+sub _PrefName {
+ my $name = shift;
+ if (ref $name) {
+ $name = ref ($name).'-'.$name->Id;
+ }
+
+ return 'Pref-'.$name;
+}
+
+# {{{ sub Preferences
+
+=head2 Preferences NAME/OBJ DEFAULT
+
+ Obtain user preferences associated with given object or name.
+ Returns DEFAULT if no preferences found. If DEFAULT is a hashref,
+ override the entries with user preferences.
+
+=cut
+
+sub Preferences {
+ my $self = shift;
+ my $name = _PrefName (shift);
+ my $default = shift;
+
+ my $attr = RT::Attribute->new ($self->CurrentUser);
+ $attr->LoadByNameAndObject (Object => $self, Name => $name);
+
+ my $content = $attr->Id ? $attr->Content : undef;
+ if (ref ($content) eq 'HASH') {
+ if (ref ($default) eq 'HASH') {
+ for (keys %$default) {
+ exists $content->{$_} or $content->{$_} = $default->{$_};
+ }
+ }
+ elsif (defined $default) {
+ $RT::Logger->error("Preferences $name for user".$self->Id." is hash but default is not");
+ }
+ return $content;
+ }
+ else {
+ return defined $content ? $content : $default;
+ }
+}
+
+# }}}
+
+# {{{ sub SetPreferences
+
+=head2 SetPreferences NAME/OBJ VALUE
+
+ Set user preferences associated with given object or name.
+
+=cut
+
+sub SetPreferences {
+ my $self = shift;
+ my $name = _PrefName (shift);
+ my $value = shift;
+ my $attr = RT::Attribute->new ($self->CurrentUser);
+ $attr->LoadByNameAndObject (Object => $self, Name => $name);
+ if ($attr->Id) {
+ return $attr->SetContent ($value);
+ }
+ else {
+ return $self->AddAttribute ( Name => $name, Content => $value );
+ }
+}
+
+# }}}
+
+
+=head2 WatchedQueues ROLE_LIST
+
+Returns a RT::Queues object containing every queue watched by the user.
+
+Takes a list of roles which is some subset of ('Cc', 'AdminCc'). Defaults to:
+
+$user->WatchedQueues('Cc', 'AdminCc');
+
+=cut
+
+sub WatchedQueues {
+
+ my $self = shift;
+ my @roles = @_ || ('Cc', 'AdminCc');
+
+ $RT::Logger->debug('WatcheQueues got user ' . $self->Name);
+
+ my $watched_queues = RT::Queues->new($self->CurrentUser);
+
+ my $group_alias = $watched_queues->Join(
+ ALIAS1 => 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'Groups',
+ FIELD2 => 'Instance',
+ );
+
+ $watched_queues->Limit(
+ ALIAS => $group_alias,
+ FIELD => 'Domain',
+ VALUE => 'RT::Queue-Role',
+ ENTRYAGGREGATOR => 'AND',
+ );
+ if (grep { $_ eq 'Cc' } @roles) {
+ $watched_queues->Limit(
+ SUBCLAUSE => 'LimitToWatchers',
+ ALIAS => $group_alias,
+ FIELD => 'Type',
+ VALUE => 'Cc',
+ ENTRYAGGREGATOR => 'OR',
+ );
+ }
+ if (grep { $_ eq 'AdminCc' } @roles) {
+ $watched_queues->Limit(
+ SUBCLAUSE => 'LimitToWatchers',
+ ALIAS => $group_alias,
+ FIELD => 'Type',
+ VALUE => 'AdminCc',
+ ENTRYAGGREGATOR => 'OR',
+ );
+ }
+
+ my $queues_alias = $watched_queues->Join(
+ ALIAS1 => $group_alias,
+ FIELD1 => 'id',
+ TABLE2 => 'CachedGroupMembers',
+ FIELD2 => 'GroupId',
+ );
+ $watched_queues->Limit(
+ ALIAS => $queues_alias,
+ FIELD => 'MemberId',
+ VALUE => $self->PrincipalId,
+ );
+
+ $RT::Logger->debug("WatchedQueues got " . $watched_queues->Count . " queues");
+
+ return $watched_queues;
+
+}
+
+
+# {{{ sub _CleanupInvalidDelegations
+
+=head2 _CleanupInvalidDelegations { InsideTransaction => undef }
+
+Revokes all ACE entries delegated by this user which are inconsistent
+with their current delegation rights. Does not perform permission
+checks. Should only ever be called from inside the RT library.
+
+If called from inside a transaction, specify a true value for the
+InsideTransaction parameter.
+
+Returns a true value if the deletion succeeded; returns a false value
+and logs an internal error if the deletion fails (should not happen).
+
+=cut
+
+# XXX Currently there is a _CleanupInvalidDelegations method in both
+# RT::User and RT::Group. If the recursive cleanup call for groups is
+# ever unrolled and merged, this code will probably want to be
+# factored out into RT::Principal.
+
+sub _CleanupInvalidDelegations {
+ my $self = shift;
+ my %args = ( InsideTransaction => undef,
+ @_ );
+
+ unless ( $self->Id ) {
+ $RT::Logger->warning("User not loaded.");
+ return (undef);
+ }
+
+ my $in_trans = $args{InsideTransaction};
+
+ return(1) if ($self->HasRight(Right => 'DelegateRights',
+ Object => $RT::System));
+
+ # Look up all delegation rights currently posessed by this user.
+ my $deleg_acl = RT::ACL->new($RT::SystemUser);
+ $deleg_acl->LimitToPrincipal(Type => 'User',
+ Id => $self->PrincipalId,
+ IncludeGroupMembership => 1);
+ $deleg_acl->Limit( FIELD => 'RightName',
+ OPERATOR => '=',
+ VALUE => 'DelegateRights' );
+ my @allowed_deleg_objects = map {$_->Object()}
+ @{$deleg_acl->ItemsArrayRef()};
+
+ # Look up all rights delegated by this principal which are
+ # inconsistent with the allowed delegation objects.
+ my $acl_to_del = RT::ACL->new($RT::SystemUser);
+ $acl_to_del->DelegatedBy(Id => $self->Id);
+ foreach (@allowed_deleg_objects) {
+ $acl_to_del->LimitNotObject($_);
+ }
+
+ # Delete all disallowed delegations
+ while ( my $ace = $acl_to_del->Next() ) {
+ my $ret = $ace->_Delete(InsideTransaction => 1);
+ unless ($ret) {
+ $RT::Handle->Rollback() unless $in_trans;
+ $RT::Logger->warning("Couldn't delete delegated ACL entry ".$ace->Id);
+ return (undef);
+ }
+ }
+
+ $RT::Handle->Commit() unless $in_trans;
+ return (1);
+}
+