Changes - j0ke.net Open Build Service

Changes of Revision 13

[-] [+]	Changed	otrs.changes
@@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Tue Jun 18 08:17:57 UTC 2013 - cs@linux-administrator.com + +- update to release 3.0.21 + +------------------------------------------------------------------- Thu Mar 21 09:45:31 UTC 2013 - cs@linux-administrator.com - update to release 3.0.18
[-] [+]	Changed	otrs.spec ^
@@ -6,7 +6,7 @@ # Summary: The Open Ticket Request System Name: otrs -Version: 3.0.18 +Version: 3.0.21 License: GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Group: Applications/Mail URL: http://www.otrs.org/
[-] [+]	Changed	otrs-3.0.21.tar.bz2/ARCHIVE ^
@@ -56,7 +56,7 @@ 5b9d6f4c985b98969aacf5fe3e0f882f::bin/otrs.UnlockTickets.pl e3d1e67453c8c7e971c75e10480dfc04::bin/otrs.xml2sql.pl 9b9eddd54fa8cf7edfbaab2609dd77fd::bin/otrs.XMLMaster.pl -b9539d97b27af0149c5243c99a4c866b::CHANGES +1b626a5bc7ffce5a1b61b7a90dab2d99::CHANGES 73f1eb20517c55bf9493b7dd6e480788::COPYING bcdc8570d9e42a6b345dfeb9598b402d::COPYING-Third-Party 48e5524f3292e9e6ee7f6a568547f7e7::CREDITS @@ -275,7 +275,7 @@ b3701be4e47f621fdf00709024aad86e::Kernel/Modules/AgentDashboard.pm 91234a3ae70d32309fd448529e818910::Kernel/Modules/AgentHTMLReference.pm aabb40a14450ec86d7921ce731399867::Kernel/Modules/AgentInfo.pm -742f2b8e3e39e1f18034ead2d6d871aa::Kernel/Modules/AgentLinkObject.pm +388150b0b335f71f31d66616b0267317::Kernel/Modules/AgentLinkObject.pm a7abdb9d96ed656eace23caa2d774ec3::Kernel/Modules/AgentPreferences.pm e39c7f8d128369975496922acb679a7a::Kernel/Modules/AgentSearch.pm 96034ccf0058d4e948bd755d4745fb80::Kernel/Modules/AgentSpelling.pm @@ -300,7 +300,7 @@ 9fef6b370c7300cf4dadd530d3842777::Kernel/Modules/AgentTicketNote.pm 8191404862838d173a92d0cf31ff0db6::Kernel/Modules/AgentTicketOwner.pm e952e2bc33cc608d9517b924540d9c01::Kernel/Modules/AgentTicketPending.pm -e546f163dc61ee01bc2429b08648fc86::Kernel/Modules/AgentTicketPhone.pm +5eed1537d7596355c7e78708ee6eaf27::Kernel/Modules/AgentTicketPhone.pm cd26b3bae41f251f09171341a4aa743c::Kernel/Modules/AgentTicketPhoneOutbound.pm 08b17ee483d14852d494d14f9eaad278::Kernel/Modules/AgentTicketPlain.pm c4c344d0698dee63ba409aacffb416d4::Kernel/Modules/AgentTicketPrint.pm @@ -310,7 +310,7 @@ 1a3cf5ed6d0a1aee51ed012b9413010a::Kernel/Modules/AgentTicketResponsibleView.pm 330705a2318bb6e79a5fc46b6294b268::Kernel/Modules/AgentTicketSearch.pm 539bae84e483e5167e62ea2ee6ef9519::Kernel/Modules/AgentTicketStatusView.pm -e2954f496e8dd296562924696cb61468::Kernel/Modules/AgentTicketWatcher.pm +89cd4d57ba08e75a92bc6516b2553fe3::Kernel/Modules/AgentTicketWatcher.pm c8b8c9cde95b0cb45bb12f5e67ed3c2b::Kernel/Modules/AgentTicketWatchView.pm 22f6aa3e838bc38caaa0d65b79e20f33::Kernel/Modules/AgentTicketZoom.pm 3c864f519dc9d46e4bb83ab0125dce3a::Kernel/Modules/AgentZoom.pm @@ -609,8 +609,8 @@ a6f02639930d17be7444860a82355d2b::Kernel/System/Group.pm 1929716bddb54c22bc5eb6d1d0279536::Kernel/System/HTMLUtils.pm a72de04cd681d93ce868edc3936e3bda::Kernel/System/JSON.pm -909dfb9cd706dca2989675e5c7d94b38::Kernel/System/LinkObject/Ticket.pm -3737608b07aa6ec9f96f0a9d5bedfb33::Kernel/System/LinkObject.pm +e1f422c748c80b622d6f34cb0c42d4a2::Kernel/System/LinkObject/Ticket.pm +8e66e0d5f5011162563d094807c24b64::Kernel/System/LinkObject.pm 7e4b803ffe5c5b22f9c19991909083f3::Kernel/System/Loader.pm f904ef05daed38a92b4d0b6dd68de6eb::Kernel/System/Lock.pm 123ab2d462c21d4e7de9de34ddf3961e::Kernel/System/Log/File.pm @@ -629,7 +629,7 @@ 794493eccbe3181e3d15d1ce53c96086::Kernel/System/PID.pm 017c323d8d2cd7f5e0af73f7bbeb2274::Kernel/System/PostMaster/DestQueue.pm 98994a759a57210d4074e62d995fb710::Kernel/System/PostMaster/Filter/CMD.pm -e756b2ad116735e78345a9aecff996ff::Kernel/System/PostMaster/Filter/FollowUpArticleTypeCheck.pm +dbf81bc670ebd8231fad3ff497a2b462::Kernel/System/PostMaster/Filter/FollowUpArticleTypeCheck.pm 2a75104c7bfb3704315f739490a9eb11::Kernel/System/PostMaster/Filter/Match.pm 242a28ff6018c12b23043d21e1e18999::Kernel/System/PostMaster/Filter/MatchDBSource.pm fd70c600156c35f55661ec2b37b510c7::Kernel/System/PostMaster/Filter/NewTicketReject.pm @@ -726,7 +726,7 @@ f50c3be098225f9fafbaf8a061d92b5f::README a7f30e27c2f205da803c1152f8bb7864::README.database dc78ab923bec42d4ec6a445f18dda17e::README.webserver -7be6043a1028e4403e6d17d5123b5a0d::RELEASE +84ae90d70a789a48d33310b808c83836::RELEASE 800b384789f79d25c7d2bab5919cc2fb::scripts/apache2-httpd.include.conf df581aad1fd858198a179295ef101e86::scripts/apache2-perl-startup.pl 318accebbe8a84c2b079a9d5c52656d3::scripts/auto_build/description.txt @@ -864,12 +864,12 @@ 30a3d16402d9a112789863c2fdc96957::scripts/test/Language.t 2563e457f8b16ec68b7c216ecc711822::scripts/test/Layout.t 6afd6882f98f429a3130ff949180a81f::scripts/test/LayoutTicket.t -aba3d993da76c9fc286df82c192e042e::scripts/test/LinkObject.t +fbce435c646c7d26dca3acf24302707c::scripts/test/LinkObject.t 9099ed13ae5325a77581ea0d4d438158::scripts/test/Loader.t ffda9beb0befa27e9bf587235603819a::scripts/test/Lock.t 74e8d460b1e445ab4901d9d711a7ec3c::scripts/test/MailAccount.t a9f1f24ab84c7816d755acf623965d57::scripts/test/Main.t -b9fc1468590ff82c96869d9f438b7a3b::scripts/test/Package.t +c1ffa34d0faf7c5800793e264813b6bb::scripts/test/Package.t 23063cb3ad1f5a1e1c2e9c372b7d149b::scripts/test/PDF.t b38384017954e9da0260ee4fdd1ab248::scripts/test/Performance.t 3c3bc4b1277475305fb9bc27d1019514::scripts/test/PID.t @@ -909,7 +909,7 @@ f5ff4a808cf94ec7bff3dd583acf6ca8::scripts/test/sample/EmailParser/PostMaster-Test8.box e37575c022c69b44e4840c5128dbc6e0::scripts/test/sample/EmailParser/PostMaster-Test9.box 0ef864b7dcaaa4013d37992c2b904971::scripts/test/sample/HTMLUtils/obstacles_upd2.xml -75cd94b8a249a739df0f6b994666ed4e::scripts/test/sample/LinkObject/LinkBackendDummy.pm +d30d8e5987f67ab2a3a3292d373d19ac::scripts/test/sample/LinkObject/LinkBackendDummy.pm 744a47a6bee06ba0f581d964a553cdf1::scripts/test/sample/Loader/CombinedJavaScript.min.js bc649dcc250b890c310139bff68b40dc::scripts/test/sample/Loader/OTRS.Agent.App.Dashboard.js 39f51cb3bc57a43b4ea2ea1db88ddb7f::scripts/test/sample/Loader/OTRS.Agent.App.Login.js
[-] [+]	Changed	otrs-3.0.21.tar.bz2/CHANGES ^
