1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
6 # <jesse@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/copyleft/gpl.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
50 RT::Groups - a collection of RT::Group objects
55 my $groups = $RT::Groups->new($CurrentUser);
57 while (my $group = $groups->Next()) {
58 print $group->Id ." is a group id\n";
69 ok (require RT::Groups);
79 no warnings qw(redefine);
83 # XXX: below some code is marked as subject to generalize in Groups, Users classes.
84 # RUZ suggest name Principals::Generic or Principals::Base as abstract class, but
85 # Jesse wants something that doesn't imply it's a Principals.pm subclass.
86 # See comments below for candidats.
94 # Groups->Limit( FIELD => 'id', OPERATOR => '!=', VALUE => xx );
95 my $g = RT::Group->new($RT::SystemUser);
96 my ($id, $msg) = $g->CreateUserDefinedGroup(Name => 'GroupsNotEqualTest');
97 ok ($id, "created group #". $g->id) or diag("error: $msg");
99 my $groups = RT::Groups->new($RT::SystemUser);
100 $groups->Limit( FIELD => 'id', OPERATOR => '!=', VALUE => $g->id );
101 $groups->LimitToUserDefinedGroups();
102 my $bug = grep $_->id == $g->id, @{$groups->ItemsArrayRef};
103 ok (!$bug, "didn't find group");
111 $self->{'table'} = "Groups";
112 $self->{'primary_key'} = "id";
114 my @result = $self->SUPER::_Init(@_);
116 $self->OrderBy( ALIAS => 'main',
120 # XXX: this code should be generalized
121 $self->{'princalias'} = $self->Join(
124 TABLE2 => 'Principals',
128 # even if this condition is useless and ids in the Groups table
129 # only match principals with type 'Group' this could speed up
130 # searches in some DBs.
131 $self->Limit( ALIAS => $self->{'princalias'},
132 FIELD => 'PrincipalType',
140 =head2 PrincipalsAlias
142 Returns the string that represents this Users object's primary "Principals" alias.
146 # XXX: should be generalized, code duplication
147 sub PrincipalsAlias {
149 return($self->{'princalias'});
154 # {{{ LimiToSystemInternalGroups
156 =head2 LimitToSystemInternalGroups
158 Return only SystemInternal Groups, such as "privileged" "unprivileged" and "everyone"
163 sub LimitToSystemInternalGroups {
165 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'SystemInternal');
166 # All system internal groups have the same instance. No reason to limit down further
167 #$self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '0');
173 # {{{ LimiToUserDefinedGroups
175 =head2 LimitToUserDefined Groups
177 Return only UserDefined Groups
182 sub LimitToUserDefinedGroups {
184 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'UserDefined');
185 # All user-defined groups have the same instance. No reason to limit down further
186 #$self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '');
192 # {{{ LimiToPersonalGroups
194 =head2 LimitToPersonalGroupsFor PRINCIPAL_ID
196 Return only Personal Groups for the user whose principal id
202 sub LimitToPersonalGroupsFor {
206 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'Personal');
207 $self->Limit( FIELD => 'Instance',
215 # {{{ LimitToRolesForQueue
217 =head2 LimitToRolesForQueue QUEUE_ID
219 Limits the set of groups found to role groups for queue QUEUE_ID
223 sub LimitToRolesForQueue {
226 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::Queue-Role');
227 $self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => $queue);
232 # {{{ LimitToRolesForTicket
234 =head2 LimitToRolesForTicket Ticket_ID
236 Limits the set of groups found to role groups for Ticket Ticket_ID
240 sub LimitToRolesForTicket {
243 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::Ticket-Role');
244 $self->Limit(FIELD => 'Instance', OPERATOR => '=', VALUE => '$Ticket');
