X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Flib%2FRT%2FGroupMember_Overlay.pm;h=efaa3c7d0a064a13b505fb33788ecf2bdcf5d485;hb=fc6209f398899f0211cfcedeb81a3cd65e04a941;hp=20949f0174473223d265810d91166aafdc30f2c9;hpb=945721f48f74d5cfffef7c7cf3a3d6bc2521f5dd;p=freeside.git diff --git a/rt/lib/RT/GroupMember_Overlay.pm b/rt/lib/RT/GroupMember_Overlay.pm index 20949f017..efaa3c7d0 100644 --- a/rt/lib/RT/GroupMember_Overlay.pm +++ b/rt/lib/RT/GroupMember_Overlay.pm @@ -1,26 +1,51 @@ -# BEGIN LICENSE BLOCK -# -# Copyright (c) 1996-2003 Jesse Vincent -# -# (Except where explictly superceded by other copyright notices) -# +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2011 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# -# Unless otherwise specified, all modifications, corrections or -# extensions to this work which alter its source code become the -# property of Best Practical Solutions, LLC when submitted for -# inclusion in the work. -# -# -# END LICENSE BLOCK +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} + =head1 NAME RT::GroupMember - a member of an RT Group @@ -41,14 +66,12 @@ doing something wrong. =head1 METHODS -=begin testing -ok (require RT::GroupMember); -=end testing +=cut -=cut +package RT::GroupMember; use strict; no warnings qw(redefine); @@ -98,7 +121,7 @@ sub Create { #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. # TODO what about the groups key cache? - RT::Principal->_InvalidateACLCache(); + RT::Principal->InvalidateACLCache(); $RT::Handle->BeginTransaction() unless ($args{'InsideTransaction'}); @@ -111,10 +134,12 @@ sub Create { my $member_object = $args{'Member'}->Object; if ($member_object->HasMemberRecursively($args{'Group'})) { $RT::Logger->debug("Adding that group would create a loop"); + $RT::Handle->Rollback() unless ($args{'InsideTransaction'}); return(undef); } elsif ( $args{'Member'}->Id == $args{'Group'}->Id) { $RT::Logger->debug("Can't add a group to itself"); + $RT::Handle->Rollback() unless ($args{'InsideTransaction'}); return(undef); } } @@ -147,6 +172,14 @@ sub Create { # find things which have the current group as a member. # $group is an RT::Principal for the group. $cgm->LimitToGroupsWithMember( $args{'Group'}->Id ); + $cgm->Limit( + SUBCLAUSE => 'filter', # dont't mess up with prev condition + FIELD => 'MemberId', + OPERATOR => '!=', + VALUE => 'main.GroupId', + QUOTEVALUE => 0, + ENTRYAGGREGATOR => 'AND', + ); while ( my $parent_member = $cgm->Next ) { my $parent_id = $parent_member->MemberId; @@ -207,7 +240,7 @@ sub _StashUser { #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. # TODO what about the groups key cache? - RT::Principal->_InvalidateACLCache(); + RT::Principal->InvalidateACLCache(); # We really need to make sure we don't add any members to this group @@ -281,9 +314,6 @@ sub Delete { VALUE => $self->GroupObj->Id ); - #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. - # TODO what about the groups key cache? - RT::Principal->_InvalidateACLCache(); @@ -297,12 +327,27 @@ sub Delete { } } - my $err = $self->SUPER::Delete(); + my ($err, $msg) = $self->SUPER::Delete(); unless ($err) { $RT::Logger->warning("Couldn't delete cached group submember ".$self->Id); $RT::Handle->Rollback(); return (undef); } + + # Since this deletion may have changed the former member's + # delegation rights, we need to ensure that no invalid delegations + # remain. + $err = $self->MemberObj->_CleanupInvalidDelegations(InsideTransaction => 1); + unless ($err) { + $RT::Logger->warning("Unable to revoke delegated rights for principal ".$self->Id); + $RT::Handle->Rollback(); + return (undef); + } + + #Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space. + # TODO what about the groups key cache? + RT::Principal->InvalidateACLCache(); + $RT::Handle->Commit(); return ($err); @@ -322,7 +367,7 @@ sub MemberObj { my $self = shift; unless ( defined( $self->{'Member_obj'} ) ) { $self->{'Member_obj'} = RT::Principal->new( $self->CurrentUser ); - $self->{'Member_obj'}->Load( $self->MemberId ); + $self->{'Member_obj'}->Load( $self->MemberId ) if ($self->MemberId); } return ( $self->{'Member_obj'} ); }