[rt-users] [Rt-announce] RT 3.6.8 Released

Wed, 10 Jun 2009 16:00:40 -0700 

We are happy to announce that RT 3.6.8 is now available. You can
download it from:

http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz
http://download.bestpractical.com/pub/rt/release/rt-3.6.8.tar.gz.sig

SHA1 sums

c7b4fac30b5b91a1c7f64bc05ecf63f40aaec50d  rt-3.6.8.tar.gz
cb80cca50254127362a8ff8d9af71ff66881f300  rt-3.6.8.tar.gz.sig

This is a bugfix and security release of RT.

The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance.  In all versions since
3.6.2, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.

A patch that resolves this issue without requiring an upgrade
to 3.6.8 is attached to this announcement.

A more complete list of fixes can be found below.

-kevin

FIXES AND CLEANUPS
==================

* Updated italian translation from Nicola Murino
* validate CFs in SelfService
* Fix: On comment/correspond, attached files are not recorded if 
comment/response
  content is empty.
* add HasAttribute and HasNoAttribute to the tisql
* Allow only SuperUser to edit RT at a Glance
* copyright updates

--- share/html/Admin/Global/MyRT.html
+++ share/html/Admin/Global/MyRT.html
@@ -83,6 +83,8 @@
 
 my ($default_portlets) = $sys->Attributes->Named('HomepageSettings');
 
+my $has_right = $session{'CurrentUser'}->HasRight( Object=> $RT::System, Right 
=> 'SuperUser');
+
 my @panes = $m->comp(
     '/Admin/Elements/ConfigureMyRT',
     panes  => ['body', 'summary'],
@@ -91,8 +93,13 @@
     current_portlets => $default_portlets->Content,
     OnSave => sub {
         my ( $conf, $pane ) = @_;
-       $default_portlets->SetContent( $conf );
-        push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        if (!$has_right) {
+            push @actions, loc( 'Permission denied' );
+        }
+        else {
+            $default_portlets->SetContent( $conf );
+            push @actions, loc( 'Global portlet [_1] saved.', $pane );
+        }
     }
 );

Attachment: pgpJu2HV9cZ9U.pgp
Description: PGP signature

_______________________________________________
RT-Announce mailing list
rt-annou...@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce

_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sa...@bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com

Reply via email to