1 use RT::Test nodata => 1, tests => 30;
6 # clear all global right
8 my $acl = RT::ACL->new(RT->SystemUser);
9 $acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' );
10 $acl->LimitToObject( $RT::System );
11 while( my $ace = $acl->Next ) {
16 my $queue = RT::Test->load_or_create_queue( Name => 'Regression' );
17 ok $queue && $queue->id, 'loaded or created queue';
18 my $qname = $queue->Name;
20 my $user = RT::Test->load_or_create_user(
21 Name => 'user', Password => 'password',
23 ok $user && $user->id, 'loaded or created user';
26 ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ),
27 "user can't own ticket"
29 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
30 "user can't reply to ticket"
35 my $group = RT::Group->new( RT->SystemUser );
36 ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'Owner' ),
37 "load queue owners role group"
39 my $ace = RT::ACE->new( RT->SystemUser );
40 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
41 Right => 'ReplyToTicket', Object => $queue
43 ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" );
44 ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ),
45 "role group can reply to ticket"
47 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
48 "user can't reply to ticket"
55 $ticket = RT::Ticket->new(RT->SystemUser);
56 my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test');
57 ok( $ticket_id, 'new ticket created' );
58 is( $ticket->Owner, RT->Nobody->Id, 'owner of the new ticket is nobody' );
60 ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ),
61 "user can't reply to ticket"
63 my ($status, $msg) = $ticket->SetOwner( $user->id );
64 ok( !$status, "no permissions to be an owner" );
68 my ($status, $msg) = $user->PrincipalObj->GrantRight(
69 Object => $queue, Right => 'OwnTicket'
71 ok( $status, "successfuly granted right: $msg" );
72 ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ),
75 ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ),
79 ($status, $msg) = $ticket->SetOwner( $user->id );
80 ok( $status, "successfuly set owner: $msg" );
81 is( $ticket->Owner, $user->id, "set correct owner" );
83 ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ),
84 "user is owner and can reply to ticket"
89 # Testing of EquivObjects
90 my $group = RT::Group->new( RT->SystemUser );
91 ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'AdminCc' ),
92 "load queue AdminCc role group"
94 my $ace = RT::ACE->new( RT->SystemUser );
95 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
96 Right => 'ModifyTicket', Object => $queue
98 ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" );
99 ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ),
100 "role group can modify ticket"
102 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
103 "user is not AdminCc and can't modify ticket"
108 my ($status, $msg) = $ticket->AddWatcher(
109 Type => 'AdminCc', PrincipalId => $user->PrincipalId
111 ok( $status, "successfuly added user as AdminCc");
112 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
113 "user is AdminCc and can modify ticket"
119 $ticket2 = RT::Ticket->new(RT->SystemUser);
120 my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2');
121 ok( $id, 'new ticket created' );
122 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ),
123 "user is not AdminCc and can't modify ticket2"
126 # now we can finally test EquivObjectsa
127 my $has = $user->HasRight(
128 Right => 'ModifyTicket',
130 EquivObjects => [$ticket],
132 ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" );
136 # the first a third test below are the same, so they should both pass
137 # make sure passed equive list is not changed
139 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
140 "user is not AdminCc and can't modify ticket2"
142 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ),
143 "user is AdminCc and can modify ticket"
145 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
146 "user is not AdminCc and can't modify ticket2 (same question different answer)"