249 # {{{ LimitToRolesForSystem
251 =head2 LimitToRolesForSystem System_ID
253 Limits the set of groups found to role groups for System System_ID
257 sub LimitToRolesForSystem {
259 $self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'RT::System-Role');
264 =head2 WithMember {PrincipalId => PRINCIPAL_ID, Recursively => undef}
266 Limits the set of groups returned to groups which have
267 Principal PRINCIPAL_ID as a member
271 my $u = RT::User->new($RT::SystemUser);
272 $u->Create(Name => 'Membertests');
273 my $g = RT::Group->new($RT::SystemUser);
274 my ($id, $msg) = $g->CreateUserDefinedGroup(Name => 'Membertests');
277 my ($aid, $amsg) =$g->AddMember($u->id);
279 ok($g->HasMember($u->PrincipalObj),"G has member u");
281 my $groups = RT::Groups->new($RT::SystemUser);
282 $groups->LimitToUserDefinedGroups();
283 $groups->WithMember(PrincipalId => $u->id);
284 ok ($groups->Count == 1,"found the 1 group - " . $groups->Count);
285 ok ($groups->First->Id == $g->Id, "it's the right one");
294 my %args = ( PrincipalId => undef,
295 Recursively => undef,
299 if ($args{'Recursively'}) {
300 $members = $self->NewAlias('CachedGroupMembers');
302 $members = $self->NewAlias('GroupMembers');
304 $self->Join(ALIAS1 => 'main', FIELD1 => 'id',
305 ALIAS2 => $members, FIELD2 => 'GroupId');
307 $self->Limit(ALIAS => $members, FIELD => 'MemberId', OPERATOR => '=', VALUE => $args{'PrincipalId'});
311 =head2 WithRight { Right => RIGHTNAME, Object => RT::Record, IncludeSystemRights => 1, IncludeSuperusers => 0, EquivObjects => [ ] }
314 Find all groups which have RIGHTNAME for RT::Record. Optionally include global rights and superusers. By default, include the global rights, but not the superusers.
318 my $q = RT::Queue->new($RT::SystemUser);
319 my ($id, $msg) =$q->Create( Name => 'GlobalACLTest');
322 my $testuser = RT::User->new($RT::SystemUser);
323 ($id,$msg) = $testuser->Create(Name => 'JustAnAdminCc');
326 my $global_admin_cc = RT::Group->new($RT::SystemUser);
327 $global_admin_cc->LoadSystemRoleGroup('AdminCc');
328 ok($global_admin_cc->id, "Found the global admincc group");
329 my $groups = RT::Groups->new($RT::SystemUser);
330 $groups->WithRight(Right => 'OwnTicket', Object => $q);
331 is($groups->Count, 1);
332 ($id, $msg) = $global_admin_cc->PrincipalObj->GrantRight(Right =>'OwnTicket', Object=> $RT::System);
334 ok (!$testuser->HasRight(Object => $q, Right => 'OwnTicket') , "The test user does not have the right to own tickets in the test queue");
335 ($id, $msg) = $q->AddWatcher(Type => 'AdminCc', PrincipalId => $testuser->id);
337 ok ($testuser->HasRight(Object => $q, Right => 'OwnTicket') , "The test user does have the right to own tickets now. thank god.");
339 $groups = RT::Groups->new($RT::SystemUser);
340 $groups->WithRight(Right => 'OwnTicket', Object => $q);
342 is($groups->Count, 3);
344 my $RTxGroup = RT::Group->new($RT::SystemUser);
345 ($id, $msg) = $RTxGroup->CreateUserDefinedGroup( Name => 'RTxGroup', Description => "RTx extension group");
349 bless $RTxSysObj, 'RTx::System';
350 *RTx::System::Id = sub { 1; };
351 *RTx::System::id = *RTx::System::Id;
352 my $ace = RT::Record->new($RT::SystemUser);
354 $ace->_BuildTableAttributes unless ($_TABLE_ATTR->{ref($self)});
355 ($id, $msg) = $ace->Create( PrincipalId => $RTxGroup->id, PrincipalType => 'Group', RightName => 'RTxGroupRight', ObjectType => 'RTx::System', ObjectId => 1);
356 ok ($id, "ACL for RTxSysObj created");
359 bless $RTxObj, 'RTx::System::Record';
360 *RTx::System::Record::Id = sub { 4; };
361 *RTx::System::Record::id = *RTx::System::Record::Id;
363 $groups = RT::Groups->new($RT::SystemUser);
364 $groups->WithRight(Right => 'RTxGroupRight', Object => $RTxSysObj);
