1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
55 RT::System is a simple global object used as a focal point for things
58 It works sort of like an RT::Record, except it's really a single object that has
59 an id of "1" when instantiated.
61 This gets used by the ACL system so that you can have rights for the scope "RT::System"
63 In the future, there will probably be other API goodness encapsulated here.
73 use base qw/RT::Record/;
77 # System rights are rights granted to the whole system
78 # XXX TODO Can't localize these outside of having an object around.
80 SuperUser => 'Do anything and everything', # loc_pair
81 AdminUsers => 'Create, modify and delete users', # loc_pair
82 ModifySelf => "Modify one's own RT account", # loc_pair
83 ShowConfigTab => "Show Configuration tab", # loc_pair
84 ShowApprovalsTab => "Show Approvals tab", # loc_pair
85 ShowGlobalTemplates => "Show global templates", # loc_pair
86 LoadSavedSearch => "Allow loading of saved searches", # loc_pair
87 CreateSavedSearch => "Allow creation of saved searches", # loc_pair
88 ExecuteCode => "Allow writing Perl code in templates, scrips, etc", # loc_pair
90 BulkUpdateTickets => "Bulk update tickets",
93 our $RIGHT_CATEGORIES = {
95 AdminUsers => 'Admin',
96 ModifySelf => 'Staff',
97 ShowConfigTab => 'Admin',
98 ShowApprovalsTab => 'Admin',
99 ShowGlobalTemplates => 'Staff',
100 LoadSavedSearch => 'General',
101 CreateSavedSearch => 'General',
102 ExecuteCode => 'Admin',
104 BulkUpdateTickets => 'Staff',
107 # Tell RT::ACE that this sort of object can get acls granted
108 $RT::ACE::OBJECT_TYPES{'RT::System'} = 1;
110 __PACKAGE__->AddRights(%$RIGHTS);
111 __PACKAGE__->AddRightCategories(%$RIGHT_CATEGORIES);
113 =head2 AvailableRights
115 Returns a hash of available rights for this object.
116 The keys are the right names and the values are a
117 description of what the rights do.
119 This method as well returns rights of other RT objects,
120 like L<RT::Queue> or L<RT::Group>. To allow users to apply
121 those rights globally.
130 sub AvailableRights {
133 my $queue = RT::Queue->new(RT->SystemUser);
134 my $group = RT::Group->new(RT->SystemUser);
135 my $cf = RT::CustomField->new(RT->SystemUser);
136 my $class = RT::Class->new(RT->SystemUser);
138 my $qr = $queue->AvailableRights();
139 my $gr = $group->AvailableRights();
140 my $cr = $cf->AvailableRights();
141 my $clr = $class->AvailableRights();
143 # Build a merged list of all system wide rights, queue rights and group rights.
144 my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
145 delete $rights{ExecuteCode} if RT->Config->Get('DisallowExecuteCode');
150 =head2 RightCategories
152 Returns a hashref where the keys are rights for this type of object and the
153 values are the category (General, Staff, Admin) the right falls into.
157 sub RightCategories {
160 my $queue = RT::Queue->new(RT->SystemUser);
161 my $group = RT::Group->new(RT->SystemUser);
162 my $cf = RT::CustomField->new(RT->SystemUser);
163 my $class = RT::Class->new(RT->SystemUser);
165 my $qr = $queue->RightCategories();
166 my $gr = $group->RightCategories();
167 my $cr = $cf->RightCategories();
168 my $clr = $class->RightCategories();
170 # Build a merged list of all system wide rights, queue rights and group rights.
171 my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
176 =head2 AddRights C<RIGHT>, C<DESCRIPTION> [, ...]
178 Adds the given rights to the list of possible rights. This method
179 should be called during server startup, not at runtime.
184 my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__;
186 $RIGHTS = { %$RIGHTS, %new };
187 %RT::ACE::LOWERCASERIGHTNAMES = ( %RT::ACE::LOWERCASERIGHTNAMES,
188 map { lc($_) => $_ } keys %new);
191 =head2 AddRightCategories C<RIGHT>, C<CATEGORY> [, ...]
193 Adds the given right and category pairs to the list of right categories. This
194 method should be called during server startup, not at runtime.
198 sub AddRightCategories {
199 my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__;
201 $RIGHT_CATEGORIES = { %$RIGHT_CATEGORIES, %new };
206 $self->SUPER::_Init (@_) if @_ && $_[0];
211 Returns RT::System's id. It's 1.
220 Since this object is pretending to be an RT::Record, we need a load method.
225 sub Load { return 1 }
226 sub Name { return 'RT System' }
227 sub __Set { return 0 }
228 sub __Value { return 0 }
229 sub Create { return 0 }
230 sub Delete { return 0 }
237 confess "SubjectTag called on $self with $queue" if $queue;
239 return $queue->SubjectTag if $queue;
241 my $queues = RT::Queues->new( $self->CurrentUser );
242 $queues->Limit( FIELD => 'SubjectTag', OPERATOR => 'IS NOT', VALUE => 'NULL' );
243 return $queues->DistinctFieldValues('SubjectTag');
246 =head2 QueueCacheNeedsUpdate ( 1 )
248 Attribute to decide when SelectQueue needs to flush the list of queues
249 and retrieve new ones. Set when queues are created, enabled/disabled
250 and on certain acl changes. Should also better understand group management.
252 If passed a true value, will update the attribute to be the current time.
256 sub QueueCacheNeedsUpdate {
261 return $self->SetAttribute(Name => 'QueueCacheNeedsUpdate', Content => time);
263 my $cache = $self->FirstAttribute('QueueCacheNeedsUpdate');
264 return (defined $cache ? $cache->Content : 0 );
268 RT::Base->_ImportOverlays();