1 use RT::Test nodata => 1, tests => 38;
8 sub reset_rights { RT::Test->set_rights }
10 # clear all global right
13 my $queue = RT::Test->load_or_create_queue( Name => 'Regression' );
14 ok $queue && $queue->id, 'loaded or created queue';
15 my $qname = $queue->Name;
17 my $user = RT::Test->load_or_create_user(
18 Name => 'user', Password => 'password',
20 ok $user && $user->id, 'loaded or created user';
23 ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ),
24 "user can't own ticket"
26 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
27 "user can't reply to ticket"
32 my $group = RT::Group->new( RT->SystemUser );
33 ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'Owner' ),
34 "load queue owners role group"
36 my $ace = RT::ACE->new( RT->SystemUser );
37 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
38 Right => 'ReplyToTicket', Object => $queue
40 ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" );
41 ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ),
42 "role group can reply to ticket"
44 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
45 "user can't reply to ticket"
52 $ticket = RT::Ticket->new(RT->SystemUser);
53 my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test');
54 ok( $ticket_id, 'new ticket created' );
55 is( $ticket->Owner, RT->Nobody->Id, 'owner of the new ticket is nobody' );
57 ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ),
58 "user can't reply to ticket"
60 my ($status, $msg) = $ticket->SetOwner( $user->id );
61 ok( !$status, "no permissions to be an owner" );
65 my ($status, $msg) = $user->PrincipalObj->GrantRight(
66 Object => $queue, Right => 'OwnTicket'
68 ok( $status, "successfuly granted right: $msg" );
69 ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ),
72 ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ),
76 ($status, $msg) = $ticket->SetOwner( $user->id );
77 ok( $status, "successfuly set owner: $msg" );
78 is( $ticket->Owner, $user->id, "set correct owner" );
80 ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ),
81 "user is owner and can reply to ticket"
86 # Testing of EquivObjects
87 my $group = RT::Group->new( RT->SystemUser );
88 ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'AdminCc' ),
89 "load queue AdminCc role group"
91 my $ace = RT::ACE->new( RT->SystemUser );
92 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
93 Right => 'ModifyTicket', Object => $queue
95 ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" );
96 ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ),
97 "role group can modify ticket"
99 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
100 "user is not AdminCc and can't modify ticket"
105 my ($status, $msg) = $ticket->AddWatcher(
106 Type => 'AdminCc', PrincipalId => $user->PrincipalId
108 ok( $status, "successfuly added user as AdminCc");
109 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
110 "user is AdminCc and can modify ticket"
116 $ticket2 = RT::Ticket->new(RT->SystemUser);
117 my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2');
118 ok( $id, 'new ticket created' );
119 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ),
120 "user is not AdminCc and can't modify ticket2"
123 # now we can finally test EquivObjectsa
124 my $has = $user->HasRight(
125 Right => 'ModifyTicket',
127 EquivObjects => [$ticket],
129 ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" );
133 # the first a third test below are the same, so they should both pass
134 # make sure passed equive list is not changed
136 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
137 "user is not AdminCc and can't modify ticket2"
139 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ),
140 "user is AdminCc and can modify ticket"
142 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
143 "user is not AdminCc and can't modify ticket2 (same question different answer)"
147 my $queue2 = RT::Test->load_or_create_queue( Name => 'Rights' );
148 ok $queue2 && $queue2->id, 'loaded or created queue';
150 my $user2 = RT::Test->load_or_create_user(
151 Name => 'user2', Password => 'password',
153 ok $user2 && $user2->id, 'Created user: ' . $user2->Name . ' with id ' . $user2->Id;
156 ok( !$user2->HasRight( Right => 'Foo', Object => $queue2 ),
157 "HasRight false for invalid right Foo"
159 } qr/Invalid right\. Couldn't canonicalize right 'Foo'/,
160 'Got warning on invalid right';
163 note "Right name canonicalization";
166 my ($ok, $msg) = $user->PrincipalObj->GrantRight(
167 Right => "showticket",
168 Object => RT->System,
170 ok $ok, "Granted showticket: $msg";
171 ok $user->HasRight( Right => "ShowTicket", Object => RT->System ), "HasRight ShowTicket";
174 ($ok, $msg) = $user->PrincipalObj->GrantRight(
175 Right => "ShowTicket",
176 Object => RT->System,
178 ok $ok, "Granted ShowTicket: $msg";
179 ok $user->HasRight( Right => "showticket", Object => RT->System ), "HasRight showticket";