Merge branch 'security/5.0.5-releng' into 5.0.5-releng

docs/web_deployment.pod

@@ -154,6 +154,31 @@ RT to access the Authorization header.
 
 More information is available in L<RT::Authen::Token>.
 
+=head3 Restricting the REST 1.0 mail-gateway
+
+RT processes email via a REST 1.0 endpoint. If you accept email on the same
+server as your running RT, you can restrict this endpoint to localhost only
+with a configuration like the following:
+
+    # Accept requests only from localhost
+    <Location /REST/1.0/NoAuth/mail-gateway>
+        Require local
+    </Location>
+
+If you run C<bin/rt-mailgate> on a separate server, you can update
+the above to allow additional IP addresses.
+
+    <Location /REST/1.0/NoAuth/mail-gateway>
+        Require ip 127.0.0.1 ::1 192.0.2.0  # Add your actual IPs
+    </Location>
+
+See the L<Apache documentation|https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html>
+for additional configuration options.
+
+After adding this configuration, test receiving email and confirm
+your C<bin/rt-mailgate> utility and C</etc/aliases> configurations
+can successfully submit email to RT.
+
 =head2 nginx
 
 C<nginx> requires that you start RT's fastcgi process externally, for

lib/RT/Articles.pm

@@ -975,6 +975,11 @@ sub SimpleSearch {
     return $self;
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowArticle', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Assets.pm

@@ -1932,6 +1932,11 @@ sub _ProcessRestrictions {
 
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowAsset', Object => RT->System ) ? 1 : 0;
+}
+
 1;
 
 RT::Base->_ImportOverlays();

lib/RT/Attachment.pm

@@ -1092,6 +1092,17 @@ sub _CacheConfig {
 }
 
 
+=head2 CurrentUserCanSee
+
+Returns true if the current user can see the attachment, via corresponding
+transaction's rights check.
+
+=cut
+
+sub CurrentUserCanSee {
+    my $self = shift;
+    return $self->TransactionObj->CurrentUserCanSee;
+}
 
 
 =head2 id

lib/RT/Catalog.pm

@@ -297,6 +297,28 @@ sub CurrentUserCanSee {
         || $self->CurrentUserHasRight('AdminCatalog');
 }
 
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new catalog, using I<AdminCatalog>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCatalog');
+}
+
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the catalog, using I<AdminCatalog>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCatalog');
+}
+
 =head2 Owner
 
 Returns an L<RT::User> object for this catalog's I<Owner> role group.  On error,

lib/RT/Catalogs.pm

@@ -114,6 +114,11 @@ sub _Init {
 
 sub Table { "Catalogs" }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'ShowCatalog', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Class.pm

@@ -507,6 +507,39 @@ sub IncludeArticleCFValue {
     return $self->{'_cf_include_hash'}{"Value-".$cfobj->Id};
 }
 
+=head2 CurrentUserCanSee
+
+Returns true if the current user can see the class, using I<SeeClass>.
+
+=cut
+
+sub CurrentUserCanSee {
+    my $self = shift;
+    return $self->CurrentUserHasRight('SeeClass');
+}
+
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new class, using I<AdminClass>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the class, using I<AdminClass>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
 =head2 id
 
 Returns the current value of id. 

lib/RT/Classes.pm

@@ -81,6 +81,11 @@ sub AddRecord {
 
 sub _SingularClass { "RT::Class" }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'SeeClass', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/CustomField.pm

@@ -2072,6 +2072,28 @@ sub CurrentUserCanSee {
     return 0;
 }
 
+=head2 CurrentUserCanCreate
+
+If the user has I<AdminCustomField> they can create a new custom field.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCustomField');
+}
+
+=head2 CurrentUserCanModify
+
+If the user has I<AdminCustomField> they can modify the custom field.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminCustomField');
+}
+
 =head2 IncludeContentForValue [VALUE] (and SetIncludeContentForValue)
 
 Gets or sets the  C<IncludeContentForValue> for this custom field. RT

lib/RT/CustomFields.pm

@@ -475,6 +475,11 @@ sub LimitToCatalog  {
     }
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'SeeCustomField', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/CustomRole.pm

@@ -544,6 +544,28 @@ sub GroupType {
     return 'RT::CustomRole-' . $self->id;
 }
 
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new custom role, using I<AdminCustomRoles>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the custom role, using I<AdminCustomRoles>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminClass');
+}
+
 =head2 id
 
 Returns the current value of id.

