init III

Perl OTRS/Kernel/System/ITSMChange/Permission/AddWorkOrderCheck.pm

@@ -0,0 +1,145 @@
+# --
+# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
+# --
+# This software comes with ABSOLUTELY NO WARRANTY. For details, see
+# the enclosed file COPYING for license information (GPL). If you
+# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
+# --
+
+package Kernel::System::ITSMChange::Permission::AddWorkOrderCheck;
+
+use strict;
+use warnings;
+
+our @ObjectDependencies = (
+    'Kernel::Config',
+    'Kernel::System::Group',
+    'Kernel::System::Log',
+);
+
+=head1 NAME
+
+Kernel::System::ITSMChange::Permission::AddWorkOrderCheck - WorkOrderAdd and WorkOrderAddFromTemplate permission check
+
+=head1 PUBLIC INTERFACE
+
+=head2 new()
+
+Create an object.
+
+    use Kernel::System::ObjectManager;
+    local $Kernel::OM = Kernel::System::ObjectManager->new();
+    my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::Permission::AddWorkOrderCheck');
+
+=cut
+
+sub new {
+    my ( $Type, %Param ) = @_;
+
+    # allocate new hash for object
+    my $Self = {};
+    bless( $Self, $Type );
+
+    return $Self;
+}
+
+=head2 Run()
+
+This method does the check. C<ro> and C<rw> access is granted
+when the agent has the correct privileges in the group defined in the
+frontend module registration.
+
+    my $HasAccess = $CheckObject->Run(
+        UserID   => 123,
+        Type     => 'rw',     # 'ro' or 'rw'
+        ChangeID => 3333,     # optional for ChangeAdd
+    );
+
+=cut
+
+sub Run {
+    my ( $Self, %Param ) = @_;
+
+    # check needed stuff
+    for my $Argument (qw(UserID Type)) {
+        if ( !$Param{$Argument} ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Argument!",
+            );
+
+            return;
+        }
+    }
+
+    # if no action is given, pass the checks to the following modules
+    return 1 if !$Param{Action};
+
+    # if no ChangeID is given, pass the checks to the following modules
+    return 1 if !$Param{ChangeID};
+
+    # access is passed to other permission modules if the action is none of the below
+    if (
+        $Param{Action} ne 'AgentITSMWorkOrderAdd'
+        && $Param{Action} ne 'AgentITSMWorkOrderAddFromTemplate'
+        )
+    {
+        return 1;
+    }
+
+    # get config for the relevant action
+    my $FrontendConfig = $Kernel::OM->Get('Kernel::Config')->Get("ITSMChange::Frontend::$Param{Action}");
+
+    # get the required privilege, 'ro' or 'rw'
+    my $RequiredPriv;
+    if ( $FrontendConfig && $FrontendConfig->{Permission} ) {
+
+        # get the required priv from the frontend configuration
+        $RequiredPriv = $FrontendConfig->{Permission};
+    }
+
+    # access is passed to other permission modules if there is no required privilege
+    return 1 if !$RequiredPriv;
+
+    # get the required group for the frontend module
+    my $Group = $Kernel::OM->Get('Kernel::Config')->Get('Frontend::Module')->{ $Param{Action} }
+        ->{GroupRo}->[0];
+
+    # deny access, when the group is not found
+    return $Param{Counter} if !$Group;
+
+    # get the group id
+    my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
+        Group => $Group,
+    );
+
+    # deny access, when the group is not found
+    return $Param{Counter} if !$GroupID;
+
+    # get user groups, where the user has the appropriate privilege
+    my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
+        UserID => $Param{UserID},
+        Type   => $RequiredPriv,
+        Result => 'HASH',
+    );
+
+    # access is passed to other permission modules if the agent
+    # has the appropriate type in the appropriate group
+    return 1 if $Groups{$GroupID};
+
+    # deny access otherwise
+    return;
+
+}
+
+=head1 TERMS AND CONDITIONS
+
+This software is part of the OTRS project (L<https://otrs.org/>).
+
+This software comes with ABSOLUTELY NO WARRANTY. For details, see
+the enclosed file COPYING for license information (GPL). If you
+did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
+
+=cut
+
+1;

