summaryrefslogtreecommitdiff
path: root/rt/lib/RT/ACE.pm
diff options
context:
space:
mode:
Diffstat (limited to 'rt/lib/RT/ACE.pm')
-rwxr-xr-xrt/lib/RT/ACE.pm806
1 files changed, 168 insertions, 638 deletions
diff --git a/rt/lib/RT/ACE.pm b/rt/lib/RT/ACE.pm
index d4681cf44..1501a125e 100755
--- a/rt/lib/RT/ACE.pm
+++ b/rt/lib/RT/ACE.pm
@@ -1,774 +1,304 @@
-#$Header: /home/cvs/cvsroot/freeside/rt/lib/RT/ACE.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $
+# BEGIN LICENSE BLOCK
+#
+# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
+#
+# (Except where explictly superceded by other copyright notices)
+#
+# This work is made available to you under the terms of Version 2 of
+# the GNU General Public License. A copy of that license should have
+# been provided with this software, but in any event can be snarfed
+# from www.gnu.org.
+#
+# This work is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# Unless otherwise specified, all modifications, corrections or
+# extensions to this work which alter its source code become the
+# property of Best Practical Solutions, LLC when submitted for
+# inclusion in the work.
+#
+#
+# END LICENSE BLOCK
+# Autogenerated by DBIx::SearchBuilder factory (by <jesse@bestpractical.com>)
+# WARNING: THIS FILE IS AUTOGENERATED. ALL CHANGES TO THIS FILE WILL BE LOST.
+#
+# !! DO NOT EDIT THIS FILE !!
+#
+
+use strict;
-=head1 NAME
- RT::ACE - RT\'s ACE object
+=head1 NAME
-=head1 SYNOPSIS
+RT::ACE
- use RT::ACE;
- my $ace = new RT::ACE($CurrentUser);
+=head1 SYNOPSIS
=head1 DESCRIPTION
-
=head1 METHODS
-=begin testing
-
-ok(require RT::TestHarness);
-ok(require RT::ACE);
-
-=end testing
-
=cut
package RT::ACE;
-use RT::Record;
-@ISA= qw(RT::Record);
-
-use vars qw (%SCOPES
- %QUEUERIGHTS
- %SYSTEMRIGHTS
- %LOWERCASERIGHTNAMES
- );
-
-%SCOPES = (
- System => 'System-level right',
- Queue => 'Queue-level right'
- );
-
-# {{{ Descriptions of rights
-
-# Queue rights are the sort of queue rights that can only be granted
-# to real people or groups
-%QUEUERIGHTS = (
- SeeQueue => 'Can this principal see this queue',
- AdminQueue => 'Create, delete and modify queues',
- ShowACL => 'Display Access Control List',
- ModifyACL => 'Modify Access Control List',
- ModifyQueueWatchers => 'Modify the queue watchers',
- AdminKeywordSelects => 'Create, delete and modify keyword selections',
-
-
- ModifyTemplate => 'Modify email templates for this queue',
- ShowTemplate => 'Display email templates for this queue',
- ModifyScrips => 'Modify Scrips for this queue',
- ShowScrips => 'Display Scrips for this queue',
-
- ShowTicket => 'Show ticket summaries',
- ShowTicketComments => 'Show ticket private commentary',
+use RT::Record;
- Watch => 'Sign up as a ticket Requestor or ticket or queue Cc',
- WatchAsAdminCc => 'Sign up as a ticket or queue AdminCc',
- CreateTicket => 'Create tickets in this queue',
- ReplyToTicket => 'Reply to tickets',
- CommentOnTicket => 'Comment on tickets',
- OwnTicket => 'Own tickets',
- ModifyTicket => 'Modify tickets',
- DeleteTicket => 'Delete tickets'
- );
+use vars qw( @ISA );
+@ISA= qw( RT::Record );
+sub _Init {
+ my $self = shift;
-# System rights are rights granted to the whole system
-%SYSTEMRIGHTS = (
- SuperUser => 'Do anything and everything',
- AdminKeywords => 'Creatte, delete and modify keywords',
- AdminGroups => 'Create, delete and modify groups',
- AdminUsers => 'Create, Delete and Modify users',
- ModifySelf => 'Modify one\'s own RT account',
