X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=rt%2Fshare%2Fhtml%2FHelpers%2FAutocomplete%2FCustomFieldValues;h=41799ac7a79311e98468fae8580365df700cb729;hb=44dd00a3ff974a17999e86e64488e996edc71e3c;hp=b8b21e4fead8c3459a088ab0928a1b736fa39c47;hpb=43a06151e47d2c59b833cbd8c26d97865ee850b6;p=freeside.git diff --git a/rt/share/html/Helpers/Autocomplete/CustomFieldValues b/rt/share/html/Helpers/Autocomplete/CustomFieldValues index b8b21e4fe..41799ac7a 100644 --- a/rt/share/html/Helpers/Autocomplete/CustomFieldValues +++ b/rt/share/html/Helpers/Autocomplete/CustomFieldValues @@ -2,7 +2,7 @@ %# %# COPYRIGHT: %# -%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC +%# This software is Copyright (c) 1996-2019 Best Practical Solutions, LLC %# %# %# (Except where explicitly superseded by other copyright notices) @@ -45,23 +45,69 @@ %# those contributions and any derivatives thereof. %# %# END BPS TAGGED BLOCK }}} -% $r->content_type('application/json'); +% $r->content_type('application/json; charset=utf-8'); <% JSON( \@suggestions ) |n %> % $m->abort; <%INIT> # Only autocomplete the last value my $term = (split /\n/, $ARGS{term} || '')[-1]; +my $abort = sub { + $r->content_type('application/json; charset=utf-8'); + $m->out(JSON( [] )); + $m->abort; +}; + +unless ( exists $ARGS{ContextType} and exists $ARGS{ContextId} ) { + RT->Logger->debug("No context provided"); + $abort->(); +} + +# Use _ParseObjectCustomFieldArgs to avoid duplicating the regex. +# See the docs for _ParseObjectCustomFieldArgs for details on the data +# structure returned. There will be only one CF, so drill down 2 layers +# to get the cf id, if one is there. + +my %custom_fields = _ParseObjectCustomFieldArgs(\%ARGS, IncludeBulkUpdate => 1); my $CustomField; -for my $k ( keys %ARGS ) { - next unless $k =~ /^Object-.*?-\d*-CustomField-(\d+)-Values?$/; - $CustomField = $1; - last; +foreach my $class ( keys %custom_fields ){ + foreach my $id ( keys %{$custom_fields{$class}} ){ + ($CustomField) = keys %{$custom_fields{$class}{$id}}; + } } -$m->abort unless $CustomField; +unless ( $CustomField ) { + RT->Logger->debug("No CustomField provided"); + $abort->(); +} + +my $SystemCustomFieldObj = RT::CustomField->new( RT->SystemUser ); +my ($id, $msg) = $SystemCustomFieldObj->LoadById( $CustomField ) ; +unless ( $id ) { + RT->Logger->debug("Invalid CustomField provided: $msg"); + $abort->(); +} + +my $context_object = $SystemCustomFieldObj->LoadContextObject( + $ARGS{ContextType}, $ARGS{ContextId} ); +$abort->() unless $context_object; + my $CustomFieldObj = RT::CustomField->new( $session{'CurrentUser'} ); -$CustomFieldObj->Load( $CustomField ); +if ( $SystemCustomFieldObj->ValidateContextObject($context_object) ) { + # drop our privileges that came from calling LoadContextObject as the System User + $context_object->new($session{'CurrentUser'}); + $context_object->LoadById($ARGS{ContextId}); + $CustomFieldObj->SetContextObject( $context_object ); +} else { + RT->Logger->debug("Invalid Context Object ".$context_object->id." for Custom Field ".$SystemCustomFieldObj->id); + $abort->(); +} + +($id, $msg) = $CustomFieldObj->LoadById( $CustomField ); +unless ( $CustomFieldObj->Name ) { + RT->Logger->debug("Current User cannot see this Custom Field, terminating"); + $abort->(); +} my $values = $CustomFieldObj->Values; $values->Limit( @@ -79,6 +125,13 @@ $values->Limit( SUBCLAUSE => 'autocomplete', CASESENSITIVE => 0, ); +$m->callback( + CallbackName => 'ModifyMaxResults', + max => \$ARGS{max}, + term => $term, + CustomField => $CustomFieldObj, +); +$values->RowsPerPage( $ARGS{max} // 10 ); my @suggestions;