Adding non-priviledged users to groups

RT Developers
1

Here’s a first stab at providing the interface to allow non-privileged users
to be added to groups.

I’m not sure how efficient it is, as it calls Privileged() on each user in
turn in turn when building the list, and Privileged appears to result in a
call on the database each time. I couldn’t see how to get DBIx::SeachBuilder
to return the info all at once.

Also, there is cut&paste in the HTML looping, but I for just two categories
I think that it’s preferable to a more general code, as that would be at
least as long, and feels like over-engineering.

Nicholas Clark

— html/Admin/Elements/SelectNewGroupMembers~ Mon Jun 19 22:44:04 2006
+++ html/Admin/Elements/SelectNewGroupMembers Wed May 16 14:09:10 2007
@@ -46,8 +46,12 @@
% if ($Show ne ‘Groups’) {
<&|/l&>Users</&>

-%while (my $user = $users->Next) {
-%next if $SkipUsers->{$user->id};
+
+%foreach my $user (@priv) {
+<%$user->Name%>
+%}
+
+%foreach my $user (@unpriv) {

<%$user->Name%> %} @@ -78,7 +82,19 @@ OPERATOR => '!=', ENTRYAGGREGATOR => 'AND' ); -$users->LimitToPrivileged(); +my (@priv, @unpriv); +{ + while (my $user = $users->Next) { + next if $SkipUsers->{$user->id}; + if ($user->Privileged) { + push @priv, $user; + } else { + push @unpriv, $user; + } + } +}

my $groups = new RT::Groups($session{‘CurrentUser’});

2

Here’s a first stab at providing the interface to allow non-
privileged users
to be added to groups.

I’m not sure how efficient it is, as it calls Privileged() on each
user in
turn in turn when building the list, and Privileged appears to
result in a
call on the database each time. I couldn’t see how to get
DBIx::SeachBuilder
to return the info all at once.

I’d probably do two different user objects. One of which is -

LimitToPrivileged, the other of which is LimitToUnprivileged.

-j

PGP.sig (186 Bytes)

3

Here’s a first stab at providing the interface to allow non-
privileged users
to be added to groups.

I’m not sure how efficient it is, as it calls Privileged() on each
user in
turn in turn when building the list, and Privileged appears to
result in a
call on the database each time. I couldn’t see how to get
DBIx::SeachBuilder
to return the info all at once.

I’d probably do two different user objects. One of which is -

LimitToPrivileged, the other of which is LimitToUnprivileged.

Sort of like this?
Which is somewhat cut&paste in RT::Users_Overlay

Nicholas Clark

— html/Admin/Elements/SelectNewGroupMembers~ Mon Jun 19 22:44:04 2006
+++ html/Admin/Elements/SelectNewGroupMembers Wed May 16 16:36:14 2007
@@ -46,7 +46,13 @@
% if ($Show ne ‘Groups’) {
<&|/l&>Users</&>

-%while (my $user = $users->Next) {
+
+%while (my $user = $p_users->Next) {
+%next if $SkipUsers->{$user->id};
+<%$user->Name%>
+%}
+
+%while (my $user = $u_users->Next) {
%next if $SkipUsers->{$user->id};

<%$user->Name%> %} @@ -64,21 +70,30 @@ % }

<%INIT>
-my $users = new RT::Users($session{‘CurrentUser’});
+sub visible_users {

  • my $users = new RT::Users($session{‘CurrentUser’});

-$users->Limit(

  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::SystemUser->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->Limit(
  • );
  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::Nobody->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->LimitToPrivileged();
  • );
  • return $users;
    +}
    +my $p_users = visible_users();
    +$p_users->LimitToPrivileged();
    +my $u_users = visible_users();
    +$u_users->LimitToUnprivileged();

my $groups = new RT::Groups($session{‘CurrentUser’});

— lib/RT/Users_Overlay.pm~ Tue Sep 26 15:06:31 2006
+++ lib/RT/Users_Overlay.pm Wed May 16 16:38:58 2007
@@ -226,6 +226,27 @@