-
- );
-
-# }}}
-
-# {{{ Descriptions of principals
-
-%TICKET_METAPRINCIPALS = ( Owner => 'The owner of a ticket',
- Requestor => 'The requestor of a ticket',
- Cc => 'The CC of a ticket',
- AdminCc => 'The administrative CC of a ticket',
- );
-
-# }}}
-
-# {{{ We need to build a hash of all rights, keyed by lower case names
-
-#since you can't do case insensitive hash lookups
-
-foreach $right (keys %QUEUERIGHTS) {
- $LOWERCASERIGHTNAMES{lc $right}=$right;
-}
-foreach $right (keys %SYSTEMRIGHTS) {
- $LOWERCASERIGHTNAMES{lc $right}=$right;
+ $self->Table('ACL');
+ $self->SUPER::_Init(@_);
}
-# }}}
-
-# {{{ sub _Init
-sub _Init {
- my $self = shift;
- $self->{'table'} = "ACL";
- return($self->SUPER::_Init(@_));
-}
-# }}}
-# {{{ sub LoadByValues
-=head2 LoadByValues PARAMHASH
-Load an ACE by specifying a paramhash with the following fields:
- PrincipalId => undef,
- PrincipalType => undef,
- RightName => undef,
- RightScope => undef,
- RightAppliesTo => undef,
+=item Create PARAMHASH
-=cut
+Create takes a hash of values and creates a row in the database:
-sub LoadByValues {
- my $self = shift;
- my %args = (PrincipalId => undef,
- PrincipalType => undef,
- RightName => undef,
- RightScope => undef,
- RightAppliesTo => undef,
- @_);
-
- $self->LoadByCols (PrincipalId => $args{'PrincipalId'},
- PrincipalType => $args{'PrincipalType'},
- RightName => $args{'RightName'},
- RightScope => $args{'RightScope'},
- RightAppliesTo => $args{'RightAppliesTo'}
- );
-
- #If we couldn't load it.
- unless ($self->Id) {
- return (0, "ACE not found");
- }
- # if we could
- return ($self->Id, "ACE Loaded");
-
-}
+ varchar(25) 'PrincipalType'.
+ int(11) 'PrincipalId'.
+ varchar(25) 'RightName'.
+ varchar(25) 'ObjectType'.
+ int(11) 'ObjectId'.
+ int(11) 'DelegatedBy'.
+ int(11) 'DelegatedFrom'.
-# }}}
-
-# {{{ sub Create
-
-=head2 Create <PARAMS>
+=cut
-PARAMS is a parameter hash with the following elements:
- PrincipalType => "Queue"|"User"
- PrincipalId => an intentifier you can use to ->Load a user or group
- RightName => the name of a right. in any case
- RightScope => "System" | "Queue"
- RightAppliesTo => a queue id or undef
-=cut
sub Create {
my $self = shift;
- my %args = ( PrincipalId => undef,
- PrincipalType => undef,
- RightName => undef,
- RightScope => undef,
- RightAppliesTo => undef,
- @_
- );
-
- # {{{ Validate the principal
- my ($princ_obj);
- if ($args{'PrincipalType'} eq 'User') {
- $princ_obj = new RT::User($RT::SystemUser);
-
- }
- elsif ($args{'PrincipalType'} eq 'Group') {
- require RT::Group;
- $princ_obj = new RT::Group($RT::SystemUser);
- }
- else {
- return (0, 'Principal type '.$args{'PrincipalType'} . ' is invalid.');
- }
-
- $princ_obj->Load($args{'PrincipalId'});
- my $princ_id = $princ_obj->Id();
-
- unless ($princ_id) {
- return (0, 'Principal '.$args{'PrincipalId'}.' not found.');
- }
-
- # }}}
-
- #TODO allow loading of queues by name.
-
- # {{{ Check the ACL
- if ($args{'RightScope'} eq 'System') {
-
- unless ($self->CurrentUserHasSystemRight('ModifyACL')) {
- $RT::Logger->error("Permission Denied.");
- return(undef);
- }
- }
-
- elsif ($args{'RightScope'} eq 'Queue') {
- unless ($self->CurrentUserHasQueueRight( Queue => $args{'RightAppliesTo'},
- Right => 'ModifyACL')) {
- return (0, 'Permission Denied.');
- }
-
-
-
-
- }
- #If it's not a scope we recognise, something scary is happening.
- else {
- $RT::Logger->err("RT::ACE->Create got a scope it didn't recognize: ".
