[rt-users] Custom Scrip Failing (using example from RT Essentials) and User Details not accessible

Kevin Falcone falcone at bestpractical.com
Thu Aug 6 14:10:33 EDT 2009


On Thu, Aug 06, 2009 at 12:32:08PM -0500, Michael Ellis wrote:
> Ken, all,
> 
> Thanks, I did mean the WebUI. SuperUser can see that page, no one else can.
> 
> I thought it would be a privilege, too. The only seemingly relevant 
> privilege I could find was "AdminUser" but granting it did not resolve the 
> issue.  The url for the malformed page is:
> 
> http://rt.somewhere.com/Admin/Users/Modify.html?id=XYZ
> 
> ..and the resultant page contains nothing but:
> 
> "Time to display: 0.007461
> 
> »|« RT 3.8.4 Copyright 1996-2009 Best Practical Solutions, LLC."

There is an autohandler in Admin/ that requires users have
ShowConfigTab granted to access anything in Admin/

It was implemented as part of the security fixes between 3.8.3 and
3.8.4 to lock down access to the Admin UI.

It may honestly be easier to make a local copy of ShowRequestor and
munge it to show more info in a readonly fashion, rather than letting
your users change data about other users.

Please note that depending on what user info you're printing, you may
need to tell RT that it is ok to share the info.  RT considers phone
numbers privateish data and you may need to tweak the Accessible
routine.

-kevin

> --------------------------------------------------
> From: "Ken Crocker" <kfcrocker at lbl.gov>
> Sent: Thursday, August 06, 2009 12:23 PM
> To: "Michael Ellis" <michael_ellis at umanitoba.ca>
> Cc: "Jerrad Pierce" <jpierce at cambridgeenergyalliance.org>; "RT-USERS" 
> <RT-Users at lists.bestpractical.com>
> Subject: Re: [rt-users] Custom Scrip Failing (using example from RT 
> Essentials) and User Details not accessible
> 
> > Mike,
> >
> > If your talking about looking at User info via WebUI, then I'd take a look 
> > at the privileges you've set up. As "SuperUser" (we have only allowed 2 in 
> > our system) I can pretty much do what I want as the Admin of our RT 
> > installation.
> >
> > Kenn
> > LBNL
> >
> > On 8/6/2009 10:18 AM, Michael Ellis wrote:
> >> Thanks Jerrad & Ken,
> >>
> >> After I posted last night I came accross this idea, although, I was 
> >> trying to work with  /opt/rt3/local/html/Elements/ShowRequestor. I was 
> >> lost on what code to add. I'll try the lines you suggested in your follow 
> >> up email, Jerrad:
> >>
> >> $Ticket->Requestors->UserMembersObj->First->HomePhone();
> >> $Ticket->Requestors->UserMembersObj->First->WorkPhone();
> >> $Ticket->Requestors->UserMembersObj->First->MobilePhone();
> >>
> >> Any idea why no one but root can view the modifyuser pages? I've given 
> >> our helpdesk group AdminUsers right.
> >>
> >> Thanks so much,
> >>
> >> Mike
> >>
> >> --------------------------------------------------
> >> From: "Jerrad Pierce" <jpierce at cambridgeenergyalliance.org>
> >> Sent: Thursday, August 06, 2009 11:49 AM
> >> To: "Ken Crocker" <kfcrocker at lbl.gov>
> >> Cc: "Michael Ellis" <michael_ellis at umanitoba.ca>; "RT-USERS" 
> >> <RT-Users at lists.bestpractical.com>
> >> Subject: Re: [rt-users] Custom Scrip Failing (using example from RT 
> >> Essentials) and User Details not accessible
> >>
> >>> I strongly recommend storing this information in the requestor, and
> >>> then pulling it from there,
> >>> as Ken suggest. We use REST to create tickets, and create the
> >>> requestor with such details
> >>> before hand, but I've written a scrip to extract such information from
> >>> a vCard, which could be
> >>> of use: http://wiki.bestpractical.com/view/OnCreateSetUserDetails
> >>>
> >>>
> >>
> >
> > 
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> 
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
> 



More information about the rt-users mailing list