1 # $Header: /home/cvs/cvsroot/freeside/rt/lib/RT/Group.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $
2 # Copyright 2000 Jesse Vincent <jesse@fsck.com>
3 # Released under the terms of the GNU Public License
9 RT::Group - RT\'s group object
14 my $group = new RT::Group($CurrentUser);
22 Jesse Vincent, jesse@fsck.com
33 ok (require RT::TestHarness);
34 ok (require RT::Group);
53 $self->{'table'} = "Groups";
54 return ($self->SUPER::_Init(@_));
63 Description => 'read/write',
66 return $self->SUPER::_Accessible(@_, %Cols);
74 Load a group object from the database. Takes a single argument.
75 If the argument is numerical, load by the column 'id'. Otherwise, load by
76 the "Name" column which is the group's textual name
82 my $identifier = shift || return undef;
84 #if it's an int, load by id. otherwise, load by name.
85 if ($identifier !~ /\D/) {
86 $self->SUPER::LoadById($identifier);
89 $self->LoadByCol("Name",$identifier);
99 Takes a paramhash with three named arguments: Name, Description and Pseudo.
100 Pseudo is used internally by RT for certain special ACL decisions.
106 my %args = ( Name => undef,
107 Description => undef,
111 unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
112 $RT::Logger->warning($self->CurrentUser->Name ." Tried to create a group without permission.");
113 return(0, 'Permission Denied');
116 my $retval = $self->SUPER::Create(Name => $args{'Name'},
117 Description => $args{'Description'},
118 Pseudo => $args{'Pseudo'});
136 unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
137 return (0, 'Permission Denied');
140 return($self->SUPER::Delete(@_));
149 Returns an RT::GroupMembers object of this group's members.
155 unless (defined $self->{'members_obj'}) {
156 use RT::GroupMembers;
157 $self->{'members_obj'} = new RT::GroupMembers($self->CurrentUser);
159 #If we don't have rights, don't include any results
160 $self->{'members_obj'}->LimitToGroup($self->id);
163 return ($self->{'members_obj'});
173 AddMember adds a user to this group. It takes a user id.
174 Returns a two value array. the first value is true on successful
175 addition or 0 on failure. The second value is a textual status msg.
181 my $new_member = shift;
183 my $new_member_obj = new RT::User($self->CurrentUser);
184 $new_member_obj->Load($new_member);
186 unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
187 #User has no permission to be doing this
188 return(0, "Permission Denied");
191 unless ($new_member_obj->Id) {
192 $RT::Logger->debug("Couldn't find user $new_member");
193 return(0, "Couldn't find user");
196 if ($self->HasMember($new_member_obj->Id)) {
197 #User is already a member of this group. no need to add it
198 return(0, "Group already has member");
201 my $member_object = new RT::GroupMember($self->CurrentUser);
202 $member_object->Create( UserId => $new_member_obj->Id,
203 GroupId => $self->id );
204 return(1, "Member added");
213 Takes a user Id and returns a GroupMember Id if that user is a member of
215 Returns undef if the user isn't a member of the group or if the current
216 user doesn't have permission to find out. Arguably, it should differentiate
217 between ACL failure and non membership.
225 #Try to cons up a member object using "LoadByCols"
227 my $member_obj = new RT::GroupMember($self->CurrentUser);
228 $member_obj->LoadByCols( UserId => $user_id, GroupId => $self->id);
230 #If we have a member object
231 if (defined $member_obj->id) {
232 return ($member_obj->id);
235 #If Load returns no objects, we have an undef id.
247 Takes the user id of a member.
248 If the current user has apropriate rights,
249 removes that GroupMember from this group.
250 Returns a two value array. the first value is true on successful
251 addition or 0 on failure. The second value is a textual status msg.
259 unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
260 #User has no permission to be doing this
261 return(0,"Permission Denied");
264 my $member_user_obj = new RT::User($self->CurrentUser);
265 $member_user_obj->Load($member);
267 unless ($member_user_obj->Id) {
268 $RT::Logger->debug("Couldn't find user $member");
269 return(0, "User not found");
272 my $member_obj = new RT::GroupMember($self->CurrentUser);
273 unless ($member_obj->LoadByCols ( UserId => $member_user_obj->Id,
274 GroupId => $self->Id )) {
275 return(0, "Couldn\'t load member"); #couldn\'t load member object
278 #If we couldn't load it, return undef.
279 unless ($member_obj->Id()) {
280 return (0, "Group has no such member");
283 #Now that we've checked ACLs and sanity, delete the groupmember
284 my $val = $member_obj->Delete();
286 return ($val, "Member deleted");
289 return (0, "Member not deleted");
295 # {{{ ACL Related routines
297 # {{{ GrantQueueRight
299 =head2 GrantQueueRight
301 Grant a queue right to this group. Takes a paramhash of which the elements
302 RightAppliesTo and RightName are important.
306 sub GrantQueueRight {
309 my %args = ( RightScope => 'Queue',
311 RightAppliesTo => undef,
312 PrincipalType => 'Group',
313 PrincipalId => $self->Id,
316 #ACLs get checked in ACE.pm
318 my $ace = new RT::ACE($self->CurrentUser);
320 return ($ace->Create(%args));
325 # {{{ GrantSystemRight
327 =head2 GrantSystemRight
329 Grant a system right to this group.
330 The only element that's important to set is RightName.
333 sub GrantSystemRight {
336 my %args = ( RightScope => 'System',
339 PrincipalType => 'Group',
340 PrincipalId => $self->Id,
343 # ACLS get checked in ACE.pm
345 my $ace = new RT::ACE($self->CurrentUser);
346 return ($ace->Create(%args));
357 unless ($self->CurrentUser->HasSystemRight('AdminGroups')) {
358 return (0, 'Permission Denied');
361 return ($self->SUPER::_Set(@_));