X-Git-Url: http://git.freeside.biz/gitweb/?p=freeside.git;a=blobdiff_plain;f=rt%2Flib%2FRT%2FUser_Overlay.pm;h=c2fe651920105d395859f189b72757b8e6a25c30;hp=e828ebd719df626377fd0360bd51d44e831704fe;hb=c582e92888b4a5553e1b4e5214cf35217e4a0cf0;hpb=945721f48f74d5cfffef7c7cf3a3d6bc2521f5dd diff --git a/rt/lib/RT/User_Overlay.pm b/rt/lib/RT/User_Overlay.pm index e828ebd71..c2fe65192 100644 --- a/rt/lib/RT/User_Overlay.pm +++ b/rt/lib/RT/User_Overlay.pm @@ -53,6 +53,7 @@ use vars qw(%_USERS_KEY_CACHE); use Digest::MD5; use RT::Principals; use RT::ACE; +use RT::EmailParser; # {{{ sub _Accessible @@ -203,14 +204,16 @@ sub Create { @_ # get the real argumentlist ); - - $args{'EmailAddress'} = $self->CanonicalizeEmailAddress($args{'EmailAddress'}); - #Check the ACL unless ( $self->CurrentUser->HasRight(Right => 'AdminUsers', Object => $RT::System) ) { return ( 0, $self->loc('No permission to create users') ); } + $args{'EmailAddress'} = $self->CanonicalizeEmailAddress($args{'EmailAddress'}); + # if the user doesn't have a name defined, set it to the email address + $args{'Name'} = $args{'EmailAddress'} unless ($args{'Name'}); + + # Privileged is no longer a column in users my $privileged = $args{'Privileged'}; @@ -234,7 +237,9 @@ sub Create { #TODO Specify some sensible defaults. - unless ( defined( $args{'Name'} ) ) { + unless ( $args{'Name'} ) { + use Data::Dumper; + $RT::Logger->crit(Dumper \%args); return ( 0, $self->loc("Must specify 'Name' attribute") ); } @@ -259,14 +264,15 @@ sub Create { my $principal_id = $principal->Create(PrincipalType => 'User', Disabled => $args{'Disabled'}, ObjectId => '0'); - $principal->__Set(Field => 'ObjectId', Value => $principal_id); # If we couldn't create a principal Id, get the fuck out. unless ($principal_id) { $RT::Handle->Rollback(); - $RT::Logger->crit("Couldn't create a Principal on new user create. Strange things are afoot at the circle K"); + $RT::Logger->crit("Couldn't create a Principal on new user create."); + $RT::Logger->crit("Strange things are afoot at the circle K"); return ( 0, $self->loc('Could not create user') ); } + $principal->__Set(Field => 'ObjectId', Value => $principal_id); delete $args{'Disabled'}; $self->SUPER::Create(id => $principal_id , %args); @@ -274,50 +280,65 @@ sub Create { #If the create failed. unless ($id) { + $RT::Handle->Rollback(); $RT::Logger->error("Could not create a new user - " .join('-'. %args)); return ( 0, $self->loc('Could not create user') ); } - - #TODO post 2.0 - #if ($args{'SendWelcomeMessage'}) { - # #TODO: Check if the email exists and looks valid - # #TODO: Send the user a "welcome message" - #} - - - my $aclstash = RT::Group->new($self->CurrentUser); my $stash_id = $aclstash->_CreateACLEquivalenceGroup($principal); unless ($stash_id) { $RT::Handle->Rollback(); - $RT::Logger->crit("Couldn't stash the user in groumembers"); + $RT::Logger->crit("Couldn't stash the user in groupmembers"); return ( 0, $self->loc('Could not create user') ); } - $RT::Handle->Commit; - #$RT::Logger->debug("Adding the user as a member of everyone"); my $everyone = RT::Group->new($self->CurrentUser); $everyone->LoadSystemInternalGroup('Everyone'); - $everyone->AddMember($self->PrincipalId); + unless ($everyone->id) { + $RT::Logger->crit("Could not load Everyone group on user creation."); + $RT::Handle->Rollback(); + return ( 0, $self->loc('Could not create user') ); + } + + my ($everyone_id, $everyone_msg) = $everyone->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId); + unless ($everyone_id) { + $RT::Logger->crit("Could not add user to Everyone group on user creation."); + $RT::Logger->crit($everyone_msg); + $RT::Handle->Rollback(); + return ( 0, $self->loc('Could not create user') ); + } + + + my $access_class = RT::Group->new($self->CurrentUser); if ($privileged) { - my $priv = RT::Group->new($self->CurrentUser); - #$RT::Logger->debug("Making ".