X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Flib%2FRT%2FACL.pm;h=444a4c2af0e3f4809bf51c6374bdc2e9ab5f88d3;hb=0ebeec96313dd7edfca340f01f8fbbbac1f4aa1d;hp=81f59c6d07bc2d6c9dd684715a53465e53b10cfc;hpb=945721f48f74d5cfffef7c7cf3a3d6bc2521f5dd;p=freeside.git diff --git a/rt/lib/RT/ACL.pm b/rt/lib/RT/ACL.pm index 81f59c6d0..444a4c2af 100755 --- a/rt/lib/RT/ACL.pm +++ b/rt/lib/RT/ACL.pm @@ -1,115 +1,308 @@ -# BEGIN LICENSE BLOCK -# -# Copyright (c) 1996-2003 Jesse Vincent -# -# (Except where explictly superceded by other copyright notices) -# -# This work is made available to you under the terms of Version 2 of -# the GNU General Public License. A copy of that license should have -# been provided with this software, but in any event can be snarfed -# from www.gnu.org. -# -# This work is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# Unless otherwise specified, all modifications, corrections or -# extensions to this work which alter its source code become the -# property of Best Practical Solutions, LLC when submitted for -# inclusion in the work. -# -# -# END LICENSE BLOCK -# Autogenerated by DBIx::SearchBuilder factory (by ) -# WARNING: THIS FILE IS AUTOGENERATED. ALL CHANGES TO THIS FILE WILL BE LOST. -# -# !! DO NOT EDIT THIS FILE !! -# - -use strict; - +# $Header: /home/cvs/cvsroot/freeside/rt/lib/RT/ACL.pm,v 1.1 2002-08-12 06:17:07 ivan Exp $ +# Distributed under the terms of the GNU GPL +# Copyright (c) 2000 Jesse Vincent =head1 NAME - RT::ACL -- Class Description - + RT::ACL - collection of RT ACE objects + =head1 SYNOPSIS - use RT::ACL + use RT::ACL; +my $ACL = new RT::ACL($CurrentUser); =head1 DESCRIPTION =head1 METHODS +=begin testing + +ok(require RT::TestHarness); +ok(require RT::ACL); + +=end testing + =cut package RT::ACL; - -use RT::SearchBuilder; +use RT::EasySearch; use RT::ACE; +@ISA= qw(RT::EasySearch); + +# {{{ sub _Init +sub _Init { + my $self = shift; + $self->{'table'} = "ACL"; + $self->{'primary_key'} = "id"; + return ( $self->SUPER::_Init(@_)); + +} +# }}} + +# {{{ sub NewItem +sub NewItem { + my $self = shift; + return(RT::ACE->new($self->CurrentUser)); +} +# }}} + +=head2 Next -use vars qw( @ISA ); -@ISA= qw(RT::SearchBuilder); +Hand out the next ACE that was found +=cut -sub _Init { +# {{{ sub Next +sub Next { my $self = shift; - $self->{'table'} = 'ACL'; - $self->{'primary_key'} = 'id'; + + my $ACE = $self->SUPER::Next(); + if ((defined($ACE)) and (ref($ACE))) { + + if ( $ACE->CurrentUserHasRight('ShowACL') or + $ACE->CurrentUserHasRight('ModifyACL') + ) { + return($ACE); + } + + #If the user doesn't have the right to show this ACE + else { + return($self->Next()); + } + } + #if there never was any ACE + else { + return(undef); + } + +} +# }}} - return ( $self->SUPER::_Init(@_) ); -} +=head1 Limit the ACL to a specific scope + +There are two real scopes right now: + +=item Queue is for rights that apply to a single queue + +=item System is for rights that apply to the System (rights that aren't queue related) -=item NewItem -Returns an empty new RT::ACE item +=head2 LimitToQueue + +Takes a single queueid as its argument. + +Limit the ACL to just a given queue when supplied with an integer queue id. =cut -sub NewItem { +sub LimitToQueue { my $self = shift; - return(RT::ACE->new($self->CurrentUser)); + my $queue = shift; + + + + $self->Limit( FIELD =>'RightScope', + ENTRYAGGREGATOR => 'OR', + VALUE => 'Queue'); + $self->Limit( FIELD =>'RightScope', + ENTRYAGGREGATOR => 'OR', + VALUE => 'Ticket'); + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'RightAppliesTo', + VALUE => $queue ); + +} + + +=head2 LimitToSystem() + +Limit the ACL to system rights + +=cut + +sub LimitToSystem { + my $self = shift; + + $self->Limit( FIELD =>'RightScope', + VALUE => 'System'); +} + + +=head2 LimitRightTo + +Takes a single RightName as its only argument. +Limits the search to the right $right. +$right is a right listed in perldoc RT::ACE + +=cut + +sub LimitRightTo { + my $self = shift; + my $right = shift; + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'RightName', + VALUE => $right ); + +} + +=head1 Limit to a specifc set of principals + +=head2 LimitPrincipalToUser + +Takes a single userid as its only argument. +Limit the ACL to a just a specific user. + +=cut + +sub LimitPrincipalToUser { + my $self = shift; + my $user = shift; + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalType', + VALUE => 'User' ); + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalId', + VALUE => $user ); + +} + + +=head2 LimitPrincipalToGroup + +Takes a single group as its only argument. +Limit the ACL to just a specific group. + +=cut + +sub LimitPrincipalToGroup { + my $self = shift; + my $group = shift; + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalType', + VALUE => 'Group' ); + + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalId', + VALUE => $group ); + +} + +=head2 LimitPrincipalToType($type) + +Takes a single argument, $type. +Limit the ACL to just a specific principal type + +$type is one of: + TicketOwner + TicketRequestor + TicketCc + TicketAdminCc + Everyone + User + Group + +=cut + +sub LimitPrincipalToType { + my $self=shift; + my $type=shift; + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalType', + VALUE => $type ); } - eval "require RT::ACL_Overlay"; - if ($@ && $@ !~ qr{^Can't locate RT/ACL_Overlay.pm}) { - die $@; - }; - eval "require RT::ACL_Vendor"; - if ($@ && $@ !~ qr{^Can't locate RT/ACL_Vendor.pm}) { - die $@; - }; +=head2 LimitPrincipalToId - eval "require RT::ACL_Local"; - if ($@ && $@ !~ qr{^Can't locate RT/ACL_Local.pm}) { - die $@; - }; +Takes a single argument, the numeric Id of the principal to limit this ACL to. Repeated calls to this +function will broaden the scope of the search to include all principals listed. + +=cut + +sub LimitPrincipalToId { + my $self = shift; + my $id = shift; + + if ($id =~ /^\d+$/) { + $self->Limit(ENTRYAGGREGATOR => 'OR', + FIELD => 'PrincipalId', + VALUE => $id ); + } + else { + $RT::Logger->warn($self."->LimitPrincipalToId called with '$id' as an id"); + return undef; + } +} +#wrap around _DoSearch so that we can build the hash of returned +#values +sub _DoSearch { + my $self = shift; + # $RT::Logger->debug("Now in ".$self."->_DoSearch"); + my $return = $self->SUPER::_DoSearch(@_); + # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return\n"); + $self->_BuildHash(); + return ($return); +} -=head1 SEE ALSO +#Build a hash of this ACL's entries. +sub _BuildHash { + my $self = shift; -This class allows "overlay" methods to be placed -into the following files _Overlay is for a System overlay by the original author, -_Vendor is for 3rd-party vendor add-ons, while _Local is for site-local customizations. + while (my $entry = $self->Next) { + my $hashkey = $entry->RightScope . "-" . + $entry->RightAppliesTo . "-" . + $entry->RightName . "-" . + $entry->PrincipalId . "-" . + $entry->PrincipalType; -These overlay files can contain new subs or subs to replace existing subs in this module. + $self->{'as_hash'}->{"$hashkey"} =1; -If you'll be working with perl 5.6.0 or greater, each of these files should begin with the line + } +} - no warnings qw(redefine); -so that perl does not kick and scream when you redefine a subroutine or variable in your overlay. +# {{{ HasEntry -RT::ACL_Overlay, RT::ACL_Vendor, RT::ACL_Local +=head2 HasEntry =cut +sub HasEntry { + + my $self = shift; + my %args = ( RightScope => undef, + RightAppliesTo => undef, + RightName => undef, + PrincipalId => undef, + PrincipalType => undef, + @_ ); + + #if we haven't done the search yet, do it now. + $self->_DoSearch(); + + if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" . + $args{'RightAppliesTo'} . "-" . + $args{'RightName'} . "-" . + $args{'PrincipalId'} . "-" . + $args{'PrincipalType'} + } == 1) { + return(1); + } + else { + return(undef); + } +} +# }}} 1;