X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT%2FSystem.pm;h=45622387879ea1e29fb9cff62ebf39626fbe7f65;hp=bfa5a4eb2b841a67b081bb9a208aa12f6c6139f2;hb=919e930aa9279b3c5cd12b593889cd6de79d67bf;hpb=5fc8c5edf574ab024d4646914b6432d458e2ffbd diff --git a/rt/lib/RT/System.pm b/rt/lib/RT/System.pm index bfa5a4eb2..456223878 100644 --- a/rt/lib/RT/System.pm +++ b/rt/lib/RT/System.pm @@ -1,26 +1,51 @@ -# BEGIN LICENSE BLOCK -# -# Copyright (c) 1996-2003 Jesse Vincent -# -# (Except where explictly superceded by other copyright notices) -# +# BEGIN BPS TAGGED BLOCK {{{ +# +# COPYRIGHT: +# +# This software is Copyright (c) 1996-2015 Best Practical Solutions, LLC +# +# +# (Except where explicitly superseded by other copyright notices) +# +# +# LICENSE: +# # This work is made available to you under the terms of Version 2 of # the GNU General Public License. A copy of that license should have # been provided with this software, but in any event can be snarfed # from www.gnu.org. -# +# # This work is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # General Public License for more details. -# -# Unless otherwise specified, all modifications, corrections or -# extensions to this work which alter its source code become the -# property of Best Practical Solutions, LLC when submitted for -# inclusion in the work. -# -# -# END LICENSE BLOCK +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301 or visit their web page on the internet at +# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +# +# +# CONTRIBUTION SUBMISSION POLICY: +# +# (The following paragraph is not intended to limit the rights granted +# to you to modify and distribute this software under the terms of +# the GNU General Public License and is only of importance to you if +# you choose to contribute your changes and enhancements to the +# community by submitting them to Best Practical Solutions, LLC.) +# +# By intentionally submitting any modifications, corrections or +# derivatives to this work, or any other work intended for use with +# Request Tracker, to Best Practical Solutions, LLC, you confirm that +# you are the copyright holder for those contributions and you grant +# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +# royalty-free, perpetual, license to use, copy, create derivative +# works based on those contributions, and sublicense and distribute +# those contributions and any derivatives thereof. +# +# END BPS TAGGED BLOCK }}} + =head1 NAME RT::System @@ -41,125 +66,201 @@ In the future, there will probably be other API goodness encapsulated here. package RT::System; -use base qw /RT::Base/; + use strict; +use warnings; + +use base qw/RT::Record/; use RT::ACL; -use vars qw/ $RIGHTS/; # System rights are rights granted to the whole system # XXX TODO Can't localize these outside of having an object around. -$RIGHTS = { +our $RIGHTS = { SuperUser => 'Do anything and everything', # loc_pair - AdminAllPersonalGroups => - "Create, delete and modify the members of any user's personal groups" - , # loc_pair - AdminOwnPersonalGroups => - 'Create, delete and modify the members of personal groups', # loc_pair - AdminUsers => 'Create, delete and modify users', # loc_pair + AdminUsers => 'Create, modify and delete users', # loc_pair ModifySelf => "Modify one's own RT account", # loc_pair - DelegateRights => - "Delegate specific rights which have been granted to you." # loc_pair + ShowConfigTab => "Show Configuration tab", # loc_pair + ShowApprovalsTab => "Show Approvals tab", # loc_pair + ShowGlobalTemplates => "Show global templates", # loc_pair + LoadSavedSearch => "Allow loading of saved searches", # loc_pair + CreateSavedSearch => "Allow creation of saved searches", # loc_pair + ExecuteCode => "Allow writing Perl code in templates, scrips, etc", # loc_pair +}; + +our $RIGHT_CATEGORIES = { + SuperUser => 'Admin', + AdminUsers => 'Admin', + ModifySelf => 'Staff', + ShowConfigTab => 'Admin', + ShowApprovalsTab => 'Admin', + ShowGlobalTemplates => 'Staff', + LoadSavedSearch => 'General', + CreateSavedSearch => 'General', + ExecuteCode => 'Admin', }; # Tell RT::ACE that this sort of object can get acls granted $RT::ACE::OBJECT_TYPES{'RT::System'} = 1; -foreach my $right ( keys %{$RIGHTS} ) { - $RT::ACE::LOWERCASERIGHTNAMES{ lc $right } = $right; -} - +__PACKAGE__->AddRights(%$RIGHTS); +__PACKAGE__->AddRightCategories(%$RIGHT_CATEGORIES); =head2 AvailableRights -Returns a hash of available rights for this object. The keys are the right names and the values are a description of what the rights do +Returns a hash of available rights for this object. +The keys are the right names and the values are a +description of what the rights do. -=begin testing +This method as well returns rights of other RT objects, +like L or L. To allow users to apply +those rights globally. -my $s = RT::System->new($RT::SystemUser); -my $rights = $s->AvailableRights; -ok ($rights, "Rights defined"); -ok ($rights->{'AdminUsers'},"AdminUsers right found"); -ok ($rights->{'CreateTicket'},"CreateTicket right found"); -ok ($rights->{'AdminGroupMembership'},"ModifyGroupMembers right found"); -ok (!