I think hacking the autohandler might not be the kosher way to accomplish what you want. Even though you are authenticating against LDAP, RT is "caching" some of the user's attributes to form a unique identity for each user which is used to manage rights. One of the "rights" or flags associated with the user in the database is whether or not they are privileged. I also think that there is a setting you can put in RT_SiteConfig.pm that forces autocreated accounts to be privileged, which would accomplish in the end what your hacked autohandler is doing, but instead of the "privileged bit" being dynamically granted in a silent, ninja-assassin like way, the right would be explicit in the database, and you could turn it off for individual users... <br>
<br>-Rob<br><br><br><div class="gmail_quote">On Tue, Nov 24, 2009 at 9:13 AM, <span dir="ltr"><<a href="mailto:n.chrysandreas@albourne.com">n.chrysandreas@albourne.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi everyone,<br>
<br>
>>That is called the SelfService interface, which is where Unprivileged<br>
>>users are directed when logging in to RT. You may want to read in the<br>
>>wiki about the types of users<br>
>><a href="http://wiki.bestpractical.com/view/SelfService" target="_blank">http://wiki.bestpractical.com/view/SelfService</a><br>
><br>
>Thanks! Didn't know about the SelfService interface.<br>
>But this means that we are not able to grant unprivileged users any other rights that we would like (example : CreateOwnDashboard, >CreateSavedSearch,CreateTicket,EditSavedSearches,ReplyToTicket,SeeOwnDashboard,ShowSavedSearches etc)<br>
><br>
>So if I got this right privileged users have the normal interface and the unprivileged users get the SelfService interface.However, >whatever right I give to 'Unprivileged' group the SelfService interface will not change.<br>
<br>
In order to get all users to see the normal RT interface I commented out the a few lines in /opt/rt3/share/html/autohandler<br>
and "replaced" them with one :<br>
#unless ( $session{'CurrentUser'}->Privileged ) {<br>
<br>
# if the user is trying to access a ticket, redirect them<br>
# if ( $m->request_comp->path =~ '^(/+)Ticket/Display.html'<br>
# && $ARGS{'id'} )<br>
# {<br>
# RT::Interface::Web::Redirect( RT->Config->Get('WebURL') ."SelfService/Display.html?id=".$ARGS{'id'});<br>
# }<br>
#<br>
# otherwise, drop the user at the SelfService default page<br>
# elsif ( $m->base_comp->path !~ RT->Config->Get('SelfServiceRegex') ) {<br>
# RT::Interface::Web::Redirect( RT->Config->Get('WebURL') ."SelfService/" );<br>
# }<br>
# if user is in SelfService dir let him do anything<br>
# else {<br>
# $m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);<br>
# }<br>
#}<br>
#else {<br>
# $m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);<br>
#}<br>
<br>
$m->comp( { base_comp => $m->request_comp }, $m->fetch_next, %ARGS);<br>
<br>
<br>
Now any rights I grant to the Everyone and Unprivileged groups correspond correctly on the users interface.<br>
Is there anything else I need to watch out for concerning this changed I made or should it work fine like this (it is at the moment and I haven't noticed any strange functionality within RT).<br>
<br>
Thanks<br>
Nik<br>
<br>
_______________________________________________<br>
List info: <a href="http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel" target="_blank">http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel</a><br>
</blockquote></div><br>