1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
51 RT::GroupMember - a member of an RT Group
55 RT::GroupMember should never be called directly. It should ONLY
56 only be accessed through the helper functions in RT::Group;
58 If you're operating on an RT::GroupMember object yourself, you B<ARE>
59 doing something wrong.
74 package RT::GroupMember;
77 no warnings qw(redefine);
78 use RT::CachedGroupMembers;
82 =head2 Create { Group => undef, Member => undef }
84 Add a Principal to the group Group.
85 if the Principal is a group, automatically inserts all
86 members of the principal into the cached members table recursively down.
88 Both Group and Member are expected to be RT::Principal objects
97 InsideTransaction => undef,
101 unless ($args{'Group'} &&
102 UNIVERSAL::isa($args{'Group'}, 'RT::Principal') &&
103 $args{'Group'}->Id ) {
105 $RT::Logger->warning("GroupMember::Create called with a bogus Group arg");
109 unless($args{'Group'}->IsGroup) {
110 $RT::Logger->warning("Someone tried to add a member to a user instead of a group");
114 unless ($args{'Member'} &&
115 UNIVERSAL::isa($args{'Member'}, 'RT::Principal') &&
116 $args{'Member'}->Id) {
117 $RT::Logger->warning("GroupMember::Create called with a bogus Principal arg");
122 #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
123 # TODO what about the groups key cache?
124 RT::Principal->InvalidateACLCache();
126 $RT::Handle->BeginTransaction() unless ($args{'InsideTransaction'});
128 # We really need to make sure we don't add any members to this group
129 # that contain the group itself. that would, um, suck.
130 # (and recurse infinitely) Later, we can add code to check this in the
131 # cache and bail so we can support cycling directed graphs
133 if ($args{'Member'}->IsGroup) {
134 my $member_object = $args{'Member'}->Object;
135 if ($member_object->HasMemberRecursively($args{'Group'})) {
136 $RT::Logger->debug("Adding that group would create a loop");
137 $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
140 elsif ( $args{'Member'}->Id == $args{'Group'}->Id) {
141 $RT::Logger->debug("Can't add a group to itself");
142 $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
148 my $id = $self->SUPER::Create(
149 GroupId => $args{'Group'}->Id,
150 MemberId => $args{'Member'}->Id
154 $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
158 my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
159 my $cached_id = $cached_member->Create(
160 Member => $args{'Member'},
161 Group => $args{'Group'},
162 ImmediateParent => $args{'Group'},
167 #When adding a member to a group, we need to go back
168 #and popuplate the CachedGroupMembers of all the groups that group is part of .
170 my $cgm = RT::CachedGroupMembers->new( $self->CurrentUser );
172 # find things which have the current group as a member.
173 # $group is an RT::Principal for the group.
174 $cgm->LimitToGroupsWithMember( $args{'Group'}->Id );
176 SUBCLAUSE => 'filter', # dont't mess up with prev condition
179 VALUE => 'main.GroupId',
181 ENTRYAGGREGATOR => 'AND',
184 while ( my $parent_member = $cgm->Next ) {
185 my $parent_id = $parent_member->MemberId;
186 my $via = $parent_member->Id;
187 my $group_id = $parent_member->GroupId;
189 my $other_cached_member =
190 RT::CachedGroupMember->new( $self->CurrentUser );
191 my $other_cached_id = $other_cached_member->Create(
192 Member => $args{'Member'},
193 Group => $parent_member->GroupObj,
194 ImmediateParent => $parent_member->MemberObj,
195 Via => $parent_member->Id
197 unless ($other_cached_id) {
198 $RT::Logger->err( "Couldn't add " . $args{'Member'}
199 . " as a submember of a supergroup" );
200 $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
205 unless ($cached_id) {
206 $RT::Handle->Rollback() unless ($args{'InsideTransaction'});
210 $RT::Handle->Commit() unless ($args{'InsideTransaction'});
219 =head2 _StashUser PRINCIPAL
221 Create { Group => undef, Member => undef }
223 Creates an entry in the groupmembers table, which lists a user
224 as a member of himself. This makes ACL checks a whole bunch easier.
225 This happens once on user create and never ever gets yanked out.
227 PRINCIPAL is expected to be an RT::Principal object for a user
229 This routine expects to be called inside a transaction by RT::User->Create
241 #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
242 # TODO what about the groups key cache?
243 RT::Principal->InvalidateACLCache();
246 # We really need to make sure we don't add any members to this group
247 # that contain the group itself. that would, um, suck.
248 # (and recurse infinitely) Later, we can add code to check this in the
249 # cache and bail so we can support cycling directed graphs
251 my $id = $self->SUPER::Create(
252 GroupId => $args{'Group'}->Id,
253 MemberId => $args{'Member'}->Id,
260 my $cached_member = RT::CachedGroupMember->new( $self->CurrentUser );
261 my $cached_id = $cached_member->Create(
262 Member => $args{'Member'},
263 Group => $args{'Group'},
264 ImmediateParent => $args{'Group'},
268 unless ($cached_id) {
281 Takes no arguments. deletes the currently loaded member from the
284 Expects to be called _outside_ a transaction
292 $RT::Handle->BeginTransaction();
294 # Find all occurrences of this member as a member of this group
295 # in the cache and nuke them, recursively.
297 # The following code will delete all Cached Group members
298 # where this member's group is _not_ the primary group
299 # (Ie if we're deleting C as a member of B, and B happens to be
300 # a member of A, will delete C as a member of A without touching
303 my $cached_submembers = RT::CachedGroupMembers->new( $self->CurrentUser );
305 $cached_submembers->Limit(
308 VALUE => $self->MemberObj->Id
311 $cached_submembers->Limit(
312 FIELD => 'ImmediateParentId',
314 VALUE => $self->GroupObj->Id
321 while ( my $item_to_del = $cached_submembers->Next() ) {
322 my $del_err = $item_to_del->Delete();
324 $RT::Handle->Rollback();
325 $RT::Logger->warning("Couldn't delete cached group submember ".$item_to_del->Id);
330 my ($err, $msg) = $self->SUPER::Delete();
332 $RT::Logger->warning("Couldn't delete cached group submember ".$self->Id);
333 $RT::Handle->Rollback();
337 # Since this deletion may have changed the former member's
338 # delegation rights, we need to ensure that no invalid delegations
340 $err = $self->MemberObj->CleanupInvalidDelegations(InsideTransaction => 1);
342 $RT::Logger->warning("Unable to revoke delegated rights for principal ".$self->Id);
343 $RT::Handle->Rollback();
347 #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
348 # TODO what about the groups key cache?
349 RT::Principal->InvalidateACLCache();
351 $RT::Handle->Commit();
362 Returns an RT::Principal object for the Principal specified by $self->PrincipalId
368 unless ( defined( $self->{'Member_obj'} ) ) {
369 $self->{'Member_obj'} = RT::Principal->new( $self->CurrentUser );
370 $self->{'Member_obj'}->Load( $self->MemberId ) if ($self->MemberId);
372 return ( $self->{'Member_obj'} );
381 Returns an RT::Principal object for the Group specified in $self->GroupId
387 unless ( defined( $self->{'Group_obj'} ) ) {
388 $self->{'Group_obj'} = RT::Principal->new( $self->CurrentUser );
389 $self->{'Group_obj'}->Load( $self->GroupId );
391 return ( $self->{'Group_obj'} );