[otrs-cvs] iPhoneHandle/Kernel/System iPhone.pm,1.63,1.64

CVS commits notifications of OTRS.org cvs-log at otrs.org
Wed Jun 15 12:37:13 GMT 2011 

Comments:
Update of /home/cvs/iPhoneHandle/Kernel/System
In directory lancelot:/tmp/cvs-serv21345/Kernel/System

Modified Files:
	iPhone.pm 
Log Message:
Added additional permission checks for ticket/articles.

Author: martin

Index: iPhone.pm
===================================================================
RCS file: /home/cvs/iPhoneHandle/Kernel/System/iPhone.pm,v
retrieving revision 1.63
retrieving revision 1.64
diff -2 -u -d -r1.63 -r1.64
--- iPhone.pm	28 May 2011 19:10:28 -0000	1.63
+++ iPhone.pm	15 Jun 2011 12:37:08 -0000	1.64
@@ -15,5 +15,4 @@
 use warnings;
 
-#use Kernel::System::Log;
 use Kernel::Language;
 use Kernel::System::CheckItem;
@@ -263,5 +262,5 @@
             },
             Method => "ScreenActions",
-            Object => "CustomObject"},
+            Object => "CustomObject",
             Title => "New Phone Ticket"
        },
@@ -2226,4 +2225,28 @@
     my ( $Self, %Param ) = @_;
 
+    # permission check
+    my $Access;
+    if ( $Self->{'API3X'} ) {
+        $Access = $Self->{TicketObject}->TicketPermission(
+            Type     => 'ro',
+            TicketID => $Param{TicketID},
+            UserID   => $Param{UserID}
+        );
+    }
+    else {
+        $Access = $Self->{TicketObject}->Permission(
+            Type     => 'ro',
+            TicketID => $Param{TicketID},
+            UserID   => $Param{UserID}
+        );
+    }
+    if ( !$Access ) {
+        $Self->{LogObject}->Log(
+            Priority => 'error',
+            Message  => "You need ro permissions!",
+        );
+        return;
+    }
+
     my %Color = (
         1 => '#cdcdcd',
@@ -2312,5 +2335,5 @@
     my %Result = $iPhoneObject->ArticleGet()
         ArticleID  => 1054,
-        UserID   => 1,
+        UserID     => 1,
     );
 
@@ -2336,5 +2359,5 @@
         FirstResponseTimeWorkingTime     => -86700,
         FirstResponseTime                => -165902,
-        From                             => "\"David Prowse\" <pd at sw.com>"]}
+        From                             => "\"David Prowse\" <pd at sw.com>",
         LockID                           => 2,
         Lock                             => "lock",
@@ -2380,5 +2403,28 @@
     my ( $Self, %Param ) = @_;
 
+    # permission check
     my %Article = $Self->{TicketObject}->ArticleGet(%Param);
+    my $Access;
+    if ( $Self->{'API3X'} ) {
+        $Access = $Self->{TicketObject}->TicketPermission(
+            Type     => 'ro',
+            TicketID => $Article{TicketID},
+            UserID   => $Param{UserID}
+        );
+    }
+    else {
+        $Access = $Self->{TicketObject}->Permission(
+            Type     => 'ro',
+            TicketID => $Article{TicketID},
+            UserID   => $Param{UserID}
+        );
+    }
+    if ( !$Access ) {
+        $Self->{LogObject}->Log(
+            Priority => 'error',
+            Message  => "You need ro permissions!",
+        );
+        return;
+    }
 
     if (%Article) {

More information about the cvs-log mailing list