[rt-users] Queue owner see too much
Kevin Falcone
falcone at bestpractical.com
Thu Feb 11 10:06:42 EST 2010
On Thu, Feb 11, 2010 at 12:43:37PM +0200, JJussi wrote:
> OK..
> I managed to fix this... And this would be nice change to orginal code (of
> course "real" programmer would write it maybe little different way)
If a report is showing too many tickets, it means you've granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they'll still
be able to see all tickets.
-kevin
> So I made copy of SelectQueue to 'local/html/Elements' and changed that...
>
> diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
> 77c77
> < $ShowNullOption => 1
> ---
> > $ShowNullOption => undef
> 87a88,97
> >
> > my $qu = new RT::Queues($session{'CurrentUser'});
> > $qu->UnLimit;
> >
> > while (my $quu = $qu->Next){
> > if ($quu->CurrentUserHasRight('SuperUser')) {
> > $ShowNullOption = 1;
> > }
> > }
> >
>
>
>
> On Wednesday, 10. Februaryta 2010 11:34:11 you wrote:
> > Hi!
> > At report Tools > Reports > Created in a date range
> > user have "Queue" drop down, where there is two choises. '-' and
> > '(current)Queue'.
> > If user selects his/her queue, result is from that queue. BUT s/he can
> > select that '-', then result is from ALL queues, and that's not good.
> >
> > How to prevent that user cannot see reports from all queues?
> > How to make so that everywhere where user can/should select queue, s/he
> > have only one option, his/her own queue?
> >
>
>
> --
> JJussi
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
> 2010 RT Training Sessions!
> San Francisco, CA, USA - Feb 22 & 23
> Dublin, Ireland - Mar 15 & 16
> Boston, MA, USA - April 5 & 6
> Washington DC, USA - Oct 25 & 26
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100211/35dacc1b/attachment.sig>
More information about the rt-users
mailing list