8 use RT::Test tests => 22;
10 my ($u1, $g1, $pg1, $pg2, $ace, @groups, @users, @principals);
11 @groups = (\$g1, \$pg1, \$pg2);
13 @principals = (@groups, @users);
17 $u1 = RT::User->new($RT::SystemUser);
18 ( $ret, $msg ) = $u1->LoadOrCreateByEmail('delegtest1@example.com');
19 ok( $ret, "Load / Create test user 1: $msg" );
20 $u1->SetPrivileged(1);
22 $g1 = RT::Group->new($RT::SystemUser);
23 ( $ret, $msg) = $g1->LoadUserDefinedGroup('dg1');
25 ( $ret, $msg ) = $g1->CreateUserDefinedGroup( Name => 'dg1' );
27 $pg1 = RT::Group->new($RT::SystemUser);
28 ( $ret, $msg ) = $pg1->LoadPersonalGroup( Name => 'dpg1',
29 User => $u1->PrincipalId );
31 ( $ret, $msg ) = $pg1->CreatePersonalGroup( Name => 'dpg1',
32 PrincipalId => $u1->PrincipalId );
34 ok( $ret, "Load / Create test personal group 1: $msg" );
35 $pg2 = RT::Group->new($RT::SystemUser);
36 ( $ret, $msg ) = $pg2->LoadPersonalGroup( Name => 'dpg2',
37 User => $u1->PrincipalId );
39 ( $ret, $msg ) = $pg2->CreatePersonalGroup( Name => 'dpg2',
40 PrincipalId => $u1->PrincipalId );
42 ok( $ret, "Load / Create test personal group 2: $msg" );
44 clear_acls_and_groups();
46 ( $ret, $msg ) = $u1->PrincipalObj->GrantRight( Right => 'DelegateRights' );
47 ok( $ret, "Grant DelegateRights to u1: $msg" );
48 ( $ret, $msg ) = $g1->PrincipalObj->GrantRight( Right => 'ShowConfigTab' );
49 ok( $ret, "Grant ShowConfigTab to g1: $msg" );
50 ( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
51 ok( $ret, "Add test user 1 to g1: $msg" );
53 $ace = RT::ACE->new($u1);
54 ( $ret, $msg ) = $ace->LoadByValues(
55 RightName => 'ShowConfigTab',
56 Object => $RT::System,
57 PrincipalType => 'Group',
58 PrincipalId => $g1->PrincipalId
60 ok( $ret, "Look up ACE to be delegated: $msg" );
61 ( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
62 ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
63 ( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
64 ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
66 ok(( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
67 Object => $RT::System ) and
68 $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
69 Object => $RT::System )),
70 "Test personal groups have ShowConfigTab right after delegation" );
72 ( $ret, $msg ) = $g1->DeleteMember( $u1->PrincipalId );
73 ok( $ret, "Delete test user 1 from g1: $msg" );
75 ok( not( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
76 Object => $RT::System )),
77 "Test personal group 1 lacks ShowConfigTab after user removed from g1" );
78 ok( not( $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
79 Object => $RT::System )),
80 "Test personal group 2 lacks ShowConfigTab after user removed from g1" );
82 ( $ret, $msg ) = $g1->AddMember( $u1->PrincipalId );
83 ok( $ret, "Add test user 1 to g1: $msg" );
84 ( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg1->PrincipalId );
85 ok( $ret, "Delegate ShowConfigTab to pg1: $msg" );
86 ( $ret, $msg ) = $ace->Delegate( PrincipalId => $pg2->PrincipalId );
87 ok( $ret, "Delegate ShowConfigTab to pg2: $msg" );
89 ok(( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
90 Object => $RT::System ) and
91 $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
92 Object => $RT::System )),
93 "Test personal groups have ShowConfigTab right after delegation" );
95 ( $ret, $msg ) = $g1->PrincipalObj->RevokeRight( Right => 'ShowConfigTab' );
96 ok( $ret, "Revoke ShowConfigTab from g1: $msg" );
98 ok( not( $pg1->PrincipalObj->HasRight( Right => 'ShowConfigTab',
99 Object => $RT::System )),
100 "Test personal group 1 lacks ShowConfigTab after user removed from g1" );
101 ok( not( $pg2->PrincipalObj->HasRight( Right => 'ShowConfigTab',
102 Object => $RT::System )),
103 "Test personal group 2 lacks ShowConfigTab after user removed from g1" );
109 sub clear_acls_and_groups {
110 # Revoke all rights granted to our cast
111 my $acl = RT::ACL->new($RT::SystemUser);
112 foreach (@principals) {
113 $acl->LimitToPrincipal(Type => $$_->PrincipalObj->PrincipalType,
114 Id => $$_->PrincipalObj->Id);
116 while (my $ace = $acl->Next()) {
120 # Remove all group memberships
121 my $members = RT::GroupMembers->new($RT::SystemUser);
123 $members->LimitToMembersOfGroup( $$_->PrincipalId );
125 while (my $member = $members->Next()) {
130 is( $acl->Count() , 0,
131 "All principals have no rights after clearing ACLs" );
132 $members->RedoSearch();
133 is( $members->Count() , 0,
134 "All groups have no members after clearing groups" );