rt/etc/upgrade/4.1.4/content


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

use strict;
use warnings;

our (@Final);

push @Final, sub {
    my %global = %{ RT->System->AvailableRights };
    my $handle = RT->DatabaseHandle;

    for my $role (RT::System->Roles) {
        my $group       = RT::Group->new( RT->SystemUser );
        my ($ok, $msg)  = $group->LoadRoleGroup(
            Object  => RT->System,
            Name    => $role,
        );

        unless ($group->id) {
            RT->Logger->error("Can't load role group $role: $msg");
            next;
        }

        my %rights = %{ RT->System->AvailableRights( $group->PrincipalObj ) };

        # Global rights which aren't available on the role anymore
        my @remove = grep { not $rights{$_} }
                     keys %global;
        my $placeholders = join ",", map { "?" } 1 .. scalar @remove;

        my $query = <<"        SQL";
            DELETE FROM ACL
                  WHERE PrincipalType = ?
                    AND PrincipalId   = ?
                    AND ObjectType    = 'RT::System'
                    AND RightName    IN ($placeholders)
        SQL

        my $res = $handle->SimpleQuery(
            $query,
            $role,                  # Type
            $group->PrincipalId,    # Id
            @remove,                # Right names
        );

        unless ($res) {
            RT->Logger->error("Failed to delete invalid rights on system role $role!");
            next;
        }
    }
};