[Rt-devel] Help: How do I restrict user access by queue?

Matthew Sullivan matthew at sorbs.net
Tue Dec 12 23:10:14 EST 2006


Leo C. Ureel II wrote:
> Hello,
>
> How do I restrict user access by queue? I've some users who only have 
> been granted rights in certain queues. And this limits their 'RT at a 
> Glance' view, such that they only can browse tickets in their 
> particular queues. However, the '10 newest unowned tickets' section 
> still shows unowned tickets in other queues. In fact, it seems that 
> any ticket that is not owned or assigned to a particular queue is 
> potentially visible to these users. And if the user knows the number 
> of a ticket - or can compose a search query that returns a ticket in 
> another queue, they have the ability to view tickets that should 
> otherwise be restricted.
>
> I'm not afraid to dive under the hood if need be. I hope somebody has 
> a solution for me.

This what you're looking for...?

--- share/html/Elements/MyRequests.orig Wed Feb  2 00:20:40 2005
+++ share/html/Elements/MyRequests      Mon Sep 18 21:37:08 2006
@@ -58,8 +58,17 @@
 </&>
 <%init>
 my $rows = $RT::MyRequestsLength;
+my $Queues = RT::Queues->new($session{'CurrentUser'});
+$Queues->UnLimit();
+my $myQueues = "";
+while (my $queue = $Queues->Next) {
+       next unless ($queue->CurrentUserHasRight('ShowTicket'));
+       $myQueues .= " OR Queue = '" . $queue->Name . "'";
+}
+$myQueues =~ s/^ OR //g;
+
 
-my $Query = "Owner = 'Nobody' AND ( Status = 'new' OR Status = 'open')";
+my $Query = "Owner = 'Nobody' AND $myQueues AND ( Status = 'new' OR 
Status = 'open')";
 
 my $QueryString = '?' . $m->comp('/Elements/QueryString',
             Query => $Query,



More information about the Rt-devel mailing list