- $args{'RightScope'}." Bailing. \n");
- return(0,"System error. Unable to grant rights.");
- }
-
- # }}}
-
- # {{{ Canonicalize and check the right name
- $args{'RightName'} = $self->CanonicalizeRightName($args{'RightName'});
-
- #check if it's a valid RightName
- if ($args{'RightScope'} eq 'Queue') {
- unless (exists $QUEUERIGHTS{$args{'RightName'}}) {
- return(0, 'Invalid right');
- }
- }
- elsif ($args{'RightScope' eq 'System'}) {
- unless (exists $SYSTEMRIGHTS{$args{'RightName'}}) {
- return(0, 'Invalid right');
- }
- }
- # }}}
-
- # Make sure the right doesn't already exist.
- $self->LoadByCols (PrincipalId => $princ_id,
- PrincipalType => $args{'PrincipalType'},
- RightName => $args{'RightName'},
- RightScope => $args {'RightScope'},
- RightAppliesTo => $args{'RightAppliesTo'}
- );
- if ($self->Id) {
- return (0, 'That user already has that right');
- }
-
- my $id = $self->SUPER::Create( PrincipalId => $princ_id,
- PrincipalType => $args{'PrincipalType'},
- RightName => $args{'RightName'},
- RightScope => $args {'RightScope'},
- RightAppliesTo => $args{'RightAppliesTo'}
- );
-
-
- if ($id > 0 ) {
- return ($id, 'Right Granted');
- }
- else {
- $RT::Logger->err('System error. right not granted.');
- return(0, 'System Error. right not granted');
- }
-}
-
-# }}}
-
+ my %args = (
+ PrincipalType => '',
+ PrincipalId => '0',
+ RightName => '',
+ ObjectType => '',
+ ObjectId => '0',
+ DelegatedBy => '0',
+ DelegatedFrom => '0',
+
+ @_);
+ $self->SUPER::Create(
+ PrincipalType => $args{'PrincipalType'},
+ PrincipalId => $args{'PrincipalId'},
+ RightName => $args{'RightName'},
+ ObjectType => $args{'ObjectType'},
+ ObjectId => $args{'ObjectId'},
+ DelegatedBy => $args{'DelegatedBy'},
+ DelegatedFrom => $args{'DelegatedFrom'},
+);
-# {{{ sub Delete
-
-=head2 Delete
-
-Delete this object.
-
-=cut
-
-sub Delete {
- my $self = shift;
-
- unless ($self->CurrentUserHasRight('ModifyACL')) {
- return (0, 'Permission Denied');
- }
-
-
- my ($val,$msg) = $self->SUPER::Delete(@_);
- if ($val) {
- return ($val, 'ACE Deleted');
- }
- else {
- return (0, 'ACE could not be deleted');
- }
}
-# }}}
-# {{{ sub _BootstrapRight
-=head2 _BootstrapRight
+=item id
-Grant a right with no error checking and no ACL. this is _only_ for
-installation. If you use this routine without jesse@fsck.com's explicit
-written approval, he will hunt you down and make you spend eternity
-translating mozilla's code into FORTRAN or intercal.
+Returns the current value of id.
+(In the database, id is stored as int(11).)
-=cut
-
-sub _BootstrapRight {
- my $self = shift;
- my %args = @_;
-
- my $id = $self->SUPER::Create( PrincipalId => $args{'PrincipalId'},
- PrincipalType => $args{'PrincipalType'},
- RightName => $args{'RightName'},
- RightScope => $args {'RightScope'},
- RightAppliesTo => $args{'RightAppliesTo'}
- );
-
- if ($id > 0 ) {
- return ($id);
- }
- else {
- $RT::Logger->err('System error. right not granted.');
- return(undef);
- }
-
-}
-
-# }}}
-
-# {{{ sub CanonicalizeRightName
-
-=head2 CanonicalizeRightName <RIGHT>
-
-Takes a queue or system right name in any case and returns it in
-the correct case. If it's not found, will return undef.
=cut
-sub CanonicalizeRightName {
- my $self = shift;
- my $right = shift;
- $right = lc $right;
- if (exists $LOWERCASERIGHTNAMES{"$right"}) {
- return ($LOWERCASERIGHTNAMES{"$right"});
- }
- else {
- return (undef);
- }
-}
-
-# }}}
-# {{{ sub QueueRights
+=item PrincipalType
-=head2 QueueRights
+Returns the current value of PrincipalType.
