<& /Elements/ListActions, actions => \@results &> % if (! $PickUser or $Principal) {
%# % foreach my $object ( @objects ) { % } % my $i; % while (my $cf = $cfs->Next) { % $i++; %# %# All Rights %# Direct Rights % foreach my $object ( @objects ) { % my $ocfs = RT::ObjectCustomFields->new($RT::SystemUser); % $ocfs->Limit( FIELD => 'CustomField', VALUE => $cf->Id ); %# $ocfs->Limit( FIELD => 'ObjectId', VALUE => 0 ); % $ocfs->Limit( FIELD => 'ObjectId', VALUE => $object->Id ); % if ($ocfs->Count) { % } % else { % } % } %# Global applies % my $ocfs = RT::ObjectCustomFields->new($RT::SystemUser); % $ocfs->Limit( FIELD => 'CustomField', VALUE => $cf->Id ); % $ocfs->Limit( FIELD => 'ObjectId', VALUE => 0 ); % if ($ocfs->Count) { % } % else { % } % }
Custom Field <%$ObjectString%>
NameDescription All Rights Direct Rights % if ( $session{CurrentUser}->HasRight(Right => 'Admin'.$ObjectString, Object => $object, EquivObjects => $EquivObjects) ) { <% $object->Name %> % } % else { <% $object->Name %> % }
% foreach my $right (keys %$ObjectRights) { <% $Super || $principal->HasRight(Object => $object, Right => $ObjectRights->{$right}{RIGHT}, EquivObjects => $EquivObjects) ? $right : ' ' |n %> % } 		% if ( $session{CurrentUser}->HasRight(Right => 'Admin'.$ObjectString, Object => $RT::System, EquivObjects => $EquivObjects) ) { Global % } % else { Global % }
% foreach my $right (keys %$ObjectRights) { <% $Super || $principal->HasRight(Object => $ObjectSystem, Right => $ObjectRights->{$right}{RIGHT}, EquivObjects => $EquivObjects) ? $right : ' ' |n %> % }
% if ( $session{CurrentUser}->HasRight(Right => 'AdminCustomField', Object => $cf) ) { <% $cf->Name %> % } % else { <% $cf->Name %> % } <% $cf->Description %> % foreach (qw(r w a)) { % my $has_right = $Super || $GlobalRight{$cf_rights{$_}{RIGHT}} || $principal->HasRight(Object => $cf, Right => $cf_rights{$_}{RIGHT}); % $RT::Logger->debug("Principal " . $principal->Object->Name . " Object ". ref($cf) . " " . $cf->id . " Right " . $cf_rights{$_}{RIGHT} . " has right: $has_right"); % my $url = $WhereFrom->(Principal => $principal, Object => $cf, Right => $cf_rights{$_}{RIGHT}); <% $has_right ? $_ : '' %>
% } 		% if ($ARGS{Principal} !~ /Role/) { % foreach (qw(r w a)) { % my $has_right = $principal->_HasDirectRight(Object => $cf, Right => $cf_rights{$_}{RIGHT}); %# $RT::Logger->debug("principal: " . $principal->id . " current user: " . $principal->CurrentUser->Id); %# $RT::Logger->debug("$has_right direct right cf: " . $cf->id . " right: " . $cf_rights{$_}{RIGHT}); % if ( $ARGS{Edit} % and $cf->CurrentUserHasRight("AdminCustomField") % and ( ($principal->IsUser and $session{CurrentUser}->HasRight(Right => 'AdminUsers', Object => $RT::System )) % or % ($principal->IsGroup and $session{CurrentUser}->HasRight(Right => 'SeeGroup', Object => $principal)) % ) % ) % { <%$_%> value = "<%$cf_rights{$_}{RIGHT}%>" >
% } % else { <% $has_right ? $_ : '' %>
% } % } % } % else {   % } 		% if ($ARGS{EditApplies} and $object->CurrentUserHasRight('AssignCustomFields')) { % } % else { A % } % if ($ARGS{EditApplies} and $object->CurrentUserHasRight('AssignCustomFields')) { % } % else {   % } % if ($ARGS{EditApplies} and $session{CurrentUser}->HasRight(Right => 'AssignCustomFields', Object => $RT::System)) { % } % else { A % } % if ($ARGS{EditApplies} and $session{CurrentUser}->HasRight(Right => 'AssignCustomFields', Object => $RT::System)) { % } % else {   % }

Note: click on any of the bold rights keys under 'All Rights' to see exactly how that user/group/role has received that right.

