X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT%2FSavedSearch.pm;h=cd4578660a0dbf59f02a37a01e68c2dd098a8aff;hp=65411a7b2f08800c18cac6bf2007ab77c907c480;hb=ef20b2b6b1feb47ad02b5ff7525f1a0fd11d0fa4;hpb=a513c0bef534d05f03c1242831b6f3be19b97dae

diff --git a/rt/lib/RT/SavedSearch.pm b/rt/lib/RT/SavedSearch.pm
index 65411a7b2..cd4578660 100644
--- a/rt/lib/RT/SavedSearch.pm
+++ b/rt/lib/RT/SavedSearch.pm
@@ -2,7 +2,7 @@
 # 
 # COPYRIGHT:
 #  
-# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC 
+# This software is Copyright (c) 1996-2007 Best Practical Solutions, LLC 
 #                                          <jesse@bestpractical.com>
 # 
 # (Except where explicitly superseded by other copyright notices)
@@ -22,7 +22,9 @@
 # 
 # You should have received a copy of the GNU General Public License
 # along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301 or visit their web page on the internet at
+# http://www.gnu.org/copyleft/gpl.html.
 # 
 # 
 # CONTRIBUTION SUBMISSION POLICY:
@@ -43,7 +45,6 @@
 # those contributions and any derivatives thereof.
 # 
 # END BPS TAGGED BLOCK }}}
-
 =head1 NAME
 
   RT::SavedSearch - an API for saving and retrieving search form values.
@@ -76,8 +77,8 @@ use RT::Base;
 use RT::Attribute;
 
 use strict;
-use vars qw/@ISA/;
-@ISA = qw/RT::Base/;
+use warnings;
+use base qw/RT::Base/;
 
 sub new  {
     my $proto = shift;
@@ -116,7 +117,7 @@ sub Load {
 	    return (0, $self->loc("Search attribute load failure"));
 	}
     } else {
-	$RT::Logger->error("Could not load object $privacy when loading search");
+	$RT::Logger->warning("Could not load object $privacy when loading search");
 	return (0, $self->loc("Could not load object for [_1]", $privacy));
     }
 
@@ -149,23 +150,33 @@ sub Save {
 
     $params{'SearchType'} = $type;
     my $object = $self->_GetObject($privacy);
-    if ($object) {
-	my ($att_id, $att_msg) = $object->AddAttribute(
-						       'Name' => 'SavedSearch',
-						       'Description' => $name,
-						       'Content' => \%params);
-	if ($att_id) {
-	    $self->{'Attribute'} = $object->Attributes->WithId($att_id);
-	    $self->{'Id'} = $att_id;
-	    $self->{'Privacy'} = $privacy;
-	    $self->{'Type'} = $type;
-	    return (1, $self->loc("Saved search [_1]", $name));
-	} else {
-	    $RT::Logger->error("SavedSearch save failure: $att_msg");
-	    return (0, $self->loc("Failed to create search attribute"));
-	}
-    } else {
-	return (0, $self->loc("Failed to load object for [_1]", $privacy));
+
+    return (0, $self->loc("Failed to load object for [_1]", $privacy))
+        unless $object;
+
+    if ( $object->isa('RT::System') ) {
+        return ( 0, $self->loc("No permission to save system-wide searches") )
+            unless $self->CurrentUser->HasRight(
+            Object => $RT::System,
+            Right  => 'SuperUser'
+        );
+    }
+
+    my ( $att_id, $att_msg ) = $object->AddAttribute(
+        'Name'        => 'SavedSearch',
+        'Description' => $name,
+        'Content'     => \%params
+    );
+    if ($att_id) {
+        $self->{'Attribute'} = $object->Attributes->WithId($att_id);
+        $self->{'Id'}        = $att_id;
+        $self->{'Privacy'}   = $privacy;
+        $self->{'Type'}      = $type;
+        return ( 1, $self->loc( "Saved search [_1]", $name ) );
+    }
+    else {
+        $RT::Logger->error("SavedSearch save failure: $att_msg");
+        return ( 0, $self->loc("Failed to create search attribute") );
     }
 }
 
@@ -277,6 +288,24 @@ sub Type {
 
 ### Internal methods
 
+sub _load_privacy_object {
+    my ($self, $obj_type, $obj_id) = @_;
+    if ( $obj_type eq 'RT::User' && $obj_id == $self->CurrentUser->Id)  {
+        return $self->CurrentUser->UserObj;
+    }
+    elsif ($obj_type eq 'RT::Group') {
+        my $group = RT::Group->new($self->CurrentUser);
+        $group->Load($obj_id);
+        return $group;
+    }
+    elsif ($obj_type eq 'RT::System') {
+        return RT::System->new($self->CurrentUser);
+    }
+
+    RT::Logger->error("Tried to load a search belonging to an $obj_type, which is neither a user nor a group");
+    return undef;
+}
+
 # _GetObject: helper routine to load the correct object whose parameters
 #  have been passed.
 
@@ -285,22 +314,14 @@ sub _GetObject {
     my $privacy = shift;
 
     my ($obj_type, $obj_id) = split(/\-/, $privacy);
-    unless ($obj_type eq 'RT::User' || $obj_type eq 'RT::Group') {
-	$RT::Logger->error("Tried to load a search belonging to an $obj_type, which is neither a user nor a group");
-	return undef;
-    }
 
-    my $object;
-    eval "
-         require $obj_type;
-         \$object = $obj_type->new(\$self->CurrentUser);
-         \$object->Load(\$obj_id);
-    ";
+    my $object = $self->_load_privacy_object($obj_type, $obj_id);
+
     unless (ref($object) eq $obj_type) {
 	$RT::Logger->error("Could not load object of type $obj_type with ID $obj_id");
 	return undef;
     }
-    
+
     # Do not allow the loading of a user object other than the current
     # user, or of a group object of which the current user is not a member.