1 # BEGIN BPS TAGGED BLOCK {{{
5 # This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
6 # <sales@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
26 # 02110-1301 or visit their web page on the internet at
27 # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
30 # CONTRIBUTION SUBMISSION POLICY:
32 # (The following paragraph is not intended to limit the rights granted
33 # to you to modify and distribute this software under the terms of
34 # the GNU General Public License and is only of importance to you if
35 # you choose to contribute your changes and enhancements to the
36 # community by submitting them to Best Practical Solutions, LLC.)
38 # By intentionally submitting any modifications, corrections or
39 # derivatives to this work, or any other work intended for use with
40 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
41 # you are the copyright holder for those contributions and you grant
42 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
43 # royalty-free, perpetual, license to use, copy, create derivative
44 # works based on those contributions, and sublicense and distribute
45 # those contributions and any derivatives thereof.
47 # END BPS TAGGED BLOCK }}}
55 RT::System is a simple global object used as a focal point for things
58 It works sort of like an RT::Record, except it's really a single object that has
59 an id of "1" when instantiated.
61 This gets used by the ACL system so that you can have rights for the scope "RT::System"
63 In the future, there will probably be other API goodness encapsulated here.
73 use base qw/RT::Record/;
77 # System rights are rights granted to the whole system
78 # XXX TODO Can't localize these outside of having an object around.
80 SuperUser => 'Do anything and everything', # loc_pair
81 AdminUsers => 'Create, modify and delete users', # loc_pair
82 ModifySelf => "Modify one's own RT account", # loc_pair
83 ShowConfigTab => "Show Configuration tab", # loc_pair
84 ShowApprovalsTab => "Show Approvals tab", # loc_pair
85 ShowGlobalTemplates => "Show global templates", # loc_pair
86 LoadSavedSearch => "Allow loading of saved searches", # loc_pair
87 CreateSavedSearch => "Allow creation of saved searches", # loc_pair
88 ExecuteCode => "Allow writing Perl code in templates, scrips, etc", # loc_pair
91 our $RIGHT_CATEGORIES = {
93 AdminUsers => 'Admin',
94 ModifySelf => 'Staff',
95 ShowConfigTab => 'Admin',
96 ShowApprovalsTab => 'Admin',
97 ShowGlobalTemplates => 'Staff',
98 LoadSavedSearch => 'General',
99 CreateSavedSearch => 'General',
100 ExecuteCode => 'Admin',
103 # Tell RT::ACE that this sort of object can get acls granted
104 $RT::ACE::OBJECT_TYPES{'RT::System'} = 1;
106 __PACKAGE__->AddRights(%$RIGHTS);
107 __PACKAGE__->AddRightCategories(%$RIGHT_CATEGORIES);
109 =head2 AvailableRights
111 Returns a hash of available rights for this object.
112 The keys are the right names and the values are a
113 description of what the rights do.
115 This method as well returns rights of other RT objects,
116 like L<RT::Queue> or L<RT::Group>. To allow users to apply
117 those rights globally.
126 sub AvailableRights {
129 my $queue = RT::Queue->new(RT->SystemUser);
130 my $group = RT::Group->new(RT->SystemUser);
131 my $cf = RT::CustomField->new(RT->SystemUser);
132 my $class = RT::Class->new(RT->SystemUser);
134 my $qr = $queue->AvailableRights();
135 my $gr = $group->AvailableRights();
136 my $cr = $cf->AvailableRights();
137 my $clr = $class->AvailableRights();
139 # Build a merged list of all system wide rights, queue rights and group rights.
140 my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
141 delete $rights{ExecuteCode} if RT->Config->Get('DisallowExecuteCode');
146 =head2 RightCategories
148 Returns a hashref where the keys are rights for this type of object and the
149 values are the category (General, Staff, Admin) the right falls into.
153 sub RightCategories {
156 my $queue = RT::Queue->new(RT->SystemUser);
157 my $group = RT::Group->new(RT->SystemUser);
158 my $cf = RT::CustomField->new(RT->SystemUser);
159 my $class = RT::Class->new(RT->SystemUser);
161 my $qr = $queue->RightCategories();
162 my $gr = $group->RightCategories();
163 my $cr = $cf->RightCategories();
164 my $clr = $class->RightCategories();
166 # Build a merged list of all system wide rights, queue rights and group rights.
167 my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr}, %{$clr});
172 =head2 AddRights C<RIGHT>, C<DESCRIPTION> [, ...]
174 Adds the given rights to the list of possible rights. This method
175 should be called during server startup, not at runtime.
180 my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__;
182 $RIGHTS = { %$RIGHTS, %new };
183 %RT::ACE::LOWERCASERIGHTNAMES = ( %RT::ACE::LOWERCASERIGHTNAMES,
184 map { lc($_) => $_ } keys %new);
187 =head2 AddRightCategories C<RIGHT>, C<CATEGORY> [, ...]
189 Adds the given right and category pairs to the list of right categories. This
190 method should be called during server startup, not at runtime.
194 sub AddRightCategories {
195 my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__;
197 $RIGHT_CATEGORIES = { %$RIGHT_CATEGORIES, %new };
202 $self->SUPER::_Init (@_) if @_ && $_[0];
207 Returns RT::System's id. It's 1.
216 Since this object is pretending to be an RT::Record, we need a load method.
221 sub Load { return 1 }
222 sub Name { return 'RT System' }
223 sub __Set { return 0 }
224 sub __Value { return 0 }
225 sub Create { return 0 }
226 sub Delete { return 0 }
233 confess "SubjectTag called on $self with $queue" if $queue;
235 return $queue->SubjectTag if $queue;
237 my $queues = RT::Queues->new( $self->CurrentUser );
238 $queues->Limit( FIELD => 'SubjectTag', OPERATOR => 'IS NOT', VALUE => 'NULL' );
239 return $queues->DistinctFieldValues('SubjectTag');
242 =head2 QueueCacheNeedsUpdate ( 1 )
244 Attribute to decide when SelectQueue needs to flush the list of queues
245 and retrieve new ones. Set when queues are created, enabled/disabled
246 and on certain acl changes. Should also better understand group management.
248 If passed a true value, will update the attribute to be the current time.
252 sub QueueCacheNeedsUpdate {
257 return $self->SetAttribute(Name => 'QueueCacheNeedsUpdate', Content => time);
259 my $cache = $self->FirstAttribute('QueueCacheNeedsUpdate');
260 return (defined $cache ? $cache->Content : 0 );
264 RT::Base->_ImportOverlays();