%#<& /Elements/TitleBoxEnd &> %if ($ARGS{Edit} or $ARGS{EditApplies}) { <& /Elements/Submit, Label => loc("Save Changes"), Caption => "For user/group being viewed", Reset => 1 &> %}
% } # end PickUser
<& /Elements/TitleBoxStart, title => loc('View rights for'), color=> "#993333", width => "100%" &> Select User or Group: <& /Admin/Tools/RightsMatrix/Elements/SelectPrincipalForRightsMatrix, Principal => $ARGS{Principal}, IncludeRoles => 0 &> % if ($session{CurrentUser}->HasRight(Right => 'AdminUsers', Object => $RT::System)) { - or - Enter username: Edit rights: value='1' > Edit custom field assignments: value='1' > %#
value='1' > Show intersection of object and custom field rights. % } <& /Elements/TitleBoxEnd &> <& /Elements/Submit &>

Custom Field Key:

For a custom field the possible permissions are: % foreach (qw(r w a)) { % }
<%$_%><%$cf_rights{$_}{RIGHT}%><%$cf_rights{$_}{DESC}%>

An A in the table means that custom field applies for that object.

<%INIT> my @results; my ($ObjectString) = $ObjectType =~ /RTx?.*::(.*)/; if ( $ARGS{WhereFrom} ) { $m->comp("../WhereRightComesFrom.html", %ARGS); $m->abort; } if ( $ARGS{Principal} and $ARGS{User} ) { $m->comp("/Elements/Error", Why => loc("You can't select a user and enter one manually.")); $m->abort; } my $principal = $PrincipalObj; my $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; my $Super = $principal->HasRight(Right => 'SuperUser', Object => $RT::System, EquivObjects => $EquivObjects); # process custom field edits if ($ARGS{Save}) { # CF Rights CFs: foreach my $arg (keys %ARGS) { next CFs unless $arg =~ /^cf-(\d+)-magic$/; my $cfid = $1; my $cf = RT::CustomField->new($session{CurrentUser}); my ($rv, $msg) = $cf->Load($cfid); if (! $rv) { push @results, "Could not load custom field $cfid"; next CFs; } my %all_cf_rights = map { $cf_rights{$_}{RIGHT} => 1 } keys %cf_rights; my @rights = ref($ARGS{"cf-$cfid"}) ? @{$ARGS{"cf-$cfid"}} : defined $ARGS{"cf-$cfid"} ? $ARGS{"cf-$cfid"} : (); # process each right that was checked in the form RIGHTS: foreach my $right (@rights) { delete $all_cf_rights{$right}; next RIGHTS if $principal->_HasDirectRight(Right => $right, Object => $cf); ($rv, $msg) = $principal->GrantRight(Right => $right, Object => $cf); if (! $rv) { push @results, "Could not grant right '$right' to custom field '" . $cf->Name . "': $msg"; } else { push @results, "Right '$right' granted for custom field: " . $cf->Name; } } # process each right that was _not_ checked in the form REMAIN: foreach my $right (keys %all_cf_rights) { next REMAIN if ! $principal->_HasDirectRight(Right => $right, Object => $cf); ($rv, $msg) = $principal->RevokeRight(Right => $right, Object => $cf); if (! $rv) { push @results, "Could not revoke right '$right' from custom field '" . $cf->Name . "': $msg"; } else { push @results, "Right '$right' revoked for custom field: " . $cf->Name; } } } # CF Applies to CFApplies: foreach my $arg (keys %ARGS) { next CFApplies unless $arg =~ /^cf-(\d+)-object-(\d+)-magic$/; my ($cfid, $oid) = ($1, $2); my $cf = RT::CustomField->new($session{CurrentUser}); my ($rv, $msg) = $cf->Load($cfid); if (! $rv) { push @results, "Could not load custom field $cfid"; next CFAppliess; } my $object = $ObjectType->new($session{CurrentUser}); if ($oid > 0) { ($rv, $msg) = $object->Load($oid); if (! $rv) { push @results, "Could not load object $ObjectType $oid"; next CFAppliess; } } my $applies = $ARGS{"cf-$cfid-object-$oid"}; if ($applies) { if (! $_AppliesToObject->(CustomField => $cf, Object => $object) ) { ($rv, $msg) = $cf->AddToObject($object); if ($rv) { push @results, ("Custom Field '" . $cf->Name . "' applied to $ObjectString '" . ($object->Name ? $object->Name : 'Global') . "'"); } else { push @results, ("Custom Field '" . $cf->Name . "' NOT applied to $ObjectString '" . ($object->Name ? $object->Name : 'Global') . "': $msg"); } } } else { if ($_AppliesToObject->(CustomField => $cf, Object => $object) ) { ($rv, $msg) = $cf->RemoveFromObject($object); if ($rv) { push @results, ("Custom Field '" . $cf->Name . "' removed from $ObjectString '" . ($object->Name ? $object->Name : 'Global') . "'"); } else { push @results, ("Custom Field '" . $cf->Name . "' NOT removed from $ObjectString '" . ($object->Name ? $object->Name : 'Global') . "': $msg"); } } } } } my %GlobalRight; foreach my $right (keys %cf_rights) { $GlobalRight{$cf_rights{$right}{RIGHT}} = $principal->HasRight(Right => $cf_rights{$right}{RIGHT}, Object => $RT::System); } my $object = $ObjectType->new($RT::System); my $cfs = RT::CustomFields->new($session{CurrentUser}); $cfs->LimitToLookupType($LookupType); $cfs->OrderBy(FIELD => 'Name'); my $objects = "${ObjectType}s"->new($session{CurrentUser}); $objects->UnLimit; my @objects = @{ $objects->ItemsArrayRef }; $m->comp('/Elements/Callback', _CallbackName => $ObjectString.'Sort', objects => \@objects); my $WhereFrom = sub { my %args = @_; my @callers = $m->callers(); my $user_context = ( grep { $_->dir_path() =~ /User/ } @callers ) ? 'User/' : ''; return "?" . "WhereFrom=1" . "&PrincipalId=" . $args{Principal}->id . "&ObjectId=" . $args{Object}->id . "&ObjectType=" . ref($args{Object}) . "&Right=" . $args{Right} ; }; <%ARGS> $User => undef $Edit => 0 $Principal => 0 $PrincipalObj $Intersect => 0 $ObjectType $LookupType $ObjectRights $ObjectSystem => $RT::System $PickUser => 0 <%ONCE> use RTx::RightsMatrix; use RTx::RightsMatrix::RolePrincipal; my $_AppliesToObject = sub { my %args = @_; my $ocfs = RT::ObjectCustomFields->new($session{CurrentUser}); $ocfs->LimitToCustomField($args{CustomField}->id); $ocfs->LimitToObjectId($args{Object}->id); return $ocfs->Count; }; my %cf_rights = ( 'r' => { RIGHT => 'SeeCustomField', DESC =>'Can see that custom field' }, 'w' => { RIGHT => 'ModifyCustomField', DESC =>'Can edit/moidfy that custom field' }, 'a' => { RIGHT => 'AdminCustomField', DESC =>'Can administer that custom field' }, 'm' => { RIGHT => 'ModifyACL', DESC =>'Can modify the access control list for that custom field' }, );