > > >> >
> >      > > >> > To test permissions, I just now assigned every single
> permission to
> >      > > >> > RTUser
> >      > > >> > on the General Rights, Rights for Staff, and Rights for
> Administrators
> >      > > >> > tabs
> >      > > >> > to RTUser for queue1 and still the autocomplete values do
> not populate.
> >      > > >> >
> >      > > >> > If I go to Tools - Configuration - Global - User Rights
> and add RTUser
> >      > > >> > and
> >      > > >> > then check in "Do anything and everything", the
> autocomplete values work
> >      > > >> > for
> >      > > >> > [5][8][8]groups.pm.
> >      > > >> >
> >      > > >> >
> >      > > >> >
> >      > > >> > On Tue, Feb 28, 2012 at 10:03 AM, Thomas Sibley <[6][9][9]
> trs at bestpractical.com>
> >      > > >> > wrote:
> >      > > >> >>
> >      > > >> >> On 02/28/2012 09:17 AM, Ruslan Zakirov wrote:
> >      > > >> >> >> I have set up a custom data source for a custom field
> as outlined
> >      > > >> >> >> in external_custom_fields.pod. It seems that
> everything works fine
> >      > > >> >> >> and
> >      > > >> >> >> I get
> >      > > >> >> >> pick list data populated into the custom field for all
> field types
> >      > > >> >> >> when
> >      > > >> >> >> logged in as an account with root privileges. However,
> if I switch
> >      > > >> >> >> to
> >      > > >> >> >> an
> >      > > >> >> >> account that has non-root privileges, all the fields
> types work as
> >      > > >> >> >> expected
> >      > > >> >> >> other than the autocomplete field type. For some
> reason this field
> >      > > >> >> >> type
> >      > > >> >> >> returns no data when I am logged in as a non-root user
> account.
> >      > > >> >> [snip]
> >      > > >> >> >> Has anyone else run into this? Can someone else verify
> this in their
> >      > > >> >> >> environment?
> >      > > >> >> >>
> >      > > >> >> >
> >      > > >> >> > [7][10][10]
> http://issues.bestpractical.com/Ticket/Display.html?id=16946
> >      > > >> >>
> >      > > >> >> To clarify, that bug applies to Self Service
> (unprivileged) users only.
> >      > > >> >> It's not clear if your non-root user accounts that you
> tested with are
> >      > > >> >> privileged or unprivileged. If they are privileged,
> autocomplete CFs
> >      > > >> >> should work just fine.
> >
> > References
> >
> >    Visible links
> >    1. mailto:falcone at bestpractical.com
> >    2. mailto:falcone at bestpractical.com
> >    3.
> https://github.com/bestpractical/rt/compare/stable...4.0%2Fcontext-on-custom-fields
> >    4. mailto:ruz at bestpractical.com
> >    5. mailto:jim.lesinski at gmail.com
> >    6. mailto:ruz at bestpractical.com
> >    7. mailto:jim.lesinski at gmail.com
> >    8. http://groups.pm/
> >    9. mailto:trs at bestpractical.com
> >   10. http://issues.bestpractical.com/Ticket/Display.html?id=16946
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120313/70629fac/attachment.htm>


More information about the rt-users mailing list