5 use RT::Test tests => 76;
17 my $Queue = RT::Queue->new($RT::SystemUser);
19 is ($Queue->AvailableRights->{'DeleteTicket'} , 'Delete tickets', "Found the delete ticket right");
20 is ($RT::System->AvailableRights->{'SuperUser'}, 'Do anything and everything', "Found the superuser right");
29 my $user_a = RT::User->new($RT::SystemUser);
30 $user_a->Create( Name => 'DelegationA', Privileged => 1);
31 ok ($user_a->Id, "Created delegation user a");
33 my $user_b = RT::User->new($RT::SystemUser);
34 $user_b->Create( Name => 'DelegationB', Privileged => 1);
35 ok ($user_b->Id, "Created delegation user b");
39 my $q = RT::Queue->new($RT::SystemUser);
40 $q->Create(Name =>'DelegationTest');
41 ok ($q->Id, "Created a delegation test queue");
44 #------ First, we test whether a user can delegate a right that's been granted to him personally
45 my ($val, $msg) = $user_a->PrincipalObj->GrantRight(Object => $RT::System, Right => 'AdminOwnPersonalGroups');
48 ($val, $msg) = $user_a->PrincipalObj->GrantRight(Object =>$q, Right => 'OwnTicket');
51 ok($user_a->HasRight( Object => $RT::System, Right => 'AdminOwnPersonalGroups') ,"user a has the right 'AdminOwnPersonalGroups' directly");
53 my $a_delegates = RT::Group->new($user_a);
54 $a_delegates->CreatePersonalGroup(Name => 'Delegates');
55 ok( $a_delegates->Id ,"user a creates a personal group 'Delegates'");
56 ok( $a_delegates->AddMember($user_b->PrincipalId) ,"user a adds user b to personal group 'delegates'");
58 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to OwnTicket' in queue 'DelegationTest'");
59 ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to 'OwnTicket' in queue 'DelegationTest'");
60 ok(!$user_a->HasRight( Object => $RT::System, Right => 'DelegateRights') ,"user a does not have the right 'delegate rights'");
63 my $own_ticket_ace = RT::ACE->new($user_a);
64 my $user_a_equiv_group = RT::Group->new($user_a);
65 $user_a_equiv_group->LoadACLEquivalenceGroup($user_a->PrincipalObj);
66 ok ($user_a_equiv_group->Id, "Loaded the user A acl equivalence group");
67 my $user_b_equiv_group = RT::Group->new($user_b);
68 $user_b_equiv_group->LoadACLEquivalenceGroup($user_b->PrincipalObj);
69 ok ($user_b_equiv_group->Id, "Loaded the user B acl equivalence group");
70 $own_ticket_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $user_a_equiv_group->PrincipalId, Object=>$q, RightName => 'OwnTicket');
72 ok ($own_ticket_ace->Id, "Found the ACE we want to test with for now");
75 ($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
76 ok( !$val ,"user a tries and fails to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
79 ($val, $msg) = $user_a->PrincipalObj->GrantRight( Right => 'DelegateRights');
80 ok($val, "user a is granted the right to 'delegate rights' - $msg");
82 ok($user_a->HasRight( Object => $RT::System, Right => 'DelegateRights') ,"user a has the right 'DeletgateRights'");
84 ($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
86 ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
87 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
88 my $delegated_ace = RT::ACE->new($user_a);
89 $delegated_ace->LoadByValues ( Object => $q, RightName => 'OwnTicket', PrincipalType => 'Group',
90 PrincipalId => $a_delegates->PrincipalId, DelegatedBy => $user_a->PrincipalId, DelegatedFrom => $own_ticket_ace->Id);
91 ok ($delegated_ace->Id, "Found the delegated ACE");
93 ok( $a_delegates->DeleteMember($user_b->PrincipalId) ,"user a removes b from pg 'delegates'");
94 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
95 ok( $a_delegates->AddMember($user_b->PrincipalId) ,"user a adds user b to personal group 'delegates'");
96 ok( $user_b->HasRight(Right => 'OwnTicket', Object=> $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
97 ok( $delegated_ace->Delete ,"user a revokes pg 'delegates' right to 'OwnTickets' in queue 'DelegationTest'");
98 ok( ! $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
100 ($val, $msg) = $own_ticket_ace->Delegate(PrincipalId => $a_delegates->PrincipalId) ;
101 ok( $val ,"user a delegates pg 'delegates' right to 'OwnTickets' in queue 'DelegationTest' - $msg");
103 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
105 ($val, $msg) = $user_a->PrincipalObj->RevokeRight(Object=>$q, Right => 'OwnTicket');
106 ok($val, "Revoked user a's right to own tickets in queue 'DelegationTest". $msg);
108 ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest'");
110 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
112 ($val, $msg) = $user_a->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
115 ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to own tickets in queue 'DelegationTest'");
117 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
119 # {{{ get back to a known clean state
120 ($val, $msg) = $user_a->PrincipalObj->RevokeRight( Object => $q, Right => 'OwnTicket');
121 ok($val, "Revoked user a's right to own tickets in queue 'DelegationTest -". $msg);
122 ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"make sure that user a can't own tickets in queue 'DelegationTest'");
126 # {{{ Set up some groups and membership
