diff options
| author | Ivan Kohler <ivan@freeside.biz> | 2015-07-26 15:41:26 -0700 |
|---|---|---|
| committer | Ivan Kohler <ivan@freeside.biz> | 2015-07-26 15:41:26 -0700 |
| commit | 9aee669886202be7035e6c6049fc71bc99dd3013 (patch) | |
| tree | 2fd5bf6de74f3d99270587ffb1833e4188a6373d /rt/etc/upgrade/4.1.4/content | |
| parent | ac20214d38d9af00430423f147b5a0e50751b050 (diff) | |
| parent | 1add633372bdca3cc7163c2ce48363fed3984437 (diff) | |
Merge branch 'master' of git.freeside.biz:/home/git/freeside
Diffstat (limited to 'rt/etc/upgrade/4.1.4/content')
| -rw-r--r-- | rt/etc/upgrade/4.1.4/content | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/rt/etc/upgrade/4.1.4/content b/rt/etc/upgrade/4.1.4/content new file mode 100644 index 000000000..b320695cb --- /dev/null +++ b/rt/etc/upgrade/4.1.4/content @@ -0,0 +1,49 @@ +use strict; +use warnings; + +our (@Final); + +push @Final, sub { + my %global = %{ RT->System->AvailableRights }; + my $handle = RT->DatabaseHandle; + + for my $role (RT::System->Roles) { + my $group = RT::Group->new( RT->SystemUser ); + my ($ok, $msg) = $group->LoadRoleGroup( + Object => RT->System, + Name => $role, + ); + + unless ($group->id) { + RT->Logger->error("Can't load role group $role: $msg"); + next; + } + + my %rights = %{ RT->System->AvailableRights( $group->PrincipalObj ) }; + + # Global rights which aren't available on the role anymore + my @remove = grep { not $rights{$_} } + keys %global; + my $placeholders = join ",", map { "?" } 1 .. scalar @remove; + + my $query = <<" SQL"; + DELETE FROM ACL + WHERE PrincipalType = ? + AND PrincipalId = ? + AND ObjectType = 'RT::System' + AND RightName IN ($placeholders) + SQL + + my $res = $handle->SimpleQuery( + $query, + $role, # Type + $group->PrincipalId, # Id + @remove, # Right names + ); + + unless ($res) { + RT->Logger->error("Failed to delete invalid rights on system role $role!"); + next; + } + } +}; |