@@ -9,6 +9,23 @@ # did not receive this file, see http://www.gnu.org/licenses/agpl.txt. # -- +3.0.21 2013-06-18 + - 2013-06-06 Improved permission checks in AgentTicketWatcher. + +3.0.20 2013-05-21 + - 2013-05-17 Updated Package Manager, that will ensure that packages to be installed + meet the quality standards of OTRS Group. This is to guarantee that your package + wasn’t modified, which may possibly harm your system or have an influence on the + stability and performance of it. All independent package contributors will have + to conduct a check of their Add-Ons by OTRS Group in order to take full advantage + of the OTRS package verification. + - 2013-05-07 Improved permission checks in AgentTicketPhone. + - 2013-05-07 Fixed bug#7478 - Got an external answer to an internal mail. + - 2013-04-08 Fixed bug#9312 - LinkObject permission check problem. + +3.0.19 2013-04-02 + - 2013-03-18 Improved permission checks in LinkObject. + 3.0.18 2013-03-12 - 2013-03-04 Updated CKEditor to version 3.6.6. - 2013-03-02 Fixed bug#9214 - IE10: impossible to open links from rich text articles.
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/Modules/AgentLinkObject.pm ^
@@ -63,6 +63,30 @@ ); } + # check if this is a temporary ticket link used while creating a new ticket + my $TemporarySourceTicketLink; + if ( $Form{Mode} eq 'Temporary' && $Form{SourceObject} eq 'Ticket' && $Form{SourceKey} =~ m{ \A \d+ \. \d+ }xms ) { + $TemporarySourceTicketLink = 1; + } + + # do the permission check only if it is no temporary ticket link used while creating a new ticket + if ( !$TemporarySourceTicketLink ) { + + # permission check + my $Permission = $Self->{LinkObject}->ObjectPermission( + Object => $Form{SourceObject}, + Key => $Form{SourceKey}, + UserID => $Self->{UserID}, + ); + + if ( !$Permission ) { + return $Self->{LayoutObject}->NoPermission( + Message => 'You need ro permission!', + WithHeader => 'yes', + ); + } + } + # get form params $Form{TargetIdentifier} = $Self->{ParamObject}->GetParam( Param => 'TargetIdentifier' ) \|\| $Form{SourceObject}; @@ -137,6 +161,14 @@ next IDENTIFIER if !$Target[1]; # TargetKey next IDENTIFIER if !$Target[2]; # LinkType + my $DeletePermission = $Self->{LinkObject}->ObjectPermission( + Object => $Target[0], + Key => $Target[1], + UserID => $Self->{UserID}, + ); + + next IDENTIFIER if !$DeletePermission; + # delete link from database my $Success = $Self->{LinkObject}->LinkDelete( Object1 => $Form{SourceObject}, @@ -330,6 +362,25 @@ $TargetKey = $TargetKeyOrg; } + # check if this is a temporary ticket link used while creating a new ticket + my $TemporaryTargetTicketLink; + if ( $Form{Mode} eq 'Temporary' && $TargetObject eq 'Ticket' && $TargetKey =~ m{ \A \d+ \. \d+ }xms ) { + $TemporaryTargetTicketLink = 1; + } + + # do the permission check only if it is no temporary ticket link + # used while creating a new ticket + if ( !$TemporaryTargetTicketLink ) { + + my $AddPermission = $Self->{LinkObject}->ObjectPermission( + Object => $TargetObject, + Key => $TargetKey, + UserID => $Self->{UserID}, + ); + + next TARGETKEYORG if !$AddPermission; + } + # add links to database my $Success = $Self->{LinkObject}->LinkAdd( SourceObject => $SourceObject,
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/Modules/AgentTicketPhone.pm ^
