%#
%# COPYRIGHT:
%#
-%# This software is Copyright (c) 1996-2012 Best Practical Solutions, LLC
+%# This software is Copyright (c) 1996-2016 Best Practical Solutions, LLC
%# <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
-% $r->content_type('application/json');
+% $r->content_type('application/json; charset=utf-8');
<% JSON( \@suggestions ) |n %>
% $m->abort;
<%INIT>
# Only autocomplete the last value
my $term = (split /\n/, $ARGS{term} || '')[-1];
+my $abort = sub {
+ $r->content_type('application/json; charset=utf-8');
+ $m->out(JSON( [] ));
+ $m->abort;
+};
+
+unless ( exists $ARGS{ContextType} and exists $ARGS{ContextId} ) {
+ RT->Logger->debug("No context provided");
+ $abort->();
+}
+
+# Use _ParseObjectCustomFieldArgs to avoid duplicating the regex.
+# See the docs for _ParseObjectCustomFieldArgs for details on the data
+# structure returned. There will be only one CF, so drill down 2 layers
+# to get the cf id, if one is there.
+
+my %custom_fields = _ParseObjectCustomFieldArgs(\%ARGS);
my $CustomField;
-for my $k ( keys %ARGS ) {
- next unless $k =~ /^Object-.*?-\d*-CustomField-(\d+)-Values?$/;
- $CustomField = $1;
- last;
+foreach my $class ( keys %custom_fields ){
+ foreach my $id ( keys %{$custom_fields{$class}} ){
+ ($CustomField) = keys %{$custom_fields{$class}{$id}};
+ }
}
-$m->abort unless $CustomField;
+unless ( $CustomField ) {
+ RT->Logger->debug("No CustomField provided");
+ $abort->();
+}
+
+my $SystemCustomFieldObj = RT::CustomField->new( RT->SystemUser );
+my ($id, $msg) = $SystemCustomFieldObj->LoadById( $CustomField ) ;
+unless ( $id ) {
+ RT->Logger->debug("Invalid CustomField provided: $msg");
+ $abort->();
+}
+
+my $context_object = $SystemCustomFieldObj->LoadContextObject(
+ $ARGS{ContextType}, $ARGS{ContextId} );
+$abort->() unless $context_object;
+
my $CustomFieldObj = RT::CustomField->new( $session{'CurrentUser'} );
-$CustomFieldObj->Load( $CustomField );
+if ( $SystemCustomFieldObj->ValidateContextObject($context_object) ) {
+ # drop our privileges that came from calling LoadContextObject as the System User
+ $context_object->new($session{'CurrentUser'});
+ $context_object->LoadById($ARGS{ContextId});
+ $CustomFieldObj->SetContextObject( $context_object );
+} else {
+ RT->Logger->debug("Invalid Context Object ".$context_object->id." for Custom Field ".$SystemCustomFieldObj->id);
+ $abort->();
+}
+
+($id, $msg) = $CustomFieldObj->LoadById( $CustomField );
+unless ( $CustomFieldObj->Name ) {
+ RT->Logger->debug("Current User cannot see this Custom Field, terminating");
+ $abort->();
+}
my $values = $CustomFieldObj->Values;
$values->Limit(
SUBCLAUSE => 'autocomplete',
CASESENSITIVE => 0,
);
+$m->callback(
+ CallbackName => 'ModifyMaxResults',
+ max => \$ARGS{max},
+ term => $term,
+ CustomField => $CustomFieldObj,
+);
+$values->RowsPerPage( $ARGS{max} // 10 );
my @suggestions;