-# {{{ BEGIN BPS TAGGED BLOCK
+# BEGIN BPS TAGGED BLOCK {{{
#
# COPYRIGHT:
#
-# This software is Copyright (c) 1996-2004 Best Practical Solutions, LLC
+# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC
# <jesse@bestpractical.com>
#
# (Except where explicitly superseded by other copyright notices)
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/copyleft/gpl.html.
#
#
# CONTRIBUTION SUBMISSION POLICY:
# works based on those contributions, and sublicense and distribute
# those contributions and any derivatives thereof.
#
-# }}} END BPS TAGGED BLOCK
+# END BPS TAGGED BLOCK }}}
=head1 NAME
RT::Groups - a collection of RT::Group objects
use RT::Groups;
my $groups = $RT::Groups->new($CurrentUser);
- $groups->LimitToReal();
+ $groups->UnLimit();
while (my $group = $groups->Next()) {
print $group->Id ." is a group id\n";
}
=cut
+
+package RT::Groups;
+
use strict;
no warnings qw(redefine);
+use RT::Users;
+
+# XXX: below some code is marked as subject to generalize in Groups, Users classes.
+# RUZ suggest name Principals::Generic or Principals::Base as abstract class, but
+# Jesse wants something that doesn't imply it's a Principals.pm subclass.
+# See comments below for candidats.
+
# {{{ sub _Init
+=begin testing
+
+# next had bugs
+# Groups->Limit( FIELD => 'id', OPERATOR => '!=', VALUE => xx );
+my $g = RT::Group->new($RT::SystemUser);
+my ($id, $msg) = $g->CreateUserDefinedGroup(Name => 'GroupsNotEqualTest');
+ok ($id, "created group #". $g->id) or diag("error: $msg");
+
+my $groups = RT::Groups->new($RT::SystemUser);
+$groups->Limit( FIELD => 'id', OPERATOR => '!=', VALUE => $g->id );
+$groups->LimitToUserDefinedGroups();
+my $bug = grep $_->id == $g->id, @{$groups->ItemsArrayRef};
+ok (!$bug, "didn't find group");
+
+=end testing
+
+=cut
+
sub _Init {
my $self = shift;
$self->{'table'} = "Groups";
$self->{'primary_key'} = "id";
+ my @result = $self->SUPER::_Init(@_);
+
$self->OrderBy( ALIAS => 'main',
FIELD => 'Name',
ORDER => 'ASC');
-
- return ( $self->SUPER::_Init(@_));
+ # XXX: this code should be generalized
+ $self->{'princalias'} = $self->Join(
+ ALIAS1 => 'main',
+ FIELD1 => 'id',
+ TABLE2 => 'Principals',
+ FIELD2 => 'id'
+ );
+
+ # even if this condition is useless and ids in the Groups table
+ # only match principals with type 'Group' this could speed up
+ # searches in some DBs.
+ $self->Limit( ALIAS => $self->{'princalias'},
+ FIELD => 'PrincipalType',
+ VALUE => 'Group',
+ );
+
+ return (@result);
}
# }}}
+=head2 PrincipalsAlias
+
+Returns the string that represents this Users object's primary "Principals" alias.
+
+=cut
+
+# XXX: should be generalized, code duplication
+sub PrincipalsAlias {
+ my $self = shift;
+ return($self->{'princalias'});
+
+}
+
+
# {{{ LimiToSystemInternalGroups
=head2 LimitToSystemInternalGroups
$self->Limit(FIELD => 'Domain', OPERATOR => '=', VALUE => 'Personal');
$self->Limit( FIELD => 'Instance',
OPERATOR => '=',
- VALUE => $princ,
- ENTRY_AGGREGATOR => 'OR');
+ VALUE => $princ);
}
# {{{ LimitToRolesForQueue
-=item LimitToRolesForQueue QUEUE_ID
+=head2 LimitToRolesForQueue QUEUE_ID
Limits the set of groups found to role groups for queue QUEUE_ID
# {{{ LimitToRolesForTicket
-=item LimitToRolesForTicket Ticket_ID
+=head2 LimitToRolesForTicket Ticket_ID
Limits the set of groups found to role groups for Ticket Ticket_ID
# {{{ LimitToRolesForSystem
-=item LimitToRolesForSystem System_ID
+=head2 LimitToRolesForSystem System_ID
Limits the set of groups found to role groups for System System_ID
$u->Create(Name => 'Membertests');
my $g = RT::Group->new($RT::SystemUser);
my ($id, $msg) = $g->CreateUserDefinedGroup(Name => 'Membertests');
-ok ($id,$msg);
+ok ($id, $msg);
my ($aid, $amsg) =$g->AddMember($u->id);
ok ($aid, $amsg);
ok ($groups->Count == 1,"found the 1 group - " . $groups->Count);
ok ($groups->First->Id == $g->Id, "it's the right one");
-
-
-
=end testing
}
-=head2 WithRight { Right => RIGHTNAME, Object => RT::Record, IncludeSystemRights => 1, IncludeSuperusers => 0 }
+=head2 WithRight { Right => RIGHTNAME, Object => RT::Record, IncludeSystemRights => 1, IncludeSuperusers => 0, EquivObjects => [ ] }
Find all groups which have RIGHTNAME for RT::Record. Optionally include global rights and superusers. By default, include the global rights, but not the superusers.
