diff options
Diffstat (limited to 'rt/lib/RT/Queue_Overlay.pm')
| -rw-r--r-- | rt/lib/RT/Queue_Overlay.pm | 106 |
1 files changed, 54 insertions, 52 deletions
diff --git a/rt/lib/RT/Queue_Overlay.pm b/rt/lib/RT/Queue_Overlay.pm index c81cb1f84..7d9385211 100644 --- a/rt/lib/RT/Queue_Overlay.pm +++ b/rt/lib/RT/Queue_Overlay.pm @@ -2,7 +2,7 @@ # # COPYRIGHT: # -# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC +# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC # <jesse@bestpractical.com> # # (Except where explicitly superseded by other copyright notices) @@ -24,7 +24,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA # 02110-1301 or visit their web page on the internet at -# http://www.gnu.org/copyleft/gpl.html. +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. # # # CONTRIBUTION SUBMISSION POLICY: @@ -648,45 +648,41 @@ sub AddWatcher { @_ ); + return ( 0, "No principal specified" ) + unless $args{'Email'} or $args{'PrincipalId'}; + + if ( !$args{'PrincipalId'} && $args{'Email'} ) { + my $user = RT::User->new( $self->CurrentUser ); + $user->LoadByEmail( $args{'Email'} ); + $args{'PrincipalId'} = $user->PrincipalId if $user->id; + } + # {{{ Check ACLS + return ( $self->_AddWatcher(%args) ) + if $self->CurrentUserHasRight('ModifyQueueWatchers'); + #If the watcher we're trying to add is for the current user - if ( $self->CurrentUser->PrincipalId eq $args{'PrincipalId'}) { + if ( $self->CurrentUser->PrincipalId == ($args{'PrincipalId'}||0) ) { # If it's an AdminCc and they don't have # 'WatchAsAdminCc' or 'ModifyTicket', bail if ( $args{'Type'} eq 'AdminCc' ) { - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') - or $self->CurrentUserHasRight('WatchAsAdminCc') ) { - return ( 0, $self->loc('Permission Denied')) - } + return ( $self->_AddWatcher(%args) ) + if $self->CurrentUserHasRight('WatchAsAdminCc'); } # If it's a Requestor or Cc and they don't have # 'Watch' or 'ModifyTicket', bail - elsif ( ( $args{'Type'} eq 'Cc' ) or ( $args{'Type'} eq 'Requestor' ) ) { - - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') - or $self->CurrentUserHasRight('Watch') ) { - return ( 0, $self->loc('Permission Denied')) - } + elsif ( $args{'Type'} eq 'Cc' or $args{'Type'} eq 'Requestor' ) { + return ( $self->_AddWatcher(%args) ) + if $self->CurrentUserHasRight('Watch'); } - else { + else { $RT::Logger->warning( "$self -> AddWatcher got passed a bogus type"); return ( 0, $self->loc('Error in parameters to Queue->AddWatcher') ); } } - # If the watcher isn't the current user - # and the current user doesn't have 'ModifyQueueWatcher' - # bail - else { - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') ) { - return ( 0, $self->loc("Permission Denied") ); - } - } - - # }}} - - return ( $self->_AddWatcher(%args) ); + return ( 0, $self->loc("Permission Denied") ); } #This contains the meat of AddWatcher. but can be called from a routine like @@ -702,48 +698,45 @@ sub _AddWatcher { ); - my $principal = RT::Principal->new($self->CurrentUser); - if ($args{'PrincipalId'}) { - $principal->Load($args{'PrincipalId'}); + my $principal = RT::Principal->new( $self->CurrentUser ); + if ( $args{'PrincipalId'} ) { + $principal->Load( $args{'PrincipalId'} ); } - elsif ($args{'Email'}) { - + elsif ( $args{'Email'} ) { my $user = RT::User->new($self->CurrentUser); - $user->LoadByEmail($args{'Email'}); + $user->LoadByEmail( $args{'Email'} ); + $user->Load( $args{'Email'} ) + unless $user->id; - unless ($user->Id) { - $user->Load($args{'Email'}); - } - if ($user->Id) { # If the user exists - $principal->Load($user->PrincipalId); + if ( $user->Id ) { # If the user exists + $principal->Load( $user->PrincipalId ); } else { - - # if the user doesn't exist, we need to create a new user - my $new_user = RT::User->new($RT::SystemUser); + # if the user doesn't exist, we need to create a new user + my $new_user = RT::User->new($RT::SystemUser); my ( $Address, $Name ) = RT::Interface::Email::ParseAddressFromHeader($args{'Email'}); my ( $Val, $Message ) = $new_user->Create( - Name => $Address, + Name => $Address, EmailAddress => $Address, RealName => $Name, Privileged => 0, - Comments => 'Autocreated when added as a watcher'); + Comments => 'Autocreated when added as a watcher' + ); unless ($Val) { $RT::Logger->error("Failed to create user ".$args{'Email'} .": " .$Message); # Deal with the race condition of two account creations at once - $new_user->LoadByEmail($args{'Email'}); + $new_user->LoadByEmail( $args{'Email'} ); } - $principal->Load($new_user->PrincipalId); + $principal->Load( $new_user->PrincipalId ); } } # If we can't find this watcher, we need to bail. - unless ($principal->Id) { + unless ( $principal->Id ) { return(0, $self->loc("Could not find or create that user")); } - my $group = RT::Group->new($self->CurrentUser); $group->LoadQueueRoleGroup(Type => $args{'Type'}, Queue => $self->Id); unless ($group->id) { @@ -791,11 +784,18 @@ sub DeleteWatcher { my %args = ( Type => undef, PrincipalId => undef, + Email => undef, @_ ); - unless ($args{'PrincipalId'} ) { - return(0, $self->loc("No principal specified")); + return ( 0, "No principal specified" ) + unless $args{Email} or $args{PrincipalId}; + + if ( !$args{PrincipalId} and $args{Email} ) { + my $user = RT::User->new( $self->CurrentUser ); + my ($rv, $msg) = $user->LoadByEmail( $args{Email} ); + $args{PrincipalId} = $user->PrincipalId if $rv; } + my $principal = RT::Principal->new($self->CurrentUser); $principal->Load($args{'PrincipalId'}); @@ -810,13 +810,15 @@ sub DeleteWatcher { return(0,$self->loc("Group not found")); } + my $can_modify_queue = $self->CurrentUserHasRight('ModifyQueueWatchers'); + # {{{ Check ACLS #If the watcher we're trying to add is for the current user if ( $self->CurrentUser->PrincipalId eq $args{'PrincipalId'}) { # If it's an AdminCc and they don't have # 'WatchAsAdminCc' or 'ModifyQueue', bail - if ( $args{'Type'} eq 'AdminCc' ) { - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') + if ( $args{'Type'} eq 'AdminCc' ) { + unless ( $can_modify_queue or $self->CurrentUserHasRight('WatchAsAdminCc') ) { return ( 0, $self->loc('Permission Denied')) } @@ -825,7 +827,7 @@ sub DeleteWatcher { # If it's a Requestor or Cc and they don't have # 'Watch' or 'ModifyQueue', bail elsif ( ( $args{'Type'} eq 'Cc' ) or ( $args{'Type'} eq 'Requestor' ) ) { - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') + unless ( $can_modify_queue or $self->CurrentUserHasRight('Watch') ) { return ( 0, $self->loc('Permission Denied')) } @@ -839,7 +841,7 @@ sub DeleteWatcher { # If the watcher isn't the current user # and the current user doesn't have 'ModifyQueueWathcers' bail else { - unless ( $self->CurrentUserHasRight('ModifyQueueWatchers') ) { + unless ( $can_modify_queue ) { return ( 0, $self->loc("Permission Denied") ); } } |