3 Does principal baz have right foo for object bar
5 What rights does user baz have for object bar
7 # {{{ Which principals have right foo for object bar
10 if ($args{'ObjectType'} eq 'Ticket') {
11 $or_check_ticket_roles = " OR ( Groups.Domain = 'TicketRole' AND Groups.Instance = '".$args{'ObjectId'}."') ";
12 # If we're looking at ticket rights, we also want to look at the associated queue rights.
13 # this is a little bit hacky, but basically, now that we've done the ticket roles magic, we load the queue object
14 # and ask all the rest of our questions about the queue.
15 my $tick = RT::Ticket->new($RT::SystemUser);
16 $tick->Load($args{'ObjectId'});
17 $args{'ObjectType'} = 'Queue';
18 $args{'ObjectId'} = $tick->QueueObj->Id();
21 if ($args{'ObjectType'} eq 'Queue') {
22 $or_check_roles = " OR ( ( (Groups.Domain = 'QueueRole' AND Groups.Instance = '".$args{'ObjectId'}."') $or_check_ticket_roles )
23 AND Groups.Type = ACL.PrincipalType AND Groups.Id = Principals.ObjectId AND Principals.PrincipalType = 'Group') ";
26 if (defined $args{'ObjectType'} ) {
27 $or_look_at_object_rights = " OR (ACL.ObjectType = '".$args{'ObjectType'}."' AND ACL.ObjectId = '".$args{'ObjectId'}."') ";
31 my $query = "SELECT Users.* from ACL, Groups, Users, Principals, Principals UserPrinc, CachedGroupMembers WHERE
32 Users.id = UserPrinc.ObjectId AND UserPrinc.PrincipalType = 'User' AND
33 Principals.Id = CachedGroupMembers.GroupId AND
34 CachedGroupMembers.MemberId = UserPrinc.ObjectId AND
35 UserPrinc.PrincipalType = 'User' AND
36 (ACL.RightName = 'SuperUser' OR ACL.RightName = '$right') AND
37 (ACL.ObjectType = 'System' $or_look_at_object_rights) AND
39 (ACL.PrincipalId = Principals.Id AND
40 Principals.ObjectId = Groups.Id AND
41 ACL.PrincipalType = 'Group' AND
42 (Groups.Domain = 'SystemInternal' OR Groups.Domain = 'UserDefined' OR Groups.Domain = 'ACLEquivalence')
49 What objects does principal baz have right foo for
projects / freeside.git / blob