1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
51 RT::Groups - a collection of RT::Group objects
56 my $groups = RT::Groups->new($CurrentUser);
58 while (my $group = $groups->Next()) {
59 print $group->Id ." is a group id\n";
81 use base 'RT::SearchBuilder';
87 # XXX: below some code is marked as subject to generalize in Groups, Users classes.
88 # RUZ suggest name Principals::Generic or Principals::Base as abstract class, but
89 # Jesse wants something that doesn't imply it's a Principals.pm subclass.
90 # See comments below for candidats.
96 $self->{'with_disabled_column'} = 1;
98 my @result = $self->SUPER::_Init(@_);
100 $self->OrderBy( ALIAS => 'main',
104 # XXX: this code should be generalized
105 $self->{'princalias'} = $self->Join(
108 TABLE2 => 'Principals',
112 # even if this condition is useless and ids in the Groups table
113 # only match principals with type 'Group' this could speed up
114 # searches in some DBs.
115 $self->Limit( ALIAS => $self->{'princalias'},
116 FIELD => 'PrincipalType',
123 =head2 PrincipalsAlias
125 Returns the string that represents this Users object's primary "Principals" alias.
129 # XXX: should be generalized, code duplication
130 sub PrincipalsAlias {
132 return($self->{'princalias'});
138 =head2 LimitToSystemInternalGroups
140 Return only SystemInternal Groups, such as "privileged" "unprivileged" and "everyone"
145 sub LimitToSystemInternalGroups {
147 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'SystemInternal');
148 # All system internal groups have the same instance. No reason to limit down further
149 #$self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '0');
155 =head2 LimitToUserDefinedGroups
157 Return only UserDefined Groups
162 sub LimitToUserDefinedGroups {
164 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'UserDefined');
165 # All user-defined groups have the same instance. No reason to limit down further
166 #$self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '');
172 =head2 LimitToRolesForQueue QUEUE_ID
174 Limits the set of groups found to role groups for queue QUEUE_ID
178 sub LimitToRolesForQueue {
181 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::Queue-Role');
182 $self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => $queue);
187 =head2 LimitToRolesForTicket Ticket_ID
189 Limits the set of groups found to role groups for Ticket Ticket_ID
193 sub LimitToRolesForTicket {
196 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::Ticket-Role');
197 $self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '$Ticket');
202 =head2 LimitToRolesForSystem System_ID
204 Limits the set of groups found to role groups for System System_ID
208 sub LimitToRolesForSystem {
210 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::System-Role');
214 =head2 WithMember {PrincipalId => PRINCIPAL_ID, Recursively => undef}
216 Limits the set of groups returned to groups which have
217 Principal PRINCIPAL_ID as a member. Returns the alias used for the join.
223 my %args = ( PrincipalId => undef,
224 Recursively => undef,
228 if ($args{'Recursively'}) {
229 $members = $self->NewAlias('CachedGroupMembers');
231 $members = $self->NewAlias('GroupMembers');
233 $self->Join(ALIAS1 => 'main', FIELD1 => 'id',
234 ALIAS2 => $members, FIELD2 => 'GroupId');
236 $self->Limit(ALIAS => $members, FIELD => 'MemberId', OPERATOR => '=', VALUE => $args{'PrincipalId'});
237 $self->Limit(ALIAS => $members, FIELD => 'Disabled', VALUE => 0)
238 if $args{'Recursively'};
243 sub WithCurrentUser {
245 $self->{with_current_user} = 1;
246 return $self->WithMember(
247 PrincipalId => $self->CurrentUser->PrincipalId,
255 PrincipalId => undef,
256 Recursively => undef,
260 my $members = $args{'Recursively'} ? 'CachedGroupMembers' : 'GroupMembers';
261 my $members_alias = $self->Join(
268 LEFTJOIN => $members_alias,
269 ALIAS => $members_alias,
272 VALUE => $args{'PrincipalId'},
275 LEFTJOIN => $members_alias,
276 ALIAS => $members_alias,
279 ) if $args{'Recursively'};
281 ALIAS => $members_alias,
289 =head2 WithRight { Right => RIGHTNAME, Object => RT::Record, IncludeSystemRights => 1, IncludeSuperusers => 0, EquivObjects => [ ] }
292 Find all groups which have RIGHTNAME for RT::Record. Optionally include global rights and superusers. By default, include the global rights, but not the superusers.
