X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT%2FSystem.pm;h=45622387879ea1e29fb9cff62ebf39626fbe7f65;hp=515e3a469c24a5c5bdb1e3b76ef7a13d8612b0fd;hb=919e930aa9279b3c5cd12b593889cd6de79d67bf;hpb=673b9a458d9138523026963df6fa3b4683e09bae diff --git a/rt/lib/RT/System.pm b/rt/lib/RT/System.pm index 515e3a469..456223878 100644 --- a/rt/lib/RT/System.pm +++ b/rt/lib/RT/System.pm @@ -1,38 +1,40 @@ # BEGIN BPS TAGGED BLOCK {{{ -# +# # COPYRIGHT: -# -# This software is Copyright (c) 1996-2005 Best Practical Solutions, LLC -# -# +# +# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +# +# # (Except where explicitly superseded by other copyright notices) -# -# +# +# # LICENSE: -# +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# +# # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -# +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# # CONTRIBUTION SUBMISSION POLICY: -# +# # (The following paragraph is not intended to limit the rights granted # to you to modify and distribute this software under the terms of # the GNU General Public License and is only of importance to you if # you choose to contribute your changes and enhancements to the # community by submitting them to Best Practical Solutions, LLC.) -# +# # By intentionally submitting any modifications, corrections or # derivatives to this work, or any other work intended for use with # Request Tracker, to Best Practical Solutions, LLC, you confirm that @@ -41,7 +43,7 @@ # royalty-free, perpetual, license to use, copy, create derivative # works based on those contributions, and sublicense and distribute # those contributions and any derivatives thereof. -# +# # END BPS TAGGED BLOCK }}} =head1 NAME @@ -64,130 +66,201 @@ In the future, there will probably be other API goodness encapsulated here. package RT::System; -use base qw /RT::Base/; + use strict; +use warnings; + +use base qw/RT::Record/; use RT::ACL; -use vars qw/ $RIGHTS/; # System rights are rights granted to the whole system # XXX TODO Can't localize these outside of having an object around. -$RIGHTS = { +our $RIGHTS = { SuperUser => 'Do anything and everything', # loc_pair - AdminAllPersonalGroups => - "Create, delete and modify the members of any user's personal groups" - , # loc_pair - AdminOwnPersonalGroups => - 'Create, delete and modify the members of personal groups', # loc_pair - AdminUsers => 'Create, delete and modify users', # loc_pair + AdminUsers => 'Create, modify and delete users', # loc_pair ModifySelf => "Modify one's own RT account", # loc_pair - DelegateRights => - "Delegate specific rights which have been granted to you.", # loc_pair - ShowConfigTab => "show Configuration tab", # loc_pair - LoadSavedSearch => "allow loading of saved searches", # loc_pair - CreateSavedSearch => "allow creation of saved searches", # loc_pair + ShowConfigTab => "Show Configuration tab", # loc_pair + ShowApprovalsTab => "Show Approvals tab", # loc_pair + ShowGlobalTemplates => "Show global templates", # loc_pair + LoadSavedSearch => "Allow loading of saved searches", # loc_pair + CreateSavedSearch => "Allow creation of saved searches", # loc_pair + ExecuteCode => "Allow writing Perl code in templates, scrips, etc", # loc_pair +}; + +our $RIGHT_CATEGORIES = { + SuperUser => 'Admin', + AdminUsers => 'Admin', + ModifySelf => 'Staff', + ShowConfigTab => 'Admin', + ShowApprovalsTab => 'Admin', + ShowGlobalTemplates => 'Staff', + LoadSavedSearch => 'General', + CreateSavedSearch => 'General', + ExecuteCode => 'Admin', }; # Tell RT::ACE that this sort of object can get acls granted $RT::ACE::OBJECT_TYPES{'RT::System'} = 1; -foreach my $right ( keys %{$RIGHTS} ) { - $RT::ACE::LOWERCASERIGHTNAMES{ lc $right } = $right; -} - +__PACKAGE__->AddRights(%$RIGHTS); +__PACKAGE__->AddRightCategories(%$RIGHT_CATEGORIES); =head2 AvailableRights -Returns a hash of available rights for this object. The keys are the right names and the values are a description of what the rights do +Returns a hash of available rights for this object. +The keys are the right names and the values are a +description of what the rights do. -=begin testing +This method as well returns rights of other RT objects, +like L or L. To allow users to apply +those rights globally. -my $s = RT::System->new($RT::SystemUser); -my $rights = $s->AvailableRights; -ok ($rights, "Rights defined"); -ok ($rights->{'AdminUsers'},"AdminUsers right found"); -ok ($rights->{'CreateTicket'},"CreateTicket right found"); -ok ($rights->{'AdminGroupMembership'},"ModifyGroupMembers right found"); -ok (!