+(In the database, PrincipalType is stored as varchar(25).)
-Returns a hash of all the possible rights at the queue scope
-=cut
-sub QueueRights {
- return (%QUEUERIGHTS);
-}
+=item SetPrincipalType VALUE
-# }}}
-# {{{ sub SystemRights
+Set PrincipalType to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, PrincipalType will be stored as a varchar(25).)
-=head2 SystemRights
-
-Returns a hash of all the possible rights at the system scope
=cut
-sub SystemRights {
- return (%SYSTEMRIGHTS);
-}
+=item PrincipalId
-# }}}
+Returns the current value of PrincipalId.
+(In the database, PrincipalId is stored as int(11).)
-# {{{ sub _Accessible
-sub _Accessible {
- my $self = shift;
- my %Cols = (
- PrincipalId => 'read/write',
- PrincipalType => 'read/write',
- RightName => 'read/write',
- RightScope => 'read/write',
- RightAppliesTo => 'read/write'
- );
- return($self->SUPER::_Accessible(@_, %Cols));
-}
-# }}}
-# {{{ sub AppliesToObj
+=item SetPrincipalId VALUE
-=head2 AppliesToObj
-If the AppliesTo is a queue, returns the queue object. If it's
-the system object, returns undef. If the user has no rights, returns undef.
+Set PrincipalId to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, PrincipalId will be stored as a int(11).)
-=cut
-
-sub AppliesToObj {
- my $self = shift;
- if ($self->RightScope eq 'Queue') {
- my $appliesto_obj = new RT::Queue($self->CurrentUser);
- $appliesto_obj->Load($self->RightAppliesTo);
- return($appliesto_obj);
- }
- elsif ($self->RightScope eq 'System') {
- return (undef);
- }
- else {
- $RT::Logger->warning("$self -> AppliesToObj called for an object ".
- "of an unknown scope:" . $self->RightScope);
- return(undef);
- }
-}
-
-# }}}
-
-# {{{ sub PrincipalObj
-
-=head2 PrincipalObj
-
-If the AppliesTo is a group, returns the group object.
-If the AppliesTo is a user, returns the user object.
-Otherwise, it logs a warning and returns undef.
=cut
-sub PrincipalObj {
- my $self = shift;
- my ($princ_obj);
-
- if ($self->PrincipalType eq 'Group') {
- use RT::Group;
- $princ_obj = new RT::Group($self->CurrentUser);
- }
- elsif ($self->PrincipalType eq 'User') {
- $princ_obj = new RT::User($self->CurrentUser);
- }
- else {
- $RT::Logger->warning("$self -> PrincipalObj called for an object ".
- "of an unknown principal type:" .
- $self->PrincipalType ."\n");
- return(undef);
- }
-
- $princ_obj->Load($self->PrincipalId);
- return($princ_obj);
-
-}
-
-# }}}
-
-# {{{ ACL related methods
-
-# {{{ sub _Set
-
-sub _Set {
- my $self = shift;
- return (0, "ACEs can only be created and deleted.");
-}
-
-# }}}
-
-# {{{ sub _Value
-
-sub _Value {
- my $self = shift;
-
- unless ($self->CurrentUserHasRight('ShowACL')) {
- return (undef);
- }
- return ($self->__Value(@_));
-}
-
-# }}}
+=item RightName
+Returns the current value of RightName.
+(In the database, RightName is stored as varchar(25).)
-# {{{ sub CurrentUserHasQueueRight
-=head2 CurrentUserHasQueueRight ( Queue => QUEUEID, Right => RIGHTNANAME )
-Check to see whether the current user has the specified right for the specified queue.
-
-=cut
-
-sub CurrentUserHasQueueRight {
- my $self = shift;
- my %args = (Queue => undef,
- Right => undef,
- @_
- );
- return ($self->HasRight( Right => $args{'Right'},
- Principal => $self->CurrentUser->UserObj,
- Queue => $args{'Queue'}));
-}
+=item SetRightName VALUE
-# }}}
-# {{{ sub CurrentUserHasSystemRight
-=head2 CurrentUserHasSystemRight RIGHTNAME
+Set RightName to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, RightName will be stored as a varchar(25).)
-Check to see whether the current user has the specified right for the 'system' scope.
