1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
51 RT::ACL - collection of RT ACE objects
56 my $ACL = RT::ACL->new($CurrentUser);
70 use base 'RT::SearchBuilder';
81 Hand out the next ACE that was found
87 =head2 LimitToObject $object
89 Limit the ACL to rights for the object $object. It needs to be an RT::Record class.
97 my $obj_type = ref($obj)||$obj;
98 my $obj_id = eval { $obj->id};
100 my $object_clause = 'possible_objects';
101 $self->_OpenParen($object_clause);
103 SUBCLAUSE => $object_clause,
104 FIELD => 'ObjectType',
106 VALUE => (ref($obj)||$obj),
107 ENTRYAGGREGATOR => 'OR' # That "OR" applies to the separate objects we're searching on, not "Type Or ID"
111 SUBCLAUSE => $object_clause,
115 ENTRYAGGREGATOR => 'AND',
119 $self->_CloseParen($object_clause);
125 =head2 LimitNotObject $object
127 Limit the ACL to rights NOT on the object $object. $object needs to be
135 unless ( defined($obj)
137 && UNIVERSAL::can( $obj, 'id' )
142 $self->Limit( FIELD => 'ObjectType',
145 ENTRYAGGREGATOR => 'OR',
146 SUBCLAUSE => $obj->id
148 $self->Limit( FIELD => 'ObjectId',
151 ENTRYAGGREGATOR => 'OR',
153 SUBCLAUSE => $obj->id
159 =head2 LimitToPrincipal { Type => undef, Id => undef, IncludeGroupMembership => undef }
161 Limit the ACL to the principal with PrincipalId Id and PrincipalType Type
166 if IncludeGroupMembership => 1 is specified, ACEs which apply to the principal due to group membership will be included in the resultset.
171 sub LimitToPrincipal {
173 my %args = ( Type => undef,
175 IncludeGroupMembership => undef,
178 if ( $args{'IncludeGroupMembership'} ) {
179 my $cgm = $self->NewAlias('CachedGroupMembers');
180 $self->Join( ALIAS1 => 'main',
181 FIELD1 => 'PrincipalId',
185 $self->Limit( ALIAS => $cgm,
188 $self->Limit( ALIAS => $cgm,
191 VALUE => $args{'Id'},
192 ENTRYAGGREGATOR => 'OR'
195 if ( defined $args{'Type'} ) {
196 $self->Limit( FIELD => 'PrincipalType',
198 VALUE => $args{'Type'},
199 ENTRYAGGREGATOR => 'OR'
203 # if the principal id points to a user, we really want to point
204 # to their ACL equivalence group. The machinations we're going through
205 # lead me to start to suspect that we really want users and groups
206 # to just be the same table. or _maybe_ that we want an object db.
207 my $princ = RT::Principal->new( RT->SystemUser );
208 $princ->Load( $args{'Id'} );
209 if ( $princ->PrincipalType eq 'User' ) {
210 my $group = RT::Group->new( RT->SystemUser );
211 $group->LoadACLEquivalenceGroup($princ);
212 $args{'Id'} = $group->PrincipalId;
214 $self->Limit( FIELD => 'PrincipalId',
216 VALUE => $args{'Id'},
217 ENTRYAGGREGATOR => 'OR'
229 # Short-circuit having to load up the ->Object
230 return $self->SUPER::AddRecord( $record )
231 if $record->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
233 my $obj = $record->Object;
234 return unless $self->CurrentUser->HasRight( Right => 'ShowACL',
236 or $self->CurrentUser->HasRight( Right => 'ModifyACL',
239 return $self->SUPER::AddRecord( $record );
245 #wrap around _DoSearch so that we can build the hash of returned
249 # $RT::Logger->debug("Now in ".$self."->_DoSearch");
250 my $return = $self->SUPER::_DoSearch(@_);
251 # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return");
252 if ( $self->{'must_redo_search'} ) {
254 "_DoSearch is not so successful as it still needs redo search, won't call _BuildHash"
264 #Build a hash of this ACL's entries.
268 while (my $entry = $self->Next) {
269 my $hashkey = join '-', map $entry->__Value( $_ ),
270 qw(ObjectType ObjectId RightName PrincipalId PrincipalType);
272 $self->{'as_hash'}->{"$hashkey"} =1;
286 my %args = ( RightScope => undef,
287 RightAppliesTo => undef,
289 PrincipalId => undef,
290 PrincipalType => undef,
293 #if we haven't done the search yet, do it now.
296 if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" .
297 $args{'RightAppliesTo'} . "-" .
298 $args{'RightName'} . "-" .
299 $args{'PrincipalId'} . "-" .
300 $args{'PrincipalType'}
314 Returns an empty new RT::ACE item
320 return(RT::ACE->new($self->CurrentUser));
322 RT::Base->_ImportOverlays();
projects / freeside.git / blob