• NAME
• DESCRIPTION
• METHODS
  • rights_forbidden
  • resolve_principal HASHREF
  • serialize_ace ACE
  • available_rights_for

NAME

RT::REST2::Resource::Role::Rights - Shared logic for rights management endpoints

DESCRIPTION

Provides permission checks, principal resolution, and ACE serialization used by RT::REST2::Resource::Rights.

METHODS

rights_forbidden

Returns true if the current user lacks the admin right needed to manage rights on the resource object. Queue objects require AdminQueue, Catalog objects require AdminCatalog, etc. Global rights require SuperUser.

resolve_principal HASHREF

Resolves a User or Group from a grant/revoke request hash. Accepts:

    { Group => "name" }
    { Group => 42 }
    { Group => { id => 42 } }
    { User  => "name" }
    { User  => { id => 10 } }

Returns ($principal, $display_hashref) on success, or (undef, $error_message) on failure.

serialize_ace ACE

Serializes an RT::ACE object into a hash suitable for JSON output. The hash contains the right name and either a User or Group key with id, Name, and _url. Respects fields[User] and fields[Group] query parameters for sub-field expansion.

available_rights_for

Returns a hashref of available rights for the resource object, grouped by category (General, Staff, Admin).