andre/scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init III

Browse Source
This commit is contained in:
Andre Geißler
2024-10-14 00:08:40 +02:00
parent dbfba56f66
commit 1462d52e13
4572 changed files with 2658864 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/CABCheck.pm Normal file
View File

@@ -0,0 +1,112 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::CABCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::System::ITSMChange',
'Kernel::System::ITSMChange::ITSMWorkOrder',
'Kernel::System::Log',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::CABCheck - CAB based permission check
=head1 PUBLIC INTERFACE
=head2 new()
Create an object.
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::CABCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. Access is allowed when type is C<ro> and the agent is a member
of the CAB of the change of the C<workorder>.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444,
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# only 'ro' access might be granted by this module
return if $Param{Type} ne 'ro';
# there already is a workorder
my $WorkOrder = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder')->WorkOrderGet(
UserID => $Param{UserID},
WorkOrderID => $Param{WorkOrderID},
);
# deny access, when no workorder was found
return if !$WorkOrder || !%{$WorkOrder} || !$WorkOrder->{ChangeID};
# get the CAB of the change
my $CAB = $Kernel::OM->Get('Kernel::System::ITSMChange')->ChangeCABGet(
UserID => $Param{UserID},
ChangeID => $WorkOrder->{ChangeID},
);
# look for a CAB member with the relevant UserID
my ($FoundCABMember) = grep { $_ == $Param{UserID} } @{ $CAB->{CABAgents} };
# allow access the the agent is a CAB member
return 1 if $FoundCABMember;
# deny access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;

129
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/ChangeBuilderCheck.pm Normal file
View File

@@ -0,0 +1,129 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeBuilderCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::System::Group',
'Kernel::System::ITSMChange',
'Kernel::System::ITSMChange::ITSMWorkOrder',
'Kernel::System::Log',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeBuilderCheck - change builder based permission check
=head1 PUBLIC INTERFACE
=head2 new()
Create an object.
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeBuilderCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. C<ro> and C<rw> access is granted
when the agent has the C<priv> in the 'itsm-change-builder' group and
when the agent is the change builder of the change.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444,
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# the check is based upon the change builder
my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
Group => 'itsm-change-builder',
);
# do not grant access, when the group is not found
return if !$GroupID;
# get user groups, where the user has the appropriate privilege
my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
UserID => $Param{UserID},
Type => $Param{Type},
Result => 'HASH',
);
# do not grant access if the agent doesn't have the appropriate type in the appropriate group
return if !$Groups{$GroupID};
# there already is a workorder. e.g. AgentITSMWorkOrderEdit
my $WorkOrder = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder')->WorkOrderGet(
UserID => $Param{UserID},
WorkOrderID => $Param{WorkOrderID},
);
# do not grant access, when no workorder was found
return if !$WorkOrder || !%{$WorkOrder} || !$WorkOrder->{ChangeID};
# for checking the change builder, we need information on the change
my $Change = $Kernel::OM->Get('Kernel::System::ITSMChange')->ChangeGet(
UserID => $Param{UserID},
ChangeID => $WorkOrder->{ChangeID},
);
# do not grant access, when no change was found
return if !$Change || !%{$Change} || !$Change->{ChangeBuilderID};
# allow access, when the agent is the change builder of the change
return 1 if $Change->{ChangeBuilderID} == $Param{UserID};
# do not grant access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;

107
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/ChangeManagerCheck.pm Normal file
View File

@@ -0,0 +1,107 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeManagerCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::System::Group',
'Kernel::System::Log',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeManagerCheck - change manager based permission check
=head1 PUBLIC INTERFACE
=head2 new()
Create an object.
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ChangeManagerCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. C<ro> and C<rw> access is granted
when the agent has the C<priv> in the 'itsm-change-manager' group.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444,
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# the check is based upon the change manager
my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
Group => 'itsm-change-manager',
);
# deny access, when the group is not found
return if !$GroupID;
# get user groups, where the user has the appropriate privilege
my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
UserID => $Param{UserID},
Type => $Param{Type},
Result => 'HASH',
);
# allow ro and rw access if the agent is a change manager
return 1 if $Groups{$GroupID};
# no need to check if the agent is the actual manager of the change of the workorder
# deny access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;

124
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/EmptyAgentCheck.pm Normal file
View File

@@ -0,0 +1,124 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::EmptyAgentCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::System::Group',
'Kernel::System::ITSMChange::ITSMWorkOrder',
'Kernel::System::Log',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::EmptyAgentCheck - grant permission when agent is empty
=head1 PUBLIC INTERFACE
=head2 new()
Create an object.
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::EmptyAgentCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. C<ro> access is granted when the agent is a C<ro> member
of the 'itsm-change' group. C<rw> access is granted when the C<workorder> has no agent.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444,
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# the check is based upon the workorder agent
my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
Group => 'itsm-change',
);
# deny access, when the group is not found
return if !$GroupID;
# get user groups, where the user has the appropriate privilege
my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
UserID => $Param{UserID},
Type => $Param{Type},
Result => 'HASH',
);
# deny access if the agent doesn't have the appropriate type in the appropriate group
return if !$Groups{$GroupID};
# workorder agents are granted ro access
return 1 if $Param{Type} eq 'ro';
# there already is a workorder. e.g. AgentITSMWorkOrderEdit
my $WorkOrder = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder')->WorkOrderGet(
UserID => $Param{UserID},
WorkOrderID => $Param{WorkOrderID},
);
# deny access, when no workorder was found
return if !$WorkOrder || !%{$WorkOrder};
# allow access, when there is no workorder agent
return 1 if !$WorkOrder->{WorkOrderAgentID};
# deny access, when workorder agent is empty
return if !$WorkOrder->{WorkOrderAgentID};
# deny rw access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;

