<& /Elements/ListActions, actions => \@results &> % if (!$PickUser) {

% foreach my $object ( @objects ) { % } % my $i; % RIGHTS: % foreach my $right (@sorted_rights) { % $i++; % $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; # RT bug workaround % my $GlobalRight = $Super ? 1 : $principal->HasRight(Right => $right, Object => $ObjectSystem, EquivObjects => $EquivObjects); % foreach my $object ( @objects ) { % if ( $RightApplies->(Right => $right, Object => $ObjectType->new($RT::SystemUser), Principal => $principal) ) { % my $has_direct = $principal->_HasDirectRight(Right => $right, Object => $object); % } % else { % } % } %# Global % if ( $RightApplies->(Right => $right, Object => $ObjectSystem, Principal => $principal) ) { % } % else { % } % }

Right

<%$ObjectString%>

Name


% $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; # RT bug workaround % if ( $Super or $session{CurrentUser}->HasRight(Right => 'Admin'.$ObjectString, Object => $object, EquivObjects => $EquivObjects) ) { <% $object->Name %> % } % else { <% $object->Name %> % }
All	Direct


% $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; # RT bug workaround % if ( $Super or $session{CurrentUser}->HasRight(Right => 'Admin'.$ObjectString, Object => $RT::System, EquivObjects => $EquivObjects) ) { Global % } % else { Global % }
All	Direct

<% $right %>

% my $url = $WhereFrom->(Principal => $principal, Object => $object, Right => $right); % $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; # RT bug workaround % if ($Edit) { % } % else { % }

<% ($GlobalRight or $has_direct or $principal->HasRight(Right => $right, Object => $object, EquivObjects => $EquivObjects)) ? 'Y' : ' ' |n %>

<% $has_direct ? 'Y' : ' ' |n %>

% my $url = $WhereFrom->(Principal => $principal, Object => $ObjectSystem, Right => $right); % my $has_direct = $principal->_HasDirectRight(Right => $right, Object => $ObjectSystem); % if ($Edit) { % } % else { % }

<% $GlobalRight ? 'Y' : ' ' |n %>

<% $has_direct ? 'Y' : ' ' |n %>

Note: click on any Y under 'All' to see exactly how that user/group/role has received that right.

%#<& /Elements/TitleBoxEnd &> %if ($ARGS{Edit}) { <& /Elements/Submit, Label => loc("Save Changes"), Caption => "For user/group being viewed", Reset => 1 &> %}

% } # end PickUser <%INIT> my @results; my $principal = $PrincipalObj; my ($ObjectString) = $ObjectType =~ /RTx?.*::(.*)/; if ( $ARGS{Principal} and $ARGS{User} ) { $m->comp("/Elements/Error", Why => loc("You can't select a user and enter one manually.")); $m->abort; } my $objects = "${ObjectType}s"->new($session{CurrentUser}); $objects->UnLimit; $objects->Limit(FIELD => 'id', OPERATOR => '>', VALUE => 0); if ($FilterField and $FilterValue) { $objects->Limit(FIELD => $FilterField, OPERATOR => $FilterOp, VALUE => $FilterValue); } my @objects = @{ $objects->ItemsArrayRef }; $m->comp('/Elements/Callback', _CallbackName => $ObjectString.'Sort', objects => \@objects); my $object = $ObjectType->new($RT::SystemUser); my $object_rights = $object->AvailableRights(); my %rights = ( %$SystemRights, %$object_rights ); my @sorted_rights = sort { defined $SystemRights->{$a} cmp defined $SystemRights->{$b} || $a cmp $b } keys %rights; my $EquivObjects = ref($ObjectSystem) eq 'RT::System' ? [] : [ $ObjectSystem ]; my $Super = $principal->HasRight(Right => 'SuperUser', Object => $RT::System, EquivObjects => $EquivObjects); # process object rights changes if ($ARGS{Save}) { foreach my $arg (keys %ARGS) { next unless $arg =~ /^object-(\d+)-magic$/; my ($oid) = ($1); my $object = $ObjectType->new($session{CurrentUser}); my ($rv, $msg); if ($oid > 0) { ($rv, $msg) = $object->Load($oid); if (! $rv) { push @results, "Could not load object $ObjectType $oid"; next; } } else { $object = $ObjectSystem; } my %remaining_rights = %rights; my @requested_rights = ref($ARGS{"object-$oid"}) ? @{$ARGS{"object-$oid"}} : $ARGS{"object-$oid"}; foreach (@requested_rights) { delete $remaining_rights{$_}; if (! $principal->_HasDirectRight(Right => $_, Object => $object) ) { ($rv, $msg) = $principal->GrantRight(Right => $_, Object => $object); if ($rv and $oid) { push @results, ("Right $_ granted for object '" . ($object->Name ? $object->Name : 'Global') . "'"); } elsif ($rv) { push @results, ("Right $_ granted for object 'Global'"); } else { } } } foreach (keys %remaining_rights) { if ($principal->_HasDirectRight(Right => $_, Object => $object) ) { ($rv, $msg) = $principal->RevokeRight(Right => $_, Object => $object); if ($rv and $oid) { push @results, ("Right $_ revoked for object '" . ($object->Name ? $object->Name : 'Global') . "'"); } elsif ($rv) { push @results, ("Right $_ revoked for object 'Global'"); } else { push @results, ("Right $_ NOT revoked for object '" . ($object->Name ? $object->Name : 'Global') . "'" . "': $msg"); } } } } } my $RightApplies = sub { my %args = @_; if (ref($args{Object}) eq ref($ObjectSystem)) { return ( $rights{$args{Right}} and $args{Principal} !~ /^(.*)-Role$/ ); } elsif (ref($args{Object}) eq $ObjectType) { return $object_rights->{$args{Right}}; } return 0; }; my $WhereFrom = sub { my %args = @_; my @callers = $m->callers(); my $user_context = ( grep { $_->dir_path() =~ /User/ } @callers ) ? 'User/' : ''; return "$RT::WebPath/Admin/Tools/RightsMatrix/${user_context}${ObjectString}RightsMatrix.html?" . "WhereFrom=1" . "&PrincipalId=" . $args{Principal}->id . "&ObjectId=" . $args{Object}->id . "&ObjectType=" . ref($args{Object}) . "&Right=" . $args{Right} ; }; <%ARGS> $User => undef $Edit => 0 $PrincipalObj $ObjectType $ObjectSystem => $RT::System $SystemRights => $RT::System::RIGHTS $FilterField => undef $FilterValue => undef $FilterOp => '=' $PickUser => 0 <%ONCE> use RTx::RightsMatrix; use RTx::RightsMatrix::RolePrincipal;