RT::Group - RT\'s group object
use RT::Group; my $group = new RT::Group($CurrentUser);
An RT group object.
Jesse Vincent, jesse@bestpractical.com
RT
Returns a hash of available rights for this object. The keys are the right names and the values are a description of what the rights do
Returns a user-readable description of what this group is for and what it's named.
Load a group object from the database. Takes a single argument. If the argument is numerical, load by the column 'id'. Otherwise, complain and return.
Loads a system group from the database. The only argument is the group's name.
Loads a user's acl equivalence group. Takes a principal object. ACL equivalnce groups are used to simplify the acl system. Each user has one group that only he is a member of. Rights granted to the user are actually granted to that group. This greatly simplifies ACL checks. While this results in a somewhat more complex setup when creating users and granting ACLs, it _greatly_ simplifies acl checks.
Loads a personal group from the database.
Loads a Pseudo group from the database. The only argument is the group's name.
Loads a ticket group from the database.
Takes a param hash with 2 parameters:
Ticket is the TicketId we're curious about
Type is the type of Group we're trying to load:
Requestor, Cc, AdminCc, Owner
Loads a Queue group from the database.
Takes a param hash with 2 parameters:
Queue is the QueueId we're curious about
Type is the type of Group we're trying to load:
Requestor, Cc, AdminCc, Owner
Loads a System group from the database.
Takes a single param: Type
Type is the type of Group we're trying to load:
Requestor, Cc, AdminCc, Owner
Takes a paramhash with named arguments: Name, Description.
Returns a tuple of (Id, Message). If id is 0, the create failed
A helper subroutine which creates a system group
Returns a tuple of (Id, Message). If id is 0, the create failed
A helper subroutine which creates a group containing only an individual user. This gets used by the ACL system to check rights. Yes, it denormalizes the data, but that's ok, as we totally win on performance.
Returns a tuple of (Id, Message). If id is 0, the create failed
A helper subroutine which creates a personal group. Generally, personal groups are used for ACL delegation and adding to ticket roles PrincipalId defaults to the current user's principal id.
Returns a tuple of (Id, Message). If id is 0, the create failed
A helper subroutine which creates a ticket group. (What RT 2.0 called Ticket watchers) Type is one of ( "Requestor" || "Cc" || "AdminCc" || "Owner") Domain is one of (RT::Ticket-Role || RT::Queue-Role || RT::System-Role) Instance is the id of the ticket or queue in question
This routine expects to be called from {Ticket||Queue}->CreateTicketGroups _inside of a transaction_
Returns a tuple of (Id, Message). If id is 0, the create failed
Delete this object
If passed a positive value, this group will be disabled. No rights it commutes or grants will be honored. It will not appear in most group listings.
This routine finds all the cached group members that are members of this group (recursively) and disables them. =cut
# }}}
sub SetDisabled {
my $self = shift;
my $val = shift;
if ($self->Domain eq 'Personal') {
if ($self->CurrentUser->PrincipalId == $self->Instance) {
unless ( $self->CurrentUserHasRight('AdminOwnPersonalGroups')) {
return ( 0, $self->loc('Permission Denied') );
}
} else {
unless ( $self->CurrentUserHasRight('AdminAllPersonalGroups') ) {
return ( 0, $self->loc('Permission Denied') );
}
}
}
else {
unless ( $self->CurrentUserHasRight('AdminGroup') ) {
return (0, $self->loc('Permission Denied'));
}
}
$RT::Handle->BeginTransaction();
$self->PrincipalObj->SetDisabled($val);
# Find all occurrences of this member as a member of this group
# in the cache and nuke them, recursively.
# The following code will delete all Cached Group members
# where this member's group is _not_ the primary group
# (Ie if we're deleting C as a member of B, and B happens to be
# a member of A, will delete C as a member of A without touching
# C as a member of B
my $cached_submembers = RT::CachedGroupMembers->new( $self->CurrentUser );
$cached_submembers->Limit( FIELD => 'ImmediateParentId', OPERATOR => '=', VALUE => $self->Id);
#Clear the key cache. TODO someday we may want to just clear a little bit of the keycache space.
# TODO what about the groups key cache?
RT::Principal->_InvalidateACLCache();
while ( my $item = $cached_submembers->Next() ) {
my $del_err = $item->SetDisabled($val);
unless ($del_err) {
$RT::Handle->Rollback();
$RT::Logger->warning("Couldn't disable cached group submember ".$item->Id);
return (undef);
}
}
$RT::Handle->Commit();
return (1, $self->loc("Succeeded"));
}
# }}}
sub Disabled { my $self = shift; $self->PrincipalObj->Disabled(@_); }
# {{{ DeepMembersObj
Returns an RT::CachedGroupMembers object of this group's members.
Returns an RT::Users object of this group's members, including all members of subgroups
Returns an RT::CachedGroupMembers object of this group's members.
Returns an array of the email addresses of all of this group's members
Returns a comma delimited string of the email addresses of all users who are members of this group.
AddMember adds a principal to this group. It takes a single principal id. Returns a two value array. the first value is true on successful addition or 0 on failure. The second value is a textual status msg.
Takes an RT::Principal object returns a GroupMember Id if that user is a member of this group. Returns undef if the user isn't a member of the group or if the current user doesn't have permission to find out. Arguably, it should differentiate between ACL failure and non membership.
Takes an RT::Principal object and returns true if that user is a member of this group. Returns undef if the user isn't a member of the group or if the current user doesn't have permission to find out. Arguably, it should differentiate between ACL failure and non membership.
Takes the principal id of a current user or group. If the current user has apropriate rights, removes that GroupMember from this group. Returns a two value array. the first value is true on successful addition or 0 on failure. The second value is a textual status msg.
Returns true if the current user has the specified right for this group.
TODO: we don't deal with membership visibility yet
Returns the principal object for this user. returns an empty RT::Principal if there's no principal object matching this user. The response is cached. PrincipalObj should never ever change.
Returns this user's PrincipalId