summaryrefslogtreecommitdiff
path: root/rt/lib/RT/SavedSearch.pm
diff options
context:
space:
mode:
Diffstat (limited to 'rt/lib/RT/SavedSearch.pm')
-rw-r--r--rt/lib/RT/SavedSearch.pm89
1 files changed, 55 insertions, 34 deletions
diff --git a/rt/lib/RT/SavedSearch.pm b/rt/lib/RT/SavedSearch.pm
index 65411a7b2..9cebe33e3 100644
--- a/rt/lib/RT/SavedSearch.pm
+++ b/rt/lib/RT/SavedSearch.pm
@@ -2,7 +2,7 @@
#
# COPYRIGHT:
#
-# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC
+# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
# <jesse@bestpractical.com>
#
# (Except where explicitly superseded by other copyright notices)
@@ -22,7 +22,9 @@
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/copyleft/gpl.html.
#
#
# CONTRIBUTION SUBMISSION POLICY:
@@ -43,7 +45,6 @@
# those contributions and any derivatives thereof.
#
# END BPS TAGGED BLOCK }}}
-
=head1 NAME
RT::SavedSearch - an API for saving and retrieving search form values.
@@ -76,8 +77,8 @@ use RT::Base;
use RT::Attribute;
use strict;
-use vars qw/@ISA/;
-@ISA = qw/RT::Base/;
+use warnings;
+use base qw/RT::Base/;
sub new {
my $proto = shift;
@@ -116,7 +117,7 @@ sub Load {
return (0, $self->loc("Search attribute load failure"));
}
} else {
- $RT::Logger->error("Could not load object $privacy when loading search");
+ $RT::Logger->warning("Could not load object $privacy when loading search");
return (0, $self->loc("Could not load object for [_1]", $privacy));
}
@@ -149,23 +150,33 @@ sub Save {
$params{'SearchType'} = $type;
my $object = $self->_GetObject($privacy);
- if ($object) {
- my ($att_id, $att_msg) = $object->AddAttribute(
- 'Name' => 'SavedSearch',
- 'Description' => $name,
- 'Content' => \%params);
- if ($att_id) {
- $self->{'Attribute'} = $object->Attributes->WithId($att_id);
- $self->{'Id'} = $att_id;
- $self->{'Privacy'} = $privacy;
- $self->{'Type'} = $type;
- return (1, $self->loc("Saved search [_1]", $name));
- } else {
- $RT::Logger->error("SavedSearch save failure: $att_msg");
- return (0, $self->loc("Failed to create search attribute"));
- }
- } else {
- return (0, $self->loc("Failed to load object for [_1]", $privacy));
+
+ return (0, $self->loc("Failed to load object for [_1]", $privacy))
+ unless $object;
+
+ if ( $object->isa('RT::System') ) {
+ return ( 0, $self->loc("No permission to save system-wide searches") )
+ unless $self->CurrentUser->HasRight(
+ Object => $RT::System,
+ Right => 'SuperUser'
+ );
+ }
+
+ my ( $att_id, $att_msg ) = $object->AddAttribute(
+ 'Name' => 'SavedSearch',
+ 'Description' => $name,
+ 'Content' => \%params
+ );
+ if ($att_id) {
+ $self->{'Attribute'} = $object->Attributes->WithId($att_id);
+ $self->{'Id'} = $att_id;
+ $self->{'Privacy'} = $privacy;
+ $self->{'Type'} = $type;
+ return ( 1, $self->loc( "Saved search [_1]", $name ) );
+ }
+ else {
+ $RT::Logger->error("SavedSearch save failure: $att_msg");
+ return ( 0, $self->loc("Failed to create search attribute") );
}
}
@@ -277,6 +288,24 @@ sub Type {
### Internal methods
+sub _load_privacy_object {
+ my ($self, $obj_type, $obj_id) = @_;
+ if ( $obj_type eq 'RT::User' && $obj_id == $self->CurrentUser->Id) {
+ return $self->CurrentUser->UserObj;
+ }
+ elsif ($obj_type eq 'RT::Group') {
+ my $group = RT::Group->new($self->CurrentUser);
+ $group->Load($obj_id);
+ return $group;
+ }
+ elsif ($obj_type eq 'RT::System') {
+ return RT::System->new($self->CurrentUser);
+ }
+
+ $RT::Logger->error("Tried to load a search belonging to an $obj_type, which is neither a user nor a group");
+ return undef;
+}
+
# _GetObject: helper routine to load the correct object whose parameters
# have been passed.
@@ -285,22 +314,14 @@ sub _GetObject {
my $privacy = shift;
my ($obj_type, $obj_id) = split(/\-/, $privacy);
- unless ($obj_type eq 'RT::User' || $obj_type eq 'RT::Group') {
- $RT::Logger->error("Tried to load a search belonging to an $obj_type, which is neither a user nor a group");
- return undef;
- }
- my $object;
- eval "
- require $obj_type;
- \$object = $obj_type->new(\$self->CurrentUser);
- \$object->Load(\$obj_id);
- ";
+ my $object = $self->_load_privacy_object($obj_type, $obj_id);
+
unless (ref($object) eq $obj_type) {
$RT::Logger->error("Could not load object of type $obj_type with ID $obj_id");
return undef;
}
-
+
# Do not allow the loading of a user object other than the current
# user, or of a group object of which the current user is not a member.