$self->Id." a privileged user"); - $priv->LoadSystemInternalGroup('Privileged'); - $priv->AddMember($self->PrincipalId); + $access_class->LoadSystemInternalGroup('Privileged'); } else { - my $unpriv = RT::Group->new($self->CurrentUser); - #$RT::Logger->debug("Making ".$self->Id." an unprivileged user"); - $unpriv->LoadSystemInternalGroup('Unprivileged'); - $unpriv->AddMember($self->PrincipalId); + $access_class->LoadSystemInternalGroup('Unprivileged'); + } + + unless ($access_class->id) { + $RT::Logger->crit("Could not load Privileged or Unprivileged group on user creation"); + $RT::Handle->Rollback(); + return ( 0, $self->loc('Could not create user') ); + } + + + my ($ac_id, $ac_msg) = $access_class->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId); + + unless ($ac_id) { + $RT::Logger->crit("Could not add user to Privileged or Unprivileged group on user creation. Aborted"); + $RT::Logger->crit($ac_msg); + $RT::Handle->Rollback(); + return ( 0, $self->loc('Could not create user') ); } - # $RT::Logger->debug("Finished creating the user"); + $RT::Handle->Commit; return ( $id, $self->loc('User created') ); } @@ -355,6 +376,10 @@ sub SetPrivileged { my $self = shift; my $val = shift; + #Check the ACL + unless ( $self->CurrentUser->HasRight(Right => 'AdminUsers', Object => $RT::System) ) { + return ( 0, $self->loc('Permission Denied') ); + } my $priv = RT::Group->new($self->CurrentUser); $priv->LoadSystemInternalGroup('Privileged'); @@ -376,7 +401,7 @@ sub SetPrivileged { return (0,$self->loc("That user is already privileged")); } if ($unpriv->HasMember($self->PrincipalObj)) { - $unpriv->DeleteMember($self->PrincipalId); + $unpriv->_DeleteMember($self->PrincipalId); } else { # if we had layered transactions, life would be good # sadly, we have to just go ahead, even if something @@ -384,7 +409,7 @@ sub SetPrivileged { $RT::Logger->crit("User ".$self->Id." is neither privileged nor ". "unprivileged. something is drastically wrong."); } - my ($status, $msg) = $priv->AddMember($self->PrincipalId); + my ($status, $msg) = $priv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId); if ($status) { return (1, $self->loc("That user is now privileged")); } else { @@ -397,7 +422,7 @@ sub SetPrivileged { return (0,$self->loc("That user is already unprivileged")); } if ($priv->HasMember($self->PrincipalObj)) { - $priv->DeleteMember($self->PrincipalId); + $priv->_DeleteMember( $self->PrincipalId); } else { # if we had layered transactions, life would be good # sadly, we have to just go ahead, even if something @@ -405,7 +430,7 @@ sub SetPrivileged { $RT::Logger->crit("User ".$self->Id." is neither privileged nor ". "unprivileged. something is drastically wrong."); } - my ($status, $msg) = $unpriv->AddMember($self->PrincipalId); + my ($status, $msg) = $unpriv->_AddMember( InsideTransaction => 1, PrincipalId => $self->PrincipalId); if ($status) { return (1, $self->loc("That user is now unprivileged")); } else { @@ -571,13 +596,17 @@ sub LoadOrCreateByEmail { my ($val, $message); + my ( $Address, $Name ) = + RT::EmailParser::ParseAddressFromHeader('', $email); + $email = $Address; + $self->LoadByEmail($email); $message = $self->loc('User loaded'); unless ($self->Id) { ( $val, $message ) = $self->Create( Name => $email, EmailAddress => $email, - RealName => $email, + RealName => $Name, Privileged => 0, Comments => 'Autocreated when added as a watcher'); unless ($val) { @@ -729,7 +758,7 @@ sub ResetPassword { my $template = RT::Template->new( $self->CurrentUser ); - if ( $self->IsPrivileged ) { + if ( $self->Privileged ) { $template->LoadGlobalTemplate('RT_PasswordChange_Privileged'); } else { @@ -929,7 +958,7 @@ sub GenerateRandomPassword { my $length = $min_length + int( rand( $max_length - $min_length ) ); - my $char = $self->GenerateRandomNextChar( $total_sum, $start_freq ); + my $char = $self->_GenerateRandomNextChar( $total_sum, $start_freq ); my @word = ( $char + $a ); for ( 2 .. $length ) { $char =