365 is($groups->Count, 1, "RTxGroupRight found for RTxSysObj");
367 $groups = RT::Groups->new($RT::SystemUser);
368 $groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj);
369 is($groups->Count, 0, "RTxGroupRight not found for RTxObj");
371 $groups = RT::Groups->new($RT::SystemUser);
372 $groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj, EquivObjects => [ $RTxSysObj ]);
373 is($groups->Count, 1, "RTxGroupRight found for RTxObj using EquivObjects");
375 $ace = RT::Record->new($RT::SystemUser);
377 $ace->_BuildTableAttributes unless ($_TABLE_ATTR->{ref($self)});
378 ($id, $msg) = $ace->Create( PrincipalId => $RTxGroup->id, PrincipalType => 'Group', RightName => 'RTxGroupRight', ObjectType => 'RTx::System::Record', ObjectId => 5 );
379 ok ($id, "ACL for RTxObj created");
382 bless $RTxObj2, 'RTx::System::Record';
383 *RTx::System::Record::Id = sub { 5; };
385 $groups = RT::Groups->new($RT::SystemUser);
386 $groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj2);
387 is($groups->Count, 1, "RTxGroupRight found for RTxObj2");
389 $groups = RT::Groups->new($RT::SystemUser);
390 $groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj2, EquivObjects => [ $RTxSysObj ]);
391 is($groups->Count, 1, "RTxGroupRight found for RTxObj2");
400 #XXX: should be generilized
403 my %args = ( Right => undef,
405 IncludeSystemRights => 1,
406 IncludeSuperusers => undef,
407 IncludeSubgroupMembers => 0,
411 my $from_role = $self->Clone;
412 $from_role->WithRoleRight( %args );
414 my $from_group = $self->Clone;
415 $from_group->WithGroupRight( %args );
418 use DBIx::SearchBuilder 1.50; #no version on ::Union :(
419 use DBIx::SearchBuilder::Union;
420 my $union = new DBIx::SearchBuilder::Union;
421 $union->add($from_role);
422 $union->add($from_group);
424 bless $self, ref($union);
429 #XXX: methods are active aliases to Users class to prevent code duplication
430 # should be generalized
434 return 'main' unless $args{'IncludeSubgroupMembers'};
435 return $self->RT::Users::_JoinGroups( %args );
437 sub _JoinGroupMembers {
440 return 'main' unless $args{'IncludeSubgroupMembers'};
441 return $self->RT::Users::_JoinGroupMembers( %args );
443 sub _JoinGroupMembersForGroupRights {
446 my $group_members = $self->_JoinGroupMembers( %args );
447 unless( $group_members eq 'main' ) {
448 return $self->RT::Users::_JoinGroupMembersForGroupRights( %args );
450 $self->Limit( ALIAS => $args{'ACLAlias'},
451 FIELD => 'PrincipalId',
456 sub _JoinACL { return (shift)->RT::Users::_JoinACL( @_ ) }
457 sub _RoleClauses { return (shift)->RT::Users::_RoleClauses( @_ ) }
458 sub _WhoHaveRoleRightSplitted { return (shift)->RT::Users::_WhoHaveRoleRightSplitted( @_ ) }
459 sub _GetEquivObjects { return (shift)->RT::Users::_GetEquivObjects( @_ ) }
460 sub WithGroupRight { return (shift)->RT::Users::WhoHaveGroupRight( @_ ) }
461 sub WithRoleRight { return (shift)->RT::Users::WhoHaveRoleRight( @_ ) }
463 # {{{ sub LimitToEnabled
465 =head2 LimitToEnabled
467 Only find items that haven\'t been disabled
474 $self->Limit( ALIAS => $self->PrincipalsAlias,
482 # {{{ sub LimitToDisabled
484 =head2 LimitToDeleted
486 Only find items that have been deleted.
493 $self->{'find_disabled_rows'} = 1;
494 $self->Limit( ALIAS => $self->PrincipalsAlias,
507 # Don't show groups which the user isn't allowed to see.
509 my $Group = $self->SUPER::Next();
510 if ((defined($Group)) and (ref($Group))) {
511 unless ($Group->CurrentUserHasRight('SeeGroup')) {
512 return $self->Next();
527 #unless we really want to find disabled rows, make sure we\'re only finding enabled ones.
528 unless($self->{'find_disabled_rows'}) {
529 $self->LimitToEnabled();
532 return($self->SUPER::_DoSearch(@_));