%# BEGIN LICENSE BLOCK
%# 
%# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
%# 
%# (Except where explictly superceded by other copyright notices)
%# 
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
%# 
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%# General Public License for more details.
%# 
%# Unless otherwise specified, all modifications, corrections or
%# extensions to this work which alter its source code become the
%# property of Best Practical Solutions, LLC when submitted for
%# inclusion in the work.
%# 
%# 
%# END LICENSE BLOCK
<& /Elements/Header, Title => loc("Delegate rights") &>
<& /User/Elements/Tabs, 
    current_tab => 'User/Delegation.html', 
    Title => loc("Delegate rights") &>

<& /Elements/ListActions, actions => \@results &>

<form method="post">
<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::System' &>
<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::Queue' &>
<& Elements/DelegateRights, personalgroups => $personalgroups, objects => $objects, ObjectType => 'RT::Group' &>

<& /Elements/Submit &>
</form>
<%INIT>

my (@results, $arg);
foreach $arg (keys %ARGS) {
    next unless ($arg =~ /^Delegate-Existing-ACE-(\d+)-to-(\d+)-as-(\d+)$/);
       my $parent = $1;
       my $principal = $2;
       my $delegation = $3;
       unless ($ARGS{"Delegate-ACE-$1-to-$2"}) {
            my $ace_to_del = RT::ACE->new($session{'CurrentUser'});
            $ace_to_del->Load($delegation);
            my ($delval, $delmsg) = $ace_to_del->Delete();
            push (@results, $delmsg);
       }
}

foreach $arg (keys %ARGS) { 
    next unless ($arg =~ /^Delegate-ACE-(\d+)-to-(\d+)$/);
    my $parent = $1;
    my $principal = $2;
    # if we already delegate it, we just don't care
    next if (grep /^Delegate-Existing-ACE-$parent-to-$principal-/, keys %ARGS);
    my $ace = RT::ACE->new($session{'CurrentUser'});
    $ace->Load($1);
    unless ($ace->Id) {
        push (@results, loc('Right not found'));
        next;
    }
    my ($delid, $delmsg) = $ace->Delegate(PrincipalId => $principal);
    push (@results, $delmsg);
}

my $personalgroups = RT::Groups->new($session{'CurrentUser'});
$personalgroups->LimitToPersonalGroupsFor($session{'CurrentUser'}->PrincipalId);

my $objects;
my $acl = RT::ACL->new ($session{'CurrentUser'});
$acl->ExcludeDelegatedRights();
$acl->LimitToPrincipal(Id => $session{'CurrentUser'}->PrincipalId, 
                       IncludeGroupMembership => 1
                       );

while(my $right = $acl->Next) {
       push @{$objects->{$right->ObjectType}{$right->ObjectId}},$right;
}
</%INIT>