[rt-devel] quandry: secure parts of a ticket... should this be done with related tickets?

Colleen colleen at darksideproductions.net
Thu Dec 12 14:35:28 EST 2002


The company I work for has been using RT strictly as internal company
workflow via the web.

There has recently been a request made to me for including part of the
ticket as secure so that the creator inputs the secure info when it is
in a certain queue, another part of the company (X) also has permission
to use this secure information, but then it gets forwarded to another
part of the company(Y) and they are not allowed to see this information.

This is a complicated situation, and the following questions come to

1) how do I limit who can see tickets in a certain queue?  Currently
they all have global configuration of ACLs.

2) Should I create a showSecureInfo and an EditSecureInfo module and it
checks to see who the current viewer is to see whether they can view the

3) after the ticket's work has been complete
(status=resolved/status=dead), how should I allow this info to be
viewed?  The same as 2)?

4) should this be done with related tickets, with the secure info going
in one and the task-related work going in another and then linking them?
Would this produce the correct relationship?  How would I guarantee that
a user in Y couldn't see the secure info?

5) I thought about copying Create.html into another file within an
.htaccess protected directory and forcing all tickets for that queue to
go to that directory (which would require a password), but I'm sure that
will only make things really messy.

Any help with this would be appreciated.



Colleen Noonan

More information about the Rt-devel mailing list