[Rt-devel] RT::Ticket::SetOwner() permissions model?

Stephen Turner sturner at MIT.EDU
Mon Apr 10 15:45:44 EDT 2006


At Monday 4/10/2006 03:00 PM, Jim Meyer wrote:
>Hello!
>
>While looking at that last bit, I re-read the logic in
>RT::Ticket::SetOwner() and was a bit confused, so I sought
>understanding. Originally, I had a really long email here, but it
>seemed to benefit from some wiki formatting, so I put it there
>instead:
>
>   http://wiki.bestpractical.com/?TicketOwnershipPermissions
>
>The gist is: we should refactor the conditionals at the top of
>SetOwner() to be more clear and directly correspond to the various
>ownership rights in the ACL and I have a suggestion how, complete with
>code.

Hi Jim,

What version of RT is this based on? I'm not seeing a GiveTicket 
right anywhere in 3.4.2. Also in my version, this code is in 
Ticket_Overlay - I'm assuming you're on a later version?

The logic you suggest looks cleaner, but it doesn't take the type of 
action ($Type) into consideration. This has always thrown me a 
little, because the ability to do a particular action is not entirely 
dependent on the ACLs.

Steve



More information about the Rt-devel mailing list