[rt-users] Error with ACL?
Max Clark
max.clark at gmail.com
Fri Nov 30 13:26:58 EST 2007
Isn't this a bug? Or is it really intended for ModifyTicket to have
ReplyToTicket rights?
-Max
(Patch attached)
On Nov 30, 2007 5:41 AM, Todd Chapman <todd at chaka.net> wrote:
> Max,
>
> I just reviewed the relevant RT code:
>
> sub Correspond {
> my $self = shift;
> my %args = ( CcMessageTo => undef,
> BccMessageTo => undef,
> MIMEObj => undef,
> Content => undef,
> TimeTaken => 0,
> @_ );
>
> unless ( ( $self->CurrentUserHasRight('ReplyToTicket') )
> or ( $self->CurrentUserHasRight('ModifyTicket') ) ) {
> return ( 0, $self->loc("Permission Denied"), undef );
> }
>
>
> As you can see, ModifyTicket is all you need to reply to a ticket. I
> don't know why that is but you could change the code.
>
>
> On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> > Todd,
> >
> > Great tool - unfortunately the display show the rights that I expect
> > to see - no user or group has ReplyToTicket rights on this queue. What
> > else should I be looking at?
> >
> > Thanks,
> > Max
> >
> > On 11/29/07, Todd Chapman <todd at chaka.net> wrote:
> > > The extension RTx::RightsMatrix can help you understand how any
> > > individual has gained rights in RT. Plus, the author is a really cool
> > > guy. ;)
> > >
> > > http://search.cpan.org/~htchapman/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm
> > >
> > > On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> > > > Okay - I can live with the links still appearing, but I can reply
> > > > (correspond) on the ticket even without the ReplyToTicket permission.
> > > > That is a problem.
> > > >
> > > > On Nov 29, 2007 2:48 PM, Todd Chapman <todd at chaka.net> wrote:
> > > > > Permissions are not checked when rendering the links, only when the
> > > > > action is attempted.
> > > > >
> > > > >
> > > > > On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I want to assign permissions for a group to be able to manage tickets
> > > > > > in a queue and comment on them but not reply. I've assigned the group
> > > > > > the following rights on the queue:
> > > > > >
> > > > > > CommentOnTicket
> > > > > > CreateTicket
> > > > > > DeleteTicket
> > > > > > OwnTicket
> > > > > > SeeQueue
> > > > > > ShowOutgoingEmail
> > > > > > ShowTicket
> > > > > > ShowTicketComments
> > > > > > StealTicket
> > > > > > TakeTicket
> > > > > > Watch
> > > > > > WatchAsAdminCc
> > > > > >
> > > > > > (Note absense of "ReplyToTicket")
> > > > > >
> > > > > > However when I login as a user in this group and view a ticket I still
> > > > > > see options/links to and the ability to reply. What am I missing here?
> > > > > >
> > > > > > Thanks,
> > > > > > Max
> > > > > >
> > > > > > (I'm running version 3.6.5)
> > > > > > _______________________________________________
> > > > > > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> > > > > >
> > > > > > SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
> > > > > >
> > > > > > If you sign up for a new RT support contract before December 31, we'll take
> > > > > > up to 20 percent off the price. This sale won't last long, so get in touch today.
> > > > > > Email us at sales at bestpractical.com or call us at +1 617 812 0745.
> > > > > >
> > > > > >
> > > > > > Community help: http://wiki.bestpractical.com
> > > > > > Commercial support: sales at bestpractical.com
> > > > > >
> > > > > >
> > > > > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> > > > > > Buy a copy at http://rtbook.bestpractical.com
> > > > > >
> > > > >
> > > >
> > >
> >
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ticket_overlay.patch
Type: text/x-patch
Size: 449 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20071130/1061ca22/attachment.bin>
More information about the rt-users
mailing list