PATCH: don't link Admin/Users/Modify if the user doesn't have the required privilege

Hi,

On the Ticket page, if you click on the “More about Requestor” link, you
get to the Admin/Users/Modify.html page, but if you don’t have the
AdminUsers privilege, you only get a blank page.

This patch removes the link if the user doesn’t have that privilege.

— share/html/Ticket/Elements/ShowRequestor 2006-01-12 04:04:46.000000000 +0100
+++ share/html/Ticket/Elements/ShowRequestor 2006-04-21 16:10:13.943128000 +0200
@@ -49,6 +49,7 @@
while (my $requestor=$people->Next) {
my $name=$requestor->RealName || $requestor->EmailAddress;
my $tickets = RT::Tickets->new($session{‘CurrentUser’});
+my $has_right_adminusers = $session{‘CurrentUser’}->HasRight(Object => $RT::System, Right => ‘AdminUsers’);
$tickets->LimitWatcher(TYPE => ‘Requestor’, VALUE => $requestor->EmailAddress );
$tickets->LimitStatus( VALUE => ‘open’);
$tickets->LimitStatus( VALUE => ‘new’);
@@ -58,7 +59,7 @@
</%PERL>

% unless ($requestor->Privileged) {
-<&| /Widgets/TitleBox, title_href => “$RT::WebPath/Admin/Users/Modify.html?id=”.$requestor->id, title=> loc(“More about [_1]”, $name) &>
+<&| /Widgets/TitleBox, title_href => $has_right_adminusers ? “$RT::WebPath/Admin/Users/Modify.html?id=”.$requestor->id : undef, title=> loc(“More about [_1]”, $name) &>

%# Additional information about this user. Empty by default.
<& /Elements/Callback, _CallbackName => ‘AboutThisUser’, requestor => $requestor, %ARGS &>

Cheers
David
David Schweikert | phone: +41 44 632 7019
System manager ISG.EE | walk: ETH Zentrum, ETL F24.1
ETH Zurich, Switzerland | web: http://people.ee.ethz.ch/dws

Thanks. applied.On Fri, Apr 21, 2006 at 04:15:21PM +0200, David Schweikert wrote:

Hi,

On the Ticket page, if you click on the “More about Requestor” link, you
get to the Admin/Users/Modify.html page, but if you don’t have the
AdminUsers privilege, you only get a blank page.

This patch removes the link if the user doesn’t have that privilege.

— share/html/Ticket/Elements/ShowRequestor 2006-01-12 04:04:46.000000000 +0100
+++ share/html/Ticket/Elements/ShowRequestor 2006-04-21 16:10:13.943128000 +0200
@@ -49,6 +49,7 @@
while (my $requestor=$people->Next) {
my $name=$requestor->RealName || $requestor->EmailAddress;
my $tickets = RT::Tickets->new($session{‘CurrentUser’});
+my $has_right_adminusers = $session{‘CurrentUser’}->HasRight(Object => $RT::System, Right => ‘AdminUsers’);
$tickets->LimitWatcher(TYPE => ‘Requestor’, VALUE => $requestor->EmailAddress );
$tickets->LimitStatus( VALUE => ‘open’);
$tickets->LimitStatus( VALUE => ‘new’);
@@ -58,7 +59,7 @@
</%PERL>

% unless ($requestor->Privileged) {
-<&| /Widgets/TitleBox, title_href => “$RT::WebPath/Admin/Users/Modify.html?id=”.$requestor->id, title=> loc(“More about [_1]”, $name) &>
+<&| /Widgets/TitleBox, title_href => $has_right_adminusers ? “$RT::WebPath/Admin/Users/Modify.html?id=”.$requestor->id : undef, title=> loc(“More about [_1]”, $name) &>

%# Additional information about this user. Empty by default.
<& /Elements/Callback, _CallbackName => ‘AboutThisUser’, requestor => $requestor, %ARGS &>

Cheers
David

David Schweikert | phone: +41 44 632 7019
System manager ISG.EE | walk: ETH Zentrum, ETL F24.1
ETH Zurich, Switzerland | web: http://people.ee.ethz.ch/dws


List info: http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

Best Practical is hiring! Come hack Perl for us: http://bestpractical.com/about/jobs.html