$rights->{'CasdasdsreateTicket'},"bogus right not found"); +=cut +use RT::CustomField; +use RT::Queue; +use RT::Group; +use RT::Class; +sub AvailableRights { + my $self = shift; -=end testing + my $queue = RT::Queue->new(RT->SystemUser); + my $group = RT::Group->new(RT->SystemUser); + my $cf = RT::CustomField->new(RT->SystemUser); + my $class = RT::Class->new(RT->SystemUser); + my $qr = $queue->AvailableRights(); + my $gr = $group->AvailableRights(); + my $cr = $cf->AvailableRights(); + my $clr = $class->AvailableRights(); + + # Build a merged list of all system wide rights, queue rights and group rights. + my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}, %{$clr}); + delete $rights{ExecuteCode} if RT->Config->Get('DisallowExecuteCode'); + + return(\%rights); +} + +=head2 RightCategories + +Returns a hashref where the keys are rights for this type of object and the +values are the category (General, Staff, Admin) the right falls into. =cut -sub AvailableRights { +sub RightCategories { my $self = shift; - my $queue = RT::Queue->new($RT::SystemUser); - my $group = RT::Group->new($RT::SystemUser); - my $cf = RT::CustomField->new($RT::SystemUser); + my $queue = RT::Queue->new(RT->SystemUser); + my $group = RT::Group->new(RT->SystemUser); + my $cf = RT::CustomField->new(RT->SystemUser); + my $class = RT::Class->new(RT->SystemUser); - my $qr =$queue->AvailableRights(); - my $gr = $group->AvailableRights(); - my $cr = $cf->AvailableRights(); + my $qr = $queue->RightCategories(); + my $gr = $group->RightCategories(); + my $cr = $cf->RightCategories(); + my $clr = $class->RightCategories(); # Build a merged list of all system wide rights, queue rights and group rights. - my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}); + my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr}, %{$clr}); + return(\%rights); } +=head2 AddRights C, C [, ...] -=head2 new - -Create a new RT::System object. Really, you should be using $RT::System +Adds the given rights to the list of possible rights. This method +should be called during server startup, not at runtime. =cut - -sub new { - my $proto = shift; - my $class = ref($proto) || $proto; - my $self = {}; - bless( $self, $class ); +sub AddRights { + my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__; + my %new = @_; + $RIGHTS = { %$RIGHTS, %new }; + %RT::ACE::LOWERCASERIGHTNAMES = ( %RT::ACE::LOWERCASERIGHTNAMES, + map { lc($_) => $_ } keys %new); +} + +=head2 AddRightCategories C, C [, ...] + +Adds the given right and category pairs to the list of right categories. This +method should be called during server startup, not at runtime. +=cut + +sub AddRightCategories { + my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__; + my %new = @_; + $RIGHT_CATEGORIES = { %$RIGHT_CATEGORIES, %new }; +} - return ($self); +sub _Init { + my $self = shift; + $self->SUPER::_Init (@_) if @_ && $_[0]; } =head2 id Returns RT::System's id. It's 1. +=cut -=begin testing - -use RT::System; -my $sys = RT::System->new(); -is( $sys->Id, 1); -is ($sys->id, 1); +*Id = \&id; +sub id { return 1 } -=end testing +=head2 Load +Since this object is pretending to be an RT::Record, we need a load method. +It does nothing =cut -*Id = \&id; +sub Load { return 1 } +sub Name { return 'RT System' } +sub __Set { return 0 } +sub __Value { return 0 } +sub Create { return 0 } +sub Delete { return 0 } + +sub SubjectTag { + my $self = shift; + my $queue = shift; + + use Carp; + confess "SubjectTag called on $self with $queue" if $queue; + + return $queue->SubjectTag if $queue; -sub id { - return (1); + my $queues = RT::Queues->new( $self->CurrentUser ); + $queues->Limit( FIELD => 'SubjectTag', OPERATOR => 'IS NOT', VALUE => 'NULL' ); + return $queues->DistinctFieldValues('SubjectTag'); } -=head2 Load +=head2 QueueCacheNeedsUpdate ( 1 ) -Since this object is pretending to be an RT::Record, we need a load method. -It does nothing +Attribute to decide when SelectQueue needs to flush the list of queues +and retrieve new ones. Set when queues are created, enabled/disabled +and on certain acl changes. Should also better understand group management. + +If passed a true value, will update the attribute to be the current time. =cut -sub Load { - return (1); +sub QueueCacheNeedsUpdate { + my $self = shift; + my $update = shift; + + if ($update) { + return $self->SetAttribute(Name => 'QueueCacheNeedsUpdate', Content => time); + } else { + my $cache = $self->FirstAttribute('QueueCacheNeedsUpdate'); + return (defined $cache ? $cache->Content : 0 ); + } } -eval "require RT::System_Vendor"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/System_Vendor.pm}); -eval "require RT::System_Local"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/System_Local.pm}); +RT::Base->_ImportOverlays(); 1;