}}}

+# {{{ LimitToUnprivileged
+=head2 LimitToUnprivileged
+Limits to users who can not be made members of ACLs and groups
+=cut
+sub LimitToUnprivileged {

  • my $self = shift;
  • my $priv = RT::Group->new( $self->CurrentUser );
  • $priv->LoadSystemInternalGroup(‘Unprivileged’);
  • unless ( $priv->Id ) {
  •    $RT::Logger->crit("Couldn't find a unprivileged users group");
  • }
  • $self->MemberOfGroup( $priv->PrincipalId );
    +}
    +# }}}

{{{ WhoHaveRight

=head2 WhoHaveRight { Right => ‘name’, Object => $rt_object , IncludeSuperusers => undef, IncludeSubgroupMembers => undef, IncludeSystemRights => undef, EquivObjects => }

4

Here’s a first stab at providing the interface to allow non-
privileged users
to be added to groups.

I’m not sure how efficient it is, as it calls Privileged() on each
user in
turn in turn when building the list, and Privileged appears to
result in a
call on the database each time. I couldn’t see how to get
DBIx::SeachBuilder
to return the info all at once.

I’d probably do two different user objects. One of which is -

LimitToPrivileged, the other of which is LimitToUnprivileged.

Sort of like this?

Getting there. A nuance of mason: It’s one namespace for all mason
pages. So sub definitions are…not what you want. An anon sub is
better.

I’d also put the label on the optgroup inside <%loc(“”)%> so that it
gets localized.

-j

PGP.sig (186 Bytes)

5

Getting there. A nuance of mason: It’s one namespace for all mason
pages. So sub definitions are…not what you want. An anon sub is
better.

Ah. I did it with a foreach instead. It seemed less clunky that creating then
calling an anonymous sub.

I’d also put the label on the optgroup inside <%loc(“”)%> so that it
gets localized.

Is that the same as <&|/l&> ?

If so, the appended should do it.

Nicholas Clark

— html/Admin/Elements/SelectNewGroupMembers~ Mon Jun 19 22:44:04 2006
+++ html/Admin/Elements/SelectNewGroupMembers Thu May 17 08:47:18 2007
@@ -46,7 +46,13 @@
% if ($Show ne ‘Groups’) {
<&|/l&>Users</&>

-%while (my $user = $users->Next) {
+
+%while (my $user = $p_users->Next) {
+%next if $SkipUsers->{$user->id};
+<%$user->Name%>
+%}
+
+%while (my $user = $u_users->Next) {
%next if $SkipUsers->{$user->id};

<%$user->Name%> %} @@ -64,21 +70,30 @@ % }

<%INIT>
-my $users = new RT::Users($session{‘CurrentUser’});

-$users->Limit(
+# It’s one namespace for all mason pages, so the “logical” way of doing this,
+# a subroutine definition, is not the best way. Hence the foreach to initialize
+my ($p_users, $u_users);
+foreach my $users ($p_users, $u_users) {

  • $users = new RT::Users($session{‘CurrentUser’});
  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::SystemUser->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->Limit(
  • );
  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::Nobody->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->LimitToPrivileged();
  • );
    +}
    +$p_users->LimitToPrivileged();
    +$u_users->LimitToUnprivileged();

my $groups = new RT::Groups($session{‘CurrentUser’});

— lib/RT/Users_Overlay.pm~ Tue Sep 26 15:06:31 2006
+++ lib/RT/Users_Overlay.pm Thu May 17 08:54:06 2007
@@ -226,6 +226,27 @@

}}}

+# {{{ LimitToUnprivileged
+=head2 LimitToUnprivileged
+Limits to users who can not be made members of ACLs and groups
+=cut
+sub LimitToUnprivileged {

  • my $self = shift;
  • my $priv = RT::Group->new( $self->CurrentUser );
  • $priv->LoadSystemInternalGroup(‘Unprivileged’);
  • unless ( $priv->Id ) {
  •    $RT::Logger->crit("Couldn't find a unprivileged users group");
  • }
  • $self->MemberOfGroup( $priv->PrincipalId );
    +}
    +# }}}

{{{ WhoHaveRight

=head2 WhoHaveRight { Right => ‘name’, Object => $rt_object , IncludeSuperusers => undef, IncludeSubgroupMembers => undef, IncludeSystemRights => undef, EquivObjects => }

6

Getting there. A nuance of mason: It’s one namespace for all mason
pages. So sub definitions are…not what you want. An anon sub is
better.

