[rt-users] Error with ACL?

Todd Chapman todd at chaka.net
Fri Nov 30 15:17:33 EST 2007 

I doubt your patch would be accepted by Jesse. Chances are this isn't
a result of some mistake. I'm willing to be that in his view Comment
and Reply both modify the ticket so the ability to do those things is
implied by the ModifyTicket right. I would recommend doing an _Local
overlay to accomplish what you want.

Come to think of it, when a ticket is replied to there are other
fields in the ticket that are updated. Certain timestamp fields and
also TimeWorked I think. Those would all fail if you could reply to
the ticket but not modify it.

-Todd

On 11/30/07, Max Clark <max.clark at gmail.com> wrote:
> :) Fantastic! So I guess this means that I get to learn alot about the
> internals of RT as I prepare a large patch.
>
> On Nov 30, 2007 11:50 AM, Kenneth Crocker <KFCrocker at lbl.gov> wrote:
> > Max,
> >
> >
> >         Well, good news for you, ModifyTicket also inherits CommentOnTicket and
> > I think even DeleteTicket.
> >
> >
> > Kenn
> > LBNL
> >
> >
> > On 11/30/2007 11:14 AM, Max Clark wrote:
> > >> Why would it be considered a bug? Wouldn't the person making changes be
> > >> a person of interest? Wouldn't any person of interest want to know what
> > >> is going on about a ticket?
> > >
> > > What has that have to do with the rights to ReplyToTicket? I am not
> > > talking about Watcher, AdminCC, or CC privileges here. I am talking
> > > about the right for a user to reply to a ticket and send
> > > correspondence. To me ModifyTicket != ReplyToTicket just like it
> > > shouldn't mean CommentOnTicket or DeleteTicket and that's why I
> > > perceive this as a bug.
> > >
> > > My permissions requirements for this Queue are straightforward. I need
> > > to assign rights for a group to view, modify (reassign, move,
> > > associate, close), and comment on a ticket. This should be
> > > accomplished by setting CommentOnTicket, ModifyTicket, OwnTicket,
> > > SeeQueue, ShowTicket, ShowTicketComments, StealTicket, TakeTicket,
> > > Watch, and WatchAsAdminCc. What was discovered is that ModifyTicket
> > > inherits ReplyToTicket rights which should not happen.
> > >
> > > -Max
> > >
> >
> >
>

More information about the rt-users mailing list