1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
use strict;
use warnings;
use RT::Test tests => 14;
my ($baseurl, $m) = RT::Test->started_ok;
ok $m->login, "logged in";
$m->follow_link_ok({ id => 'tools-config-global-group-rights'});
sub get_rights {
my $agent = shift;
my $principal_id = shift;
my $object = shift;
$agent->form_name('ModifyGroupRights');
my @inputs = $agent->current_form->find_input("SetRights-$principal_id-$object");
my @rights = sort grep $_, map $_->possible_values, grep $_ && $_->value, @inputs;
return @rights;
};
diag "load Everyone group";
my ($everyone, $everyone_gid);
{
$everyone = RT::Group->new( RT->SystemUser );
$everyone->LoadSystemInternalGroup('Everyone');
ok($everyone_gid = $everyone->id, "loaded 'everyone' group");
}
diag "revoke all global rights from Everyone group";
my @has = get_rights( $m, $everyone_gid, 'RT::System-1' );
if ( @has ) {
$m->form_name('ModifyGroupRights');
$m->untick("SetRights-$everyone_gid-RT::System-1", $_) foreach @has;
$m->submit;
is_deeply([get_rights( $m, $everyone_gid, 'RT::System-1' )], [], 'deleted all rights' );
} else {
ok(1, 'the group has no global rights');
}
diag "grant SuperUser right to everyone";
{
$m->form_name('ModifyGroupRights');
$m->tick("SetRights-$everyone_gid-RT::System-1", 'SuperUser');
$m->submit;
$m->content_contains('Right Granted', 'got message');
RT::Principal::InvalidateACLCache();
ok($everyone->PrincipalObj->HasRight( Right => 'SuperUser', Object => $RT::System ), 'group has right');
is_deeply( [get_rights( $m, $everyone_gid, 'RT::System-1' )], ['SuperUser'], 'granted SuperUser right' );
}
diag "revoke the right";
{
$m->form_name('ModifyGroupRights');
$m->untick("SetRights-$everyone_gid-RT::System-1", 'SuperUser');
$m->submit;
$m->content_contains('Right revoked', 'got message');
RT::Principal::InvalidateACLCache();
ok(!$everyone->PrincipalObj->HasRight( Right => 'SuperUser', Object => $RT::System ), 'group has no right');
is_deeply( [get_rights( $m, $everyone_gid, 'RT::System-1' )], [], 'revoked SuperUser right' );
}
diag "return rights the group had in the beginning";
if ( @has ) {
$m->form_name('ModifyGroupRights');
$m->tick("SetRights-$everyone_gid-RT::System-1", $_) for @has;
$m->submit;
$m->content_contains('Right Granted', 'got message');
is_deeply(
[ get_rights( $m, $everyone_gid, 'RT::System-1' ) ],
[ @has ],
'returned back all rights'
);
} else {
ok(1, 'the group had no global rights, so nothing to return');
}
|
