doc

[freeside.git] / rt / lib / RT / GroupMember_Overlay.pm

# BEGIN LICENSE BLOCK
# 
# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
# 
# (Except where explictly superceded by other copyright notices)
# 
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
# 
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# General Public License for more details.
# 
# Unless otherwise specified, all modifications, corrections or
# extensions to this work which alter its source code become the
# property of Best Practical Solutions, LLC when submitted for
# inclusion in the work.
# 
# 
# END LICENSE BLOCK
=head1 NAME

  RT::GroupMember - a member of an RT Group

=head1 SYNOPSIS

RT::GroupMember should never be called directly. It should ONLY
only be accessed through the helper functions in RT::Group;

If you're operating on an RT::GroupMember object yourself, you B<ARE>
doing something wrong.

=head1 DESCRIPTION




=head1 METHODS


=begin testing

ok (require RT::GroupMember);

=end testing


=cut

use strict;
no warnings qw(redefine);
use RT::CachedGroupMembers;

# {{{ sub Create

=head2 Create { Group => undef, Member => undef }

Add a Principal to the group Group.
if the Principal is a group, automatically inserts all
members of the principal into the cached members table recursively down.

Both Group and Member are expected to be RT::Principal objects

=cut

sub Create {
    my $self = shift;
    my %args = (
        Group  => undef,
        Member => undef,
        InsideTransaction => undef,
        @_
    );

    unless ($args{'Group'} &&
            UNIVERSAL::isa($args{'Group'}, 'RT::Principal') &&
            $args{'Group'}->Id ) {

        $RT::Logger->warning("GroupMember::Create called with a bogus Group arg");
        return (undef);
    }

    unless($args{'Group'}->IsGroup) {
        $RT::Logger->warning("Someone tried to add a member to a user instead of a group");
        return (undef);
    }

    unless ($args{'Member'} && 
            UNIVERSAL::isa($args{'Member'}, 'RT::Principal') &&
            $args{'Member'}->Id) {
        $RT::Logger->warning("GroupMember::Create called with a bogus Principal arg");
        return (undef);
    }


    #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. 
    # TODO what about the groups key cache?
    RT::Principal->_InvalidateACLCache();

    $RT::Handle->BeginTransaction() unless ($args{'InsideTransaction'});

    # We really need to make sure we don't add any members to this group
    # that contain the group itself. that would, um, suck. 
    # (and recurse infinitely)  Later, we can add code to check this in the 
    # cache and bail so we can support cycling directed graphs

    if ($args{'Member'}->IsGroup) {
        my $member_object = $args{'Member'}->Object;
        if ($member_object->HasMemberRecursively($args{'Group'})) {
            $RT::Logger->debug("Adding that group would create a loop");
            return(undef);
        }
        elsif ( $args{'Member'}->Id == $args{'Group'}->Id) {
            $RT::Logger->debug("Can't add a group to itself");
            return(undef);
        }
    }


    my $id = $self->SUPER::Create(
        GroupId  => $args{'Group'}->Id,
        MemberId => $args{'Member'}->Id
    );

    unless ($id) {
        $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
        return (undef);
    }

    my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
    my $cached_id     = $cached_member->Create(
        Member          => $args{'Member'},
        Group           => $args{'Group'},
        ImmediateParent => $args{'Group'},
        Via             => '0'
    );


    #When adding a member to a group, we need to go back
    #and popuplate the CachedGroupMembers of all the groups that group is part of .

    my $cgm = RT::CachedGroupMembers->new( $self->CurrentUser );

    # find things which have the current group as a member. 
    # $group is an RT::Principal for the group.
    $cgm->LimitToGroupsWithMember( $args{'Group'}->Id );

    while ( my $parent_member = $cgm->Next ) {
        my $parent_id = $parent_member->MemberId;
        my $via       = $parent_member->Id;
        my $group_id  = $parent_member->GroupId;

          my $other_cached_member =
          RT::CachedGroupMember->new( $self->CurrentUser );
        my $other_cached_id = $other_cached_member->Create(
            Member          => $args{'Member'},
                      Group => $parent_member->GroupObj,
            ImmediateParent => $parent_member->MemberObj,
            Via             => $parent_member->Id
        );
        unless ($other_cached_id) {
            $RT::Logger->err( "Couldn't add " . $args{'Member'}
                  . " as a submember of a supergroup" );
            $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
            return (undef);
        }
    } 

    unless ($cached_id) {
        $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
        return (undef);
    }

    $RT::Handle->Commit() unless ($args{'InsideTransaction'});

    return ($id);
}

# }}}

# {{{ sub _StashUser

=head2 _StashUser PRINCIPAL

Create { Group => undef, Member => undef }

Creates an entry in the groupmembers table, which lists a user
as a member of himself. This makes ACL checks a whole bunch easier.
This happens once on user create and never ever gets yanked out.