Perl OTRS/Kernel/System/ITSMChange/Permission/CABCheck.pm

@@ -0,0 +1,105 @@
+# --
+# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
+# --
+# This software comes with ABSOLUTELY NO WARRANTY. For details, see
+# the enclosed file COPYING for license information (GPL). If you
+# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
+# --
+
+package Kernel::System::ITSMChange::Permission::CABCheck;
+
+use strict;
+use warnings;
+
+our @ObjectDependencies = (
+    'Kernel::System::ITSMChange',
+    'Kernel::System::Log',
+);
+
+=head1 NAME
+
+Kernel::System::ITSMChange::Permission::CABCheck - CAB based permission check
+
+=head1 PUBLIC INTERFACE
+
+=head2 new()
+
+Create an object.
+
+    use Kernel::System::ObjectManager;
+    local $Kernel::OM = Kernel::System::ObjectManager->new();
+    my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::Permission::CABCheck');
+
+=cut
+
+sub new {
+    my ( $Type, %Param ) = @_;
+
+    # allocate new hash for object
+    my $Self = {};
+    bless( $Self, $Type );
+
+    return $Self;
+}
+
+=head2 Run()
+
+This method does the check. Access is allowed when type is C<ro> and the agent is a member
+of the CAB of the change.
+
+    my $HasAccess = $CheckObject->Run(
+        UserID   => 123,
+        Type     => 'rw',     # 'ro' or 'rw'
+        ChangeID => 3333,     # optional for ChangeAdd
+    );
+
+=cut
+
+sub Run {
+    my ( $Self, %Param ) = @_;
+
+    # check needed stuff
+    for my $Argument (qw(UserID Type)) {
+        if ( !$Param{$Argument} ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Argument!",
+            );
+
+            return;
+        }
+    }
+
+    # only 'ro' access might be granted by this module
+    return if $Param{Type} ne 'ro';
+
+    # deny access when there is no change, and thus no CAB
+    return if !$Param{ChangeID};
+
+    # get the CAB of the change
+    my $CAB = $Kernel::OM->Get('Kernel::System::ITSMChange')->ChangeCABGet(
+        UserID   => $Param{UserID},
+        ChangeID => $Param{ChangeID},
+    );
+
+    # look for a CAB member with the relevant UserID
+    my ($FoundCABMember) = grep { $_ == $Param{UserID} } @{ $CAB->{CABAgents} };
+
+    # allow access the the agent is a CAB member
+    return 1 if $FoundCABMember;
+
+    # deny access otherwise
+    return;
+}
+
+=head1 TERMS AND CONDITIONS
+
+This software is part of the OTRS project (L<https://otrs.org/>).
+
+This software comes with ABSOLUTELY NO WARRANTY. For details, see
+the enclosed file COPYING for license information (GPL). If you
+did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
+
+=cut
+
+1;

