<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"><meta name="Generator" content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Times;
panose-1:2 2 6 3 5 4 5 2 3 4;}
@font-face
{font-family:"Trebuchet MS";
panose-1:2 11 6 3 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style></head><body lang="EN-US" link="blue" vlink="purple"><div class="WordSection1"><p class="MsoNormal">All,</p><p class="MsoNormal"> </p><p class="MsoNormal">Since I use AD groups to manage rights to queues in RT, (queues are all set up with group rights, and the helpdesk can add/remove people to AD groups w/o rights in RT). I needed to make sure that users that need to be privileged are and ones that no longer (transferred to a department w/o a queue) are not. So I wrote the below perl script it makes sure anyone with the Own Ticket right on any queue and a list of exceptions are privileged. I have it set to run once an hour. I am not the best with perl as I am just learning it, however I hope this can help someone else.</p>
<p class="MsoNormal"> </p><p class="MsoNormal">April</p><p class="MsoNormal"> </p><p class="MsoNormal">#!/usr/bin/perl -w</p><p class="MsoNormal">use strict;</p><p class="MsoNormal">use warnings;</p><p class="MsoNormal"> </p>
<p class="MsoNormal">my @excludedUsers = ("root"); # Users who will keep privileged status</p><p class="MsoNormal">my @excludedGroups = ("RTAdmin"); # Groups of users who will get privileged status without the own ticket right.</p>
<p class="MsoNormal"> </p><p class="MsoNormal">open (LogFile, '>>/var/log/request-tracker4/Privileged.log');</p><p class="MsoNormal"> </p><p class="MsoNormal">use lib qw(/usr/local/share/request-tracker4/lib /usr/share/request-tracker4/lib);</p>
<p class="MsoNormal">use RT;</p><p class="MsoNormal">use DateTime;</p><p class="MsoNormal"> </p><p class="MsoNormal">my $date = DateTime->now(time_zone=>'local');</p><p class="MsoNormal"> </p><p class="MsoNormal">
# Load the config -- at compile-time, so we can adjust lib paths for plugin packages</p><p class="MsoNormal"> </p><p class="MsoNormal">BEGIN { RT::LoadConfig(); }</p><p class="MsoNormal"> </p><p class="MsoNormal">RT::Init();</p>
<p class="MsoNormal">use RT::Queue;</p><p class="MsoNormal"> </p><p class="MsoNormal">print LogFile "********************************************\n";</p><p class="MsoNormal">print LogFile $date->datetime()."\n";</p>
<p class="MsoNormal">print LogFile "********************************************\n";</p><p class="MsoNormal">my $queues = RT::Queues->new(RT->SystemUser);</p><p class="MsoNormal">$queues->UnLimit;</p><p class="MsoNormal">
my @privUsers;</p><p class="MsoNormal">while ( my $queue = $queues->Next ) {</p><p class="MsoNormal"> my $Users = RT::Users->new(RT->SystemUser);</p><p class="MsoNormal"> $Users->WhoHaveRight(</p><p class="MsoNormal">
Right => 'OwnTicket',</p><p class="MsoNormal"> Object => $queue,</p><p class="MsoNormal"> IncludeSystemRights => 1,</p><p class="MsoNormal"> IncludeSuperUsers => 1,</p>
<p class="MsoNormal"> );</p><p class="MsoNormal"> while ( my $User = $Users->Next() ) {</p><p class="MsoNormal"> if ( $User->Name ne "Nobody" ) {</p><p class="MsoNormal"> unless (grep { $User->Name eq $_ } @privUsers ) {</p>
<p class="MsoNormal"> $User->SetPrivileged(1);</p><p class="MsoNormal"> print LogFile "User, ".$User->Name.", set as privileged.\n";</p><p class="MsoNormal"> push @privUsers, $User->Name;</p>
<p class="MsoNormal"> }</p><p class="MsoNormal"> }</p><p class="MsoNormal"> }</p><p class="MsoNormal">}</p><p class="MsoNormal">foreach my $group (@excludedGroups) {</p><p class="MsoNormal"> my $Groups = RT::Group->new(RT->SystemUser);</p>
<p class="MsoNormal"> $Groups->LoadUserDefinedGroup( $group );</p><p class="MsoNormal"> my $Users = RT::Users->new(RT->SystemUser);</p><p class="MsoNormal"> $Users->MemberOfGroup( $Groups->id );</p><p class="MsoNormal">
while ( my $User = $Users->Next() ) {</p><p class="MsoNormal"> unless (grep { $User->Name eq $_ } @privUsers ) {</p><p class="MsoNormal"> $User->SetPrivileged(1);</p><p class="MsoNormal"> print LogFile "User, ".$User->Name.", set as privileged.\n";</p>
<p class="MsoNormal"> push @privUsers, $User->Name;</p><p class="MsoNormal"> }</p><p class="MsoNormal"> }</p><p class="MsoNormal">}</p><p class="MsoNormal">foreach my $name (@excludedUsers) {</p><p class="MsoNormal">
push @privUsers, $name;</p><p class="MsoNormal">}</p><p class="MsoNormal">my $SuperUsers = RT::Users->new(RT->SystemUser);</p><p class="MsoNormal">$SuperUsers->LimitToPrivileged;</p><p class="MsoNormal">$SuperUsers->UnLimit;</p>
<p class="MsoNormal">while ( my $User = $SuperUsers->Next() ) {</p><p class="MsoNormal"> unless (grep { $User->Name eq $_ } @privUsers ) {</p><p class="MsoNormal"> $User->SetPrivileged(0);</p><p class="MsoNormal">
print LogFile "User, ".$User->Name.", removed from privileged.\n";</p><p class="MsoNormal"> }</p><p class="MsoNormal">}</p><p class="MsoNormal"> </p><p class="MsoNormal">close (LogFile);</p><p class="MsoNormal">
exit;</p><p class="MsoNormal"> </p><p class="MsoNormal"> </p><table class="MsoNormalTable" border="0" cellpadding="0" style="margin-left:7.5pt"><tr style="height:33.75pt"><td width="40" style="width:30.0pt;padding:.75pt .75pt .75pt .75pt;height:33.75pt">
<p class="MsoNormal" style="margin-bottom:3.75pt"><span style="font-family:"Times","serif""><img width="30" height="30" id="Picture_x0020_1" src="cid:image001.gif@01CDD477.A0A55940" alt="Yelp!"></span></p>
</td><td style="padding:.75pt .75pt .75pt .75pt;height:33.75pt"><p class="MsoNormal" style="margin-bottom:3.75pt"><b><span style="font-size:8.5pt;font-family:"Trebuchet MS","sans-serif";color:#c41200;text-transform:uppercase;letter-spacing:1.5pt">April Rosenberg</span></b><span style="font-family:"Times","serif""> <br>
</span><b><span style="font-size:8.5pt;font-family:"Trebuchet MS","sans-serif";color:#888888">e:</span></b><span style="font-size:8.5pt;font-family:"Trebuchet MS","sans-serif";color:#b2b2b2"> <a href="mailto:aprilr@yelp.com" target="_blank" title="email Mike"><span style="color:#b2b2b2">aprilr@yelp.com</span></a> </span><b><span style="font-size:8.5pt;font-family:"Trebuchet MS","sans-serif";color:#888888">t:</span></b><span style="font-size:8.5pt;font-family:"Trebuchet MS","sans-serif";color:#b2b2b2"> 415.632.4020</span></p>
</td></tr></table><p class="MsoNormal"> </p><p class="MsoNormal"> </p></div></body></html>