127 my $del1 = RT::Group->new($RT::SystemUser);
128 ($val, $msg) = $del1->CreateUserDefinedGroup(Name => 'Del1');
129 ok( $val ,"create a group del1 - $msg");
131 my $del2 = RT::Group->new($RT::SystemUser);
132 ($val, $msg) = $del2->CreateUserDefinedGroup(Name => 'Del2');
133 ok( $val ,"create a group del2 - $msg");
134 ($val, $msg) = $del1->AddMember($del2->PrincipalId);
135 ok( $val,"make del2 a member of del1 - $msg");
137 my $del2a = RT::Group->new($RT::SystemUser);
138 ($val, $msg) = $del2a->CreateUserDefinedGroup(Name => 'Del2a');
139 ok( $val ,"create a group del2a - $msg");
140 ($val, $msg) = $del2->AddMember($del2a->PrincipalId);
141 ok($val ,"make del2a a member of del2 - $msg");
143 my $del2b = RT::Group->new($RT::SystemUser);
144 ($val, $msg) = $del2b->CreateUserDefinedGroup(Name => 'Del2b');
145 ok( $val ,"create a group del2b - $msg");
146 ($val, $msg) = $del2->AddMember($del2b->PrincipalId);
147 ok($val ,"make del2b a member of del2 - $msg");
149 ($val, $msg) = $del2->AddMember($user_a->PrincipalId) ;
150 ok($val,"make 'user a' a member of del2 - $msg");
152 ($val, $msg) = $del2b->AddMember($user_a->PrincipalId) ;
153 ok($val,"make 'user a' a member of del2b - $msg");
157 # {{{ Grant a right to a group and make sure that a submember can delegate the right and that it does not get yanked
158 # when a user is removed as a submember, when they're a submember through another path
159 ($val, $msg) = $del1->PrincipalObj->GrantRight( Object=> $q, Right => 'OwnTicket');
160 ok( $val ,"grant del1 the right to 'OwnTicket' in queue 'DelegationTest' - $msg");
162 ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"make sure that user a can own tickets in queue 'DelegationTest'");
164 my $group_ace= RT::ACE->new($user_a);
165 $group_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $del1->PrincipalId, Object => $q, RightName => 'OwnTicket');
167 ok ($group_ace->Id, "Found the ACE we want to test with for now");
169 ($val, $msg) = $group_ace->Delegate(PrincipalId => $a_delegates->PrincipalId);
171 ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
172 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
175 ($val, $msg) = $del2b->DeleteMember($user_a->PrincipalId);
176 ok( $val ,"remove user a from group del2b - $msg");
177 ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a has the right to own tickets in queue 'DelegationTest'");
178 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
182 # {{{ When a user is removed froom a group by the only path they're in there by, make sure the delegations go away
183 ($val, $msg) = $del2->DeleteMember($user_a->PrincipalId);
184 ok( $val ,"remove user a from group del2 - $msg");
185 ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest' ");
186 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest' ");
189 ($val, $msg) = $del2->AddMember($user_a->PrincipalId);
190 ok( $val ,"make user a a member of group del2 - $msg");
192 ($val, $msg) = $del2->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
193 ok($val, "grant the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
195 my $del2_right = RT::ACE->new($user_a);
196 $del2_right->LoadByValues( PrincipalId => $del2->PrincipalId, PrincipalType => 'Group', Object => $q, RightName => 'OwnTicket');
197 ok ($del2_right->Id, "Found the right");
199 ($val, $msg) = $del2_right->Delegate(PrincipalId => $a_delegates->PrincipalId);
200 ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' gotten via del2 to personal group 'delegates' - $msg");
202 # They have it via del1 and del2
203 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
206 ($val, $msg) = $del2->PrincipalObj->RevokeRight(Object=>$q, Right => 'OwnTicket');
207 ok($val, "revoke the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
208 ok( $user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does has the right to own tickets in queue 'DelegationTest' via del1");
209 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
211 ($val, $msg) = $del2->PrincipalObj->GrantRight(Object=>$q, Right => 'OwnTicket');
212 ok($val, "grant the right 'own tickets' in queue 'DelegationTest' to group del2 - $msg");
215 $group_ace= RT::ACE->new($user_a);
216 $group_ace->LoadByValues( PrincipalType => 'Group', PrincipalId => $del1->PrincipalId, Object=>$q, RightName => 'OwnTicket');
218 ok ($group_ace->Id, "Found the ACE we want to test with for now");
220 ($val, $msg) = $group_ace->Delegate(PrincipalId => $a_delegates->PrincipalId);
222 ok( $val ,"user a tries and succeeds to delegate the right 'ownticket' in queue 'DelegationTest' to personal group 'delegates' - $msg");
224 ok( $user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b has the right to own tickets in queue 'DelegationTest'");
226 ($val, $msg) = $del2->DeleteMember($user_a->PrincipalId);
227 ok( $val ,"remove user a from group del2 - $msg");
229 ok( !$user_a->HasRight(Right => 'OwnTicket', Object => $q) ,"user a does not have the right to own tickets in queue 'DelegationTest'");
231 ok( !$user_b->HasRight(Right => 'OwnTicket', Object => $q) ,"user b does not have the right to own tickets in queue 'DelegationTest'");
projects / freeside.git / blob