Perl OTRS/Kernel/System/ITSMChange/Permission/ChangeAgentCheck.pm

@@ -0,0 +1,108 @@
+# --
+# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
+# --
+# This software comes with ABSOLUTELY NO WARRANTY. For details, see
+# the enclosed file COPYING for license information (GPL). If you
+# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
+# --
+
+package Kernel::System::ITSMChange::Permission::ChangeAgentCheck;
+
+use strict;
+use warnings;
+
+our @ObjectDependencies = (
+    'Kernel::System::Group',
+    'Kernel::System::Log',
+);
+
+=head1 NAME
+
+Kernel::System::ITSMChange::Permission::ChangeAgentCheck - change agent based permission check
+
+=head1 PUBLIC INTERFACE
+
+=head2 new()
+
+Create an object.
+
+    use Kernel::System::ObjectManager;
+    local $Kernel::OM = Kernel::System::ObjectManager->new();
+    my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::Permission::ChangeAgentCheck');
+
+=cut
+
+sub new {
+    my ( $Type, %Param ) = @_;
+
+    # allocate new hash for object
+    my $Self = {};
+    bless( $Self, $Type );
+
+    return $Self;
+}
+
+=head2 Run()
+
+This method does the check. C<ro> access is allowed when the agent is a <ro> member
+of the 'itsm-change' group.
+
+    my $HasAccess = $CheckObject->Run(
+        UserID   => 123,
+        Type     => 'rw',     # 'ro' or 'rw'
+        ChangeID => 3333,     # optional for ChangeAdd
+    );
+
+=cut
+
+sub Run {
+    my ( $Self, %Param ) = @_;
+
+    # check needed stuff
+    for my $Argument (qw(UserID Type)) {
+        if ( !$Param{$Argument} ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Argument!",
+            );
+
+            return;
+        }
+    }
+
+    # only 'ro' access might be granted by this module
+    return if $Param{Type} ne 'ro';
+
+    # the check is based upon the change agent
+    my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
+        Group => 'itsm-change',
+    );
+
+    # deny access, when the group is not found
+    return if !$GroupID;
+
+    # get user groups, where the user has the appropriate privilege
+    my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
+        UserID => $Param{UserID},
+        Type   => $Param{Type},
+        Result => 'HASH',
+    );
+
+    # deny access if the agent doesn't have the appropriate type in the appropriate group
+    return if !$Groups{$GroupID};
+
+    # change agents are granted ro access
+    return 1;
+}
+
+=head1 TERMS AND CONDITIONS
+
+This software is part of the OTRS project (L<https://otrs.org/>).
+
+This software comes with ABSOLUTELY NO WARRANTY. For details, see
+the enclosed file COPYING for license information (GPL). If you
+did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
+
+=cut
+
+1;

Perl OTRS/Kernel/System/ITSMChange/Permission/ChangeBuilderCheck.pm

@@ -0,0 +1,122 @@
+# --
+# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
+# --
+# This software comes with ABSOLUTELY NO WARRANTY. For details, see
+# the enclosed file COPYING for license information (GPL). If you
+# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
+# --
+
+package Kernel::System::ITSMChange::Permission::ChangeBuilderCheck;
+
+use strict;
+use warnings;
+
+our @ObjectDependencies = (
+    'Kernel::System::Group',
+    'Kernel::System::ITSMChange',
+    'Kernel::System::Log',
+);
+
+=head1 NAME
+
+Kernel::System::ITSMChange::Permission::ChangeBuilderCheck - change builder based permission check
+
+=head1 PUBLIC INTERFACE
+
+=head2 new()
+
+Create an object.
+
+    use Kernel::System::ObjectManager;
+    local $Kernel::OM = Kernel::System::ObjectManager->new();
+    my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::Permission::ChangeBuilderCheck');
+
+=cut
+
+sub new {
+    my ( $Type, %Param ) = @_;
+
+    # allocate new hash for object
+    my $Self = {};
+    bless( $Self, $Type );
+
+    return $Self;
+}
+
+=head2 Run()
+
+This method does the check. When no ChangeID is passed, than C<ro> and C<rw> access is granted
+when the agent has the privilege in the 'itsm-change-builder' group.
+When the ChangeID was passed, than the agent must additionally be the change builder of the change.
+
+    my $HasAccess = $CheckObject->Run(
+        UserID   => 123,
+        Type     => 'rw',     # 'ro' or 'rw'
+        ChangeID => 3333,     # optional for ChangeAdd
+    );
+
+=cut
+
+sub Run {
+    my ( $Self, %Param ) = @_;
+
+    # check needed stuff
+    for my $Argument (qw(UserID Type)) {
+        if ( !$Param{$Argument} ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Argument!",
+            );
+
+            return;
+        }
+    }
+
+    # the check is based upon the change builder
+    my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
+        Group => 'itsm-change-builder',
+    );
+
+    # do not grant access, when the group is not found
+    return if !$GroupID;
+
+    # get user groups, where the user has the appropriate privilege
+    my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
+        UserID => $Param{UserID},
+        Type   => $Param{Type},
+        Result => 'HASH',
+    );
+
+    # do not grant access if the agent doesn't have the appropriate type in the appropriate group
+    return if !$Groups{$GroupID};
+
+    # Allow a change builder to create a change, when there isn't a change yet.
+    return 1 if !$Param{ChangeID};
+
+    # there already is a change. e.g. AgentITSMChangeEdit
+    my $Change = $Kernel::OM->Get('Kernel::System::ITSMChange')->ChangeGet(
+        UserID   => $Param{UserID},
+        ChangeID => $Param{ChangeID},
+    );
+
+    # do not grant access, when no change was found
+    return if !$Change || !%{$Change} || !$Change->{ChangeBuilderID};
+
+    # allow access, when the agent is the change builder of the change
+    return 1 if $Change->{ChangeBuilderID} == $Param{UserID};
+
+    # do not grant access otherwise
+    return;
+}
+
+=head1 TERMS AND CONDITIONS
+
+This software is part of the OTRS project (L<https://otrs.org/>).
+
+This software comes with ABSOLUTELY NO WARRANTY. For details, see
+the enclosed file COPYING for license information (GPL). If you
+did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
+
+=cut
+
+1;

