3 # Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
5 # (Except where explictly superceded by other copyright notices)
7 # This work is made available to you under the terms of Version 2 of
8 # the GNU General Public License. A copy of that license should have
9 # been provided with this software, but in any event can be snarfed
12 # This work is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 # General Public License for more details.
17 # Unless otherwise specified, all modifications, corrections or
18 # extensions to this work which alter its source code become the
19 # property of Best Practical Solutions, LLC when submitted for
20 # inclusion in the work.
26 RT::ACL - collection of RT ACE objects
31 my $ACL = new RT::ACL($CurrentUser);
47 no warnings qw(redefine);
52 Hand out the next ACE that was found
59 =head2 LimitToObject $object
61 Limit the ACL to rights for the object $object. It needs to be an RT::Record class.
68 unless (defined($obj) && ref($obj) && UNIVERSAL::can($obj, 'id')) {
71 $self->Limit(FIELD => 'ObjectType', OPERATOR=> '=', VALUE => ref($obj), ENTRYAGGREGATOR => 'OR');
72 $self->Limit(FIELD => 'ObjectId', OPERATOR=> '=', VALUE => $obj->id, ENTRYAGGREGATOR => 'OR', QUOTEVALUE => 0);
78 # {{{ LimitToPrincipal
80 =head2 LimitToPrincipal { Type => undef, Id => undef, IncludeGroupMembership => undef }
82 Limit the ACL to the principal with PrincipalId Id and PrincipalType Type
87 if IncludeGroupMembership => 1 is specified, ACEs which apply to the principal due to group membership will be included in the resultset.
92 sub LimitToPrincipal {
94 my %args = ( Type => undef,
96 IncludeGroupMembership => undef,
98 if ( $args{'IncludeGroupMembership'} ) {
99 my $cgm = $self->NewAlias('CachedGroupMembers');
100 $self->Join( ALIAS1 => 'main',
101 FIELD1 => 'PrincipalId',
103 FIELD2 => 'GroupId' );
104 $self->Limit( ALIAS => $cgm,
107 VALUE => $args{'Id'},
108 ENTRYAGGREGATOR => 'OR' );
111 if ( defined $args{'Type'} ) {
112 $self->Limit( FIELD => 'PrincipalType',
114 VALUE => $args{'Type'},
115 ENTRYAGGREGATOR => 'OR' );
117 # if the principal id points to a user, we really want to point
118 # to their ACL equivalence group. The machinations we're going through
119 # lead me to start to suspect that we really want users and groups
120 # to just be the same table. or _maybe_ that we want an object db.
121 my $princ = RT::Principal->new($RT::SystemUser);
122 $princ->Load($args{'PrincipalId'});
123 if ($princ->PrincipalType eq 'User') {
124 my $group = RT::Group->new($RT::SystemUser);
125 $group->LoadACLEquivalenceGroup($princ);
126 $args{'PrincipalId'} = $group->PrincipalId;
128 $self->Limit( FIELD => 'PrincipalId',
130 VALUE => $args{'Id'},
131 ENTRYAGGREGATOR => 'OR' );
139 # {{{ ExcludeDelegatedRights
141 =head2 ExcludeDelegatedRights
143 Don't list rights which have been delegated.
147 sub ExcludeDelegatedRights {
149 $self->DelegatedBy(Id => 0);
150 $self->DelegatedFrom(Id => 0);
156 =head2 DelegatedBy { Id => undef }
158 Limit the ACL to rights delegated by the principal whose Principal Id is
172 FIELD => 'DelegatedBy',
174 VALUE => $args{'Id'},
175 ENTRYAGGREGATOR => 'OR'
184 =head2 DelegatedFrom { Id => undef }
186 Limit the ACL to rights delegate from the ACE which has the Id specified
198 $self->Limit(FIELD => 'DelegatedFrom', OPERATOR=> '=', VALUE => $args{'Id'}, ENTRYAGGREGATOR => 'OR');
209 my $ACE = $self->SUPER::Next();
210 if ( ( defined($ACE) ) and ( ref($ACE) ) ) {
212 if ( $self->CurrentUser->HasRight( Right => 'ShowACL',
213 Object => $ACE->Object )
214 or $self->CurrentUser->HasRight( Right => 'ModifyACL',
215 Object => $ACE->Object )
220 #If the user doesn't have the right to show this ACE
222 return ( $self->Next() );
226 #if there never was any ACE
237 #wrap around _DoSearch so that we can build the hash of returned
241 # $RT::Logger->debug("Now in ".$self."->_DoSearch");
242 my $return = $self->SUPER::_DoSearch(@_);
243 # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return\n");
249 #Build a hash of this ACL's entries.
253 while (my $entry = $self->Next) {
254 my $hashkey = $entry->ObjectType . "-" . $entry->ObjectId . "-" . $entry->RightName . "-" . $entry->PrincipalId . "-" . $entry->PrincipalType;
256 $self->{'as_hash'}->{"$hashkey"} =1;
271 my %args = ( RightScope => undef,
272 RightAppliesTo => undef,
274 PrincipalId => undef,
275 PrincipalType => undef,
278 #if we haven't done the search yet, do it now.
281 if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" .
282 $args{'RightAppliesTo'} . "-" .
283 $args{'RightName'} . "-" .
284 $args{'PrincipalId'} . "-" .
285 $args{'PrincipalType'}