# BEGIN BPS TAGGED BLOCK {{{
#
# COPYRIGHT:
#
# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC
# <jesse@bestpractical.com>
#
# (Except where explicitly superseded by other copyright notices)
#
#
# LICENSE:
#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
#
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
#
# CONTRIBUTION SUBMISSION POLICY:
#
# (The following paragraph is not intended to limit the rights granted
# to you to modify and distribute this software under the terms of
# the GNU General Public License and is only of importance to you if
# you choose to contribute your changes and enhancements to the
# community by submitting them to Best Practical Solutions, LLC.)
#
# By intentionally submitting any modifications, corrections or
# derivatives to this work, or any other work intended for use with
# Request Tracker, to Best Practical Solutions, LLC, you confirm that
# you are the copyright holder for those contributions and you grant
# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
# royalty-free, perpetual, license to use, copy, create derivative
# works based on those contributions, and sublicense and distribute
# those contributions and any derivatives thereof.
#
# END BPS TAGGED BLOCK }}}
=head1 NAME
RT::GroupMember - a member of an RT Group
=head1 SYNOPSIS
RT::GroupMember should never be called directly. It should ONLY
only be accessed through the helper functions in RT::Group;
If you're operating on an RT::GroupMember object yourself, you B<ARE>
doing something wrong.
=head1 DESCRIPTION
=head1 METHODS
=begin testing
ok (require RT::GroupMember);
=end testing
=cut
package RT::GroupMember;
use strict;
no warnings qw(redefine);
use RT::CachedGroupMembers;
# {{{ sub Create
=head2 Create { Group => undef, Member => undef }
Add a Principal to the group Group.
if the Principal is a group, automatically inserts all
members of the principal into the cached members table recursively down.
Both Group and Member are expected to be RT::Principal objects
=cut
sub Create {
my $self = shift;
my %args = (
Group => undef,
Member => undef,
InsideTransaction => undef,
@_
);
unless ($args{'Group'} &&
UNIVERSAL::isa($args{'Group'}, 'RT::Principal') &&
$args{'Group'}->Id ) {
$RT::Logger->warning("GroupMember::Create called with a bogus Group arg");
return (undef);
}
unless($args{'Group'}->IsGroup) {
$RT::Logger->warning("Someone tried to add a member to a user instead of a group");
return (undef);
}
unless ($args{'Member'} &&
UNIVERSAL::isa($args{'Member'}, 'RT::Principal') &&
$args{'Member'}->Id) {
$RT::Logger->warning("GroupMember::Create called with a bogus Principal arg");
return (undef);
}
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
RT::Principal->InvalidateACLCache();
$RT::Handle->BeginTransaction() unless ($args{'InsideTransaction'});
# We really need to make sure we don't add any members to this group
# that contain the group itself. that would, um, suck.
# (and recurse infinitely) Later, we can add code to check this in the
# cache and bail so we can support cycling directed graphs
if ($args{'Member'}->IsGroup) {
my $member_object = $args{'Member'}->Object;
if ($member_object->HasMemberRecursively($args{'Group'})) {
$RT::Logger->debug("Adding that group would create a loop");
return(undef);
}
elsif ( $args{'Member'}->Id == $args{'Group'}->Id) {
$RT::Logger->debug("Can't add a group to itself");
return(undef);
}
}
my $id = $self->SUPER::Create(
GroupId => $args{'Group'}->Id,
MemberId => $args{'Member'}->Id
);
unless ($id) {
$RT::Handle->Rollback() unless ($args{'InsideTransaction'});
return (undef);
}
my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
my $cached_id = $cached_member->Create(
Member => $args{'Member'},
Group => $args{'Group'},
ImmediateParent => $args{'Group'},
Via => '0'
);
#When adding a member to a group, we need to go back
#and popuplate the CachedGroupMembers of all the groups that group is part of .
my $cgm = RT::CachedGroupMembers->new( $self->CurrentUser );