Perl OTRS/Kernel/System/ITSMChange/Permission/ChangeManagerCheck.pm

@@ -0,0 +1,107 @@
+# --
+# Copyright (C) 2001-2019 OTRS AG, https://otrs.com/
+# --
+# This software comes with ABSOLUTELY NO WARRANTY. For details, see
+# the enclosed file COPYING for license information (GPL). If you
+# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
+# --
+
+package Kernel::System::ITSMChange::Permission::ChangeManagerCheck;
+
+use strict;
+use warnings;
+
+our @ObjectDependencies = (
+    'Kernel::System::Group',
+    'Kernel::System::Log',
+);
+
+=head1 NAME
+
+Kernel::System::ITSMChange::Permission::ChangeManagerCheck - change manager based permission check
+
+=head1 PUBLIC INTERFACE
+
+=head2 new()
+
+Create an object.
+
+    use Kernel::System::ObjectManager;
+    local $Kernel::OM = Kernel::System::ObjectManager->new();
+    my $CheckObject = $Kernel::OM->Get('Kernel::System::ITSMChange::Permission::ChangeManagerCheck');
+
+=cut
+
+sub new {
+    my ( $Type, %Param ) = @_;
+
+    # allocate new hash for object
+    my $Self = {};
+    bless( $Self, $Type );
+
+    return $Self;
+}
+
+=head2 Run()
+
+This method does the check. C<ro> and C<rw> access is granted
+when the agent has the privilege in the 'itsm-change-manager' group.
+
+    my $HasAccess = $CheckObject->Run(
+        UserID   => 123,
+        Type     => 'rw',     # 'ro' or 'rw'
+        ChangeID => 3333,     # optional for ChangeAdd
+    );
+
+=cut
+
+sub Run {
+    my ( $Self, %Param ) = @_;
+
+    # check needed stuff
+    for my $Argument (qw(UserID Type)) {
+        if ( !$Param{$Argument} ) {
+            $Kernel::OM->Get('Kernel::System::Log')->Log(
+                Priority => 'error',
+                Message  => "Need $Argument!",
+            );
+
+            return;
+        }
+    }
+
+    # the check is based upon the change manager
+    my $GroupID = $Kernel::OM->Get('Kernel::System::Group')->GroupLookup(
+        Group => 'itsm-change-manager',
+    );
+
+    # deny access, when the group is not found
+    return if !$GroupID;
+
+    # get user groups, where the user has the appropriate privilege
+    my %Groups = $Kernel::OM->Get('Kernel::System::Group')->GroupMemberList(
+        UserID => $Param{UserID},
+        Type   => $Param{Type},
+        Result => 'HASH',
+    );
+
+    # allow ro and rw access if the agent is a change manager
+    return 1 if $Groups{$GroupID};
+
+    # no need to check whether the agent is the actual manager of the change
+
+    # deny access otherwise
+    return;
+}
+
+=head1 TERMS AND CONDITIONS
+
+This software is part of the OTRS project (L<https://otrs.org/>).
+
+This software comes with ABSOLUTELY NO WARRANTY. For details, see
+the enclosed file COPYING for license information (GPL). If you
+did not receive this file, see L<https://www.gnu.org/licenses/gpl-3.0.txt>.
+
+=cut
+
+1;