[rt-users] Allowing Requestors to View Tickets in the UI

[mcr at simtone.net]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


So, what I did was a bit of a hack, but I like it.

My users/customers already have accounts in a portal.  If they submit a
trouble ticket (by any path, we have a web form that generates an email
to RT as well), they can view their tickets via our portal.

If you don't have that relationship with your customers, then this won't
work for you.  Note that I do *not* validate my customers against LDAP
or AD or anything like that, our SIMtone USP has an entirely different
interface, and I validate them against that already.  I could write a
module to have RT validate against that, but that would cause the users
to have to perform a seperate login to RT, and I'm showing the RT
interface in an IFRAME.

I did this by using ProxyPass on my portal, and in my backend (which is
rails), I am stuffing a session cookie into RT's session DB (using just
enough of RT.pm), and also stuffing the cookie into the client's
browser.  That means that they appear to RT that they are already logged
in.

I realized that since the cookie values in both rails and RT are
arbitrary values, that actually I can probably get away with having only
a single cookie.

(My DB, RT, rails application server(s), and Apache load balancer are
all seperate VMs, btw)

I would be happy to share this code. Ah, it's only 20 lines, here ya go:

#!/usr/bin/perl

package RT;
use lib ( "/usr/local/share/request-tracker3.6/lib", "/usr/share/request-tracker3.6/lib" );

use RT;
use RT::I18N;
use RT::CurrentUser;
use RT::System;
use Data::Dumper;


my $email = $ARGV[0];

LoadConfig();

#Get a database connection
Init();

my $hostname = "example.com";
my $hostport = 80;
my $cookiename = "RT_SID_".$hostname.".".$hostport;

my $session_class = 'Apache::Session::MySQL';
use Apache::Session::MySQL;
my %session;

# morning bug avoidance attempt -- pdh 20030815
unless ($RT::Handle->dbh && $RT::Handle->dbh->ping) {
	$RT::Handle->Connect();
}

eval {
        tie %session, $session_class,
          undef,
          {
            Handle     => $RT::Handle->dbh,
            LockHandle => $RT::Handle->dbh,
          };
    };

my $user = RT::CurrentUser->new;
$user->LoadByName($email);
if (!$user->Id) {
    my $RootUser = RT::User->new(RT::CurrentUser->new('root'));
    my ($val, $msg) = $RootUser->Create("EmailAddress" => $email,
					 "Name" => $email);
    die $msg if($val == 0);

    $user->Load($val);
} 
$session{'CurrentUser'}=$user;

print $session{_session_id}."\n";
#print "Session is: ".Dumper($user)."\n";


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQDVAwUBSQtQ+u0sRu40D6vCAQJHgQYAwAgXNBdhXXVyW3Xzri71U3fLNGq4nFpl
/a8knzFyC/xwiKDAPwwM6KkolDGwlBA/36Z/1w3QdxQJSz/jcM5WXvZlHC8A7xsF
lYpzn4hrKYn+IjhKu4qnXuKg+t3KV/TlTj4n8z4mSy448Ek61+dI1dfFFZz91MX2
ieQjM0Fb8K+SbM2J15gI374VO9D93CYd9jhgH/TKy31psUI2h7SE7m3NaBsDYmDu
jdy84kie/Q+ubDKr4e5Gn+vM/oJ9OS0U
=NDhm
-----END PGP SIGNATURE-----