-# BEGIN LICENSE BLOCK
+# {{{ BEGIN BPS TAGGED BLOCK
#
-# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
+# COPYRIGHT:
+#
+# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC
+# <jesse@bestpractical.com>
#
-# (Except where explictly superceded by other copyright notices)
+# (Except where explicitly superseded by other copyright notices)
+#
+#
+# LICENSE:
#
# This work is made available to you under the terms of Version 2 of
# the GNU General Public License. A copy of that license should have
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
-# Unless otherwise specified, all modifications, corrections or
-# extensions to this work which alter its source code become the
-# property of Best Practical Solutions, LLC when submitted for
-# inclusion in the work.
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+#
+# CONTRIBUTION SUBMISSION POLICY:
#
+# (The following paragraph is not intended to limit the rights granted
+# to you to modify and distribute this software under the terms of
+# the GNU General Public License and is only of importance to you if
+# you choose to contribute your changes and enhancements to the
+# community by submitting them to Best Practical Solutions, LLC.)
#
-# END LICENSE BLOCK
+# By intentionally submitting any modifications, corrections or
+# derivatives to this work, or any other work intended for use with
+# Request Tracker, to Best Practical Solutions, LLC, you confirm that
+# you are the copyright holder for those contributions and you grant
+# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable,
+# royalty-free, perpetual, license to use, copy, create derivative
+# works based on those contributions, and sublicense and distribute
+# those contributions and any derivatives thereof.
+#
+# }}} END BPS TAGGED BLOCK
=head1 NAME
RT::Groups - a collection of RT::Group objects
}
+=head2 WithRight { Right => RIGHTNAME, Object => RT::Record, IncludeSystemRights => 1, IncludeSuperusers => 0 }
+
+
+Find all groups which have RIGHTNAME for RT::Record. Optionally include global rights and superusers. By default, include the global rights, but not the superusers.
+
+=begin testing
+
+my $q = RT::Queue->new($RT::SystemUser);
+my ($id, $msg) =$q->Create( Name => 'GlobalACLTest');
+ok ($id, $msg);
+
+my $testuser = RT::User->new($RT::SystemUser);
+($id,$msg) = $testuser->Create(Name => 'JustAnAdminCc');
+ok ($id,$msg);
+
+my $global_admin_cc = RT::Group->new($RT::SystemUser);
+$global_admin_cc->LoadSystemRoleGroup('AdminCc');
+ok($global_admin_cc->id, "Found the global admincc group");
+my $groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'OwnTicket', Object => $q);
+is($groups->Count, 1);
+($id, $msg) = $global_admin_cc->PrincipalObj->GrantRight(Right =>'OwnTicket', Object=> $RT::System);
+ok ($id,$msg);
+ok (!$testuser->HasRight(Object => $q, Right => 'OwnTicket') , "The test user does not have the right to own tickets in the test queue");
+($id, $msg) = $q->AddWatcher(Type => 'AdminCc', PrincipalId => $testuser->id);
+ok($id,$msg);
+ok ($testuser->HasRight(Object => $q, Right => 'OwnTicket') , "The test user does have the right to own tickets now. thank god.");
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'OwnTicket', Object => $q);
+ok ($id,$msg);
+is($groups->Count, 2);
+
+=end testing
+
+
+=cut
+
+
sub WithRight {
my $self = shift;
my %args = ( Right => undef,
IncludeSuperusers => undef,
@_ );
- my $groupprinc = $self->NewAlias('Principals');
my $acl = $self->NewAlias('ACL');
# {{{ Find only rows where the right granted is the one we're looking up or _possibly_ superuser
$or_check_roles =
" OR ( ( (main.Domain = 'RT::Queue-Role' AND main.Instance = " .
$args{'Object'}->Id . ") $or_check_ticket_roles ) " .
- " AND main.Type = $acl.PrincipalType AND main.id = $groupprinc.id) ";
+ " AND main.Type = $acl.PrincipalType) ";
}
if ( $args{'IncludeSystemRights'} ) {
$self->_AddSubClause( "WhichGroup",
qq{
- ( ( $acl.PrincipalId = $groupprinc.id
+ ( ( $acl.PrincipalId = main.id
AND $acl.PrincipalType = 'Group'
AND ( main.Domain = 'SystemInternal'
OR main.Domain = 'UserDefined'
- OR main.Domain = 'ACLEquivalence')
- AND main.id = $groupprinc.id)
+ OR main.Domain = 'ACLEquivalence'))
$or_check_roles)
}
);
ALIAS1 => 'main',
FIELD1 => 'id',
TABLE2 => 'Principals',
- FIELD2 => 'ObjectId'
+ FIELD2 => 'id'
);
$self->Limit( ALIAS => $alias,
ALIAS1 => 'main',
FIELD1 => 'id',
TABLE2 => 'Principals',
- FIELD2 => 'ObjectId'
+ FIELD2 => 'id'
);
$self->{'find_disabled_rows'} = 1;
);
}
# }}}
+
+sub _DoSearch {
+ my $self = shift;
+
+ #unless we really want to find disabled rows, make sure we\'re only finding enabled ones.
+ unless($self->{'find_disabled_rows'}) {
+ $self->LimitToEnabled();
+ }
+
+ return($self->SUPER::_DoSearch(@_));
+
+}
+
1;