[rt-users] KILL permission question

Tobias Brox tobiasb at tobiasb.funcom.com
Fri May 12 07:15:19 EDT 2000


> I am surprised to see that someone with manipulate right can KILL a
> Ticket ???

I've configured it here so that "kill" only marks the request status as
"dead".  Then it should be a fairly harmless operation.  Only those with
SQL access to the DB can actually KILL a request.

My sub kill (lib/rt/database/amanipulate.pm) looks like this:

sub kill {
    my  ($in_serial_num, $in_current_user) = @_;
    my ($transaction_count, $transaction_num);
    if (!(&can_manipulate_request($in_serial_num,$in_current_user))) {
        return (0,"You don't have permission to modify request \#$in_serial_num")
;
    }
    ($transaction_count)=&transaction_history_in($in_serial_num,$in_current_user);
 
    $transaction_num=&update_request($in_serial_num,'status','dead',$in_current_
user);    
    return ($transaction_num,"Request #$in_serial_num has been killed.");
}

Eventually you can give only admin kill rights by changing the
"can_manipulate_request" to "can_admin_queue"

-- 
tobix at fsck.com








More information about the rt-users mailing list