@@ -175,7 +175,23 @@ my %Article; my %CustomerData; if ( $GetParam{ArticleID} ) { - %Article = $Self->{TicketObject}->ArticleGet( ArticleID => $GetParam{ArticleID} ); + + my $Access = $Self->{TicketObject}->TicketPermission( + Type => 'ro', + TicketID => $Self->{TicketID}, + UserID => $Self->{UserID} + ); + + if ( !$Access ) { + return $Self->{LayoutObject}->NoPermission( + Message => "You need ro permission!", + WithHeader => 'yes', + ); + } + + %Article = $Self->{TicketObject}->ArticleGet( + ArticleID => $GetParam{ArticleID}, + ); # Check if article is from the same TicketID as we checked permissions for. if ( $Article{TicketID} ne $Self->{TicketID} ) { @@ -1051,6 +1067,18 @@ && $Self->{Config}->{SplitLinkType}->{Direction} ) { + my $Access = $Self->{TicketObject}->TicketPermission( + Type => 'ro', + TicketID => $GetParam{LinkTicketID}, + UserID => $Self->{UserID} + ); + + if ( !$Access ) { + return $Self->{LayoutObject}->NoPermission( + Message => "You need ro permission!", + WithHeader => 'yes', + ); + } my $SourceKey = $GetParam{LinkTicketID}; my $TargetKey = $TicketID;
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/Modules/AgentTicketWatcher.pm ^
@@ -69,6 +69,17 @@ # ------------------------------------------------------------ # if ( $Self->{Subaction} eq 'Subscribe' ) { + # Checks if the user has permissions to see the ticket. + # This is needed because watching grants ro permissions (depending on configuration). + my $Access = $Self->{TicketObject}->TicketPermission( + Type => 'ro', + TicketID => $Self->{TicketID}, + UserID => $Self->{UserID}, + ); + if (!$Access) { + return $Self->{LayoutObject}->NoPermission( WithHeader => 'yes' ); + } + # set subscribe my $Subscribe = $Self->{TicketObject}->TicketWatchSubscribe( TicketID => $Self->{TicketID}, @@ -88,6 +99,9 @@ # unsubscribe a ticket # ------------------------------------------------------------ # elsif ( $Self->{Subaction} eq 'Unsubscribe' ) { + + # We don't need a permission check here as we will remove + # permissions by unsubscribing. my $Unsubscribe = $Self->{TicketObject}->TicketWatchUnsubscribe( TicketID => $Self->{TicketID}, WatchUserID => $Self->{UserID},
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/System/LinkObject.pm ^
@@ -2218,6 +2218,45 @@ return %StateList; } +=item ObjectPermission() + +checks read permission for a given object and UserID. + + $Permission = $LinkObject->ObjectPermission( + Object => 'Ticket', + Key => 123, + UserID => 1, + ); + +=cut + +sub ObjectPermission { + my ( $Self, %Param ) = @_; + + # check needed stuff + for my $Argument (qw(Object Key UserID)) { + if ( !$Param{$Argument} ) { + $Self->{LogObject}->Log( + Priority => 'error', + Message => "Need $Argument!", + ); + return; + } + } + + my $BackendObject = $Self->_LoadBackend( + Object => $Param{Object}, + UserID => $Param{UserID}, + ); + + return if !$BackendObject; + return 1 if !$BackendObject->can('ObjectPermission'); + + return $BackendObject->ObjectPermission( + %Param, + ); +} + =item ObjectDescriptionGet() return a hash of object descriptions
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/System/LinkObject/Ticket.pm ^
