[rt-users] KILL permission question
Tobias Brox
tobiasb at tobiasb.funcom.com
Fri May 12 07:15:19 EDT 2000
> I am surprised to see that someone with manipulate right can KILL a
> Ticket ???
I've configured it here so that "kill" only marks the request status as
"dead". Then it should be a fairly harmless operation. Only those with
SQL access to the DB can actually KILL a request.
My sub kill (lib/rt/database/amanipulate.pm) looks like this:
sub kill {
my ($in_serial_num, $in_current_user) = @_;
my ($transaction_count, $transaction_num);
if (!(&can_manipulate_request($in_serial_num,$in_current_user))) {
return (0,"You don't have permission to modify request \#$in_serial_num")
;
}
($transaction_count)=&transaction_history_in($in_serial_num,$in_current_user);
$transaction_num=&update_request($in_serial_num,'status','dead',$in_current_
user);
return ($transaction_num,"Request #$in_serial_num has been killed.");
}
Eventually you can give only admin kill rights by changing the
"can_manipulate_request" to "can_admin_queue"
--
tobix at fsck.com
More information about the rt-users
mailing list