Commit 08b7989f authored by Thomas Sibley's avatar Thomas Sibley
Browse files

Check ACLs on the receiving end when modifying a Template's Queue

Users with ModifyTemplate in Queue A must also have ModifyTemplate in the
receiving queue when moving a template from one queue to another.  When
making a template global, the actor must have ModifyTemplate globally.

This stricter ACL checking prevents queue admins from moving arbitrary
templates into other queues in which they have no permissions.

Partially resolves CVE-2011-2084.  Ticket #50901.
parent 58ac3d2e
......@@ -96,10 +96,34 @@ sub _Accessible {
sub _Set {
my $self = shift;
my %args = (
Field => undef,
Value => undef,
@_,
);
unless ( $self->CurrentUserHasQueueRight('ModifyTemplate') ) {
return ( 0, $self->loc('Permission Denied') );
}
if (exists $args{Value}) {
if ($args{Field} eq 'Queue') {
if ($args{Value}) {
# moving to another queue
my $queue = RT::Queue->new( $self->CurrentUser );
$queue->Load($args{Value});
unless ($queue->Id and $queue->CurrentUserHasRight('ModifyTemplate')) {
return ( 0, $self->loc('Permission Denied') );
}
} else {
# moving to global
unless ($self->CurrentUser->HasRight( Object => RT->System, Right => 'ModifyTemplate' )) {
return ( 0, $self->loc('Permission Denied') );
}
}
}
}
return $self->SUPER::_Set( @_ );
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment