diff options
Diffstat (limited to 'rt/lib/RT/Group.pm')
| -rwxr-xr-x | rt/lib/RT/Group.pm | 430 |
1 files changed, 268 insertions, 162 deletions
diff --git a/rt/lib/RT/Group.pm b/rt/lib/RT/Group.pm index 4dcef3f07..005601f5e 100755 --- a/rt/lib/RT/Group.pm +++ b/rt/lib/RT/Group.pm @@ -1,258 +1,364 @@ -# BEGIN LICENSE BLOCK -# -# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com> -# -# (Except where explictly superceded by other copyright notices) -# -# This work is made available to you under the terms of Version 2 of -# the GNU General Public License. A copy of that license should have -# been provided with this software, but in any event can be snarfed -# from www.gnu.org. -# -# This work is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# Unless otherwise specified, all modifications, corrections or -# extensions to this work which alter its source code become the -# property of Best Practical Solutions, LLC when submitted for -# inclusion in the work. -# -# -# END LICENSE BLOCK -# Autogenerated by DBIx::SearchBuilder factory (by <jesse@bestpractical.com>) -# WARNING: THIS FILE IS AUTOGENERATED. ALL CHANGES TO THIS FILE WILL BE LOST. -# -# !! DO NOT EDIT THIS FILE !! +# $Header: /home/cvs/cvsroot/freeside/rt/lib/RT/Group.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $ +# Copyright 2000 Jesse Vincent <jesse@fsck.com> +# Released under the terms of the GNU Public License +# # - -use strict; - =head1 NAME -RT::Group - + RT::Group - RT\'s group object =head1 SYNOPSIS -=head1 DESCRIPTION - -=head1 METHODS - -=cut - -package RT::Group; -use RT::Record; + use RT::Group; +my $group = new RT::Group($CurrentUser); +=head1 DESCRIPTION -use vars qw( @ISA ); -@ISA= qw( RT::Record ); +An RT group object. -sub _Init { - my $self = shift; +=head1 AUTHOR - $self->Table('Groups'); - $self->SUPER::_Init(@_); -} +Jesse Vincent, jesse@fsck.com +=head1 SEE ALSO +RT +=head1 METHODS -=item Create PARAMHASH +=begin testing -Create takes a hash of values and creates a row in the database: +ok (require RT::TestHarness); +ok (require RT::Group); - varchar(200) 'Name'. - varchar(255) 'Description'. - varchar(64) 'Domain'. - varchar(64) 'Type'. - varchar(64) 'Instance'. +=end testing =cut +package RT::Group; +use RT::Record; +use RT::GroupMember; +use RT::ACE; +use vars qw|@ISA|; +@ISA= qw(RT::Record); -sub Create { - my $self = shift; - my %args = ( - Name => '', - Description => '', - Domain => '', - Type => '', - Instance => '', - - @_); - $self->SUPER::Create( - Name => $args{'Name'}, - Description => $args{'Description'}, - Domain => $args{'Domain'}, - Type => $args{'Type'}, - Instance => $args{'Instance'}, -); +# {{{ sub _Init +sub _Init { + my $self = shift; + $self->{'table'} = "Groups"; + return ($self->SUPER::_Init(@_)); } +# }}} +# {{{ sub _Accessible +sub _Accessible { + my $self = shift; + my %Cols = ( + Name => 'read/write', + Description => 'read/write', + Pseudo => 'read' + ); + return $self->SUPER::_Accessible(@_, %Cols); +} +# }}} +# {{{ sub Load -=item id - -Returns the current value of id. -(In the database, id is stored as int(11).) +=head2 Load +Load a group object from the database. Takes a single argument. +If the argument is numerical, load by the column 'id'. Otherwise, load by +the "Name" column which is the group's textual name =cut +sub Load { + my $self = shift; + my $identifier = shift || return undef; + + #if it's an int, load by id. otherwise, load by name. + if ($identifier !