diff options
| author | cvs2git <cvs2git> | 2010-12-27 00:04:45 +0000 |
|---|---|---|
| committer | cvs2git <cvs2git> | 2010-12-27 00:04:45 +0000 |
| commit | c82d349f864e6bd9f96fd1156903bc1f7193a203 (patch) | |
| tree | e117a87533656110b6acd56fc0ca64289892a9f5 /rt/docs/design_docs/acls | |
| parent | 74e058c8a010ef6feb539248a550d0bb169c1e94 (diff) | |
This commit was manufactured by cvs2svn to create tag 'TORRUS_1_0_9'.TORRUS_1_0_9
Diffstat (limited to 'rt/docs/design_docs/acls')
| -rw-r--r-- | rt/docs/design_docs/acls | 50 |
1 files changed, 0 insertions, 50 deletions
diff --git a/rt/docs/design_docs/acls b/rt/docs/design_docs/acls deleted file mode 100644 index bb093adcb..000000000 --- a/rt/docs/design_docs/acls +++ /dev/null @@ -1,50 +0,0 @@ - - -Does principal baz have right foo for object bar - -What rights does user baz have for object bar - -# {{{ Which principals have right foo for object bar - - -if ($args{'ObjectType'} eq 'Ticket') { - $or_check_ticket_roles = " OR ( Groups.Domain = 'TicketRole' AND Groups.Instance = '".$args{'ObjectId'}."') "; - # If we're looking at ticket rights, we also want to look at the associated queue rights. - # this is a little bit hacky, but basically, now that we've done the ticket roles magic, we load the queue object - # and ask all the rest of our questions about the queue. - my $tick = RT::Ticket->new($RT::SystemUser); - $tick->Load($args{'ObjectId'}); - $args{'ObjectType'} = 'Queue'; - $args{'ObjectId'} = $tick->QueueObj->Id(); - -} -if ($args{'ObjectType'} eq 'Queue') { - $or_check_roles = " OR ( ( (Groups.Domain = 'QueueRole' AND Groups.Instance = '".$args{'ObjectId'}."') $or_check_ticket_roles ) - AND Groups.Type = ACL.PrincipalType AND Groups.Id = Principals.ObjectId AND Principals.PrincipalType = 'Group') "; -} - -if (defined $args{'ObjectType'} ) { - $or_look_at_object_rights = " OR (ACL.ObjectType = '".$args{'ObjectType'}."' AND ACL.ObjectId = '".$args{'ObjectId'}."') "; - -} - -my $query = "SELECT Users.* from ACL, Groups, Users, Principals, Principals UserPrinc, CachedGroupMembers WHERE - Users.id = UserPrinc.ObjectId AND UserPrinc.PrincipalType = 'User' AND - Principals.Id = CachedGroupMembers.GroupId AND - CachedGroupMembers.MemberId = UserPrinc.ObjectId AND - UserPrinc.PrincipalType = 'User' AND - (ACL.RightName = 'SuperUser' OR ACL.RightName = '$right') AND - (ACL.ObjectType = 'System' $or_look_at_object_rights) AND - ( - (ACL.PrincipalId = Principals.Id AND - Principals.ObjectId = Groups.Id AND - ACL.PrincipalType = 'Group' AND - (Groups.Domain = 'SystemInternal' OR Groups.Domain = 'UserDefined' OR Groups.Domain = 'ACLEquivalence') - ) - $or_check_roles - )"; - -# }}} - -What objects does principal baz have right foo for -; |