1 # {{{ BEGIN BPS TAGGED BLOCK
5 # This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC
6 # <jesse@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 # CONTRIBUTION SUBMISSION POLICY:
30 # (The following paragraph is not intended to limit the rights granted
31 # to you to modify and distribute this software under the terms of
32 # the GNU General Public License and is only of importance to you if
33 # you choose to contribute your changes and enhancements to the
34 # community by submitting them to Best Practical Solutions, LLC.)
36 # By intentionally submitting any modifications, corrections or
37 # derivatives to this work, or any other work intended for use with
38 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
39 # you are the copyright holder for those contributions and you grant
40 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
41 # royalty-free, perpetual, license to use, copy, create derivative
42 # works based on those contributions, and sublicense and distribute
43 # those contributions and any derivatives thereof.
45 # }}} END BPS TAGGED BLOCK
48 RT::Users - Collection of RT::User objects
62 ok(require RT::Users);
69 no warnings qw(redefine);
74 $self->{'table'} = 'Users';
75 $self->{'primary_key'} = 'id';
79 my @result = $self->SUPER::_Init(@_);
80 # By default, order by name
81 $self->OrderBy( ALIAS => 'main',
85 $self->{'princalias'} = $self->NewAlias('Principals');
87 $self->Join( ALIAS1 => 'main',
89 ALIAS2 => $self->{'princalias'},
97 =head2 PrincipalsAlias
99 Returns the string that represents this Users object's primary "Principals" alias.
104 sub PrincipalsAlias {
106 return($self->{'princalias'});
115 A subclass of DBIx::SearchBuilder::_DoSearch that makes sure that _Disabled rows never get seen unless
116 we're explicitly trying to see them.
123 #unless we really want to find disabled rows, make sure we\'re only finding enabled ones.
124 unless ( $self->{'find_disabled_rows'} ) {
125 $self->LimitToEnabled();
127 return ( $self->SUPER::_DoSearch(@_) );
132 # {{{ sub LimitToEnabled
134 =head2 LimitToEnabled
136 Only find items that haven\'t been disabled
143 $self->Limit( ALIAS => $self->{'princalias'},
155 Takes one argument. an email address. limits the returned set to
163 $self->Limit( FIELD => 'EmailAddress', VALUE => "$addr" );
170 =head2 MemberOfGroup PRINCIPAL_ID
172 takes one argument, a group's principal id. Limits the returned set
173 to members of a given group
181 return $self->loc("No group specified") if ( !defined $group );
183 my $groupalias = $self->NewAlias('CachedGroupMembers');
185 # Join the principal to the groups table
186 $self->Join( ALIAS1 => $self->{'princalias'},
188 ALIAS2 => $groupalias,
189 FIELD2 => 'MemberId' );
191 $self->Limit( ALIAS => "$groupalias",
199 # {{{ LimitToPrivileged
201 =head2 LimitToPrivileged
203 Limits to users who can be made members of ACLs and groups
207 sub LimitToPrivileged {
210 my $priv = RT::Group->new( $self->CurrentUser );
211 $priv->LoadSystemInternalGroup('Privileged');
212 unless ( $priv->Id ) {
213 $RT::Logger->crit("Couldn't find a privileged users group");
215 $self->MemberOfGroup( $priv->PrincipalId );
222 =head2 WhoHaveRight { Right => 'name', Object => $rt_object , IncludeSuperusers => undef, IncludeSubgroupMembers => undef, IncludeSystemRights => undef }
226 ok(my $users = RT::Users->new($RT::SystemUser));
227 $users->WhoHaveRight(Object =>$RT::System, Right =>'SuperUser');
228 ok($users->Count == 1, "There is one privileged superuser - Found ". $users->Count );
229 # TODO: this wants more testing
235 find all users who the right Right for this group, either individually
236 or as members of groups
246 my %args = ( Right => undef,
248 IncludeSystemRights => undef,
249 IncludeSuperusers => undef,
250 IncludeSubgroupMembers => 1,
253 if (defined $args{'ObjectType'} || defined $args{'ObjectId'}) {
254 $RT::Logger->crit("$self WhoHaveRight called with the Obsolete ObjectId/ObjectType API");
258 my $Groups = RT::Groups->new($RT::SystemUser);
259 $Groups->WithRight(Right=> $args{'Right'},
260 Object => $args{'Object'},
261 IncludeSystemRights => $args{'IncludeSystemRights'},
262 IncludeSuperusers => $args{'IncludeSuperusers'});
263 while (my $Group = $Groups->Next()) {
264 push @privgroups, $Group->Id();
269 $self->WhoBelongToGroups(Groups => \@privgroups,
270 IncludeSubgroupMembers => $args{'IncludeSubgroupMembers'});
273 # We don't have any group that matches -- make it impossible.
274 $self->Limit( FIELD => 'Id', VALUE => 'IS', OPERATOR => 'NULL' );
280 # {{{ WhoBelongToGroups
282 =head2 WhoBelongToGroups { Groups => ARRAYREF, IncludeSubgroupMembers => 1 }
286 sub WhoBelongToGroups {
288 my %args = ( Groups => undef,
289 IncludeSubgroupMembers => 1,
292 # Unprivileged users can't be granted real system rights.
293 # is this really the right thing to be saying?
294 $self->LimitToPrivileged();
296 my $userprinc = $self->{'princalias'};
299 # The cachedgroupmembers table is used for unrolling group memberships to allow fast lookups
300 # if we bind to CachedGroupMembers, we'll find all members of groups recursively.
301 # if we don't we'll find only 'direct' members of the group in question
303 if ( $args{'IncludeSubgroupMembers'} ) {
304 $cgm = $self->NewAlias('CachedGroupMembers');
307 $cgm = $self->NewAlias('GroupMembers');
310 # {{{ Tie the users we're returning ($userprinc) to the groups that have rights granted to them ($groupprinc)
311 $self->Join( ALIAS1 => $cgm, FIELD1 => 'MemberId',
312 ALIAS2 => $userprinc, FIELD2 => 'id' );
315 # my $and_check_groups = "($cgm.GroupId = NULL";
316 foreach my $groupid (@{$args{'Groups'}}) {
317 $self->Limit(ALIAS => $cgm, FIELD => 'GroupId', VALUE => $groupid, QUOTEVALUE => 0, ENTRYAGGREGATOR=> 'OR')
319 #$and_check_groups .= " OR $cgm.GroupId = $groupid";
321 #$and_check_groups .= ")";
323 #$self->_AddSubClause("WhichGroup", $and_check_groups);