1 # {{{ BEGIN BPS TAGGED BLOCK
5 # This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC
6 # <jesse@bestpractical.com>
8 # (Except where explicitly superseded by other copyright notices)
13 # This work is made available to you under the terms of Version 2 of
14 # the GNU General Public License. A copy of that license should have
15 # been provided with this software, but in any event can be snarfed
18 # This work is distributed in the hope that it will be useful, but
19 # WITHOUT ANY WARRANTY; without even the implied warranty of
20 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 # General Public License for more details.
23 # You should have received a copy of the GNU General Public License
24 # along with this program; if not, write to the Free Software
25 # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
28 # CONTRIBUTION SUBMISSION POLICY:
30 # (The following paragraph is not intended to limit the rights granted
31 # to you to modify and distribute this software under the terms of
32 # the GNU General Public License and is only of importance to you if
33 # you choose to contribute your changes and enhancements to the
34 # community by submitting them to Best Practical Solutions, LLC.)
36 # By intentionally submitting any modifications, corrections or
37 # derivatives to this work, or any other work intended for use with
38 # Request Tracker, to Best Practical Solutions, LLC, you confirm that
39 # you are the copyright holder for those contributions and you grant
40 # Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
41 # royalty-free, perpetual, license to use, copy, create derivative
42 # works based on those contributions, and sublicense and distribute
43 # those contributions and any derivatives thereof.
45 # }}} END BPS TAGGED BLOCK
48 RT::ACL - collection of RT ACE objects
53 my $ACL = new RT::ACL($CurrentUser);
69 no warnings qw(redefine);
74 Hand out the next ACE that was found
81 =head2 LimitToObject $object
83 Limit the ACL to rights for the object $object. It needs to be an RT::Record class.
90 unless (defined($obj) && ref($obj) && UNIVERSAL::can($obj, 'id')) {
93 $self->Limit(FIELD => 'ObjectType', OPERATOR=> '=', VALUE => ref($obj), ENTRYAGGREGATOR => 'OR');
94 $self->Limit(FIELD => 'ObjectId', OPERATOR=> '=', VALUE => $obj->id, ENTRYAGGREGATOR => 'OR', QUOTEVALUE => 0);
100 # {{{ LimitToPrincipal
102 =head2 LimitToPrincipal { Type => undef, Id => undef, IncludeGroupMembership => undef }
104 Limit the ACL to the principal with PrincipalId Id and PrincipalType Type
109 if IncludeGroupMembership => 1 is specified, ACEs which apply to the principal due to group membership will be included in the resultset.
114 sub LimitToPrincipal {
116 my %args = ( Type => undef,
118 IncludeGroupMembership => undef,
120 if ( $args{'IncludeGroupMembership'} ) {
121 my $cgm = $self->NewAlias('CachedGroupMembers');
122 $self->Join( ALIAS1 => 'main',
123 FIELD1 => 'PrincipalId',
125 FIELD2 => 'GroupId' );
126 $self->Limit( ALIAS => $cgm,
129 VALUE => $args{'Id'},
130 ENTRYAGGREGATOR => 'OR' );
133 if ( defined $args{'Type'} ) {
134 $self->Limit( FIELD => 'PrincipalType',
136 VALUE => $args{'Type'},
137 ENTRYAGGREGATOR => 'OR' );
139 # if the principal id points to a user, we really want to point
140 # to their ACL equivalence group. The machinations we're going through
141 # lead me to start to suspect that we really want users and groups
142 # to just be the same table. or _maybe_ that we want an object db.
143 my $princ = RT::Principal->new($RT::SystemUser);
144 $princ->Load($args{'Id'});
145 if ($princ->PrincipalType eq 'User') {
146 my $group = RT::Group->new($RT::SystemUser);
147 $group->LoadACLEquivalenceGroup($princ);
148 $args{'Id'} = $group->PrincipalId;
150 $self->Limit( FIELD => 'PrincipalId',
152 VALUE => $args{'Id'},
153 ENTRYAGGREGATOR => 'OR' );
161 # {{{ ExcludeDelegatedRights
163 =head2 ExcludeDelegatedRights
165 Don't list rights which have been delegated.
169 sub ExcludeDelegatedRights {
171 $self->DelegatedBy(Id => 0);
172 $self->DelegatedFrom(Id => 0);
178 =head2 DelegatedBy { Id => undef }
180 Limit the ACL to rights delegated by the principal whose Principal Id is
194 FIELD => 'DelegatedBy',
196 VALUE => $args{'Id'},
197 ENTRYAGGREGATOR => 'OR'
206 =head2 DelegatedFrom { Id => undef }
208 Limit the ACL to rights delegate from the ACE which has the Id specified
220 $self->Limit(FIELD => 'DelegatedFrom', OPERATOR=> '=', VALUE => $args{'Id'}, ENTRYAGGREGATOR => 'OR');
231 my $ACE = $self->SUPER::Next();
232 if ( ( defined($ACE) ) and ( ref($ACE) ) ) {
234 if ( $self->CurrentUser->HasRight( Right => 'ShowACL',
235 Object => $ACE->Object )
236 or $self->CurrentUser->HasRight( Right => 'ModifyACL',
237 Object => $ACE->Object )
242 #If the user doesn't have the right to show this ACE
244 return ( $self->Next() );
248 #if there never was any ACE
259 #wrap around _DoSearch so that we can build the hash of returned
263 # $RT::Logger->debug("Now in ".$self."->_DoSearch");
264 my $return = $self->SUPER::_DoSearch(@_);
265 # $RT::Logger->debug("In $self ->_DoSearch. return from SUPER::_DoSearch was $return\n");
271 #Build a hash of this ACL's entries.
275 while (my $entry = $self->Next) {
276 my $hashkey = $entry->ObjectType . "-" . $entry->ObjectId . "-" . $entry->RightName . "-" . $entry->PrincipalId . "-" . $entry->PrincipalType;
278 $self->{'as_hash'}->{"$hashkey"} =1;
293 my %args = ( RightScope => undef,
294 RightAppliesTo => undef,
296 PrincipalId => undef,
297 PrincipalType => undef,
300 #if we haven't done the search yet, do it now.
303 if ($self->{'as_hash'}->{ $args{'RightScope'} . "-" .
304 $args{'RightAppliesTo'} . "-" .
305 $args{'RightName'} . "-" .
306 $args{'PrincipalId'} . "-" .
307 $args{'PrincipalType'}