X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Flib%2FRT%2FACL_Overlay.pm;h=feef257e4be421ad6e7555b05cb069fd7988cad3;hb=fc6209f398899f0211cfcedeb81a3cd65e04a941;hp=827d34cc52d4d379327310e0b02896220db89d18;hpb=d39d52aac8f38ea9115628039f0df5aa3ac826de;p=freeside.git

diff --git a/rt/lib/RT/ACL_Overlay.pm b/rt/lib/RT/ACL_Overlay.pm
index 827d34cc5..feef257e4 100644
--- a/rt/lib/RT/ACL_Overlay.pm
+++ b/rt/lib/RT/ACL_Overlay.pm
@@ -1,38 +1,40 @@
-# {{{ BEGIN BPS TAGGED BLOCK
-# 
+# BEGIN BPS TAGGED BLOCK {{{
+#
 # COPYRIGHT:
-#  
-# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC 
-#                                          <jesse@bestpractical.com>
-# 
+#
+# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC
+#                                          <sales@bestpractical.com>
+#
 # (Except where explicitly superseded by other copyright notices)
-# 
-# 
+#
+#
 # LICENSE:
-# 
+#
 # This work is made available to you under the terms of Version 2 of
 # the GNU General Public License. A copy of that license should have
 # been provided with this software, but in any event can be snarfed
 # from www.gnu.org.
-# 
+#
 # This work is distributed in the hope that it will be useful, but
 # WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 # General Public License for more details.
-# 
+#
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-# 
-# 
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
+#
+#
 # CONTRIBUTION SUBMISSION POLICY:
-# 
+#
 # (The following paragraph is not intended to limit the rights granted
 # to you to modify and distribute this software under the terms of
 # the GNU General Public License and is only of importance to you if
 # you choose to contribute your changes and enhancements to the
 # community by submitting them to Best Practical Solutions, LLC.)
-# 
+#
 # By intentionally submitting any modifications, corrections or
 # derivatives to this work, or any other work intended for use with
 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
@@ -41,8 +43,9 @@
 # royalty-free, perpetual, license to use, copy, create derivative
 # works based on those contributions, and sublicense and distribute
 # those contributions and any derivatives thereof.
-# 
-# }}} END BPS TAGGED BLOCK
+#
+# END BPS TAGGED BLOCK }}}
+
 =head1 NAME
 
   RT::ACL - collection of RT ACE objects
@@ -57,13 +60,11 @@ my $ACL = new RT::ACL($CurrentUser);
 
 =head1 METHODS
 
-=begin testing
 
-ok(require RT::ACL);
+=cut
 
-=end testing
 
-=cut
+package RT::ACL;
 
 use strict;
 no warnings qw(redefine);
@@ -86,13 +87,64 @@ Limit the ACL to rights for the object $object. It needs to be an RT::Record cla
 
 sub LimitToObject {
     my $self = shift;
-    my $obj = shift;
-    unless (defined($obj) && ref($obj) && UNIVERSAL::can($obj, 'id')) {
-    return undef;
+    my $obj  = shift;
+    unless ( defined($obj)
+        && ref($obj)
+        && UNIVERSAL::can( $obj, 'id' )
+        && $obj->id )
+    {
+        return undef;
     }
-    $self->Limit(FIELD => 'ObjectType', OPERATOR=> '=', VALUE => ref($obj), ENTRYAGGREGATOR => 'OR');
-    $self->Limit(FIELD => 'ObjectId', OPERATOR=> '=', VALUE => $obj->id, ENTRYAGGREGATOR => 'OR', QUOTEVALUE => 0);
+    $self->Limit(
+        FIELD           => 'ObjectType',
+        OPERATOR        => '=',
+        VALUE           => ref($obj),
+        ENTRYAGGREGATOR => 'OR'
+    );
+    $self->Limit(
+        FIELD           => 'ObjectId',
+        OPERATOR        => '=',
+        VALUE           => $obj->id,
+        ENTRYAGGREGATOR => 'OR',
+        QUOTEVALUE      => 0
+    );
+
+}
 
+# }}}
+
+# {{{ LimitNotObject
+
+=head2 LimitNotObject $object
+
+Limit the ACL to rights NOT on the object $object.  $object needs to be
+an RT::Record class.
+
+=cut
+
+sub LimitNotObject {
+    my $self = shift;
+    my $obj  = shift;
+    unless ( defined($obj)
+        && ref($obj)
+        && UNIVERSAL::can( $obj, 'id' )
+        && $obj->id )
+    {
+        return undef;
+    }
+    $self->Limit( FIELD => 'ObjectType',
+		  OPERATOR => '!=',
+		  VALUE => ref($obj),
+		  ENTRYAGGREGATOR => 'OR',
+		  SUBCLAUSE => $obj->id
+		);
+    $self->Limit( FIELD => 'ObjectId',
+		  OPERATOR => '!=',
+		  VALUE => $obj->id,
+		  ENTRYAGGREGATOR => 'OR',
+		  QUOTEVALUE => 0,
+		  SUBCLAUSE => $obj->id
+		);
 }
 
 # }}}
@@ -262,8 +314,15 @@ sub _DoSearch {
     my $self = shift;
    # $RT::Logger->debug("Now in ".$self."->_DoSearch");
     my $return = $self->SUPER::_DoSearch(@_);
-  #  $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return\n");
-    $self->_BuildHash();
+  #  $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return");
+    if ( $self->{'must_redo_search'} ) {
+        $RT::Logger->crit(
+"_DoSearch is not so successful as it still needs redo search, won't call _BuildHash"
+        );
+    }
+    else {
+        $self->_BuildHash();
+    }
     return ($return);
 }
 
@@ -273,7 +332,8 @@ sub _BuildHash {
     my $self = shift;
 
     while (my $entry = $self->Next) {
-       my $hashkey = $entry->ObjectType . "-" .  $entry->ObjectId . "-" .  $entry->RightName . "-" .  $entry->PrincipalId . "-" .  $entry->PrincipalType;
+        my $hashkey = join '-', map $entry->__Value( $_ ),
+            qw(ObjectType ObjectId RightName PrincipalId PrincipalType);
 
         $self->{'as_hash'}->{"$hashkey"} =1;