298 #XXX: should be generilized
301 my %args = ( Right => undef,
303 IncludeSystemRights => 1,
304 IncludeSuperusers => undef,
305 IncludeSubgroupMembers => 0,
309 my $from_role = $self->Clone;
310 $from_role->WithRoleRight( %args );
312 my $from_group = $self->Clone;
313 $from_group->WithGroupRight( %args );
316 use DBIx::SearchBuilder 1.50; #no version on ::Union :(
317 use DBIx::SearchBuilder::Union;
318 my $union = DBIx::SearchBuilder::Union->new();
319 $union->add($from_role);
320 $union->add($from_group);
322 bless $self, ref($union);
327 #XXX: methods are active aliases to Users class to prevent code duplication
328 # should be generalized
332 return 'main' unless $args{'IncludeSubgroupMembers'};
333 return $self->RT::Users::_JoinGroups( %args );
335 sub _JoinGroupMembers {
338 return 'main' unless $args{'IncludeSubgroupMembers'};
339 return $self->RT::Users::_JoinGroupMembers( %args );
341 sub _JoinGroupMembersForGroupRights {
344 my $group_members = $self->_JoinGroupMembers( %args );
345 unless( $group_members eq 'main' ) {
346 return $self->RT::Users::_JoinGroupMembersForGroupRights( %args );
348 $self->Limit( ALIAS => $args{'ACLAlias'},
349 FIELD => 'PrincipalId',
354 sub _JoinACL { return (shift)->RT::Users::_JoinACL( @_ ) }
355 sub _RoleClauses { return (shift)->RT::Users::_RoleClauses( @_ ) }
356 sub _WhoHaveRoleRightSplitted { return (shift)->RT::Users::_WhoHaveRoleRightSplitted( @_ ) }
357 sub _GetEquivObjects { return (shift)->RT::Users::_GetEquivObjects( @_ ) }
358 sub WithGroupRight { return (shift)->RT::Users::WhoHaveGroupRight( @_ ) }
359 sub WithRoleRight { return (shift)->RT::Users::WhoHaveRoleRight( @_ ) }
361 sub ForWhichCurrentUserHasRight {
365 IncludeSuperusers => undef,
369 # Non-disabled groups...
370 $self->LimitToEnabled;
372 # ...which are the target object of an ACL with that right, or
373 # where the target is the system object (a global right)
374 my $acl = $self->_JoinACL( %args );
375 $self->_AddSubClause(
376 ACLObjects => "( (main.id = $acl.ObjectId AND $acl.ObjectType = 'RT::Group')"
377 . " OR $acl.ObjectType = 'RT::System')");
379 # ...and where that right is granted to any group..
380 my $member = $self->Join(
382 FIELD1 => 'PrincipalId',
383 TABLE2 => 'CachedGroupMembers',
392 # ...with the current user in it
396 VALUE => $self->CurrentUser->Id,
402 =head2 LimitToEnabled
404 Only find items that haven't been disabled
411 $self->{'handled_disabled_column'} = 1;
413 ALIAS => $self->PrincipalsAlias,
420 =head2 LimitToDeleted
422 Only find items that have been deleted.
429 $self->{'handled_disabled_column'} = $self->{'find_disabled_rows'} = 1;
431 ALIAS => $self->PrincipalsAlias,
443 # If we've explicitly limited to groups the user is a member of (for
444 # dashboard or savedsearch privacy objects), skip the ACL.
445 return unless $self->{with_current_user}
446 or $record->CurrentUserHasRight('SeeGroup');
448 return $self->SUPER::AddRecord( $record );
456 #unless we really want to find disabled rows, make sure we're only finding enabled ones.
457 unless($self->{'find_disabled_rows'}) {
458 $self->LimitToEnabled();
461 return($self->SUPER::_DoSearch(@_));
469 Returns an empty new RT::Group item
475 return(RT::Group->new($self->CurrentUser));
477 RT::Base->_ImportOverlays();