~ /\D/) { + $self->SUPER::LoadById($identifier); + } + else { + $self->LoadByCol("Name",$identifier); + } +} -=item Name - -Returns the current value of Name. -(In the database, Name is stored as varchar(200).) - - - -=item SetName VALUE +# }}} +# {{{ sub Create -Set Name to VALUE. -Returns (1, 'Status message') on success and (0, 'Error Message') on failure. -(In the database, Name will be stored as a varchar(200).) +=head2 Create +Takes a paramhash with three named arguments: Name, Description and Pseudo. +Pseudo is used internally by RT for certain special ACL decisions. =cut +sub Create { + my $self = shift; + my %args = ( Name => undef, + Description => undef, + Pseudo => 0, + @_); + + unless ($self->CurrentUser->HasSystemRight('AdminGroups')) { + $RT::Logger->warning($self->CurrentUser->Name ." Tried to create a group without permission."); + return(0, 'Permission Denied'); + } + + my $retval = $self->SUPER::Create(Name => $args{'Name'}, + Description => $args{'Description'}, + Pseudo => $args{'Pseudo'}); + + return ($retval); +} -=item Description - -Returns the current value of Description. -(In the database, Description is stored as varchar(255).) - - - -=item SetDescription VALUE +# }}} +# {{{ sub Delete -Set Description to VALUE. -Returns (1, 'Status message') on success and (0, 'Error Message') on failure. -(In the database, Description will be stored as a varchar(255).) +=head2 Delete +Delete this object =cut +sub Delete { + my $self = shift; + + unless ($self->CurrentUser->HasSystemRight('AdminGroups')) { + return (0, 'Permission Denied'); + } + + return($self->SUPER::Delete(@_)); +} -=item Domain - -Returns the current value of Domain. -(In the database, Domain is stored as varchar(64).) - +# }}} +# {{{ MembersObj -=item SetDomain VALUE +=head2 MembersObj +Returns an RT::GroupMembers object of this group's members. -Set Domain to VALUE. -Returns (1, 'Status message') on success and (0, 'Error Message') on failure. -(In the database, Domain will be stored as a varchar(64).) +=cut +sub MembersObj { + my $self = shift; + unless (defined $self->{'members_obj'}) { + use RT::GroupMembers; + $self->{'members_obj'} = new RT::GroupMembers($self->CurrentUser); + + #If we don't have rights, don't include any results + $self->{'members_obj'}->LimitToGroup($self->id); + + } + return ($self->{'members_obj'}); + +} -=cut +# }}} +# {{{ AddMember -=item Type +=head2 AddMember -Returns the current value of Type. -(In the database, Type is stored as varchar(64).) +AddMember adds a user to this group. It takes a user id. +Returns a two value array. the first value is true on successful +addition or 0 on failure. The second value is a textual status msg. +=cut +sub AddMember { + my $self = shift; + my $new_member = shift; + + my $new_member_obj = new RT::User($self->CurrentUser); + $new_member_obj->Load($new_member); + + unless ($self->CurrentUser->HasSystemRight('AdminGroups')) { + #User has no permission to be doing this + return(0, "Permission Denied"); + } + + unless ($new_member_obj->Id) { + $RT::Logger->debug("Couldn't find user $new_member"); + return(0, "Couldn't find user"); + } + + if ($self->HasMember($new_member_obj->Id)) { + #User is already a member of this group. no need to add it + return(0, "Group already has member"); + } + + my $member_object = new RT::GroupMember($self->CurrentUser); + $member_object->Create( UserId => $new_member_obj->Id, + GroupId => $self->id ); + return(1, "Member added"); +} -=item SetType VALUE +# }}} +# {{{ HasMember -Set Type to VALUE. -Returns (1, 'Status message') on success and (0, 'Error Message') on failure. -(In the database, Type will be stored as a varchar(64).) +=head2 HasMember +Takes a user Id and returns a GroupMember Id if that user is a member of +this group. +Returns undef if the user isn't a member of the group or if the current +user doesn't have permission to find out. Arguably, it should differentiate +between ACL failure and non membership. =cut +sub HasMember { + my $self = shift; + my $user_id = shift; -=item Instance + #Try to cons up a member object using "LoadByCols" -Returns the current value of Instance. -(In the database, Instance is stored as varchar(64).) + my $member_obj = new RT::GroupMember($self->CurrentUser); + $member_obj->LoadByCols( UserId => $user_id, GroupId => $self->id); + #If we have a member object + if (defined $member_obj->id) { + return ($member_obj->id); + } + #If Load returns no objects, we have an undef id. + else { + return(undef); + } +} -=item SetInstance VALUE +# }}} +# {{{ DeleteMember -Set Instance to