- my $groupprinc = $self->NewAlias('Principals');
- my $acl = $self->NewAlias('ACL');
-
- # {{{ Find only rows where the right granted is the one we're looking up or _possibly_ superuser
- $self->Limit( ALIAS => $acl,
- FIELD => 'RightName',
- OPERATOR => ($args{Right} ? '=' : 'IS NOT'),
- VALUE => $args{Right} || 'NULL',
- ENTRYAGGREGATOR => 'OR' );
-
- if ( $args{'IncludeSuperusers'} and $args{'Right'} ) {
- $self->Limit( ALIAS => $acl,
- FIELD => 'RightName',
- OPERATOR => '=',
- VALUE => 'SuperUser',
- ENTRYAGGREGATOR => 'OR' );
- }
- # }}}
-
- my ($or_check_ticket_roles, $or_check_roles);
- my $which_object = "$acl.ObjectType = 'RT::System'";
-
- if ( defined $args{'Object'} ) {
- if ( ref($args{'Object'}) eq 'RT::Ticket' ) {
- $or_check_ticket_roles =
- " OR ( main.Domain = 'RT::Ticket-Role' AND main.Instance = " . $args{'Object'}->Id . ") ";
-
- # If we're looking at ticket rights, we also want to look at the associated queue rights.
- # this is a little bit hacky, but basically, now that we've done the ticket roles magic,
- # we load the queue object and ask all the rest of our questions about the queue.
- $args{'Object'} = $args{'Object'}->QueueObj;
- }
- # TODO XXX This really wants some refactoring
- if ( ref($args{'Object'}) eq 'RT::Queue' ) {
- $or_check_roles =
- " OR ( ( (main.Domain = 'RT::Queue-Role' AND main.Instance = " .
- $args{'Object'}->Id . ") $or_check_ticket_roles ) " .
- " AND main.Type = $acl.PrincipalType AND main.id = $groupprinc.id) ";
- }
-
- if ( $args{'IncludeSystemRights'} ) {
- $which_object .= ' OR ';
- }
- else {
- $which_object = '';
- }
- $which_object .=
- " ($acl.ObjectType = '" . ref($args{'Object'}) . "'" .
- " AND $acl.ObjectId = " . $args{'Object'}->Id . ") ";
- }