%# BEGIN BPS TAGGED BLOCK {{{
-%#
+%#
%# COPYRIGHT:
-%#
-%# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC
-%# <jesse@bestpractical.com>
-%#
+%#
+%# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
+%# <sales@bestpractical.com>
+%#
%# (Except where explicitly superseded by other copyright notices)
-%#
-%#
+%#
+%#
%# LICENSE:
-%#
+%#
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
-%#
+%#
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
%# General Public License for more details.
-%#
+%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
%# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
-%#
-%#
+%#
+%#
%# CONTRIBUTION SUBMISSION POLICY:
-%#
+%#
%# (The following paragraph is not intended to limit the rights granted
%# to you to modify and distribute this software under the terms of
%# the GNU General Public License and is only of importance to you if
%# you choose to contribute your changes and enhancements to the
%# community by submitting them to Best Practical Solutions, LLC.)
-%#
+%#
%# By intentionally submitting any modifications, corrections or
%# derivatives to this work, or any other work intended for use with
%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
%# royalty-free, perpetual, license to use, copy, create derivative
%# works based on those contributions, and sublicense and distribute
%# those contributions and any derivatives thereof.
-%#
+%#
%# END BPS TAGGED BLOCK }}}
<ul>
% while( my $value = $values->Next ) {
</ul>
% $m->abort;
<%INIT>
+
+unless ( exists $ARGS{ContextType} and exists $ARGS{ContextId} ) {
+ RT->Logger->debug("No context provided");
+ $m->abort;
+}
+
my ($CustomField, $Value);
while( my($k, $v) = each %ARGS ) {
next unless $k =~ /^Object-.*?-\d*-CustomField-(\d+)-Values?$/;
($CustomField, $Value) = ($1, $v);
last;
}
-$m->abort unless $CustomField;
+
+unless ( $CustomField ) {
+ RT->Logger->debug("No CustomField provided");
+ $m->abort;
+}
+
+my $SystemCustomFieldObj = RT::CustomField->new( RT->SystemUser );
+my ($id, $msg) = $SystemCustomFieldObj->LoadById( $CustomField ) ;
+unless ( $id ) {
+ RT->Logger->debug("Invalid CustomField provided: $msg");
+ $m->abort;
+}
+
+my $context_object = $SystemCustomFieldObj->LoadContextObject(
+ $ARGS{ContextType}, $ARGS{ContextId} );
+$m->abort unless $context_object;
+
my $CustomFieldObj = RT::CustomField->new( $session{'CurrentUser'} );
-$CustomFieldObj->Load( $CustomField );
+if ( $SystemCustomFieldObj->ValidateContextObject($context_object) ) {
+ # drop our privileges that came from calling LoadContextObject as the System User
+ $context_object->new($session{'CurrentUser'});
+ $context_object->LoadById($ARGS{ContextId});
+ $CustomFieldObj->SetContextObject( $context_object );
+} else {
+ RT->Logger->debug("Invalid Context Object ".$context_object->id." for Custom Field ".$SystemCustomFieldObj->id);
+ $m->abort;
+}
+
+($id, $msg) = $CustomFieldObj->LoadById( $CustomField );
+unless ( $CustomFieldObj->Name ) {
+ RT->Logger->debug("Current User cannot see this Custom Field, terminating");
+ $m->abort;
+}
+
my $values = $CustomFieldObj->Values;
$values->Limit(
FIELD => 'Name',