[rt-devel] quandry: secure parts of a ticket... should this be done with related tickets?
Colleen
colleen at darksideproductions.net
Mon Dec 16 21:16:20 EST 2002
> -----Original Message-----
> From: Phil Homewood [mailto:pdh at snapgear.com]
> Sent: Thursday, December 12, 2002 3:08 PM
>
> Colleen wrote:
> > 1) how do I limit who can see tickets in a certain queue? Currently
> > they all have global configuration of ACLs.
>
> Configure rights per queue instead of globally. :-)
ok, I tried this. It doesn't seem to work as expected.
I have 10 users and 5 queues (1 of which is "secure" and should only
allow the 3 users with privileges"), lets say. I took away all their
global rights except for "modify self".
I put in rights for all 10 users for the 4 ordinary queues and for the
secure queue, I only put permissions in for those 3 users. I logged out
and logged back in as an average user (no secure permissions) and I
tried to 'Create a Ticket' in the secure queue. I was allowed to do
this.
Isn't that odd? How can I fix this?
> > 2) Should I create a showSecureInfo and an EditSecureInfo module and
it
> > checks to see who the current viewer is to see whether they can view
the
> > module?
>
> Can you (ab)use Comments for this purpose? ie, give your Secure
> people "ShowComment" and not the other group?
I got this working.
Thanks!
Colleen
More information about the Rt-devel
mailing list