lib/RT/CustomRoles.pm

@@ -213,6 +213,12 @@ sub LimitToAdded {
     return RT::ObjectCustomRoles->new( $self->CurrentUser )->LimitTargetToAdded( $self => @_ );
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    # Not typo, user needs SeeQueue to see CustomRoles
+    return $self->CurrentUser->HasRight( Right => 'SeeQueue', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Group.pm

@@ -1311,17 +1311,43 @@ sub _Set {
 
 =head2 CurrentUserCanSee
 
-Always returns 1; unfortunately, for historical reasons, users have
-always been able to examine groups they have indirect access to, even if
-they do not have SeeGroup explicitly.
+Unfortunately, for historical reasons, users have always been able to
+examine groups they have indirect access to, even if they do not have
+SeeGroup explicitly.
+
+We do require "SeeGroup" to see transactions of current group.
 
 =cut
 
 sub CurrentUserCanSee {
     my $self = shift;
-    return 1;
+    my ($what, $txn) = @_;
+
+    return 1 if ( $what // '' ) ne 'Transaction';
+    return $self->CurrentUserHasRight('SeeGroup');
+}
+
+=head2 CurrentUserCanCreate
+
+Returns true if the current user can create a new group, using I<AdminGroup>.
+
+=cut
+
+sub CurrentUserCanCreate {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminGroup');
 }
 
+=head2 CurrentUserCanModify
+
+Returns true if the current user can modify the group, using I<AdminGroup>.
+
+=cut
+
+sub CurrentUserCanModify {
+    my $self = shift;
+    return $self->CurrentUserHasRight('AdminGroup');
+}
 
 =head2 PrincipalObj
 

lib/RT/Groups.pm

@@ -537,6 +537,11 @@ sub SimpleSearch {
     return $self;
 }
 
+sub CurrentUserCanSeeAll {
+    my $self = shift;
+    return $self->CurrentUser->HasRight( Right => 'SeeGroup', Object => RT->System ) ? 1 : 0;
+}
+
 RT::Base->_ImportOverlays();
 
 1;

lib/RT/Interface/Email.pm

@@ -161,6 +161,10 @@ sub Gateway {
         );
     }
 
+    # Clean up sensitive headers. Crypt related headers are cleaned up in RT::Interface::Email::Crypt::VerifyDecrypt
+    my @headers = qw( RT-Attach RT-Send-Cc RT-Send-Bcc RT-Message-ID RT-DetectedAutoGenerated RT-Squelch-Replies-To );
+    $Message->head->delete($_) for @headers;
+
     #Set up a queue object
     my $SystemQueueObj = RT::Queue->new( RT->SystemUser );
     $SystemQueueObj->Load( $args{'queue'} );

lib/RT/Interface/Email/Crypt.pm

@@ -73,13 +73,14 @@ sub VerifyDecrypt {
     );
 
     # we clean all possible headers
-    my @headers =
+    my @headers = (
         qw(
             X-RT-Incoming-Encryption
             X-RT-Incoming-Signature X-RT-Privacy
             X-RT-Sign X-RT-Encrypt
         ),
-        map "X-RT-$_-Status", RT::Crypt->Protocols;
+        map "X-RT-$_-Status", RT::Crypt->Protocols
+    );
     foreach my $p ( $args{'Message'}->parts_DFS ) {
         $p->head->delete($_) for @headers;
     }

lib/RT/Interface/Web.pm

@@ -5792,6 +5792,28 @@ sub ParseCalendarData {
     return undef;
 }
 
+sub PreprocessTransactionSearchQuery {
+    my %args = (
+        Query      => undef,
+        ObjectType => 'RT::Ticket',
+        @_
+    );
+
+    my @limits;
+    if ( $args{ObjectType} eq 'RT::Ticket' ) {
+        @limits = (
+            q{TicketType = 'ticket'},
+            qq{ObjectType = '$args{ObjectType}'},
+            $args{Query} =~ /^\s*\(.*\)$/ ? $args{Query} : "($args{Query})"
+        );
+    }
+    else {
+        # Other ObjectTypes are not supported for now
+        @limits = 'id = 0';
+    }
+    return join ' AND ', @limits;
+}
+
 package RT::Interface::Web;
 RT::Base->_ImportOverlays();
 

lib/RT/ObjectCustomFieldValue.pm

@@ -823,6 +823,7 @@ object, otherwise false.
 
 sub CurrentUserCanSee {
     my $self = shift;
+    return undef unless $self->Id;
     return $self->CustomFieldObj->CurrentUserHasRight('SeeCustomField');
 }