summaryrefslogtreecommitdiff
path: root/rt/lib/RT/Group.pm
diff options
context:
space:
mode:
Diffstat (limited to 'rt/lib/RT/Group.pm')
-rwxr-xr-xrt/lib/RT/Group.pm364
1 files changed, 364 insertions, 0 deletions
diff --git a/rt/lib/RT/Group.pm b/rt/lib/RT/Group.pm
new file mode 100755
index 000000000..005601f5e
--- /dev/null
+++ b/rt/lib/RT/Group.pm
@@ -0,0 +1,364 @@
+# $Header: /home/cvs/cvsroot/freeside/rt/lib/RT/Group.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $
+# Copyright 2000 Jesse Vincent <jesse@fsck.com>
+# Released under the terms of the GNU Public License
+#
+#
+
+=head1 NAME
+
+ RT::Group - RT\'s group object
+
+=head1 SYNOPSIS
+
+ use RT::Group;
+my $group = new RT::Group($CurrentUser);
+
+=head1 DESCRIPTION
+
+An RT group object.
+
+=head1 AUTHOR
+
+Jesse Vincent, jesse@fsck.com
+
+=head1 SEE ALSO
+
+RT
+
+=head1 METHODS
+
+
+=begin testing
+
+ok (require RT::TestHarness);
+ok (require RT::Group);
+
+=end testing
+
+=cut
+
+
+package RT::Group;
+use RT::Record;
+use RT::GroupMember;
+use RT::ACE;
+
+use vars qw|@ISA|;
+@ISA= qw(RT::Record);
+
+
+# {{{ sub _Init
+sub _Init {
+ my $self = shift;
+ $self->{'table'} = "Groups";
+ return ($self->SUPER::_Init(@_));
+}
+# }}}
+
+# {{{ sub _Accessible
+sub _Accessible {
+ my $self = shift;
+ my %Cols = (
+ Name => 'read/write',
+ Description => 'read/write',
+ Pseudo => 'read'
+ );
+ return $self->SUPER::_Accessible(@_, %Cols);
+}
+# }}}
+
+# {{{ sub Load
+
+=head2 Load
+
+Load a group object from the database. Takes a single argument.
+If the argument is numerical, load by the column 'id'. Otherwise, load by
+the "Name" column which is the group's textual name
+
+=cut
+
+sub Load {
+ my $self = shift;
+ my $identifier = shift || return undef;
+
+ #if it's an int, load by id. otherwise, load by name.
+ if ($identifier !~ /\D/) {
+ $self->SUPER::LoadById($identifier);
+ }
+ else {
+ $self->LoadByCol("Name",$identifier);
+ }
+}
+
+# }}}
+
+# {{{ sub Create
+
+=head2 Create
+
+Takes a paramhash with three named arguments: Name, Description and Pseudo.
+Pseudo is used internally by RT for certain special ACL decisions.
+
+=cut
+
+sub Create {
+ my $self = shift;
+ my %args = ( Name => undef,
+ Description => undef,
+ Pseudo => 0,
+ @_);
+
+ unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
+ $RT::Logger->warning($self->CurrentUser->Name ." Tried to create a group without permission.");
+ return(0, 'Permission Denied');
+ }
+
+ my $retval = $self->SUPER::Create(Name => $args{'Name'},
+ Description => $args{'Description'},
+ Pseudo => $args{'Pseudo'});
+
+ return ($retval);
+}
+
+# }}}
+
+# {{{ sub Delete
+
+=head2 Delete
+
+Delete this object
+
+=cut
+
+sub Delete {
+ my $self = shift;
+
+ unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
+ return (0, 'Permission Denied');
+ }
+
+ return($self->SUPER::Delete(@_));
+}
+
+# }}}
+
+# {{{ MembersObj
+
+=head2 MembersObj
+
+Returns an RT::GroupMembers object of this group's members.
+
+=cut
+
+sub MembersObj {
+ my $self = shift;
+ unless (defined $self->{'members_obj'}) {
+ use RT::GroupMembers;
+ $self->{'members_obj'} = new RT::GroupMembers($self->CurrentUser);
+
+ #If we don't have rights, don't include any results
+ $self->{'members_obj'}->LimitToGroup($self->id);
+
+ }
+ return ($self->{'members_obj'});
+
+}
+
+# }}}
+
+# {{{ AddMember
+
+=head2 AddMember
+
+AddMember adds a user to this group. It takes a user id.
+Returns a two value array. the first value is true on successful
+addition or 0 on failure. The second value is a textual status msg.
+
+=cut
+
+sub AddMember {
+ my $self = shift;
+ my $new_member = shift;
+
+ my $new_member_obj = new RT::User($self->CurrentUser);
+ $new_member_obj->Load($new_member);
+
+ unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
+ #User has no permission to be doing this
+ return(0, "Permission Denied");
+ }
+
+ unless ($new_member_obj->Id) {
+ $RT::Logger->debug("Couldn't find user $new_member");
+ return(0, "Couldn't find user");
+ }
+
+ if ($self->HasMember($new_member_obj->Id)) {
+ #User is already a member of this group. no need to add it
+ return(0, "Group already has member");
+ }
+
+ my $member_object = new RT::GroupMember($self->CurrentUser);
+ $member_object->Create( UserId => $new_member_obj->Id,
+ GroupId => $self->id );
+ return(1, "Member added");
+}
+
+# }}}
+
+# {{{ HasMember
+
+=head2 HasMember
+
+Takes a user Id and returns a GroupMember Id if that user is a member of
+this group.
+Returns undef if the user isn't a member of the group or if the current
+user doesn't have permission to find out. Arguably, it should differentiate
+between ACL failure and non membership.
+
+=cut
+
+sub HasMember {
+ my $self = shift;
+ my $user_id = shift;
+
+ #Try to cons up a member object using "LoadByCols"
+
+ my $member_obj = new RT::GroupMember($self->CurrentUser);
+ $member_obj->LoadByCols( UserId => $user_id, GroupId => $self->id);
+
+ #If we have a member object
+ if (defined $member_obj->id) {
+ return ($member_obj->id);
+ }
+
+ #If Load returns no objects, we have an undef id.
+ else {
+ return(undef);
+ }
+}
+
+# }}}
+
+# {{{ DeleteMember
+
+=head2 DeleteMember
+
+Takes the user id of a member.
+If the current user has apropriate rights,
+removes that GroupMember from this group.
+Returns a two value array. the first value is true on successful
+addition or 0 on failure. The second value is a textual status msg.
+
+=cut
+
+sub DeleteMember {
+ my $self = shift;
+ my $member = shift;
+
+ unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
+ #User has no permission to be doing this
+ return(0,"Permission Denied");
+ }
+
+ my $member_user_obj = new RT::User($self->CurrentUser);
+ $member_user_obj->Load($member);
+
+ unless ($member_user_obj->Id) {
+ $RT::Logger->debug("Couldn't find user $member");
+ return(0, "User not found");
+ }
+
+ my $member_obj = new RT::GroupMember($self->CurrentUser);
+ unless ($member_obj->LoadByCols ( UserId => $member_user_obj->Id,
+ GroupId => $self->Id )) {
+ return(0, "Couldn\'t load member"); #couldn\'t load member object
+ }
+
+ #If we couldn't load it, return undef.
+ unless ($member_obj->Id()) {
+ return (0, "Group has no such member");
+ }
+
+ #Now that we've checked ACLs and sanity, delete the groupmember
+ my $val = $member_obj->Delete();
+ if ($val) {
+ return ($val, "Member deleted");
+ }
+ else {
+ return (0, "Member not deleted");
+ }
+}
+
+# }}}
+
+# {{{ ACL Related routines
+
+# {{{ GrantQueueRight
+
+=head2 GrantQueueRight
+
+Grant a queue right to this group. Takes a paramhash of which the elements
+RightAppliesTo and RightName are important.
+
+=cut
+
+sub GrantQueueRight {
+
+ my $self = shift;
+ my %args = ( RightScope => 'Queue',
+ RightName => undef,
+ RightAppliesTo => undef,
+ PrincipalType => 'Group',
+ PrincipalId => $self->Id,
+ @_);
+
+ #ACLs get checked in ACE.pm
+
+ my $ace = new RT::ACE($self->CurrentUser);
+
+ return ($ace->Create(%args));
+}
+
+# }}}
+
+# {{{ GrantSystemRight
+
+=head2 GrantSystemRight
+
+Grant a system right to this group.
+The only element that's important to set is RightName.
+
+=cut
+sub GrantSystemRight {
+
+ my $self = shift;
+ my %args = ( RightScope => 'System',
+ RightName => undef,
+ RightAppliesTo => 0,
+ PrincipalType => 'Group',
+ PrincipalId => $self->Id,
+ @_);
+
+ # ACLS get checked in ACE.pm
+
+ my $ace = new RT::ACE($self->CurrentUser);
+ return ($ace->Create(%args));
+}
+
+
+# }}}
+
+
+# {{{ sub _Set
+sub _Set {
+ my $self = shift;
+
+ unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
+ return (0, 'Permission Denied');
+ }
+
+ return ($self->SUPER::_Set(@_));
+
+}
+# }}}