3 # Copyright (c) 1996-2002 Jesse Vincent <jesse@bestpractical.com>
5 # (Except where explictly superceded by other copyright notices)
7 # This work is made available to you under the terms of Version 2 of
8 # the GNU General Public License. A copy of that license should have
9 # been provided with this software, but in any event can be snarfed
12 # This work is distributed in the hope that it will be useful, but
13 # WITHOUT ANY WARRANTY; without even the implied warranty of
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 # General Public License for more details.
18 # Unless otherwise specified, all modifications, corrections or
19 # extensions to this work which alter its source code become the
20 # property of Best Practical Solutions, LLC when submitted for
21 # inclusion in the work.
27 RT::Users - Collection of RT::User objects
41 ok(require RT::Users);
48 no warnings qw(redefine);
53 $self->{'table'} = 'Users';
54 $self->{'primary_key'} = 'id';
58 my @result = $self->SUPER::_Init(@_);
59 # By default, order by name
60 $self->OrderBy( ALIAS => 'main',
64 $self->{'princalias'} = $self->NewAlias('Principals');
66 $self->Join( ALIAS1 => 'main',
68 ALIAS2 => $self->{'princalias'},
71 $self->Limit( ALIAS => $self->{'princalias'},
72 FIELD => 'PrincipalType',
84 A subclass of DBIx::SearchBuilder::_DoSearch that makes sure that _Disabled rows never get seen unless
85 we're explicitly trying to see them.
92 #unless we really want to find disabled rows, make sure we\'re only finding enabled ones.
93 unless ( $self->{'find_disabled_rows'} ) {
94 $self->LimitToEnabled();
96 return ( $self->SUPER::_DoSearch(@_) );
101 # {{{ sub LimitToEnabled
103 =head2 LimitToEnabled
105 Only find items that haven\'t been disabled
112 $self->Limit( ALIAS => $self->{'princalias'},
124 Takes one argument. an email address. limits the returned set to
132 $self->Limit( FIELD => 'EmailAddress', VALUE => "$addr" );
139 =head2 MemberOfGroup PRINCIPAL_ID
141 takes one argument, a group's principal id. Limits the returned set
142 to members of a given group
150 return $self->loc("No group specified") if ( !defined $group );
152 my $groupalias = $self->NewAlias('CachedGroupMembers');
154 # Join the principal to the groups table
155 $self->Join( ALIAS1 => $self->{'princalias'},
157 ALIAS2 => $groupalias,
158 FIELD2 => 'MemberId' );
160 $self->Limit( ALIAS => "$groupalias",
168 # {{{ LimitToPrivileged
170 =head2 LimitToPrivileged
172 Limits to users who can be made members of ACLs and groups
176 sub LimitToPrivileged {
179 my $priv = RT::Group->new( $self->CurrentUser );
180 $priv->LoadSystemInternalGroup('Privileged');
181 unless ( $priv->Id ) {
182 $RT::Logger->crit("Couldn't find a privileged users group");
184 $self->MemberOfGroup( $priv->PrincipalId );
191 =head2 WhoHaveRight { Right => 'name', Object => $rt_object , IncludeSuperusers => undef, IncludeSubgroupMembers => undef, IncludeSystemRights => undef }
195 ok(my $users = RT::Users->new($RT::SystemUser));
196 $users->WhoHaveRight(Object =>$RT::System, Right =>'SuperUser');
197 ok($users->Count == 1, "There is one privileged superuser - Found ". $users->Count );
198 # TODO: this wants more testing
204 find all users who the right Right for this group, either individually
205 or as members of groups
215 my %args = ( Right => undef,
217 IncludeSystemRights => undef,
218 IncludeSuperusers => undef,
219 IncludeSubgroupMembers => 1,
222 if (defined $args{'ObjectType'} || defined $args{'ObjectId'}) {
223 $RT::Logger->crit("$self WhoHaveRight called with the Obsolete ObjectId/ObjectType API");
227 my $Groups = RT::Groups->new($RT::SystemUser);
228 $Groups->WithRight(Right=> $args{'Right'},
229 Object => $args{'Object'},
230 IncludeSystemRights => $args{'IncludeSystemRights'},
231 IncludeSuperusers => $args{'IncludeSuperusers'});
232 while (my $Group = $Groups->Next()) {
233 push @privgroups, $Group->Id();
236 $self->WhoBelongToGroups(Groups => \@privgroups,
237 IncludeSubgroupMembers => $args{'IncludeSubgroupMembers'});
242 # {{{ WhoBelongToGroups
244 =head2 WhoBelongToGroups { Groups => ARRAYREF, IncludeSubgroupMembers => 1 }
248 sub WhoBelongToGroups {
250 my %args = ( Groups => undef,
251 IncludeSubgroupMembers => 1,
254 # Unprivileged users can't be granted real system rights.
255 # is this really the right thing to be saying?
256 $self->LimitToPrivileged();
258 my $userprinc = $self->{'princalias'};
261 # The cachedgroupmembers table is used for unrolling group memberships to allow fast lookups
262 # if we bind to CachedGroupMembers, we'll find all members of groups recursively.
263 # if we don't we'll find only 'direct' members of the group in question
265 if ( $args{'IncludeSubgroupMembers'} ) {
266 $cgm = $self->NewAlias('CachedGroupMembers');
269 $cgm = $self->NewAlias('GroupMembers');
272 # {{{ Tie the users we're returning ($userprinc) to the groups that have rights granted to them ($groupprinc)
273 $self->Join( ALIAS1 => $cgm, FIELD1 => 'MemberId',
274 ALIAS2 => $userprinc, FIELD2 => 'id' );
277 # my $and_check_groups = "($cgm.GroupId = NULL";
278 foreach my $groupid (@{$args{'Groups'}}) {
279 $self->Limit(ALIAS => $cgm, FIELD => 'GroupId', VALUE => $groupid, QUOTEVALUE => 0, ENTRYAGGREGATOR=> 'OR')
281 #$and_check_groups .= " OR $cgm.GroupId = $groupid";
283 #$and_check_groups .= ")";
285 #$self->_AddSubClause("WhichGroup", $and_check_groups);