=cut
-sub CurrentUserHasSystemRight {
- my $self = shift;
- my $right = shift;
- return ($self->HasRight( Right => $right,
- Principal => $self->CurrentUser->UserObj,
- System => 1
- ));
-}
-
-# }}}
+=item ObjectType
-# {{{ sub CurrentUserHasRight
+Returns the current value of ObjectType.
+(In the database, ObjectType is stored as varchar(25).)
-=item CurrentUserHasRight RIGHT
-Takes a rightname as a string.
-
-Helper menthod for HasRight. Presets Principal to CurrentUser then
-calls HasRight.
-
-=cut
-sub CurrentUserHasRight {
- my $self = shift;
- my $right = shift;
- return ($self->HasRight( Principal => $self->CurrentUser->UserObj,
- Right => $right,
- ));
-}
-# }}}
+=item SetObjectType VALUE
-# {{{ sub HasRight
-=item HasRight
+Set ObjectType to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, ObjectType will be stored as a varchar(25).)
-Takes a param-hash consisting of "Right" and "Principal" Principal is
-an RT::User object or an RT::CurrentUser object. "Right" is a textual
-Right string that applies to KeywordSelects
=cut
-sub HasRight {
- my $self = shift;
- my %args = ( Right => undef,
- Principal => undef,
- Queue => undef,
- System => undef,
- @_ );
-
- #If we're explicitly specifying a queue, as we need to do on create
- if (defined $args{'Queue'}) {
- return ($args{'Principal'}->HasQueueRight(Right => $args{'Right'},
- Queue => $args{'Queue'}));
- }
- #else if we're specifying to check a system right
- elsif ((defined $args{'System'}) and (defined $args{'Right'})) {
- return( $args{'Principal'}->HasSystemRight( $args{'Right'} ));
- }
-
- elsif ($self->__Value('RightScope') eq 'System') {
- return $args{'Principal'}->HasSystemRight($args{'Right'});
- }
- elsif ($self->__Value('RightScope') eq 'Queue') {
- return $args{'Principal'}->HasQueueRight( Queue => $self->__Value('RightAppliesTo'),
- Right => $args{'Right'} );
- }
- else {
- $RT::Logger->warning("$self: Trying to check an acl for a scope we ".
- "don't understand:" . $self->__Value('RightScope') ."\n");
- return undef;
- }
-
-
-
-}
-# }}}
-
-# }}}
-
-1;
-
-__DATA__
-
-# {{{ POD
-
-=head1 Out of date docs
-=head2 Table Structure
+=item ObjectId
-PrincipalType, PrincipalId, Right,Scope,AppliesTo
+Returns the current value of ObjectId.
+(In the database, ObjectId is stored as int(11).)
-=head1 The docs are out of date. so you know.
-=head1 Scopes
-Scope is the scope of the right granted, not the granularity of the grant.
-For example, Queue and Ticket rights are both granted for a "queue."
-Rights with a scope of 'System' don't have an AppliesTo. (They're global).
-Rights with a scope of "Queue" are rights that act on a queue.
-Rights with a scope of "System" are rights that act on some other aspect
-of the system.
+=item SetObjectId VALUE
-=item Queue
-=item System
+Set ObjectId to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, ObjectId will be stored as a int(11).)
-=head1 Rights
-
-=head2 Scope: Queue
-
-=head2 Queue rights that apply to a ticket within a queue
-
-Create Ticket in <queue>
-
- Name: Create
- Principals: <user> <group>
-Display Ticket Summary in <queue>
-
- Name: Show
- Principals: <user> <group> Owner Requestor Cc AdminCc
-
-Display Ticket History <queue>
-
- Name: ShowHistory
- Principals: <user> <group> Owner Requestor Cc AdminCc
-
-Display Ticket Private Comments <queue>
+=cut
- Name: ShowComments
- Principals: <user> <group> Owner Requestor Cc AdminCc
-Reply to Ticket in <queue>
+=item DelegatedBy
- Name: Reply
- Principals: <user> <group> Owner Requestor Cc AdminCc
+Returns the current value of DelegatedBy.
+(In the database, DelegatedBy is stored as int(11).)
-Comment on Ticket in <queue>
- Name: Comment
- Principals: <user> <group> Owner Requestor Cc AdminCc
-Modify Ticket in <queue>
+=item SetDelegatedBy VALUE
- Name: Modify
- Principals: <user> <group> Owner Requestor Cc AdminCc
-Delete Tickets in <queue>
+Set DelegatedBy to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, DelegatedBy will be stored as a int(11).)
