WhoHasRightsToWhat

From Request Tracker Wiki
Jump to navigation Jump to search

This has been replaced by the much more extensive RTx::RightsMatrix, which can be downloaded from CPAN.

If you have many queues or custom fields it can quickly become confusing as to who has rights to what. This is the first version of a Mason component that will help you make sense of it all. Please report bugs to todd at chaka.net.

Drop this in [=html/Admin/Global/ViewTicketRights.html]

% my $Title = loc("Ticket Rights for [_1]: [_2]", $principal->IsUser ? loc('User') : loc('Group'), $principal->Object->Name ? $principal->Object->Name : $principal->Object->Type);
 <& /Elements/Header, Title=>$Title &>
 <& /User/Elements/Tabs,
    current_tab => 'Admin/Global/ViewTicketRights.html',
    Title=>$Title &>
 <table border="1" cellspacing="0">
 <tr>
 <th colspan="2" >Custom Field</th>
 <th colspan="<% scalar @queues %>" >Ticket Queue</th>
 </tr>
 <tr>
 <td>Name</td>
 <td>Description</td>
 % foreach my $queue ( @queues ) {
 <td><b><% $queue->Name %></b>
 <br>(
  <% $principal->HasRight(Object => $queue, Right => 'ShowTicket')   ? 'r' : '' %>
  <% $principal->HasRight(Object => $queue, Right => 'ModifyTicket') ? 'w' : '' %>
  <% $principal->HasRight(Object => $queue, Right => 'CreateTicket') ? 'c' : '' %>
  <% $principal->HasRight(Object => $queue, Right => 'DeleteTicket') ? 'd' : '' %> )</td>
 % }
 </tr>
 
 % my $i;
 % while (my $cf = $cfs->Next) {
 % $i++;
 <tr class="<% $i%2 ? 'oddline' : 'evenline'%>" >
  <td><b><% $cf->Name %></b></td> <td><% $cf->Description %></td>
 %  foreach my $queue ( @queues ) {
 %      my $ocfs = RT::ObjectCustomFields->new($RT::SystemUser);
 %      $ocfs->Limit( FIELD => 'CustomField', VALUE => $cf->Id );
 %      $ocfs->Limit( FIELD => 'ObjectId', VALUE => 0 );
 %      $ocfs->Limit( FIELD => 'ObjectId', VALUE => $queue->Id );
 %      if ($ocfs->Count) {
         <td align="center">
           <b>
           <% $principal->HasRight(Object => $cf, Right => 'SeeCustomField')    ? 'r' : '' %>
           <% $principal->HasRight(Object => $cf, Right => 'ModifyCustomField') ? 'w' : '' %>
           <% $principal->HasRight(Object => $cf, Right => 'AdminCustomField')  ? 'a' : '' %>
           </b>
         </td>
 %      }
 %      else {
          <td align="center">-</td>
 %      }
 %  }
 </tr>
 % }
 </table>
 
 
 <h3>Key:</h3>
 For an queue the possible permissions are:
 <table border="1">
 <tr>
 <td>r</td><td>ShowTicket</td><td>Can see tickets of that queue</td>
 </tr>
 <tr>
 <td>w</td><td>ModifyTicket</td><td>Can edit/modify tickets of that queue</td>
 </tr>
 <tr>
 <td>c</td><td>CreateTicket</td><td>Can create tickets of that queue</td>
 </tr>
 <tr>
 <td>d</td><td>DeleteTicket</td><td>Can delete tickets of that queue</td>
 </tr>
 </table>
 <p>
 
 For a custom field the possible permissions are:
 <table border="1">
 <tr>
 <td>r</td><td>SeeCustomField</td><td>Can see that custom field for that queue</td>
 </tr>
 <tr>
 <td>w</td><td>ModifyCustomField</td><td>Can edit/moidfy that custom field for that queue</td>
 </tr>
 <tr>
 <td>a</td><td>AdminCustomField</td><td>Can administer that custom field for that queue</td>
 </tr>
 </table>
 <p>
 
 A dash(-) in the table means that custom field does not apply to that queue.<br>
 An empty cell in the table means that you have no permissions for that custom field and queue combination.
 
 <FORM METHOD=POST ACTION="ViewTicketRights.html" ENCTYPE="multipart/form-data">
 <INPUT TYPE=HIDDEN NAME=id VALUE="">
 
 <& /Elements/TitleBoxStart, title => loc('View rights for'),   color=> "#993333", width => "100%" &>
 Select User or Group:
 <SELECT NAME="Principal">
 <OPTION VALUE="">-
 <OPTION VALUE="<%$session{CurrentUser}->id%>"><%$session{CurrentUser}->Name%>
 <OPTION VALUE="3">Everyone
 <OPTION VALUE="4">Privileged Users
 <OPTION VALUE="5">Unprivileged Users
 %while (my $group = $groups->Next) {
 %next unless $session{CurrentUser}->HasRight(Right => 'AdminGroup', Object => $group) or $group->HasMember($session{CurrentUser}->PrincipalObj);
 <OPTION VALUE="<%$group->id%>"><%$group->Name%>
 %}
 </SELECT>
 %if ($session{CurrentUser}->HasRight(Right => 'AdminUsers', Object => $RT::System)) {
 - or -
 Enter username: <INPUT NAME="User">
 %}
 <& /Elements/TitleBoxEnd &>
 
 <& /Elements/Submit&>
 </form>
 
 <%INIT>
 my $VERSION = 0.91;
 
 my $principal;
 if ($ARGS{Principal}) {
     $principal = RT::Principal->new($session{CurrentUser});
     my ($rv, $msg) = $principal->Load($ARGS{Principal});
     if (! $rv) {
         $m->comp("/Elements/Error", Why => loc("Principal not found"));
         $m->abort;
     }
 }
 elsif ($ARGS{User}) {
     my $user = RT::User->new($session{CurrentUser});
     my ($rv, $msg) = $user->Load($ARGS{User});
     if (! $rv) {
         $m->comp("/Elements/Error", Why => loc("User [_1] not found", $ARGS{User}));
         $m->abort;
     }
     $principal = $user->PrincipalObj;
 }
 else {
     $principal = $session{CurrentUser}->PrincipalObj;
 }
 
 my $cfs = RT::CustomFields->new($session{CurrentUser});
 $cfs->LimitToLookupType('RT::Queue-RT::Ticket');
 $cfs->OrderBy(FIELD => 'Name');
 
 my $queues = RT::Queues->new($session{CurrentUser});
 $queues->UnLimit;
 my @queues;
 while (my $queue = $queues->Next) { push @queues, $queue; }
 
 my $groups = new RT::Groups($session{'CurrentUser'});
 $groups->Limit(FIELD => 'Domain', VALUE => 'UserDefined');
 
 
 </%INIT>
 <%ARGS>
 $User  => undef
 </%ARGS>