add RT ACL for bulk updating tickets, #72964

author: Mark Wells <mark@freeside.biz> 2016-11-27 16:43:19 -0800
committer: Mark Wells <mark@freeside.biz> 2016-11-27 16:43:19 -0800
commit: 34e42c0d926bf569ceaf8da784c2569bc7f83cec (patch)
tree: 9ad08eca35d56bc00ac3545ff2220d32673adfcd /FS
parent: 7fe7e453b6eb0778235e0a64e3b654f673d1caa2 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/FS/FS/TicketSystem.pm b/FS/FS/TicketSystem.pm
index e81d89328..a683d12ae 100644
--- a/FS/FS/TicketSystem.pm
+++ b/FS/FS/TicketSystem.pm
@@ -381,6 +381,25 @@ sub _upgrade_data {
     warn "Fixed $rows transactions with empty time values\n" if $rows > 0;
   }
 
+  # One-time fix: We've created a "BulkUpdateTickets" access right; grant
+  # it to all auth'd users initially.
+  eval "use FS::upgrade_journal;";
+  my $upgrade = 'RT_add_BulkUpdateTickets_ACL';
+  if (!FS::upgrade_journal->is_done($upgrade)) {
+    my $groups = RT::Groups->new(RT->SystemUser);
+    $groups->LimitToEnabled;
+    $groups->LimitToSystemInternalGroups;
+    $groups->Limit(FIELD => 'Type', VALUE => 'Privileged', OPERATOR => '=');
+    my $group = $groups->First
+      or die "No RT internal group found for Privileged users";
+    my ($val, $msg) = $group->PrincipalObj->GrantRight(
+      Right => 'BulkUpdateTickets', Object => RT->System
+    );
+    die "Couldn't grant BulkUpdateTickets right to all users: $msg\n"
+      if !$val;
+    FS::upgrade_journal->set_done($upgrade);
+  }
+
   return;
 }
author	Mark Wells <mark@freeside.biz>	2016-11-27 16:43:19 -0800
committer	Mark Wells <mark@freeside.biz>	2016-11-27 16:43:19 -0800
commit	34e42c0d926bf569ceaf8da784c2569bc7f83cec (patch)
tree	9ad08eca35d56bc00ac3545ff2220d32673adfcd /FS
parent	7fe7e453b6eb0778235e0a64e3b654f673d1caa2 (diff)