@@ -97,6 +97,39 @@ return 1; } +=item ObjectPermission() + +checks read permission for a given object and UserID. + + $Permission = $LinkObject->ObjectPermission( + Object => 'Ticket', + Key => 123, + UserID => 1, + ); + +=cut + +sub ObjectPermission { + my ( $Self, %Param ) = @_; + + # check needed stuff + for my $Argument (qw(Object Key UserID)) { + if ( !$Param{$Argument} ) { + $Self->{LogObject}->Log( + Priority => 'error', + Message => "Need $Argument!", + ); + return; + } + } + + return $Self->{TicketObject}->TicketPermission( + Type => 'ro', + TicketID => $Param{Key}, + UserID => $Param{UserID}, + ); +} + =item ObjectDescriptionGet() return a hash of object descriptions
[-] [+]	Changed	otrs-3.0.21.tar.bz2/Kernel/System/PostMaster/Filter/FollowUpArticleTypeCheck.pm ^
@@ -66,10 +66,16 @@ # check recipients next if !$Article->{To}; - my @EmailAddresses = $Self->{ParserObject}->SplitAddressLine( + + my @ToEmailAddresses = $Self->{ParserObject}->SplitAddressLine( Line => $Article->{To}, ); - for my $Email (@EmailAddresses) { + my @CcEmailAddresses = $Self->{ParserObject}->SplitAddressLine( + Line => $Article->{Cc}, + ); + my @EmailAdresses = ( @ToEmailAddresses, @CcEmailAddresses ); + + for my $Email (@EmailAdresses) { my $Recipient = $Self->{ParserObject}->GetEmailAddress( Email => $Email, );
[-] [+]	Changed	otrs-3.0.21.tar.bz2/RELEASE ^
@@ -1,4 +1,4 @@ PRODUCT = OTRS -VERSION = 3.0.18 -BUILDDATE = Do Mär 7 11:17:07 CET 2013 +VERSION = 3.0.21 +BUILDDATE = Fr Jun 14 08:04:37 CEST 2013 BUILDHOST = otrsbuild.otrs.com
	Changed	otrs-3.0.21.tar.bz2/doc/manual/de/otrs_admin_book.pdf ^
	Changed	otrs-3.0.21.tar.bz2/doc/manual/en/otrs_admin_book.pdf ^
[-] [+]	Changed	otrs-3.0.21.tar.bz2/scripts/test/LinkObject.t ^
@@ -2816,6 +2816,52 @@ "Test $TestCount: LinkDeleteAll() - check success", ); +# +# ObjectPermission tests +# +my @Tests = ( + { + Name => 'regular admin access', + Object => 'Ticket', + Key => 1, + UserID => 1, + Result => 1, + }, + { + Name => 'user without permission', + Object => 'Ticket', + Key => 1, + UserID => $UserIDs[0], + Result => undef, + }, + { + Name => 'dummy backend, deny admin', + Object => $ObjectNames[0], + Key => 1, + UserID => 1, + Result => undef, + }, + { + Name => 'dummy backend, allow regular user', + Object => $ObjectNames[0], + Key => 1, + UserID => $UserIDs[0], + Result => 1, + }, +); + +for my $Test (@Tests) { + my $Result = $LinkObject->ObjectPermission( %{$Test} ); + + $Self->Is( + $Result, + $Test->{Result}, + "ObjectPermission - " . $Test->{Name}, + ); +} + + + # ------------------------------------------------------------ # # run link tests # ------------------------------------------------------------ #
[-] [+]	Changed	otrs-3.0.21.tar.bz2/scripts/test/Package.t ^
@@ -1055,7 +1055,7 @@ my $Version = $Self->{ConfigObject}->Get('Version'); if ( !-e $Home . '/ARCHIVE' - && $Version =~ m{CVS} + && $Version =~ m{git} ) { $DeveloperSystem = 1;
[-] [+]	Changed	otrs-3.0.21.tar.bz2/scripts/test/sample/LinkObject/LinkBackendDummy.pm ^
@@ -81,6 +81,29 @@ return 1; } +# +# +# + +sub ObjectPermission { + my ( $Self, %Param ) = @_; + + # check needed stuff + for my $Argument (qw(Object Key UserID)) { + if ( !$Param{$Argument} ) { + $Self->{LogObject}->Log( + Priority => 'error', + Message => "Need $Argument!", + ); + return; + } + } + + # deny access for admin + return if $Param{UserID} == 1; + return 1; +} + =item ObjectDescriptionGet() return a hash of object descriptions