# find things which have the current group as a member.
# $group is an RT::Principal for the group.
$cgm->LimitToGroupsWithMember( $args{'Group'}->Id );
while ( my $parent_member = $cgm->Next ) {
my $parent_id = $parent_member->MemberId;
my $via = $parent_member->Id;
my $group_id = $parent_member->GroupId;
my $other_cached_member =
RT::CachedGroupMember->new( $self->CurrentUser );
my $other_cached_id = $other_cached_member->Create(
Member => $args{'Member'},
Group => $parent_member->GroupObj,
ImmediateParent => $parent_member->MemberObj,
Via => $parent_member->Id
);
unless ($other_cached_id) {
$RT::Logger->err( "Couldn't add " . $args{'Member'}
. " as a submember of a supergroup" );
$RT::Handle->Rollback() unless ($args{'InsideTransaction'});
return (undef);
}
}
unless ($cached_id) {
$RT::Handle->Rollback() unless ($args{'InsideTransaction'});
return (undef);
}
$RT::Handle->Commit() unless ($args{'InsideTransaction'});
return ($id);
}
# }}}
# {{{ sub _StashUser
=head2 _StashUser PRINCIPAL
Create { Group => undef, Member => undef }
Creates an entry in the groupmembers table, which lists a user
as a member of himself. This makes ACL checks a whole bunch easier.
This happens once on user create and never ever gets yanked out.
PRINCIPAL is expected to be an RT::Principal object for a user
This routine expects to be called inside a transaction by RT::User->Create
=cut
sub _StashUser {
my $self = shift;
my %args = (
Group => undef,
Member => undef,
@_
);
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
RT::Principal->InvalidateACLCache();
# We really need to make sure we don't add any members to this group
# that contain the group itself. that would, um, suck.
# (and recurse infinitely) Later, we can add code to check this in the
# cache and bail so we can support cycling directed graphs
my $id = $self->SUPER::Create(
GroupId => $args{'Group'}->Id,
MemberId => $args{'Member'}->Id,
);
unless ($id) {
return (undef);
}
my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
my $cached_id = $cached_member->Create(
Member => $args{'Member'},
Group => $args{'Group'},
ImmediateParent => $args{'Group'},
Via => '0'
);
unless ($cached_id) {
return (undef);
}
return ($id);
}
# }}}
# {{{ sub Delete
=head2 Delete
Takes no arguments. deletes the currently loaded member from the
group in question.
Expects to be called _outside_ a transaction
=cut
sub Delete {
my $self = shift;
$RT::Handle->BeginTransaction();
# Find all occurrences of this member as a member of this group
# in the cache and nuke them, recursively.
# The following code will delete all Cached Group members
# where this member's group is _not_ the primary group
# (Ie if we're deleting C as a member of B, and B happens to be
# a member of A, will delete C as a member of A without touching
# C as a member of B
my $cached_submembers = RT::CachedGroupMembers->new( $self->CurrentUser );
$cached_submembers->Limit(
FIELD => 'MemberId',
OPERATOR => '=',
VALUE => $self->MemberObj->Id
);
$cached_submembers->Limit(
FIELD => 'ImmediateParentId',
OPERATOR => '=',
VALUE => $self->GroupObj->Id
);
while ( my $item_to_del = $cached_submembers->Next() ) {
my $del_err = $item_to_del->Delete();
unless ($del_err) {
$RT::Handle->Rollback();
$RT::Logger->warning("Couldn't delete cached group submember ".$item_to_del->Id);
return (undef);
}
}
my ($err, $msg) = $self->SUPER::Delete();
unless ($err) {
$RT::Logger->warning("Couldn't delete cached group submember ".$self->Id);
$RT::Handle->Rollback();
return (undef);
}
# Since this deletion may have changed the former member's
# delegation rights, we need to ensure that no invalid delegations
# remain.
$err = $self->MemberObj->_CleanupInvalidDelegations(InsideTransaction => 1);
unless ($err) {
$RT::Logger->warning("Unable to revoke delegated rights for principal ".$self->Id);
$RT::Handle->Rollback();
return (undef);
}
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
RT::Principal->InvalidateACLCache();
$RT::Handle->Commit();
return ($err);
}
# }}}
# {{{ sub MemberObj
=head2 MemberObj
Returns an RT::Principal object for the Principal specified by $self->PrincipalId
=cut
sub MemberObj {
my $self = shift;
unless ( defined( $self->{'Member_obj'} ) ) {
$self->{'Member_obj'} = RT::Principal->new( $self->CurrentUser );
$self->{'Member_obj'}->Load( $self->MemberId ) if ($self->MemberId);
}
return ( $self->{'Member_obj'} );
}
# }}}
# {{{ sub GroupObj
=head2 GroupObj
Returns an RT::Principal object for the Group specified in $self->GroupId
=cut
sub GroupObj {
my $self = shift;
unless ( defined( $self->{'Group_obj'} ) ) {
$self->{'Group_obj'} = RT::Principal->new( $self->CurrentUser );
$self->{'Group_obj'}->Load( $self->GroupId );
}
return ( $self->{'Group_obj'} );
}
# }}}
1;