Ah. I did it with a foreach instead. It seemed less clunky that
creating then
calling an anonymous sub.

Sure.

I’d also put the label on the optgroup inside <%loc(“”)%> so that it
gets localized.

Is that the same as <&|/l&> ?

It is.

PGP.sig (186 Bytes)

7

I think I’m happy with this for 3.7.

Ruz/anybody else: feelings?
-jOn May 17, 2007, at 4:58 AM, Nicholas Clark wrote:

On Wed, May 16, 2007 at 01:01:48PM -0400, Jesse Vincent wrote:

Getting there. A nuance of mason: It’s one namespace for all mason
pages. So sub definitions are…not what you want. An anon sub is
better.

Ah. I did it with a foreach instead. It seemed less clunky that
creating then
calling an anonymous sub.

I’d also put the label on the optgroup inside <%loc(“”)%> so that it
gets localized.

Is that the same as <&|/l&> ?

If so, the appended should do it.

Nicholas Clark

— html/Admin/Elements/SelectNewGroupMembers~ Mon Jun 19 22:44:04
2006
+++ html/Admin/Elements/SelectNewGroupMembers Thu May 17 08:47:18 2007
@@ -46,7 +46,13 @@
% if ($Show ne ‘Groups’) {
<&|/l&>Users</&>

-%while (my $user = $users->Next) {
+
+%while (my $user = $p_users->Next) {
+%next if $SkipUsers->{$user->id};
+<%$user->Name%>
+%}
+
+%while (my $user = $u_users->Next) {
%next if $SkipUsers->{$user->id};

<%$user->Name%> %} @@ -64,21 +70,30 @@ % }

<%INIT>
-my $users = new RT::Users($session{‘CurrentUser’});

-$users->Limit(
+# It’s one namespace for all mason pages, so the “logical” way of
doing this,
+# a subroutine definition, is not the best way. Hence the foreach
to initialize
+
+my ($p_users, $u_users);
+foreach my $users ($p_users, $u_users) {

  • $users = new RT::Users($session{‘CurrentUser’});
  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::SystemUser->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->Limit(
  • );
  • $users->Limit(
    FIELD => ‘id’,
    VALUE => $RT::Nobody->id,
    OPERATOR => ‘!=’,
    ENTRYAGGREGATOR => ‘AND’
    -);
    -$users->LimitToPrivileged();
  • );
    +}

+$p_users->LimitToPrivileged();
+$u_users->LimitToUnprivileged();

my $groups = new RT::Groups($session{‘CurrentUser’});

— lib/RT/Users_Overlay.pm~ Tue Sep 26 15:06:31 2006
+++ lib/RT/Users_Overlay.pm Thu May 17 08:54:06 2007
@@ -226,6 +226,27 @@

}}}

+# {{{ LimitToUnprivileged
+
+=head2 LimitToUnprivileged
+
+Limits to users who can not be made members of ACLs and groups
+
+=cut
+
+sub LimitToUnprivileged {

  • my $self = shift;
  • my $priv = RT::Group->new( $self->CurrentUser );
  • $priv->LoadSystemInternalGroup(‘Unprivileged’);
  • unless ( $priv->Id ) {
  •    $RT::Logger->crit("Couldn't find a unprivileged users

group");

  • }
  • $self->MemberOfGroup( $priv->PrincipalId );
    +}

+# }}}
+

{{{ WhoHaveRight

=head2 WhoHaveRight { Right => ‘name’, Object => $rt_object ,
IncludeSuperusers => undef, IncludeSubgroupMembers => undef,
IncludeSystemRights => undef, EquivObjects => }

PGP.sig (186 Bytes)