X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FTicketSystem.pm;h=a683d12ae574d75c0d77dc4fbe8fbf5c037cd20b;hb=34e42c0d926bf569ceaf8da784c2569bc7f83cec;hp=96980e96b8978361d02b0c8c53c72fd3b399f51f;hpb=3da7f47cd4dcc0a702c9066ecad55568c749b4b8;p=freeside.git

diff --git a/FS/FS/TicketSystem.pm b/FS/FS/TicketSystem.pm
index 96980e96b..a683d12ae 100644
--- a/FS/FS/TicketSystem.pm
+++ b/FS/FS/TicketSystem.pm
@@ -61,7 +61,11 @@ sub _upgrade_schema {
             %{ $columns{$tablename}->{$colname} }
           };
         $col->table_obj($table);
-        push @sql, $col->sql_add_column($dbh);
+        my ($alter, $postalter) = $col->sql_add_column($dbh);
+        foreach (@$alter) {
+          push @sql, "ALTER TABLE $tablename $_;";
+        }
+        push @sql, @$postalter;
       }
     } #foreach $colname
   } #foreach $tablename
@@ -209,7 +213,7 @@ sub _upgrade_data {
   while (my $item = $search->Next) {
     my ($c, $a, $t) = map {lc $item->$_->Name} 
       ('ScripConditionObj', 'ScripActionObj', 'TemplateObj');
-    if ( exists $scrip{$c}{$a}{$t} and $item->Creator == 1 ) {
+    if ( exists $scrip{$c}{$a} and $item->Creator == 1 ) {
       warn "Deleting duplicate scrip $c $a [$t]\n";
       my ($val, $msg) = $item->Delete;
       warn "error deleting scrip: $msg\n" if !$val;
@@ -220,7 +224,7 @@ sub _upgrade_data {
       warn "error deleting scrip: $msg\n" if !$val;
     }
     else {
-      $scrip{$c}{$a}{$t} = $item->id;
+      $scrip{$c}{$a} = $item->id;
     }
   }
   my $Scrip = RT::Scrip->new($CurrentUser);
@@ -229,8 +233,8 @@ sub _upgrade_data {
     my ($c, $a, $t) = map lc,
       @{ $s }{'ScripCondition', 'ScripAction', 'Template'};
 
-    if ( exists($scrip{$c}{$a}{$t}) ) {
-      $Scrip->Load( $scrip{$c}{$a}{$t} );
+    if ( exists($scrip{$c}{$a}) ) {
+      $Scrip->Load( $scrip{$c}{$a} );
     } else { # need to create it
 
       if ( !exists($condition{$c}) ) {
@@ -331,16 +335,70 @@ sub _upgrade_data {
     }
   }
 
-  #Pg-specific 
-  my $cve_2013_3373_sql = q(
-    UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','')
-  );
-  #need this for mysql
-  #UPDATE Tickets SET Subject = REPLACE(Subject,'\n','');
+  my $cve_2013_3373_sql = '';
+  if ( driver_name =~ /^Pg/i ) {
+    $cve_2013_3373_sql = q(
+      UPDATE Tickets SET Subject = REPLACE(Subject,E'\n','')
+    );
+  } elsif ( driver_name =~ /^mysql/i ) {
+    $cve_2013_3373_sql = q(
+      UPDATE Tickets SET Subject = REPLACE(Subject,'\n','');
+    );
+  } else {
+    warn "WARNING: Don't know how to update RT Ticket Subjects for your database driver for CVE-2013-3373";
+  }
+  if ( $cve_2013_3373_sql ) {
+    my $cve_2013_3373_sth = $dbh->prepare($cve_2013_3373_sql)
+      or die $dbh->errstr;
+    $cve_2013_3373_sth->execute
+      or die $cve_2013_3373_sth->errstr;
+  }
+
+  # Remove dangling customer links, if any
+  my %target_pkey = ('cust_main' => 'custnum', 'cust_svc' => 'svcnum');
+  for my $table (keys %target_pkey) {
+    my $pkey = $target_pkey{$table};
+    my $rows = $dbh->do(
+      "DELETE FROM Links WHERE id IN(
+        SELECT id FROM (
+          SELECT Links.id FROM Links LEFT JOIN $table ON (Links.Target = 
+          'freeside://freeside/$table/' || $table.$pkey)
+          WHERE Links.Target like 'freeside://freeside/$table/%'
+          AND $table.$pkey IS NULL
+        ) AS x
+      )"
+    ) or die $dbh->errstr;
+    warn "Removed $rows dangling ticket-$table links\n" if $rows > 0;
+  }
+
+  # Fix ticket transactions on the Time* fields where the NewValue (or
+  # OldValue, though this is not known to happen) is an empty string
+  foreach (qw(newvalue oldvalue)) {
+    my $rows = $dbh->do(
+      "UPDATE Transactions SET $_ = '0' WHERE ObjectType='RT::Ticket' AND ".
+      "Field IN ('TimeWorked', 'TimeEstimated', 'TimeLeft') AND $_ = ''"
+    ) or die $dbh->errstr;
+    warn "Fixed $rows transactions with empty time values\n" if $rows > 0;
+  }
 
-  my $cve_2013_3373_sth = $dbh->prepare( $cve_2013_3373_sql)
-    or die $dbh->errstr;
-  $cve_2013_3373_sth->execute or die $cve_2013_3373_sth->errstr;
+  # One-time fix: We've created a "BulkUpdateTickets" access right; grant
+  # it to all auth'd users initially.
+  eval "use FS::upgrade_journal;";
+  my $upgrade = 'RT_add_BulkUpdateTickets_ACL';
+  if (!FS::upgrade_journal->is_done($upgrade)) {
+    my $groups = RT::Groups->new(RT->SystemUser);
+    $groups->LimitToEnabled;
+    $groups->LimitToSystemInternalGroups;
+    $groups->Limit(FIELD => 'Type', VALUE => 'Privileged', OPERATOR => '=');
+    my $group = $groups->First
+      or die "No RT internal group found for Privileged users";
+    my ($val, $msg) = $group->PrincipalObj->GrantRight(
+      Right => 'BulkUpdateTickets', Object => RT->System
+    );
+    die "Couldn't grant BulkUpdateTickets right to all users: $msg\n"
+      if !$val;
+    FS::upgrade_journal->set_done($upgrade);
+  }
 
   return;
 }