[rt-users] Mandatory Custom Field Privileges

Tim Wiley tim at marchex.com
Wed Jul 10 17:33:31 EDT 2013 

On 07/10/2013 01:51 PM, Thomas Sibley wrote:
> On 07/09/2013 05:08 PM, Tim Wiley wrote:
>>> Not letting one group of users see a set of CFs is possible with RT's
>>> rights, provided you haven't granted rights too widely at the global
>>> level.  You may need to rejigger some of your rights first to be less
>>> global and more role/group/object specific.
>>>
>>
>> I think that might've been the key.  I removed some more wide spread
>> permissions on one of my mandatory fields & the error is gone.  Let me
>> play around with the others & I'll get back to you.
>
> Which error is gone?

When trying to submit a ticket as a user that had SeeCustomField, but 
not MidifyCustomField, It would give me the error that the CF "Input 
must match [Mandatory]", even though I couldn't see the field to set it 
& I don't have permissions to set it anyway.  Removing SeeCustomField 
from Everyone on the CF allowed me to create a ticket without error.

> How are you making the CFs mandatory, btw?  If it's an extension, that
> may affect whether or not it's caring to check rights before verifying
> mandatory-ness.

I'm setting the validation field in the Basic CF config to "(?#Mandatory)."

>> The blanket permission was SeeCustomField granted to everyone on the CF
>> level.  I'm guessing that there's no good way to allow a user to see the
>> field, but not modify it?  Am I misunderstanding what SeeCustomField
>> allows?
>>
>> It's possible, I was mistaken on SeeQueue a while back.
>
> The See* rights are just visibility, not modification.
> ModifyCustomField controls adding/removing values from CFs on tickets, etc.
>

After testing different scenarios, it looks like 
SeeCustomField/ModifyCustomField works as I would expect in every 
instance except for ticket creation.  I may have stumbled across a bug.

* As expected, a user having neither SeeCustomField nor 
ModifyCustomField will not see the custom field when the ticket is 
displayed or when they modify ticket basics.

* As expected, a user with SeeCustomField, but not ModifyCustomField 
will see the CF & it's value when the ticket is displayed, but will not 
see the form element to set it when editing ticket basics.

* As expected, a user with SeeCustomField, but not ModifyCustomField 
will not see the input form element for a field on the ticket creation 
input page.

* What's unexpected is if a user has SeeCustomField, but not 
ModifyCustomField on a mandatory CF, at ticket creation they get the 
error "MyCustomField: Input must match [Mandatory]" even though it's not 
displayed & they don't have modify rights on it.  Shouldn't RT create 
the ticket just as it does for a user without SeeCustomField, leaving 
the mandatory CF unset?

BTW, I never said, but this is all rt-4.0.13, although it hasn't worked 
the way I'd expect on any version I've used (rt-3.6.3,
rt-4.0.{8,9,10,11,12,13})

More information about the rt-users mailing list