Merge branch '5.0.5-releng' into 5.0-trunk

Author: sunnavy

docs/web_deployment.pod

@@ -154,6 +154,31 @@ RT to access the Authorization header.
 
 More information is available in L<RT::Authen::Token>.
 
+=head3 Restricting the REST 1.0 mail-gateway
+
+RT processes email via a REST 1.0 endpoint. If you accept email on the same
+server as your running RT, you can restrict this endpoint to localhost only
+with a configuration like the following:
+
+    # Accept requests only from localhost
+    <Location /REST/1.0/NoAuth/mail-gateway>
+        Require local
+    </Location>
+
+If you run C<bin/rt-mailgate> on a separate server, you can update
+the above to allow additional IP addresses.
+
+    <Location /REST/1.0/NoAuth/mail-gateway>
+        Require ip 127.0.0.1 ::1 192.0.2.0  # Add your actual IPs
+    </Location>
+
+See the L<Apache documentation|https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>
+for additional configuration options.
+
+After adding this configuration, test receiving email and confirm
+your C<bin/rt-mailgate> utility and C</etc/aliases> configurations
+can successfully submit email to RT.
+
 =head2 nginx
 
 C<nginx> requires that you start RT's fastcgi process externally, for

lib/RT/Articles.pm

@@ -975,6 +975,11 @@ sub SimpleSearch {
     return $self;
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowArticle', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Assets.pm

@@ -1932,6 +1932,11 @@ sub _ProcessRestrictions {
 
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowAsset', Object => RT->System ) ? 1 : 0;
+}
+
 1;
 
 RT::Base->_ImportOverlays();

lib/RT/Attachment.pm

@@ -1092,6 +1092,17 @@ sub _CacheConfig {
 }
 
 
+=head2 CurrentUserCanSee
+
+Returns true if the current user can see the attachment, via corresponding
+transaction's rights check.
+
+=cut
+
+sub CurrentUserCanSee {
+    my $self = shift;
+    return $self->TransactionObj->CurrentUserCanSee;
+}
 
 
 =head2 id

lib/RT/Catalog.pm

@@ -297,6 +297,28 @@ sub CurrentUserCanSee {
         || $self->CurrentUserHasRight('AdminCatalog');
 }
 
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new catalog, using I<AdminCatalog>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCatalog');
+}
+
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the catalog, using I<AdminCatalog>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCatalog');
+}
+
 =head2 Owner
 
 Returns an L<RT::User> object for this catalog's I<Owner> role group.  On error,

lib/RT/Catalogs.pm

@@ -114,6 +114,11 @@ sub _Init {
 
 sub Table { "Catalogs" }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowCatalog', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Class.pm

@@ -507,6 +507,39 @@ sub IncludeArticleCFValue {
     return $self->{'_cf_include_hash'}{"Value-".$cfobj->Id};
 }
 
+=head2 CurrentUserCanSee
+
+Returns true if the current user can see the class, using I<SeeClass>.
+
+=cut
+
+sub CurrentUserCanSee {
+    my $self = shift;
+    return $self->CurrentUserHasRight('SeeClass');
+}
+
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new class, using I<AdminClass>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the class, using I<AdminClass>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
 =head2 id
 
 Returns the current value of id. 

lib/RT/Classes.pm

@@ -81,6 +81,11 @@ sub AddRecord {
 
 sub _SingularClass { "RT::Class" }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'SeeClass', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/CustomField.pm

@@ -2072,6 +2072,28 @@ sub CurrentUserCanSee {
     return 0;
 }
 
+=head2 CurrentUserCanCreate
+
+If the user has I<AdminCustomField> they can create a new custom field.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCustomField');
+}
+
+=head2 CurrentUserCanModify
+
+If the user has I<AdminCustomField> they can modify the custom field.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCustomField');
+}
+
 =head2 IncludeContentForValue [VALUE] (and SetIncludeContentForValue)
 
 Gets or sets the  C<IncludeContentForValue> for this custom field. RT

lib/RT/CustomFields.pm

@@ -475,6 +475,11 @@ sub LimitToCatalog  {
     }
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'SeeCustomField', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;