PRINCIPAL is expected to be an RT::Principal object for a user

This routine expects to be called inside a transaction by RT::User->Create

=cut

sub _StashUser {
    my $self = shift;
    my %args = (
        Group  => undef,
        Member => undef,
        @_
    );

    #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. 
    # TODO what about the groups key cache?
    RT::Principal->_InvalidateACLCache();


    # We really need to make sure we don't add any members to this group
    # that contain the group itself. that would, um, suck. 
    # (and recurse infinitely)  Later, we can add code to check this in the 
    # cache and bail so we can support cycling directed graphs

    my $id = $self->SUPER::Create(
        GroupId  => $args{'Group'}->Id,
        MemberId => $args{'Member'}->Id,
    );

    unless ($id) {
        return (undef);
    }

    my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
    my $cached_id     = $cached_member->Create(
        Member          => $args{'Member'},
        Group           => $args{'Group'},
        ImmediateParent => $args{'Group'},
        Via             => '0'
    );

    unless ($cached_id) {
        return (undef);
    }

    return ($id);
}

# }}}

# {{{ sub Delete

=head2 Delete

Takes no arguments. deletes the currently loaded member from the 
group in question.

Expects to be called _outside_ a transaction

=cut

sub Delete {
    my $self = shift;


    $RT::Handle->BeginTransaction();

    # Find all occurrences of this member as a member of this group
    # in the cache and nuke them, recursively.

    # The following code will delete all Cached Group members
    # where this member's group is _not_ the primary group 
    # (Ie if we're deleting C as a member of B, and B happens to be 
    # a member of A, will delete C as a member of A without touching
    # C as a member of B

    my $cached_submembers = RT::CachedGroupMembers->new( $self->CurrentUser );

    $cached_submembers->Limit(
        FIELD    => 'MemberId',
        OPERATOR => '=',
        VALUE    => $self->MemberObj->Id
    );

    $cached_submembers->Limit(
        FIELD    => 'ImmediateParentId',
        OPERATOR => '=',
        VALUE    => $self->GroupObj->Id
    );

    #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. 
    # TODO what about the groups key cache?
    RT::Principal->_InvalidateACLCache();




    while ( my $item_to_del = $cached_submembers->Next() ) {
        my $del_err = $item_to_del->Delete();
        unless ($del_err) {
            $RT::Handle->Rollback();
            $RT::Logger->warning("Couldn't delete cached group submember ".$item_to_del->Id);
            return (undef);
        }
    }

    my $err = $self->SUPER::Delete();
    unless ($err) {
            $RT::Logger->warning("Couldn't delete cached group submember ".$self->Id);
        $RT::Handle->Rollback();
        return (undef);
    }
    $RT::Handle->Commit();
    return ($err);

}

# }}}

# {{{ sub MemberObj

=head2 MemberObj

Returns an RT::Principal object for the Principal specified by $self->PrincipalId

=cut

sub MemberObj {
    my $self = shift;
    unless ( defined( $self->{'Member_obj'} ) ) {
        $self->{'Member_obj'} = RT::Principal->new( $self->CurrentUser );
        $self->{'Member_obj'}->Load( $self->MemberId );
    }
    return ( $self->{'Member_obj'} );
}

# }}}

# {{{ sub GroupObj

=head2 GroupObj

Returns an RT::Principal object for the Group specified in $self->GroupId

=cut

sub GroupObj {
    my $self = shift;
    unless ( defined( $self->{'Group_obj'} ) ) {
        $self->{'Group_obj'} = RT::Principal->new( $self->CurrentUser );
        $self->{'Group_obj'}->Load( $self->GroupId );
    }
    return ( $self->{'Group_obj'} );
}

# }}}

1;