10.3. Access Control

When adding new functionality to RT, you may need to implement access controls. RT has an access control system that you can use in your extensions. You also can add new rights to the system if necessary.

To check that a user has a specific right, simply call HasRight( ) on that user object. This method is usually called with two arguments, Right and Object. Right is simply the name of the right to be checked, such as SuperUser or ModifyTicket. Object is the object the user is trying to access. The method will return a boolean indicating whether the user has the given right.

For example, if we have a queue and want to see if the user can see that queue, we call:

     $user->HasRight( Right => 'SeeQueue', Object => $queue ); 

Many classes define a convenience method called CurrentUserHasRight( ), which simply takes a single unnamed argument, the name of the right. So if we want to know if the current user has the "SeeQueue" right, we call:

     $queue->CurrentUserHasRight('SeeQueue'); 

Some classes define other rights-related convenience methods. See the POD documentation for individual classes for more details.

10.3.1. Adding a new right

Currently, rights are defined simply as a global hash reference in RT::Group_Overlay, RT::Queue_Overlay, and RT::CustomField_Overlay. To add a new right, you can use this boilerplate in the appropriate *_Local.pm module:

     $RIGHTS = {         SeeDeadPeople => "members of this group are allowed to see dead people",         %$RIGHTS,     }; 

Since the local overlay is always loaded last, it is safe to assume that $RIGHTS was populated already by the RT core code.