#
# COPYRIGHT:
#
-# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
+# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
# <sales@bestpractical.com>
#
# (Except where explicitly superseded by other copyright notices)
package RT::ACL;
-use RT::ACE;
-
use base 'RT::SearchBuilder';
+use RT::ACE;
+
sub Table { 'ACL'}
use strict;
-=head2 LimitNotObject $object
-
-Limit the ACL to rights NOT on the object $object. $object needs to be
-an RT::Record class.
-
-=cut
-
-sub LimitNotObject {
- my $self = shift;
- my $obj = shift;
- unless ( defined($obj)
- && ref($obj)
- && UNIVERSAL::can( $obj, 'id' )
- && $obj->id )
- {
- return undef;
- }
- $self->Limit( FIELD => 'ObjectType',
- OPERATOR => '!=',
- VALUE => ref($obj),
- ENTRYAGGREGATOR => 'OR',
- SUBCLAUSE => $obj->id
- );
- $self->Limit( FIELD => 'ObjectId',
- OPERATOR => '!=',
- VALUE => $obj->id,
- ENTRYAGGREGATOR => 'OR',
- QUOTEVALUE => 0,
- SUBCLAUSE => $obj->id
- );
-}
-
-
-
=head2 LimitToPrincipal { Type => undef, Id => undef, IncludeGroupMembership => undef }
Limit the ACL to the principal with PrincipalId Id and PrincipalType Type
-sub Next {
+sub AddRecord {
my $self = shift;
+ my ($record) = @_;
- my $ACE = $self->SUPER::Next();
# Short-circuit having to load up the ->Object
- return $ACE
- if $self->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
- if ( ( defined($ACE) ) and ( ref($ACE) ) ) {
-
- if ( $self->CurrentUser->HasRight( Right => 'ShowACL',
- Object => $ACE->Object )
- or $self->CurrentUser->HasRight( Right => 'ModifyACL',
- Object => $ACE->Object )
- ) {
- return ($ACE);
- }
-
- #If the user doesn't have the right to show this ACE
- else {
- return ( $self->Next() );
- }
- }
-
- #if there never was any ACE
- else {
- return (undef);
- }
-
-}
-
-
-
-
-#wrap around _DoSearch so that we can build the hash of returned
-#values
-sub _DoSearch {
- my $self = shift;
- # $RT::Logger->debug("Now in ".$self."->_DoSearch");
- my $return = $self->SUPER::_DoSearch(@_);
- # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return");
- if ( $self->{'must_redo_search'} ) {
- $RT::Logger->crit(
-"_DoSearch is not so successful as it still needs redo search, won't call _BuildHash"
- );
- }
- else {
- $self->_BuildHash();
- }
- return ($return);
-}
-
-
-#Build a hash of this ACL's entries.
-sub _BuildHash {
- my $self = shift;
+ return $self->SUPER::AddRecord( $record )
+ if $record->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
- while (my $entry = $self->Next) {
- my $hashkey = join '-', map $entry->__Value( $_ ),
- qw(ObjectType ObjectId RightName PrincipalId PrincipalType);
+ my $obj = $record->Object;
+ return unless $self->CurrentUser->HasRight( Right => 'ShowACL',
+ Object => $obj )
+ or $self->CurrentUser->HasRight( Right => 'ModifyACL',
+ Object => $obj );
- $self->{'as_hash'}->{"$hashkey"} =1;
-
- }
+ return $self->SUPER::AddRecord( $record );
}
+# The singular of ACL is ACE.
+sub _SingularClass { "RT::ACE" }
-
-=head2 HasEntry
-
-=cut
-
-sub HasEntry {
-
- my $self = shift;
- my %args = ( RightScope => undef,
- RightAppliesTo => undef,
- RightName => undef,
- PrincipalId => undef,
- PrincipalType => undef,
- @_ );
-
- #if we haven't done the search yet, do it now.
- $self->_DoSearch();
-
- if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" .
- $args{'RightAppliesTo'} . "-" .
- $args{'RightName'} . "-" .
- $args{'PrincipalId'} . "-" .
- $args{'PrincipalType'}
- } == 1) {
- return(1);
- }
- else {
- return(undef);
- }
-}
-
-# }}}
-
-
-=head2 NewItem
-
-Returns an empty new RT::ACE item
-
-=cut
-
-sub NewItem {
- my $self = shift;
- return(RT::ACE->new($self->CurrentUser));
-}
RT::Base->_ImportOverlays();
1;