136
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/ListAgentCheck.pm Normal file
View File

@@ -0,0 +1,136 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ListAgentCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::Config',
'Kernel::System::Group',
'Kernel::System::ITSMChange::ITSMWorkOrder',
'Kernel::System::Log',
'Kernel::System::User',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ListAgentCheck - grant permission when the agent is in a list
=head1 PUBLIC INTERFACE
=head2 new()
create an object
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::ListAgentCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. C<ro> access is granted when the agent is a C<ro> member
of the 'itsm-change' group. C<rw> access is granted when the current C<workorder> agent
is contained in the configured list.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444,
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# the check is based upon the workorder agent
my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
Group => 'itsm-change',
);
# deny access, when the group is not found
return if !$GroupID;
# get user groups, where the user has the appropriate privilege
my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
UserID => $Param{UserID},
Type => $Param{Type},
Result => 'HASH',
);
# deny access if the agent doesn't have the appropriate type in the appropriate group
return if !$Groups{$GroupID};
# workorder agents are granted ro access
return 1 if $Param{Type} eq 'ro';
# there already is a workorder. e.g. AgentITSMWorkOrderEdit
my $WorkOrder = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder')->WorkOrderGet(
UserID => $Param{UserID},
WorkOrderID => $Param{WorkOrderID},
);
# deny access, when no workorder was found
return if !$WorkOrder || !%{$WorkOrder};
# deny access, when workorder agent is empty
return if !$WorkOrder->{WorkOrderAgentID};
my $WorkOrderAgent = $Kernel::OM->Get('Kernel::System::User')->UserLookup(
UserID => $WorkOrder->{WorkOrderAgentID},
);
# deny access, when the name can not be looked up
return if !$WorkOrderAgent;
# take list of special agents from the sysconfig
my $AgentList = $Kernel::OM->Get('Kernel::Config')->Get('ITSMWorkOrder::TakePermission::List');
# allow access, when the workorder agent is in the list
return 1 if $AgentList->{$WorkOrderAgent};
# deny rw access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;

122
Perl OTRS/Kernel/System/ITSMChange/ITSMWorkOrder/Permission/WorkOrderAgentCheck.pm Normal file
View File

@@ -0,0 +1,122 @@
# --
# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (GPL). If you
# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
# --
package Kernel::System::ITSMChange::ITSMWorkOrder::Permission::WorkOrderAgentCheck;
use strict;
use warnings;
our @ObjectDependencies = (
'Kernel::System::Group',
'Kernel::System::ITSMChange::ITSMWorkOrder',
'Kernel::System::Log',
);
=head1 NAME
Kernel::System::ITSMChange::ITSMWorkOrder::Permission::WorkOrderAgentCheck - workorder agent based permission check
=head1 PUBLIC INTERFACE
=head2 new()
Create an object.
use Kernel::System::ObjectManager;
local $Kernel::OM = Kernel::System::ObjectManager->new();
my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder::Permission::WorkOrderAgentCheck');
=cut
sub new {
my ( $Type, %Param ) = @_;
# allocate new hash for object
my $Self = {};
bless( $Self, $Type );
return $Self;
}
=head2 Run()
This method does the check. C<ro> access is granted when the agent is a C<ro> member
of the 'itsm-change' group. C<rw> access is granted when the agent is the C<workorder> agent
of the C<workorder>.
my $HasAccess = $CheckObject->Run(
UserID => 123,
Type => 'rw', # 'ro' or 'rw'
WorkOrderID => 4444, # optional for WorkOrderAdd
);
=cut
sub Run {
my ( $Self, %Param ) = @_;
# check needed stuff
for my $Argument (qw(UserID Type WorkOrderID)) {
if ( !$Param{$Argument} ) {
$Kernel::OM->Get('Kernel::System::Log')->Log(
Priority => 'error',
Message => "Need $Argument!",
);
return;
}
}
# the check is based upon the workorder agent
my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
Group => 'itsm-change',
);
# deny access, when the group is not found
return if !$GroupID;
# get user groups, where the user has the appropriate privilege
my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
UserID => $Param{UserID},
Type => $Param{Type},
Result => 'HASH',
);
# deny access if the agent doesn't have the appropriate type in the appropriate group
return if !$Groups{$GroupID};
# workorder agents are granted ro access
return 1 if $Param{Type} eq 'ro';
# there already is a workorder. e.g. AgentITSMWorkOrderEdit
my $WorkOrder = $Kernel::OM->Get('Kernel::System::ITSMChange::ITSMWorkOrder')->WorkOrderGet(
UserID => $Param{UserID},
WorkOrderID => $Param{WorkOrderID},
);
# deny access, when no workorder was found
return if !$WorkOrder || !%{$WorkOrder} || !$WorkOrder->{WorkOrderAgentID};
# allow access, when the agent is the workorder agent of the workorder
return 1 if $WorkOrder->{WorkOrderAgentID} == $Param{UserID};
# deny rw access otherwise
return;
}
=head1 TERMS AND CONDITIONS
This software is part of the OTRS project (L<https://otrs.org/>).
This software comes with ABSOLUTELY NO WARRANTY. For details, see
the enclosed file COPYING for license information (GPL). If you
did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
=cut
1;