summaryrefslogtreecommitdiff
path: root/rt/lib/RT/User_Overlay.pm
diff options
context:
space:
mode:
Diffstat (limited to 'rt/lib/RT/User_Overlay.pm')
-rw-r--r--rt/lib/RT/User_Overlay.pm82
1 files changed, 53 insertions, 29 deletions
diff --git a/rt/lib/RT/User_Overlay.pm b/rt/lib/RT/User_Overlay.pm
index ba322cd4b..c2fe65192 100644
--- a/rt/lib/RT/User_Overlay.pm
+++ b/rt/lib/RT/User_Overlay.pm
@@ -53,6 +53,7 @@ use vars qw(%_USERS_KEY_CACHE);
use Digest::MD5;
use RT::Principals;
use RT::ACE;
+use RT::EmailParser;
# {{{ sub _Accessible
@@ -263,14 +264,15 @@ sub Create {
my $principal_id = $principal->Create(PrincipalType => 'User',
Disabled => $args{'Disabled'},
ObjectId => '0');
- $principal->__Set(Field => 'ObjectId', Value => $principal_id);
# If we couldn't create a principal Id, get the fuck out.
unless ($principal_id) {
$RT::Handle->Rollback();
- $RT::Logger->crit("Couldn't create a Principal on new user create. Strange things are afoot at the circle K");
+ $RT::Logger->crit("Couldn't create a Principal on new user create.");
+ $RT::Logger->crit("Strange things are afoot at the circle K");
return ( 0, $self->loc('Could not create user') );
}
+ $principal->__Set(Field => 'ObjectId', Value => $principal_id);
delete $args{'Disabled'};
$self->SUPER::Create(id => $principal_id , %args);
@@ -284,45 +286,59 @@ sub Create {
return ( 0, $self->loc('Could not create user') );
}
-
- #TODO post 2.0
- #if ($args{'SendWelcomeMessage'}) {
- # #TODO: Check if the email exists and looks valid
- # #TODO: Send the user a "welcome message"
- #}
-
-
-
my $aclstash = RT::Group->new($self->CurrentUser);
my $stash_id = $aclstash->_CreateACLEquivalenceGroup($principal);
unless ($stash_id) {
$RT::Handle->Rollback();
- $RT::Logger->crit("Couldn't stash the user in groumembers");
+ $RT::Logger->crit("Couldn't stash the user in groupmembers");
return ( 0, $self->loc('Could not create user') );
}
- $RT::Handle->Commit;
- #$RT::Logger->debug("Adding the user as a member of everyone");
my $everyone = RT::Group->new($self->CurrentUser);
$everyone->LoadSystemInternalGroup('Everyone');
- $everyone->AddMember($self->PrincipalId);
+ unless ($everyone->id) {
+ $RT::Logger->crit("Could not load Everyone group on user creation.");
+ $RT::Handle->Rollback();
+ return ( 0, $self->loc('Could not create user') );
+ }
+
+
+ my ($everyone_id, $everyone_msg) = $everyone->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
+ unless ($everyone_id) {
+ $RT::Logger->crit("Could not add user to Everyone group on user creation.");
+ $RT::Logger->crit($everyone_msg);
+ $RT::Handle->Rollback();
+ return ( 0, $self->loc('Could not create user') );
+ }
+
+ my $access_class = RT::Group->new($self->CurrentUser);
if ($privileged) {
- my $priv = RT::Group->new($self->CurrentUser);
- #$RT::Logger->debug("Making ".$self->Id." a privileged user");
- $priv->LoadSystemInternalGroup('Privileged');
- $priv->AddMember($self->PrincipalId);
+ $access_class->LoadSystemInternalGroup('Privileged');
} else {
- my $unpriv = RT::Group->new($self->CurrentUser);
- #$RT::Logger->debug("Making ".$self->Id." an unprivileged user");
- $unpriv->LoadSystemInternalGroup('Unprivileged');
- $unpriv->AddMember($self->PrincipalId);
+ $access_class->LoadSystemInternalGroup('Unprivileged');
+ }
+
+ unless ($access_class->id) {
+ $RT::Logger->crit("Could not load Privileged or Unprivileged group on user creation");
+ $RT::Handle->Rollback();
+ return ( 0, $self->loc('Could not create user') );
}
- # $RT::Logger->debug("Finished creating the user");
+ my ($ac_id, $ac_msg) = $access_class->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
+
+ unless ($ac_id) {
+ $RT::Logger->crit("Could not add user to Privileged or Unprivileged group on user creation. Aborted");
+ $RT::Logger->crit($ac_msg);
+ $RT::Handle->Rollback();
+ return ( 0, $self->loc('Could not create user') );
+ }
+
+
+ $RT::Handle->Commit;
return ( $id, $self->loc('User created') );
}
@@ -360,6 +376,10 @@ sub SetPrivileged {
my $self = shift;
my $val = shift;
+ #Check the ACL
+ unless ( $self->CurrentUser->HasRight(Right => 'AdminUsers', Object => $RT::System) ) {
+ return ( 0, $self->loc('Permission Denied') );
+ }
my $priv = RT::Group->new($self->CurrentUser);
$priv->LoadSystemInternalGroup('Privileged');
@@ -381,7 +401,7 @@ sub SetPrivileged {
return (0,$self->loc("That user is already privileged"));
}
if ($unpriv->HasMember($self->PrincipalObj)) {
- $unpriv->DeleteMember($self->PrincipalId);
+ $unpriv->_DeleteMember($self->PrincipalId);
} else {
# if we had layered transactions, life would be good
# sadly, we have to just go ahead, even if something
@@ -389,7 +409,7 @@ sub SetPrivileged {
$RT::Logger->crit("User ".$self->Id." is neither privileged nor ".
"unprivileged. something is drastically wrong.");
}
- my ($status, $msg) = $priv->AddMember($self->PrincipalId);
+ my ($status, $msg) = $priv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
if ($status) {
return (1, $self->loc("That user is now privileged"));
} else {
@@ -402,7 +422,7 @@ sub SetPrivileged {
return (0,$self->loc("That user is already unprivileged"));
}
if ($priv->HasMember($self->PrincipalObj)) {
- $priv->DeleteMember($self->PrincipalId);
+ $priv->_DeleteMember( $self->PrincipalId);
} else {
# if we had layered transactions, life would be good
# sadly, we have to just go ahead, even if something
@@ -410,7 +430,7 @@ sub SetPrivileged {
$RT::Logger->crit("User ".$self->Id." is neither privileged nor ".
"unprivileged. something is drastically wrong.");
}
- my ($status, $msg) = $unpriv->AddMember($self->PrincipalId);
+ my ($status, $msg) = $unpriv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId);
if ($status) {
return (1, $self->loc("That user is now unprivileged"));
} else {
@@ -576,13 +596,17 @@ sub LoadOrCreateByEmail {
my ($val, $message);
+ my ( $Address, $Name ) =
+ RT::EmailParser::ParseAddressFromHeader('', $email);
+ $email = $Address;
+
$self->LoadByEmail($email);
$message = $self->loc('User loaded');
unless ($self->Id) {
( $val, $message ) = $self->Create(
Name => $email,
EmailAddress => $email,
- RealName => $email,
+ RealName => $Name,
Privileged => 0,
Comments => 'Autocreated when added as a watcher');
unless ($val) {
generated by cgit v1.2.1 (git 2.18.0) at 2024-07-03 22:53:39 +0000