-
Alex Vandiver authored
The previous implementation didn't depend in any way on what object the right was granted on, merely the membership of the group, and what groups that group was in. The correct implementation examines the ObjectType and ObjectId parameters of the ACL table. Specifically, it returns groups which are the target of ACLs, which were granted by a group, which the current user is a member of. That is, groups which the current user has a particular right on, as the name of the method implies. t/api/group-rights.t has been refactored to be more concise, and cover all possibilities of where the ACL can be granted, and to what. ForWhichCurrentUserHasRight now agrees with CurrentUserHasRight for all cases.
9b4f9541