+sub LimitToPrincipal {
+ my $self = shift;
+ my %args = ( Type => undef,
+ Id => undef,
+ IncludeGroupMembership => undef,
+ @_
+ );
+ if ( $args{'IncludeGroupMembership'} ) {
+ my $cgm = $self->NewAlias('CachedGroupMembers');
+ $self->Join( ALIAS1 => 'main',
+ FIELD1 => 'PrincipalId',
+ ALIAS2 => $cgm,
+ FIELD2 => 'GroupId'
+ );
+ $self->Limit( ALIAS => $cgm,
+ FIELD => 'MemberId',
+ OPERATOR => '=',
+ VALUE => $args{'Id'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ } else {
+ if ( defined $args{'Type'} ) {
+ $self->Limit( FIELD => 'PrincipalType',
+ OPERATOR => '=',
+ VALUE => $args{'Type'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ }
+
+ # if the principal id points to a user, we really want to point
+ # to their ACL equivalence group. The machinations we're going through
+ # lead me to start to suspect that we really want users and groups
+ # to just be the same table. or _maybe_ that we want an object db.
+ my $princ = RT::Principal->new( RT->SystemUser );
+ $princ->Load( $args{'Id'} );
+ if ( $princ->PrincipalType eq 'User' ) {
+ my $group = RT::Group->new( RT->SystemUser );
+ $group->LoadACLEquivalenceGroup($princ);
+ $args{'Id'} = $group->PrincipalId;
+ }
+ $self->Limit( FIELD => 'PrincipalId',
+ OPERATOR => '=',
+ VALUE => $args{'Id'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ }
+}
+
+
+
+
+sub Next {
+ my $self = shift;
+
+ my $ACE = $self->SUPER::Next();
+ # Short-circuit having to load up the ->Object
+ return $ACE
+ if $self->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
+ if ( ( defined($ACE) ) and ( ref($ACE) ) ) {
+
+ if ( $self->CurrentUser->HasRight( Right => 'ShowACL',
+ Object => $ACE->Object )
+ or $self->CurrentUser->HasRight( Right => 'ModifyACL',
+ Object => $ACE->Object )
+ ) {
+ return ($ACE);
+ }
+
+ #If the user doesn't have the right to show this ACE
+ else {
+ return ( $self->Next() );
+ }
+ }
+
+ #if there never was any ACE
+ else {
+ return (undef);
+ }
+
+}
+
+
+
+
+#wrap around _DoSearch so that we can build the hash of returned
+#values
+sub _DoSearch {
+ my $self = shift;
+ # $RT::Logger->debug("Now in ".$self."->_DoSearch");
+ my $return = $self->SUPER::_DoSearch(@_);
+ # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return");
+ if ( $self->{'must_redo_search'} ) {
+ $RT::Logger->crit(
+"_DoSearch is not so successful as it still needs redo search, won't call _BuildHash"
+ );
+ }
+ else {
+ $self->_BuildHash();
+ }
+ return ($return);
+}
+
+
+#Build a hash of this ACL's entries.
+sub _BuildHash {
+ my $self = shift;
+
+ while (my $entry = $self->Next) {
+ my $hashkey = join '-', map $entry->__Value( $_ ),
+ qw(ObjectType ObjectId RightName PrincipalId PrincipalType);
+
+ $self->{'as_hash'}->{"$hashkey"} =1;
+
+ }
+}
+
+
+
+=head2 HasEntry
+
+=cut
+
+sub HasEntry {
+
+ my $self = shift;
+ my %args = ( RightScope => undef,
+ RightAppliesTo => undef,
+ RightName => undef,
+ PrincipalId => undef,
+ PrincipalType => undef,
+ @_ );
+
+ #if we haven't done the search yet, do it now.
+ $self->_DoSearch();
+
+ if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" .
+ $args{'RightAppliesTo'} . "-" .
+ $args{'RightName'} . "-" .
+ $args{'PrincipalId'} . "-" .
+ $args{'PrincipalType'}
+ } == 1) {
+ return(1);
+ }
+ else {
+ return(undef);
+ }
+}
+
+# }}}
+
+
+=head2 NewItem
+
+Returns an empty new RT::ACE item
+
+=cut
+
+sub NewItem {
+ my $self = shift;
+ return(RT::ACE->new($self->CurrentUser));
+}
+RT::Base->_ImportOverlays();