[rt-users] Permission causes wrong search-results

[Eierschmalz, Bernhard]

Hello,

I'm using RT 4.4.0

I found the following problem:
I have a custom field "category" with settings "select one value". There are 5 possible values.

I build a search for all tickets like the following
Queue = 'General' AND Owner = 'Nobody' AND 'CF.{category}' != 'one'

I found that the search results ignore the part CF.{category} != 'one' and shows all tickets, no matter which category.
I tested with CF.{category} = 'one' and this works - it shows all the ticket with category 'one'

I used the same search with root-user, and it always works as expected - so I thought this would be a problem with permissions.
My default-user has the following permissions on this queue:
"general rights" --> all
"Rights for Staff" --> all but "delete tickets" and "forward messages outside of RT"
"rights for Administrators" --> no permissions

My next try was changing the permissions of the custom field.
I found out that, as soon as the user has the permission "General rights" --> "view custom fields" on the "category"-Custom field, the search is working as expected.


So in short:
Search on the CF with = operator works always,
Search on the CF with != operator works only, if the user has "view custom fields" permission on the custom field.


So I have a possible solution now, but I would like to understand how this error occurs. Is this a bug or a feature?

Best regards
Bernhard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20160630/87d4763b/attachment.htm>