use RT::Test nodata => 1, tests => 264; use strict; use warnings; my $queue_a = RT::Test->load_or_create_queue( Name => 'A' ); ok $queue_a && $queue_a->id, 'loaded or created queue_a'; my $qa_id = $queue_a->id; my $queue_b = RT::Test->load_or_create_queue( Name => 'B' ); ok $queue_b && $queue_b->id, 'loaded or created queue_b'; my $qb_id = $queue_b->id; my $user_a = RT::Test->load_or_create_user( Name => 'user_a', Password => 'password', ); ok $user_a && $user_a->id, 'loaded or created user'; my $user_b = RT::Test->load_or_create_user( Name => 'user_b', Password => 'password', ); ok $user_b && $user_b->id, 'loaded or created user'; foreach my $option (0 .. 1 ) { RT->Config->Set( 'UseSQLForACLChecks' => $option ); diag "Testing with UseSQLForACLChecks => $option"; # Global Cc has right, a User is nobody { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Right => [qw(ShowTicket)] }, ); create_tickets_set(); have_no_rights($user_a, $user_b); } # Global Cc has right, a User is Queue Cc { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Right => [qw(ShowTicket)] }, ); create_tickets_set(); have_no_rights($user_a, $user_b); my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); ok($status, "user A is now queue A watcher"); foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; my $found = 0; while ( my $t = $tickets->Next ) { $found++; is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); } is($found, 2, "user sees tickets"); } have_no_rights( $user_b ); } # global Cc has right, a User is ticket Cc { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Right => [qw(ShowTicket)] }, ); my @tickets = create_tickets_set(); have_no_rights($user_a, $user_b); my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); ok($status, "user A is now queue A watcher"); foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; my $found = 0; while ( my $t = $tickets->Next ) { $found++; is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); is( $t->id, $tickets[1]->id, "correct ticket"); } is($found, 1, "user sees tickets"); } have_no_rights($user_b); } # Queue Cc has right, a User is nobody { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, ); create_tickets_set(); have_no_rights($user_a, $user_b); } # Queue Cc has right, Users are Queue Ccs { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, ); create_tickets_set(); have_no_rights($user_a, $user_b); my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); ok($status, "user A is now queue A watcher"); ($status, $msg) = $queue_b->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id ); ok($status, "user B is now queue B watcher"); foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; my $found = 0; while ( my $t = $tickets->Next ) { $found++; is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); } is($found, 2, "user sees tickets"); } have_no_rights( $user_b ); } # Queue Cc has right, Users are ticket Ccs { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, ); my @tickets = create_tickets_set(); have_no_rights($user_a, $user_b); my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); ok($status, "user A is now Cc on a ticket in queue A"); ($status, $msg) = $tickets[2]->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id ); ok($status, "user B is now Cc on a ticket in queue B"); foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; my $found = 0; while ( my $t = $tickets->Next ) { $found++; is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); is( $t->id, $tickets[1]->id, ) } is($found, 1, "user sees tickets"); } have_no_rights( $user_b ); } # Users has direct right on queue { cleanup(); RT::Test->set_rights( { Principal => 'Everyone', Right => [qw(SeeQueue)] }, { Principal => $user_a, Object => $queue_a, Right => [qw(ShowTicket)] }, ); my @tickets = create_tickets_set(); foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; my $found = 0; while ( my $t = $tickets->Next ) { $found++; is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); } is($found, 2, "user sees tickets"); } have_no_rights( $user_b ); } } sub have_no_rights { $SIG{'INT'} = $SIG{'TERM'} = sub { print STDERR Carp::longmess('boo'); exit 1 }; local $Test::Builder::Level = $Test::Builder::Level + 1; foreach my $u ( @_ ) { foreach my $q ( '', "Queue = $qa_id OR Queue = $qb_id", "Queue = $qb_id OR Queue = $qa_id", ) { my $tickets = RT::Tickets->new( RT::CurrentUser->new( $u ) ); $q? $tickets->FromSQL($q) : $tickets->UnLimit; ok(!$tickets->First, "no tickets"); } } } sub create_tickets_set{ local $Test::Builder::Level = $Test::Builder::Level + 1; my @res; foreach my $q ($queue_a, $queue_b) { foreach my $n (1 .. 2) { my $ticket = RT::Ticket->new( RT->SystemUser ); my ($tid) = $ticket->Create( Queue => $q->id, Subject => $q->Name .' - '. $n ); ok( $tid, "created ticket #$tid"); push @res, $ticket; } } return @res; } sub cleanup { RT::Test->delete_tickets( "Queue = $qa_id OR Queue = $qb_id" ); RT::Test->delete_queue_watchers( $queue_a, $queue_b ); };