diff options
Diffstat (limited to 'rt/lib/RT/ACE_Overlay.pm')
-rw-r--r-- | rt/lib/RT/ACE_Overlay.pm | 113 |
1 files changed, 42 insertions, 71 deletions
diff --git a/rt/lib/RT/ACE_Overlay.pm b/rt/lib/RT/ACE_Overlay.pm index 75e39d03a..00a7157d3 100644 --- a/rt/lib/RT/ACE_Overlay.pm +++ b/rt/lib/RT/ACE_Overlay.pm @@ -1,8 +1,8 @@ -# BEGIN BPS TAGGED BLOCK {{{ +# {{{ BEGIN BPS TAGGED BLOCK # # COPYRIGHT: # -# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC +# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC # <jesse@bestpractical.com> # # (Except where explicitly superseded by other copyright notices) @@ -42,8 +42,7 @@ # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. # -# END BPS TAGGED BLOCK }}} - +# }}} END BPS TAGGED BLOCK =head1 SYNOPSIS use RT::ACE; @@ -64,9 +63,6 @@ ok(require RT::ACE); =cut - -package RT::ACE; - use strict; no warnings qw(redefine); use RT::Principals; @@ -133,8 +129,8 @@ Load an ACE by specifying a paramhash with the following fields: OR - ObjectType => undef, - ObjectId => undef + ObjectType => undef, + ObjectId => undef =cut @@ -159,9 +155,16 @@ sub LoadByValues { ); } - my ($object, $object_type, $object_id) = $self->_ParseObjectArg( %args ); - unless( $object ) { - return ( 0, $self->loc("System error. Right not granted.") ); + my ($object_type, $object_id); + + if ($args{'Object'} && UNIVERSAL::can($args{'Object'},'id')) { + $object_type = ref($args{'Object'}); + $object_id = $args{'Object'}->id; + } elsif ($args{'ObjectId'} || $args{'ObjectType'}) { + $object_type = $args{'ObjectType'}; + $object_id = $args{'ObjectId'}; + } else { + return ( 0, $self->loc("System error. Right not granted.") ); } $self->LoadByCols( PrincipalId => $princ_obj->Id, @@ -205,12 +208,6 @@ PARAMS is a parameter hash with the following elements: ObjectType => the type of the object in question (ref ($object)) ObjectId => the id of the object in question $object->Id - - - Returns a tuple of (STATUS, MESSAGE); If the call succeeded, STATUS is true. Otherwise it's false. - - - =cut sub Create { @@ -218,16 +215,8 @@ sub Create { my %args = ( PrincipalId => undef, PrincipalType => undef, RightName => undef, - Object => undef, + Object => $RT::System, @_ ); - #if we haven't specified any sort of right, we're talking about a global right - if (!defined $args{'Object'} && !defined $args{'ObjectId'} && !defined $args{'ObjectType'}) { - $args{'Object'} = $RT::System; - } - ($args{'Object'}, $args{'ObjectType'}, $args{'ObjectId'}) = $self->_ParseObjectArg( %args ); - unless( $args{'Object'} ) { - return ( 0, $self->loc("System error. Right not granted.") ); - } # {{{ Validate the principal my $princ_obj; @@ -243,6 +232,17 @@ sub Create { # }}} + + if ($args{'Object'} && ($args{'ObjectId'} || $args{'ObjectType'})) { + use Carp; + $RT::Logger->crit(Carp::cluck("ACE::Create called with an ObjectType or an ObjectId")); + } + + + + unless ($args{'Object'} && UNIVERSAL::can($args{'Object'},'id')) { + return ( 0, $self->loc("System error. Right not granted.") ); + } # {{{ Check the ACL if (ref( $args{'Object'}) eq 'RT::Group' ) { @@ -292,14 +292,17 @@ sub Create { } } + unless ( $args{'RightName'} ) { + return ( 0, $self->loc('Invalid right') ); + } # }}} # Make sure the right doesn't already exist. $self->LoadByCols( PrincipalId => $princ_obj->id, PrincipalType => $args{'PrincipalType'}, RightName => $args{'RightName'}, - ObjectType => $args{'ObjectType'}, - ObjectId => $args{'ObjectId'}, + ObjectType => ref($args{'Object'}), + ObjectId => $args{'Object'}->id, DelegatedBy => 0, DelegatedFrom => 0 ); if ( $self->Id ) { @@ -315,7 +318,7 @@ sub Create { DelegatedFrom => 0 ); #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. - RT::Principal->InvalidateACLCache(); + RT::Principal->_InvalidateACLCache(); if ( $id > 0 ) { return ( $id, $self->loc('Right Granted') ); @@ -625,7 +628,7 @@ sub Delegate { #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. # TODO what about the groups key cache? - RT::Principal->InvalidateACLCache(); + RT::Principal->_InvalidateACLCache(); if ( $id > 0 ) { return ( $id, $self->loc('Right Delegated') ); @@ -688,7 +691,7 @@ sub _Delete { while ( my $delegated_ace = $delegated_from_this->Next ) { ( $delete_succeeded, $submsg ) = $delegated_ace->_Delete( InsideTransaction => 1 ); - last unless ($delete_succeeded); + last if ($delete_succeeded); } unless ($delete_succeeded) { @@ -698,23 +701,18 @@ sub _Delete { my ( $val, $msg ) = $self->SUPER::Delete(@_); - # If we're revoking delegation rights (see above), we may need to - # revoke all rights delegated by the recipient. - if ($val and ($self->RightName() eq 'DelegateRights' or - $self->RightName() eq 'SuperUser')) { - $val = $self->PrincipalObj->_CleanupInvalidDelegations( InsideTransaction => 1 ); - } + #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. + # TODO what about the groups key cache? + RT::Principal->_InvalidateACLCache(); if ($val) { - #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. - # TODO what about the groups key cache? - RT::Principal->InvalidateACLCache(); $RT::Handle->Commit() unless $InsideTransaction; return ( $val, $self->loc('Right revoked') ); } - - $RT::Handle->Rollback() unless $InsideTransaction; - return ( 0, $self->loc('Right could not be revoked') ); + else { + $RT::Handle->Rollback() unless $InsideTransaction; + return ( 0, $self->loc('Right could not be revoked') ); + } } # }}} @@ -927,32 +925,5 @@ sub _CanonicalizePrincipal { return ( $princ_obj, $princ_type ); } -sub _ParseObjectArg { - my $self = shift; - my %args = ( Object => undef, - ObjectId => undef, - ObjectType => undef, - @_ ); - - if( $args{'Object'} && ($args{'ObjectId'} || $args{'ObjectType'}) ) { - $RT::Logger->crit( "Method called with an ObjectType or an ObjectId and Object args" ); - return (); - } elsif( $args{'Object'} && !UNIVERSAL::can($args{'Object'},'id') ) { - $RT::Logger->crit( "Method called called Object that has no id method" ); - return (); - } elsif( $args{'Object'} ) { - my $obj = $args{'Object'}; - return ($obj, ref $obj, $obj->id); - } elsif ( $args{'ObjectType'} ) { - my $obj = $args{'ObjectType'}->new( $self->CurrentUser ); - $obj->Load( $args{'ObjectId'} ); - return ($obj, ref $obj, $obj->id); - } else { - $RT::Logger->crit( "Method called with wrong args" ); - return (); - } -} - - # }}} 1; |