$groups = RT::Groups->new($RT::SystemUser);
$groups->WithRight(Right => 'OwnTicket', Object => $q);
ok ($id,$msg);
-is($groups->Count, 2);
+is($groups->Count, 3);
+
+my $RTxGroup = RT::Group->new($RT::SystemUser);
+($id, $msg) = $RTxGroup->CreateUserDefinedGroup( Name => 'RTxGroup', Description => "RTx extension group");
+ok ($id,$msg);
+
+my $RTxSysObj = {};
+bless $RTxSysObj, 'RTx::System';
+*RTx::System::Id = sub { 1; };
+*RTx::System::id = *RTx::System::Id;
+my $ace = RT::Record->new($RT::SystemUser);
+$ace->Table('ACL');
+$ace->_BuildTableAttributes unless ($_TABLE_ATTR->{ref($self)});
+($id, $msg) = $ace->Create( PrincipalId => $RTxGroup->id, PrincipalType => 'Group', RightName => 'RTxGroupRight', ObjectType => 'RTx::System', ObjectId => 1);
+ok ($id, "ACL for RTxSysObj created");
+
+my $RTxObj = {};
+bless $RTxObj, 'RTx::System::Record';
+*RTx::System::Record::Id = sub { 4; };
+*RTx::System::Record::id = *RTx::System::Record::Id;
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'RTxGroupRight', Object => $RTxSysObj);
+is($groups->Count, 1, "RTxGroupRight found for RTxSysObj");
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj);
+is($groups->Count, 0, "RTxGroupRight not found for RTxObj");
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj, EquivObjects => [ $RTxSysObj ]);
+is($groups->Count, 1, "RTxGroupRight found for RTxObj using EquivObjects");
+
+$ace = RT::Record->new($RT::SystemUser);
+$ace->Table('ACL');
+$ace->_BuildTableAttributes unless ($_TABLE_ATTR->{ref($self)});
+($id, $msg) = $ace->Create( PrincipalId => $RTxGroup->id, PrincipalType => 'Group', RightName => 'RTxGroupRight', ObjectType => 'RTx::System::Record', ObjectId => 5 );
+ok ($id, "ACL for RTxObj created");
+
+my $RTxObj2 = {};
+bless $RTxObj2, 'RTx::System::Record';
+*RTx::System::Record::Id = sub { 5; };
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj2);
+is($groups->Count, 1, "RTxGroupRight found for RTxObj2");
+
+$groups = RT::Groups->new($RT::SystemUser);
+$groups->WithRight(Right => 'RTxGroupRight', Object => $RTxObj2, EquivObjects => [ $RTxSysObj ]);
+is($groups->Count, 1, "RTxGroupRight found for RTxObj2");
+
+
=end testing
=cut
-
+#XXX: should be generilized
sub WithRight {
my $self = shift;
my %args = ( Right => undef,
Object => => undef,
IncludeSystemRights => 1,
IncludeSuperusers => undef,
+ IncludeSubgroupMembers => 0,
+ EquivObjects => [ ],
@_ );
- my $acl = $self->NewAlias('ACL');
-
- # {{{ Find only rows where the right granted is the one we're looking up or _possibly_ superuser
- $self->Limit( ALIAS => $acl,
- FIELD => 'RightName',
- OPERATOR => ($args{Right} ? '=' : 'IS NOT'),
- VALUE => $args{Right} || 'NULL',
- ENTRYAGGREGATOR => 'OR' );
-
- if ( $args{'IncludeSuperusers'} and $args{'Right'} ) {
- $self->Limit( ALIAS => $acl,
- FIELD => 'RightName',
- OPERATOR => '=',
- VALUE => 'SuperUser',
- ENTRYAGGREGATOR => 'OR' );
- }
- # }}}
-
- my ($or_check_ticket_roles, $or_check_roles);
- my $which_object = "$acl.ObjectType = 'RT::System'";
-
- if ( defined $args{'Object'} ) {
- if ( ref($args{'Object'}) eq 'RT::Ticket' ) {
- $or_check_ticket_roles =
- " OR ( main.Domain = 'RT::Ticket-Role' AND main.Instance = " . $args{'Object'}->Id . ") ";
-
- # If we're looking at ticket rights, we also want to look at the associated queue rights.
- # this is a little bit hacky, but basically, now that we've done the ticket roles magic,
- # we load the queue object and ask all the rest of our questions about the queue.
