[rt-users] Permission causes wrong search-results

[Martin Wheldon]

Hi,

IMO this is working correctly for the following reason, as far as the 
user is concerned the
the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = 'General' AND Owner = 'Nobody' AND ('CF.{category}' exists AND 
'CF.{category}' != 'one')

Best Regards

Martin

On 2016-06-30 10:39, Eierschmalz, Bernhard wrote:
> Hello,
> 
> I'm using RT 4.4.0
> 
> I found the following problem:
> 
> I have a custom field "category" with settings "select one value".
> There are 5 possible values.
> 
> I build a search for all tickets like the following
> 
> Queue = 'General' AND Owner = 'Nobody' AND 'CF.{category}' != 'one'
> 
> I found that the search results ignore the part CF.{category} != 'one'
> and shows all tickets, no matter which category.
> 
> I tested with CF.{category} = 'one' and this works - it shows all the
> ticket with category 'one'
> 
> I used the same search with root-user, and it always works as expected
> - so I thought this would be a problem with permissions.
> 
> My default-user has the following permissions on this queue:
> 
> "general rights" à all
> 
> "Rights for Staff" à all but "delete tickets" and "forward messages
> outside of RT"
> 
> "rights for Administrators" à no permissions
> 
> My next try was changing the permissions of the custom field.
> 
> I found out that, as soon as the user has the permission "General
> rights" à "view custom fields" on the "category"-Custom field, the
> search is working as expected.
> 
> So in short:
> 
> Search on the CF with = operator works always,
> 
> Search on the CF with != operator works only, if the user has "view
> custom fields" permission on the custom field.
> 
> So I have a possible solution now, but I would like to understand how
> this error occurs. Is this a bug or a feature?
> 
> Best regards
> 
> Bernhard
> ---------
> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
> * Los Angeles - September, 2016