$rights->{'CasdasdsreateTicket'},"bogus right not found"); +=cut +use RT::CustomField; +use RT::Queue; +use RT::Group; +use RT::Class; +sub AvailableRights { + my $self = shift; -=end testing + my $queue = RT::Queue->new(RT->SystemUser); + my $group = RT::Group->new(RT->SystemUser); + my $cf = RT::CustomField->new(RT->SystemUser); + my $class = RT::Class->new(RT->SystemUser); + my $qr = $queue->AvailableRights(); + my $gr = $group->AvailableRights(); + my $cr = $cf->AvailableRights(); + my $clr = $class->AvailableRights(); + + # Build a merged list of all system wide rights, queue rights and group rights. + my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}, %{$cr}, %{$clr}); + delete $rights{ExecuteCode} if RT->Config->Get('DisallowExecuteCode'); + + return(\%rights); +} + +=head2 RightCategories + +Returns a hashref where the keys are rights for this type of object and the +values are the category (General, Staff, Admin) the right falls into. =cut -sub AvailableRights { +sub RightCategories { my $self = shift; - my $queue = RT::Queue->new($RT::SystemUser); - my $group = RT::Group->new($RT::SystemUser); + my $queue = RT::Queue->new(RT->SystemUser); + my $group = RT::Group->new(RT->SystemUser); + my $cf = RT::CustomField->new(RT->SystemUser); + my $class = RT::Class->new(RT->SystemUser); - my $qr =$queue->AvailableRights(); - my $gr = $group->AvailableRights(); + my $qr = $queue->RightCategories(); + my $gr = $group->RightCategories(); + my $cr = $cf->RightCategories(); + my $clr = $class->RightCategories(); # Build a merged list of all system wide rights, queue rights and group rights. - my %rights = (%{$RIGHTS}, %{$gr}, %{$qr}); + my %rights = (%{$RIGHT_CATEGORIES}, %{$gr}, %{$qr}, %{$cr}, %{$clr}); + return(\%rights); } +=head2 AddRights C, C [, ...] -=head2 new - -Create a new RT::System object. Really, you should be using $RT::System +Adds the given rights to the list of possible rights. This method +should be called during server startup, not at runtime. =cut - -sub new { - my $proto = shift; - my $class = ref($proto) || $proto; - my $self = {}; - bless( $self, $class ); +sub AddRights { + my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__; + my %new = @_; + $RIGHTS = { %$RIGHTS, %new }; + %RT::ACE::LOWERCASERIGHTNAMES = ( %RT::ACE::LOWERCASERIGHTNAMES, + map { lc($_) => $_ } keys %new); +} +=head2 AddRightCategories C, C [, ...] - return ($self); +Adds the given right and category pairs to the list of right categories. This +method should be called during server startup, not at runtime. + +=cut + +sub AddRightCategories { + my $self = shift if ref $_[0] or $_[0] eq __PACKAGE__; + my %new = @_; + $RIGHT_CATEGORIES = { %$RIGHT_CATEGORIES, %new }; +} + +sub _Init { + my $self = shift; + $self->SUPER::_Init (@_) if @_ && $_[0]; } =head2 id Returns RT::System's id. It's 1. +=cut -=begin testing - -use RT::System; -my $sys = RT::System->new(); -is( $sys->Id, 1); -is ($sys->id, 1); +*Id = \&id; +sub id { return 1 } -=end testing +=head2 Load +Since this object is pretending to be an RT::Record, we need a load method. +It does nothing =cut -*Id = \&id; +sub Load { return 1 } +sub Name { return 'RT System' } +sub __Set { return 0 } +sub __Value { return 0 } +sub Create { return 0 } +sub Delete { return 0 } + +sub SubjectTag { + my $self = shift; + my $queue = shift; + + use Carp; + confess "SubjectTag called on $self with $queue" if $queue; + + return $queue->SubjectTag if $queue; -sub id { - return (1); + my $queues = RT::Queues->new( $self->CurrentUser ); + $queues->Limit( FIELD => 'SubjectTag', OPERATOR => 'IS NOT', VALUE => 'NULL' ); + return $queues->DistinctFieldValues('SubjectTag'); } -=head2 Load +=head2 QueueCacheNeedsUpdate ( 1 ) -Since this object is pretending to be an RT::Record, we need a load method. -It does nothing +Attribute to decide when SelectQueue needs to flush the list of queues +and retrieve new ones. Set when queues are created, enabled/disabled +and on certain acl changes. Should also better understand group management. + +If passed a true value, will update the attribute to be the current time. =cut -sub Load { - return (1); +sub QueueCacheNeedsUpdate { + my $self = shift; + my $update = shift; + + if ($update) { + return $self->SetAttribute(Name => 'QueueCacheNeedsUpdate', Content => time); + } else { + my $cache = $self->FirstAttribute('QueueCacheNeedsUpdate'); + return (defined $cache ? $cache->Content : 0 ); + } } -eval "require RT::System_Vendor"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/System_Vendor.pm}); -eval "require RT::System_Local"; -die $@ if ($@ && $@ !~ qr{^Can't locate RT/System_Local.pm}); +RT::Base->_ImportOverlays(); 1;