RT 3.8.16 Documentation

RT::Group Overlay

Go to latest version →

NAME

  RT::Group - RT\'s group object

SYNOPSIS

use RT::Group; my $group = new RT::Group($CurrentUser);

DESCRIPTION

An RT group object.

METHODS

AddRights RIGHT, DESCRIPTION [, ...]

Adds the given rights to the list of possible rights. This method should be called during server startup, not at runtime.

AvailableRights

Returns a hash of available rights for this object. The keys are the right names and the values are a description of what the rights do

SelfDescription

Returns a user-readable description of what this group is for and what it's named.

Load ID

Load a group object from the database. Takes a single argument. If the argument is numerical, load by the column 'id'. Otherwise, complain and return.

LoadUserDefinedGroup NAME

Loads a system group from the database. The only argument is the group's name.

LoadACLEquivalenceGroup PRINCIPAL

Loads a user's acl equivalence group. Takes a principal object or its ID. ACL equivalnce groups are used to simplify the acl system. Each user has one group that only he is a member of. Rights granted to the user are actually granted to that group. This greatly simplifies ACL checks. While this results in a somewhat more complex setup when creating users and granting ACLs, it _greatly_ simplifies acl checks.

LoadPersonalGroup {Name => NAME, User => USERID}

Loads a personal group from the database.

LoadSystemInternalGroup NAME

Loads a Pseudo group from the database. The only argument is the group's name.

LoadTicketRoleGroup { Ticket => TICKET_ID, Type => TYPE }

Loads a ticket group from the database.

Takes a param hash with 2 parameters:

    Ticket is the TicketId we're curious about
    Type is the type of Group we're trying to load: 
        Requestor, Cc, AdminCc, Owner

LoadQueueRoleGroup { Queue => Queue_ID, Type => TYPE }

Loads a Queue group from the database.

Takes a param hash with 2 parameters:

    Queue is the QueueId we're curious about
    Type is the type of Group we're trying to load: 
        Requestor, Cc, AdminCc, Owner

LoadSystemRoleGroup Type

Loads a System group from the database.

Takes a single param: Type

    Type is the type of Group we're trying to load: 
        Requestor, Cc, AdminCc, Owner

Create

You need to specify what sort of group you're creating by calling one of the other Create_____ routines.

_Create

Takes a paramhash with named arguments: Name, Description.

Returns a tuple of (Id, Message). If id is 0, the create failed

CreateUserDefinedGroup { Name => "name", Description => "Description"}

A helper subroutine which creates a system group

Returns a tuple of (Id, Message). If id is 0, the create failed

_CreateACLEquivalenceGroup { Principal }

A helper subroutine which creates a group containing only an individual user. This gets used by the ACL system to check rights. Yes, it denormalizes the data, but that's ok, as we totally win on performance.

Returns a tuple of (Id, Message). If id is 0, the create failed

CreatePersonalGroup { PrincipalId => PRINCIPAL_ID, Name => "name", Description => "Description"}

A helper subroutine which creates a personal group. Generally, personal groups are used for ACL delegation and adding to ticket roles PrincipalId defaults to the current user's principal id.

Returns a tuple of (Id, Message). If id is 0, the create failed

CreateRoleGroup { Domain => DOMAIN, Type => TYPE, Instance => ID }

A helper subroutine which creates a ticket group. (What RT 2.0 called Ticket watchers) Type is one of ( "Requestor" || "Cc" || "AdminCc" || "Owner") Domain is one of (RT::Ticket-Role || RT::Queue-Role || RT::System-Role) Instance is the id of the ticket or queue in question

This routine expects to be called from {Ticket||Queue}->CreateTicketGroups _inside of a transaction_

Returns a tuple of (Id, Message). If id is 0, the create failed

Delete

Delete this object

SetDisabled BOOL

If passed a positive value, this group will be disabled. No rights it commutes or grants will be honored. It will not appear in most group listings.

This routine finds all the cached group members that are members of this group (recursively) and disables them.

DeepMembersObj

Returns an RT::CachedGroupMembers object of this group's members, including all members of subgroups.

MembersObj

Returns an RT::GroupMembers object of this group's direct members.

GroupMembersObj [Recursively => 1]

Returns an RT::Groups object of this group's members. By default returns groups including all subgroups, but could be changed with Recursively named argument.

Note that groups are not filtered by type and result may contain as well system groups, personal and other.

UserMembersObj

Returns an RT::Users object of this group's members, by default returns users including all members of subgroups, but could be changed with Recursively named argument.

MemberEmailAddresses

Returns an array of the email addresses of all of this group's members

MemberEmailAddressesAsString

Returns a comma delimited string of the email addresses of all users who are members of this group.

AddMember PRINCIPAL_ID

AddMember adds a principal to this group. It takes a single principal id. Returns a two value array. the first value is true on successful addition or 0 on failure. The second value is a textual status msg.

HasMember RT::Principal|id

Takes an RT::Principal object or its id returns a GroupMember Id if that user is a member of this group. Returns undef if the user isn't a member of the group or if the current user doesn't have permission to find out. Arguably, it should differentiate between ACL failure and non membership.

HasMemberRecursively RT::Principal|id

Takes an RT::Principal object or its id and returns true if that user is a member of this group. Returns undef if the user isn't a member of the group or if the current user doesn't have permission to find out. Arguably, it should differentiate between ACL failure and non membership.

DeleteMember PRINCIPAL_ID

Takes the principal id of a current user or group. If the current user has apropriate rights, removes that GroupMember from this group. Returns a two value array. the first value is true on successful addition or 0 on failure. The second value is a textual status msg.

CleanupInvalidDelegations { InsideTransaction => undef }

Revokes all ACE entries delegated by members of this group which are inconsistent with their current delegation rights. Does not perform permission checks. Should only ever be called from inside the RT library.

If called from inside a transaction, specify a true value for the InsideTransaction parameter.

Returns a true value if the deletion succeeded; returns a false value and logs an internal error if the deletion fails (should not happen).

CurrentUserHasRight RIGHTNAME

Returns true if the current user has the specified right for this group.

    TODO: we don't deal with membership visibility yet

CurrentUserCanSee

Always returns 1; unfortunately, for historical reasons, users have always been able to examine groups they have indirect access to, even if they do not have SeeGroup explicitly.

PrincipalObj

Returns the principal object for this user. returns an empty RT::Principal if there's no principal object matching this user. The response is cached. PrincipalObj should never ever change.

PrincipalId

Returns this user's PrincipalId

AUTHOR

Jesse Vincent, jesse@bestpractical.com

SEE ALSO

RT

← Back to index

Security contact information
© 2002-2025 Best Practical Solutions LLC.