-# BEGIN LICENSE BLOCK
-#
-# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
-#
-# (Except where explictly superceded by other copyright notices)
-#
+# BEGIN BPS TAGGED BLOCK {{{
+#
+# COPYRIGHT:
+#
+# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC
+# <sales@bestpractical.com>
+#
+# (Except where explicitly superseded by other copyright notices)
+#
+#
+# LICENSE:
+#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# been provided with this software, but in any event can be snarfed
# from www.gnu.org.
-#
+#
# This work is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
-#
-# Unless otherwise specified, all modifications, corrections or
-# extensions to this work which alter its source code become the
-# property of Best Practical Solutions, LLC when submitted for
-# inclusion in the work.
-#
-#
-# END LICENSE BLOCK
-# Autogenerated by DBIx::SearchBuilder factory (by <jesse@bestpractical.com>)
-# WARNING: THIS FILE IS AUTOGENERATED. ALL CHANGES TO THIS FILE WILL BE LOST.
-#
-# !! DO NOT EDIT THIS FILE !!
#
-
-use strict;
-
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
+# CONTRIBUTION SUBMISSION POLICY:
+#
+# (The following paragraph is not intended to limit the rights granted
+# to you to modify and distribute this software under the terms of
+# the GNU General Public License and is only of importance to you if
+# you choose to contribute your changes and enhancements to the
+# community by submitting them to Best Practical Solutions, LLC.)
+#
+# By intentionally submitting any modifications, corrections or
+# derivatives to this work, or any other work intended for use with
+# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+# you are the copyright holder for those contributions and you grant
+# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+# royalty-free, perpetual, license to use, copy, create derivative
+# works based on those contributions, and sublicense and distribute
+# those contributions and any derivatives thereof.
+#
+# END BPS TAGGED BLOCK }}}
=head1 NAME
- RT::ACL -- Class Description
-
+ RT::ACL - collection of RT ACE objects
+
=head1 SYNOPSIS
- use RT::ACL
+ use RT::ACL;
+my $ACL = RT::ACL->new($CurrentUser);
=head1 DESCRIPTION
=head1 METHODS
+
=cut
+
package RT::ACL;
+use base 'RT::SearchBuilder';
-use RT::SearchBuilder;
use RT::ACE;
-use vars qw( @ISA );
-@ISA= qw(RT::SearchBuilder);
+sub Table { 'ACL'}
+use strict;
+use warnings;
-sub _Init {
- my $self = shift;
- $self->{'table'} = 'ACL';
- $self->{'primary_key'} = 'id';
- return ( $self->SUPER::_Init(@_) );
-}
+=head2 Next
+Hand out the next ACE that was found
+
+=cut
-=item NewItem
-Returns an empty new RT::ACE item
+
+=head2 LimitToObject $object
+
+Limit the ACL to rights for the object $object. It needs to be an RT::Record class.
=cut
-sub NewItem {
+sub LimitToObject {
my $self = shift;
- return(RT::ACE->new($self->CurrentUser));
+ my $obj = shift;
+
+ my $obj_type = ref($obj)||$obj;
+ my $obj_id = eval { $obj->id};
+
+ my $object_clause = 'possible_objects';
+ $self->_OpenParen($object_clause);
+ $self->Limit(
+ SUBCLAUSE => $object_clause,
+ FIELD => 'ObjectType',
+ OPERATOR => '=',
+ VALUE => (ref($obj)||$obj),
+ ENTRYAGGREGATOR => 'OR' # That "OR" applies to the separate objects we're searching on, not "Type Or ID"
+ );
+ if ($obj_id) {
+ $self->Limit(
+ SUBCLAUSE => $object_clause,
+ FIELD => 'ObjectId',
+ OPERATOR => '=',
+ VALUE => $obj_id,
+ ENTRYAGGREGATOR => 'AND',
+ QUOTEVALUE => 0
+ );
+ }
+ $self->_CloseParen($object_clause);
+
}
- eval "require RT::ACL_Overlay";
- if ($@ && $@ !~ qr{^Can't locate RT/ACL_Overlay.pm}) {
- die $@;
- };
- eval "require RT::ACL_Vendor";
- if ($@ && $@ !~ qr{^Can't locate RT/ACL_Vendor.pm}) {
- die $@;
- };
- eval "require RT::ACL_Local";
- if ($@ && $@ !~ qr{^Can't locate RT/ACL_Local.pm}) {
- die $@;
- };
+=head2 LimitToPrincipal { Type => undef, Id => undef, IncludeGroupMembership => undef }
+Limit the ACL to the principal with PrincipalId Id and PrincipalType Type
+Id is not optional.
