[rt-users] Error with ACL?

Kenneth Crocker KFCrocker at lbl.gov
Fri Nov 30 13:51:36 EST 2007 

Max,

	Why would it be considered a bug? Wouldn't the person making changes be 
a person of interest? Wouldn't any person of interest want to know what 
is going on about a ticket?


Kenn
LBNL

On 11/30/2007 10:26 AM, Max Clark wrote:
> Isn't this a bug? Or is it really intended for ModifyTicket to have
> ReplyToTicket rights?
> 
> -Max
> 
> (Patch attached)
> 
> 
> On Nov 30, 2007 5:41 AM, Todd Chapman <todd at chaka.net> wrote:
>> Max,
>>
>> I just reviewed the relevant RT code:
>>
>> sub Correspond {
>>     my $self = shift;
>>     my %args = ( CcMessageTo  => undef,
>>                  BccMessageTo => undef,
>>                  MIMEObj      => undef,
>>                  Content      => undef,
>>                  TimeTaken    => 0,
>>                  @_ );
>>
>>     unless (    ( $self->CurrentUserHasRight('ReplyToTicket') )
>>              or ( $self->CurrentUserHasRight('ModifyTicket') ) ) {
>>         return ( 0, $self->loc("Permission Denied"), undef );
>>     }
>>
>>
>> As you can see, ModifyTicket is all you need to reply to a ticket. I
>> don't know why that is but you could change the code.
>>
>>
>> On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
>>> Todd,
>>>
>>> Great tool - unfortunately the display show the rights that I expect
>>> to see - no user or group has ReplyToTicket rights on this queue. What
>>> else should I be looking at?
>>>
>>> Thanks,
>>> Max
>>>
>>> On 11/29/07, Todd Chapman <todd at chaka.net> wrote:
>>>> The extension RTx::RightsMatrix can help you understand how any
>>>> individual has gained rights in RT. Plus, the author is a really cool
>>>> guy. ;)
>>>>
>>>> http://search.cpan.org/~htchapman/RTx-RightsMatrix-0.03.00/lib/RTx/RightsMatrix.pm
>>>>
>>>> On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
>>>>> Okay - I can live with the links still appearing, but I can reply
>>>>> (correspond) on the ticket even without the ReplyToTicket permission.
>>>>> That is a problem.
>>>>>
>>>>> On Nov 29, 2007 2:48 PM, Todd Chapman <todd at chaka.net> wrote:
>>>>>> Permissions are not checked when rendering the links, only when the
>>>>>> action is attempted.
>>>>>>
>>>>>>
>>>>>> On 11/29/07, Max Clark <max.clark at gmail.com> wrote:
>>>>>>> Hello,
>>>>>>>
>>>>>>> I want to assign permissions for a group to be able to manage tickets
>>>>>>> in a queue and comment on them but not reply. I've assigned the group
>>>>>>> the following rights on the queue:
>>>>>>>
>>>>>>> CommentOnTicket
>>>>>>> CreateTicket
>>>>>>> DeleteTicket
>>>>>>> OwnTicket
>>>>>>> SeeQueue
>>>>>>> ShowOutgoingEmail
>>>>>>> ShowTicket
>>>>>>> ShowTicketComments
>>>>>>> StealTicket
>>>>>>> TakeTicket
>>>>>>> Watch
>>>>>>> WatchAsAdminCc
>>>>>>>
>>>>>>> (Note absense of "ReplyToTicket")
>>>>>>>
>>>>>>> However when I login as a user in this group and view a ticket I still
>>>>>>> see options/links to and the ability to reply. What am I missing here?
>>>>>>>
>>>>>>> Thanks,
>>>>>>> Max
>>>>>>>
>>>>>>> (I'm running version 3.6.5)
>>>>>>> _______________________________________________
>>>>>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>>>>>
>>>>>>> SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
>>>>>>>
>>>>>>> If you sign up for a new RT support contract before December 31, we'll take
>>>>>>> up to 20 percent off the price. This sale won't last long, so get in touch today.
>>>>>>>     Email us at sales at bestpractical.com or call us at +1 617 812 0745.
>>>>>>>
>>>>>>>
>>>>>>> Community help: http://wiki.bestpractical.com
>>>>>>> Commercial support: sales at bestpractical.com
>>>>>>>
>>>>>>>
>>>>>>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>>>>>>> Buy a copy at http://rtbook.bestpractical.com
>>>>>>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> SAVE THOUSANDS OF DOLLARS ON RT SUPPORT:
>>
>> If you sign up for a new RT support contract before December 31, we'll take
>> up to 20 percent off the price. This sale won't last long, so get in touch today. 
>>     Email us at sales at bestpractical.com or call us at +1 617 812 0745.
>>
>>
>> Community help: http://wiki.bestpractical.com
>> Commercial support: sales at bestpractical.com
>>
>>
>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
>> Buy a copy at http://rtbook.bestpractical.com

More information about the rt-users mailing list