- Name: Delete
- Principals: <user> <group> Owner Requestor Cc AdminCc
+=cut
-=head2 Queue Rights that apply to a whole queue
-These rights can only be granted to "real people"
+=item DelegatedFrom
-List Tickets in <queue>
+Returns the current value of DelegatedFrom.
+(In the database, DelegatedFrom is stored as int(11).)
- Name: ListQueue
- Principals: <user> <group>
-Know that <queue> exists
-
- Name: See
- Principals: <user> <group>
-Display queue settings
+=item SetDelegatedFrom VALUE
- Name: Explore
- Principals: <user> <group>
-Modify Queue Watchers for <queue>
+Set DelegatedFrom to VALUE.
+Returns (1, 'Status message') on success and (0, 'Error Message') on failure.
+(In the database, DelegatedFrom will be stored as a int(11).)
- Name: ModifyQueueWatchers
- Principals: <user> <group>
-Modify Queue Attributes for <queue>
+=cut
- Name: ModifyQueue
- Principals: <user> <group>
-Modify Queue ACL for queue <queue>
- Name: ModifyACL
- Principals: <user> <group>
+sub _ClassAccessible {
+ {
+
+ id =>
+ {read => 1, type => 'int(11)', default => ''},
+ PrincipalType =>
+ {read => 1, write => 1, type => 'varchar(25)', default => ''},
+ PrincipalId =>
+ {read => 1, write => 1, type => 'int(11)', default => '0'},
+ RightName =>
+ {read => 1, write => 1, type => 'varchar(25)', default => ''},
+ ObjectType =>
+ {read => 1, write => 1, type => 'varchar(25)', default => ''},
+ ObjectId =>
+ {read => 1, write => 1, type => 'int(11)', default => '0'},
+ DelegatedBy =>
+ {read => 1, write => 1, type => 'int(11)', default => '0'},
+ DelegatedFrom =>
+ {read => 1, write => 1, type => 'int(11)', default => '0'},
+ }
+};
-=head2 Rights that apply to the System scope
-=head2 SystemRights
+ eval "require RT::ACE_Overlay";
+ if ($@ && $@ !~ qr{^Can't locate RT/ACE_Overlay.pm}) {
+ die $@;
+ };
-Create Queue
-
- Name: CreateQueue
- Principals: <user> <group>
-Delete Queue
-
- Name: DeleteQueue
- Principals: <user> <group>
+ eval "require RT::ACE_Vendor";
+ if ($@ && $@ !~ qr{^Can't locate RT/ACE_Vendor.pm}) {
+ die $@;
+ };
-Create Users
-
- Name: CreateUser
- Principals: <user> <group>
+ eval "require RT::ACE_Local";
+ if ($@ && $@ !~ qr{^Can't locate RT/ACE_Local.pm}) {
+ die $@;
+ };
-Delete Users
-
- Name: DeleteUser
- Principals: <user> <group>
-
-Modify Users
-
- Name: ModifyUser
- Principals: <user> <group>
-Modify Self
- Name: ModifySelf
- Principals: <user> <group>
-Browse Users
- Name: BrowseUsers (NOT IMPLEMENTED in 2.0)
- Principals: <user> <group>
+=head1 SEE ALSO
-Modify Self
-
- Name: ModifySelf
- Principals: <user> <group>
+This class allows "overlay" methods to be placed
+into the following files _Overlay is for a System overlay by the original author,
+_Vendor is for 3rd-party vendor add-ons, while _Local is for site-local customizations.
-Modify System ACL
+These overlay files can contain new subs or subs to replace existing subs in this module.
- Name: ModifyACL
- Principals: <user> <group>
+If you'll be working with perl 5.6.0 or greater, each of these files should begin with the line
-=head1 The Principal Side of the ACE
+ no warnings qw(redefine);
-=head2 PrincipalTypes,PrincipalIds in our Neighborhood
+so that perl does not kick and scream when you redefine a subroutine or variable in your overlay.
- User,<userid>
- Group,<groupip>
- Everyone,NULL
+RT::ACE_Overlay, RT::ACE_Vendor, RT::ACE_Local
=cut
-# }}}
+
+1;