add RT ACL for bulk updating tickets, #72964

Conflicts: rt/lib/RT/System.pm
author: Mark Wells <mark@freeside.biz> 2016-11-27 16:43:19 -0800
committer: Mark Wells <mark@freeside.biz> 2016-11-27 21:14:34 -0800
commit: 2de76dd592749962a7bd3c33417ad4ebaac1f934 (patch)
tree: 3d360c6db2da93e9441464e5266b0db08216179c
parent: fd90ad324e6e19d2e51676d0be8951801731f2e7 (diff)
6 files changed, 48 insertions, 5 deletions
diff --git a/FS/FS/TicketSystem.pm b/FS/FS/TicketSystem.pm
index 8f3d7af..c973c88 100644
--- a/FS/FS/TicketSystem.pm
+++ b/FS/FS/TicketSystem.pm
@@ -401,6 +401,25 @@ sub _upgrade_data {
     warn "Fixed $rows transactions with empty time values\n" if $rows > 0;
   }
 
+  # One-time fix: We've created a "BulkUpdateTickets" access right; grant
+  # it to all auth'd users initially.
+  eval "use FS::upgrade_journal;";
+  my $upgrade = 'RT_add_BulkUpdateTickets_ACL';
+  if (!FS::upgrade_journal->is_done($upgrade)) {
+    my $groups = RT::Groups->new(RT->SystemUser);
+    $groups->LimitToEnabled;
+    $groups->LimitToSystemInternalGroups;
+    $groups->Limit(FIELD => 'Type', VALUE => 'Privileged', OPERATOR => '=');
+    my $group = $groups->First
+      or die "No RT internal group found for Privileged users";
+    my ($val, $msg) = $group->PrincipalObj->GrantRight(
+      Right => 'BulkUpdateTickets', Object => RT->System
+    );
+    die "Couldn't grant BulkUpdateTickets right to all users: $msg\n"
+      if !$val;
+    FS::upgrade_journal->set_done($upgrade);
+  }
+
   return;
 }
 
diff --git a/rt/FREESIDE_MODIFIED b/rt/FREESIDE_MODIFIED
index 05ffb2a..db5212d 100644
--- a/rt/FREESIDE_MODIFIED
+++ b/rt/FREESIDE_MODIFIED
@@ -171,3 +171,9 @@ share/html/Search/Schedule.html
 share/html/Elements/CalendarSlotSchedule
 share/html/Ticket/Display.html
 
+# BulkUpdateTickets ACL
+lib/RT/System.pm
+share/html/Elements/Tabs
+share/html/Search/Bulk.html
+share/html/Ticket/Elements/Tabs
+
diff --git a/rt/lib/RT/System.pm b/rt/lib/RT/System.pm
index 388a1fd..af7a22b 100644
--- a/rt/lib/RT/System.pm
+++ b/rt/lib/RT/System.pm
@@ -92,6 +92,9 @@ __PACKAGE__->AddRight( General => LoadSavedSearch     => 'Allow loading of saved
 __PACKAGE__->AddRight( General => CreateSavedSearch   => 'Allow creation of saved searches'); # loc
 __PACKAGE__->AddRight( Admin   => ExecuteCode         => 'Allow writing Perl code in templates, scrips, etc'); # loc
 
+#freeside
+__PACKAGE__->AddRight( Staff   => BulkUpdateTickets   => 'Bulk update tickets');
+
 =head2 AvailableRights
 
 Returns a hashref of available rights for this object.  The keys are the
diff --git a/rt/share/html/Elements/Tabs b/rt/share/html/Elements/Tabs
index 297d907..aef27ed 100755
--- a/rt/share/html/Elements/Tabs
+++ b/rt/share/html/Elements/Tabs
@@ -847,7 +847,10 @@ my $build_main_nav = sub {
         }
 
         if ( $has_query ) {
-            $current_search_menu->child( bulk  => title => loc('Bulk Update'), path => "/Search/Bulk.html$args" );
+            #freeside
+            if ( $session{'CurrentUser'}->HasRight( Right => 'BulkUpdateTickets', Object => RT->System ) ) {
+              $current_search_menu->child( bulk  => title => loc('Bulk Update'), path => "/Search/Bulk.html$args" );
+            }
             $current_search_menu->child( chart => title => loc('Chart'),       path => "/Search/Chart.html$args" );
 
             #formerly Callbacks/RTx-Calendar/Ticket/Element/Tabs/Default
diff --git a/rt/share/html/Search/Bulk.html b/rt/share/html/Search/Bulk.html
index bacd96c..38b29fe 100755
--- a/rt/share/html/Search/Bulk.html
+++ b/rt/share/html/Search/Bulk.html
@@ -203,6 +203,13 @@ unless ( defined $Rows ) {
 }
 my $title = loc("Update multiple tickets");
 
+#freeside
+unless ( $session{'CurrentUser'}
+         ->HasRight( Right => 'BulkUpdateTickets', Object => RT->System) )
+{
+    Abort('You are not allowed to bulk-update tickets.');
+}
+
 # Iterate through the ARGS hash and remove anything with a null value.
 map ( $ARGS{$_} =~ /^$/ && ( delete $ARGS{$_} ), keys %ARGS );
 
diff --git a/rt/share/html/Ticket/Elements/Tabs b/rt/share/html/Ticket/Elements/Tabs
index 2f89dc6..bcc97e5 100755
--- a/rt/share/html/Ticket/Elements/Tabs
+++ b/rt/share/html/Ticket/Elements/Tabs
@@ -326,10 +326,15 @@ if ($has_query) {
         title => loc('Show Results'),
     };
 
-    $tabs->{"j"} = {
-        path  => "Search/Bulk.html$args",
-        title => loc('Bulk Update'),
-    };
+    #freeside
+    if ( $session{'CurrentUser'}
+         ->HasRight(Right => 'BulkUpdateTickets', Object => $RT::System) )
+    {
+      $tabs->{"j"} = {
+          path  => "Search/Bulk.html$args",
+          title => loc('Bulk Update'),
+      };
+    }
 
     $tabs->{"k"} = {
         path  => "Search/Chart.html$args",
author	Mark Wells <mark@freeside.biz>	2016-11-27 16:43:19 -0800
committer	Mark Wells <mark@freeside.biz>	2016-11-27 21:14:34 -0800
commit	2de76dd592749962a7bd3c33417ad4ebaac1f934 (patch)
tree	3d360c6db2da93e9441464e5266b0db08216179c
parent	fd90ad324e6e19d2e51676d0be8951801731f2e7 (diff)