- $args{'Object'} = $args{'Object'}->QueueObj;
- }
- # TODO XXX This really wants some refactoring
- if ( ref($args{'Object'}) eq 'RT::Queue' ) {
- $or_check_roles =
- " OR ( ( (main.Domain = 'RT::Queue-Role' AND main.Instance = " .
- $args{'Object'}->Id . ") $or_check_ticket_roles ) " .
- " AND main.Type = $acl.PrincipalType) ";
- }
-
- if ( $args{'IncludeSystemRights'} ) {
- $which_object .= ' OR ';
- }
- else {
- $which_object = '';
- }
- $which_object .=
- " ($acl.ObjectType = '" . ref($args{'Object'}) . "'" .
- " AND $acl.ObjectId = " . $args{'Object'}->Id . ") ";
- }
+ my $from_role = $self->Clone;
+ $from_role->WithRoleRight( %args );
- $self->_AddSubClause( "WhichObject", "($which_object)" );
-
- $self->_AddSubClause( "WhichGroup",
- qq{
- ( ( $acl.PrincipalId = main.id
- AND $acl.PrincipalType = 'Group'
- AND ( main.Domain = 'SystemInternal'
- OR main.Domain = 'UserDefined'
- OR main.Domain = 'ACLEquivalence'))
- $or_check_roles)
- }
- );
+ my $from_group = $self->Clone;
+ $from_group->WithGroupRight( %args );
+
+ #XXX: DIRTY HACK
+ use DBIx::SearchBuilder::Union;
+ my $union = new DBIx::SearchBuilder::Union;
+ $union->add($from_role);
+ $union->add($from_group);
+ %$self = %$union;
+ bless $self, ref($union);
+
+ return;
}
+#XXX: methods are active aliases to Users class to prevent code duplication
+# should be generalized
+sub _JoinGroups {
+ my $self = shift;
+ my %args = (@_);
+ return 'main' unless $args{'IncludeSubgroupMembers'};
+ return $self->RT::Users::_JoinGroups( %args );
+}
+sub _JoinGroupMembers {
+ my $self = shift;
+ my %args = (@_);
+ return 'main' unless $args{'IncludeSubgroupMembers'};
+ return $self->RT::Users::_JoinGroupMembers( %args );
+}
+sub _JoinGroupMembersForGroupRights {
+ my $self = shift;
+ my %args = (@_);
+ my $group_members = $self->_JoinGroupMembers( %args );
+ unless( $group_members eq 'main' ) {
+ return $self->RT::Users::_JoinGroupMembersForGroupRights( %args );
+ }
+ $self->Limit( ALIAS => $args{'ACLAlias'},
+ FIELD => 'PrincipalId',
+ VALUE => "main.id",
+ QUOTEVALUE => 0,
+ );
+}
+sub _JoinACL { return (shift)->RT::Users::_JoinACL( @_ ) }
+sub _GetEquivObjects { return (shift)->RT::Users::_GetEquivObjects( @_ ) }
+sub WithGroupRight { return (shift)->RT::Users::WhoHaveGroupRight( @_ ) }
+sub WithRoleRight { return (shift)->RT::Users::WhoHaveRoleRight( @_ ) }
+
# {{{ sub LimitToEnabled
=head2 LimitToEnabled
sub LimitToEnabled {
my $self = shift;
- my $alias = $self->Join(
- TYPE => 'left',
- ALIAS1 => 'main',
- FIELD1 => 'id',
- TABLE2 => 'Principals',
- FIELD2 => 'id'
- );
-
- $self->Limit( ALIAS => $alias,
- FIELD => 'Disabled',
- VALUE => '0',
- OPERATOR => '=' );
+ $self->Limit( ALIAS => $self->PrincipalsAlias,
+ FIELD => 'Disabled',
+ VALUE => '0',
+ OPERATOR => '=',
+ );
}
# }}}
sub LimitToDeleted {
my $self = shift;
- my $alias = $self->Join(
- TYPE => 'left',
- ALIAS1 => 'main',
- FIELD1 => 'id',
- TABLE2 => 'Principals',
- FIELD2 => 'id'
- );
-
$self->{'find_disabled_rows'} = 1;
- $self->Limit( ALIAS => $alias,
- FIELD => 'Disabled',
- OPERATOR => '=',
- VALUE => '1'
- );
+ $self->Limit( ALIAS => $self->PrincipalsAlias,
+ FIELD => 'Disabled',
+ OPERATOR => '=',
+ VALUE => 1,
+ );
}
# }}}
+# {{{ sub Next
+
+sub Next {
+ my $self = shift;
+
+ # Don't show groups which the user isn't allowed to see.
+
+ my $Group = $self->SUPER::Next();
+ if ((defined($Group)) and (ref($Group))) {
+ unless ($Group->CurrentUserHasRight('SeeGroup')) {
+ return $self->Next();
+ }
+
+ return $Group;
+ }
+ else {
+ return undef;
+ }
+}
+
+
+
sub _DoSearch {
my $self = shift;
projects / freeside.git / blobdiff