VALUE. -Returns (1, 'Status message') on success and (0, 'Error Message') on failure. -(In the database, Instance will be stored as a varchar(64).) +=head2 DeleteMember +Takes the user id of a member. +If the current user has apropriate rights, +removes that GroupMember from this group. +Returns a two value array. the first value is true on successful +addition or 0 on failure. The second value is a textual status msg. =cut +sub DeleteMember { + my $self = shift; + my $member = shift; + + unless ($self->CurrentUser->HasSystemRight('AdminGroups')) { + #User has no permission to be doing this + return(0,"Permission Denied"); + } + + my $member_user_obj = new RT::User($self->CurrentUser); + $member_user_obj->Load($member); + + unless ($member_user_obj->Id) { + $RT::Logger->debug("Couldn't find user $member"); + return(0, "User not found"); + } + + my $member_obj = new RT::GroupMember($self->CurrentUser); + unless ($member_obj->LoadByCols ( UserId => $member_user_obj->Id, + GroupId => $self->Id )) { + return(0, "Couldn\'t load member"); #couldn\'t load member object + } + + #If we couldn't load it, return undef. + unless ($member_obj->Id()) { + return (0, "Group has no such member"); + } + + #Now that we've checked ACLs and sanity, delete the groupmember + my $val = $member_obj->Delete(); + if ($val) { + return ($val, "Member deleted"); + } + else { + return (0, "Member not deleted"); + } +} +# }}} -sub _ClassAccessible { - { - - id => - {read => 1, type => 'int(11)', default => ''}, - Name => - {read => 1, write => 1, type => 'varchar(200)', default => ''}, - Description => - {read => 1, write => 1, type => 'varchar(255)', default => ''}, - Domain => - {read => 1, write => 1, type => 'varchar(64)', default => ''}, - Type => - {read => 1, write => 1, type => 'varchar(64)', default => ''}, - Instance => - {read => 1, write => 1, type => 'varchar(64)', default => ''}, +# {{{ ACL Related routines - } -}; +# {{{ GrantQueueRight +=head2 GrantQueueRight - eval "require RT::Group_Overlay"; - if ($@ && $@ !~ qr{^Can't locate RT/Group_Overlay.pm}) { - die $@; - }; +Grant a queue right to this group. Takes a paramhash of which the elements +RightAppliesTo and RightName are important. - eval "require RT::Group_Vendor"; - if ($@ && $@ !~ qr{^Can't locate RT/Group_Vendor.pm}) { - die $@; - }; +=cut - eval "require RT::Group_Local"; - if ($@ && $@ !~ qr{^Can't locate RT/Group_Local.pm}) { - die $@; - }; +sub GrantQueueRight { + + my $self = shift; + my %args = ( RightScope => 'Queue', + RightName => undef, + RightAppliesTo => undef, + PrincipalType => 'Group', + PrincipalId => $self->Id, + @_); + + #ACLs get checked in ACE.pm + + my $ace = new RT::ACE($self->CurrentUser); + + return ($ace->Create(%args)); +} +# }}} +# {{{ GrantSystemRight +=head2 GrantSystemRight -=head1 SEE ALSO +Grant a system right to this group. +The only element that's important to set is RightName. -This class allows "overlay" methods to be placed -into the following files _Overlay is for a System overlay by the original author, -_Vendor is for 3rd-party vendor add-ons, while _Local is for site-local customizations. - -These overlay files can contain new subs or subs to replace existing subs in this module. +=cut +sub GrantSystemRight { + + my $self = shift; + my %args = ( RightScope => 'System', + RightName => undef, + RightAppliesTo => 0, + PrincipalType => 'Group', + PrincipalId => $self->Id, + @_); + + # ACLS get checked in ACE.pm + + my $ace = new RT::ACE($self->CurrentUser); + return ($ace->Create(%args)); +} -If you'll be working with perl 5.6.0 or greater, each of these files should begin with the line - no warnings qw(redefine); +# }}} -so that perl does not kick and scream when you redefine a subroutine or variable in your overlay. -RT::Group_Overlay, RT::Group_Vendor, RT::Group_Local +# {{{ sub _Set +sub _Set { + my $self = shift; -=cut + unless ($self->CurrentUser->HasSystemRight('AdminGroups')) { + return (0, 'Permission Denied'); + } + return ($self->SUPER::_Set(@_)); -1; +} +# }}} |