1 use RT::Test nodata => 1, tests => 38;
8 sub reset_rights { RT::Test->set_rights }
10 # clear all global right
13 my $queue = RT::Test->load_or_create_queue( Name => 'Regression' );
14 ok $queue && $queue->id, 'loaded or created queue';
15 my $qname = $queue->Name;
17 my $user = RT::Test->load_or_create_user(
18 Name => 'user', Password => 'password',
20 ok $user && $user->id, 'loaded or created user';
23 ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ),
24 "user can't own ticket"
26 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
27 "user can't reply to ticket"
32 my $group = $queue->RoleGroup( 'Owner' );
33 ok( $group->Id, "load queue owners role group" );
34 my $ace = RT::ACE->new( RT->SystemUser );
35 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
36 Right => 'ReplyToTicket', Object => $queue
38 ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" );
39 ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ),
40 "role group can reply to ticket"
42 ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ),
43 "user can't reply to ticket"
50 $ticket = RT::Ticket->new(RT->SystemUser);
51 my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test');
52 ok( $ticket_id, 'new ticket created' );
53 is( $ticket->Owner, RT->Nobody->Id, 'owner of the new ticket is nobody' );
55 ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ),
56 "user can't reply to ticket"
58 my ($status, $msg) = $ticket->SetOwner( $user->id );
59 ok( !$status, "no permissions to be an owner" );
63 my ($status, $msg) = $user->PrincipalObj->GrantRight(
64 Object => $queue, Right => 'OwnTicket'
66 ok( $status, "successfuly granted right: $msg" );
67 ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ),
70 ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ),
74 ($status, $msg) = $ticket->SetOwner( $user->id );
75 ok( $status, "successfuly set owner: $msg" );
76 is( $ticket->Owner, $user->id, "set correct owner" );
78 ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ),
79 "user is owner and can reply to ticket"
84 # Testing of EquivObjects
85 my $group = $queue->RoleGroup( 'AdminCc' );
86 ok( $group->Id, "load queue AdminCc role group" );
87 my $ace = RT::ACE->new( RT->SystemUser );
88 my ($ace_id, $msg) = $group->PrincipalObj->GrantRight(
89 Right => 'ModifyTicket', Object => $queue
91 ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" );
92 ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ),
93 "role group can modify ticket"
95 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
96 "user is not AdminCc and can't modify ticket"
101 my ($status, $msg) = $ticket->AddWatcher(
102 Type => 'AdminCc', PrincipalId => $user->PrincipalId
104 ok( $status, "successfuly added user as AdminCc");
105 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ),
106 "user is AdminCc and can modify ticket"
112 $ticket2 = RT::Ticket->new(RT->SystemUser);
113 my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2');
114 ok( $id, 'new ticket created' );
115 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ),
116 "user is not AdminCc and can't modify ticket2"
119 # now we can finally test EquivObjectsa
120 my $has = $user->HasRight(
121 Right => 'ModifyTicket',
123 EquivObjects => [$ticket],
125 ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" );
129 # the first a third test below are the same, so they should both pass
130 # make sure passed equive list is not changed
132 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
133 "user is not AdminCc and can't modify ticket2"
135 ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ),
136 "user is AdminCc and can modify ticket"
138 ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ),
139 "user is not AdminCc and can't modify ticket2 (same question different answer)"
143 my $queue2 = RT::Test->load_or_create_queue( Name => 'Rights' );
144 ok $queue2 && $queue2->id, 'loaded or created queue';
146 my $user2 = RT::Test->load_or_create_user(
147 Name => 'user2', Password => 'password',
149 ok $user2 && $user2->id, 'Created user: ' . $user2->Name . ' with id ' . $user2->Id;
152 ok( !$user2->HasRight( Right => 'Foo', Object => $queue2 ),
153 "HasRight false for invalid right Foo"
155 } qr/Invalid right\. Couldn't canonicalize right 'Foo'/,
156 'Got warning on invalid right';
159 note "Right name canonicalization";
162 my ($ok, $msg) = $user->PrincipalObj->GrantRight(
163 Right => "showticket",
164 Object => RT->System,
166 ok $ok, "Granted showticket: $msg";
167 ok $user->HasRight( Right => "ShowTicket", Object => RT->System ), "HasRight ShowTicket";
170 ($ok, $msg) = $user->PrincipalObj->GrantRight(
171 Right => "ShowTicket",
172 Object => RT->System,
174 ok $ok, "Granted ShowTicket: $msg";
175 ok $user->HasRight( Right => "showticket", Object => RT->System ), "HasRight showticket";