[rt-users] Error with ACL?
Todd Chapman
todd at chaka.net
Fri Nov 30 08:41:36 EST 2007
Max,
I just reviewed the relevant RT code:
sub Correspond {
my $self = shift;
my %args = ( CcMessageTo => undef,
BccMessageTo => undef,
MIMEObj => undef,
Content => undef,
TimeTaken => 0,
@_ );
unless ( ( $self->CurrentUserHasRight('ReplyToTicket') )
or ( $self->CurrentUserHasRight('ModifyTicket') ) ) {
return ( 0, $self->loc("Permission Denied"), undef );
}
As you can see, ModifyTicket is all you need to reply to a ticket. I
don't know why that is but you could change the code.
On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> Todd,
>
> Great tool - unfortunately the display show the rights that I expect
> to see - no user or group has ReplyToTicket rights on this queue. What
> else should I be looking at?
>
> Thanks,
> Max
>
> On 11/29/07, Todd Chapman <todd at chaka.net> wrote:
> > The extension RTx::RightsMatrix can help you understand how any
> > individual has gained rights in RT. Plus, the author is a really cool
> > guy. ;)
> >
> > http://search.cpan.org/~htchapman/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm
> >
> > On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> > > Okay - I can live with the links still appearing, but I can reply
> > > (correspond) on the ticket even without the ReplyToTicket permission.
> > > That is a problem.
> > >
> > > On Nov 29, 2007 2:48 PM, Todd Chapman <todd at chaka.net> wrote:
> > > > Permissions are not checked when rendering the links, only when the
> > > > action is attempted.
> > > >
> > > >
> > > > On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> > > > > Hello,
> > > > >
> > > > > I want to assign permissions for a group to be able to manage tickets
> > > > > in a queue and comment on them but not reply. I've assigned the group
> > > > > the following rights on the queue:
> > > > >
> > > > > CommentOnTicket
> > > > > CreateTicket
> > > > > DeleteTicket
> > > > > OwnTicket
> > > > > SeeQueue
> > > > > ShowOutgoingEmail
> > > > > ShowTicket
> > > > > ShowTicketComments
> > > > > StealTicket
> > > > > TakeTicket
> > > > > Watch
> > > > > WatchAsAdminCc
> > > > >
> > > > > (Note absense of "ReplyToTicket")
> > > > >
> > > > > However when I login as a user in this group and view a ticket I still
> > > > > see options/links to and the ability to reply. What am I missing here?
> > > > >
> > > > > Thanks,
> > > > > Max
> > > > >
> > > > > (I'm running version 3.6.5)
> > > > > _______________________________________________
> > > > > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> > > > >
> > > > > SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
> > > > >
> > > > > If you sign up for a new RT support contract before December 31, we'll take
> > > > > up to 20 percent off the price. This sale won't last long, so get in touch today.
> > > > > Email us at sales at bestpractical.com or call us at +1 617 812 0745.
> > > > >
> > > > >
> > > > > Community help: http://wiki.bestpractical.com
> > > > > Commercial support: sales at bestpractical.com
> > > > >
> > > > >
> > > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> > > > > Buy a copy at http://rtbook.bestpractical.com
> > > > >
> > > >
> > >
> >
>
More information about the rt-users
mailing list