+Type is.
+if IncludeGroupMembership => 1 is specified, ACEs which apply to the principal due to group membership will be included in the resultset.
-=head1 SEE ALSO
-This class allows "overlay" methods to be placed
-into the following files _Overlay is for a System overlay by the original author,
-_Vendor is for 3rd-party vendor add-ons, while _Local is for site-local customizations.
+=cut
-These overlay files can contain new subs or subs to replace existing subs in this module.
+sub LimitToPrincipal {
+ my $self = shift;
+ my %args = ( Type => undef,
+ Id => undef,
+ IncludeGroupMembership => undef,
+ @_
+ );
+ if ( $args{'IncludeGroupMembership'} ) {
+ my $cgm = $self->NewAlias('CachedGroupMembers');
+ $self->Join( ALIAS1 => 'main',
+ FIELD1 => 'PrincipalId',
+ ALIAS2 => $cgm,
+ FIELD2 => 'GroupId'
+ );
+ $self->Limit( ALIAS => $cgm,
+ FIELD => 'Disabled',
+ VALUE => 0 );
+ $self->Limit( ALIAS => $cgm,
+ FIELD => 'MemberId',
+ OPERATOR => '=',
+ VALUE => $args{'Id'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ } else {
+ if ( defined $args{'Type'} ) {
+ $self->Limit( FIELD => 'PrincipalType',
+ OPERATOR => '=',
+ VALUE => $args{'Type'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ }
+
+ # if the principal id points to a user, we really want to point
+ # to their ACL equivalence group. The machinations we're going through
+ # lead me to start to suspect that we really want users and groups
+ # to just be the same table. or _maybe_ that we want an object db.
+ my $princ = RT::Principal->new( RT->SystemUser );
+ $princ->Load( $args{'Id'} );
+ if ( $princ->PrincipalType eq 'User' ) {
+ my $group = RT::Group->new( RT->SystemUser );
+ $group->LoadACLEquivalenceGroup($princ);
+ $args{'Id'} = $group->PrincipalId;
+ }
+ $self->Limit( FIELD => 'PrincipalId',
+ OPERATOR => '=',
+ VALUE => $args{'Id'},
+ ENTRYAGGREGATOR => 'OR'
+ );
+ }
+}
-If you'll be working with perl 5.6.0 or greater, each of these files should begin with the line
- no warnings qw(redefine);
-so that perl does not kick and scream when you redefine a subroutine or variable in your overlay.
-RT::ACL_Overlay, RT::ACL_Vendor, RT::ACL_Local
+sub AddRecord {
+ my $self = shift;
+ my ($record) = @_;
-=cut
+ # Short-circuit having to load up the ->Object
+ return $self->SUPER::AddRecord( $record )
+ if $record->CurrentUser->PrincipalObj->Id == RT->SystemUser->Id;
+
+ my $obj = $record->Object;
+ return unless $self->CurrentUser->HasRight( Right => 'ShowACL',
+ Object => $obj )
+ or $self->CurrentUser->HasRight( Right => 'ModifyACL',
+ Object => $obj );
+
+ return $self->SUPER::AddRecord( $record );
+}
+
+# The singular of ACL is ACE.
+sub _SingularClass { "RT::ACE" }
+RT::Base->_ImportOverlays();
1;