[rt-users] "Grouping" of unprivileged users

Harald Kollera harald.kollera at fun.de
Wed Nov 13 04:57:33 EST 2002


hello James,

James Goss wrote:
> 
> Hello all,
> So my question is:
> 
>  * Is there a way to 'group' users so they can see each other's tickets
> without granting them privileges?  I've looked into doing this by granting
> them privileges, but it seems even privileged users with few privileges can
> still _see_ a lot of the configuration, even if they can't change it.  This
> is not acceptable for our application.
> 
We had a similar problem and so I made an addon for grouping
unprivileged users. It is called groupservice, because the functionality
is mostly like selfservice. 

Perhaps it will solve your problems too.

(hi Jesse,
could you please replace the package on the contrib server with the
appended one. It now has the long missing search functionality.)


To hide the configuration-link for the normal user, I have changed the
Tabs file. Now only user with the rights superuser or groupadmin will
see this link. This is really easy to make. Just add the following
lines: 

% foreach $tab (sort keys %{$toptabs}) {
%  if (($tab eq 'D') && $notPrivileged) { next; }             <-- this
one
            <TD ALIGN=CENTER>
              <font size=+1>
...

<%INIT>
my ($tab, $action);
my $notPrivileged = 1;                                        <-- this
one
...                                                           <-- and
these
if ($session{'CurrentUser'}->HasSystemRight('SuperUser')||
    $session{'CurrentUser'}->HasSystemRight('AdminGroups')) {
  $notPrivileged = 0;
}
</%INIT>
...


Cheers,
Harald
-- 
Dr. Harald Kolléra
Professional Services
fun communications GmbH
Brauerstrasse 6   76135 Karlsruhe   Germany
Tel: +49 721 964480           Fax: +49 721 96448-299
email: harald.kollera at fun.de  http://www.fun.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: groupservice.tar.gz
Type: application/x-gzip
Size: 12910 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20021113/bae43b95/attachment.bin>
-------------- next part --------------
GroupService
------------

Author: Harald Kollera
Date:   2002-11-11

What is it?

Our customers are competitors and they don't want that others see their 
problems and we don't want our customers see our internal
tickets. But all tickets are about the same product, so it is impossible
to handle a lot of different queues.

The solution was to create a new kind of user between unprivileged and
privileged, so called underprivileged users or unprivileged groups.

All the users of a group share a nickname beginning with X_ and they are
unprivileged. When logging in they get a new interface with a button 
"show group tickets". So they can see all their own tickets as well as 
the tickets their X_ group has requested, but nothing else. This works also 
in the modified search interface.
But using the normal groups and privileges for groups it is possible to 
manage also sub-groups within the X_ groups.

To handle this I added a new interface GroupService (copied from
SelfService) and changed the autohandler a little bit.

How to handle the rights?
-------------------------
1. Create a user WITH privileges and a nickname beginning with X_.
2. Create a group for this user and his friends.

  Now you can do the following with the rights to queues:
  User  Group 1    Group 2
   A      X
   B                YZ
   C      X         YZ

   User A has access to queue X and sees the tickets of C, but not of B.
   User C has access to queue X, Y and Z and sees all tickets of his friénds.
   But all share the same nickname.
   
3. Give the user the right to login and take his privileges away.
   Now the privileges of his real group take effect.

If you want to change the real group of such a user, you have to give him 
back privileges. Otherwise he is not in the choice list. But after the 
grouping you have to take away the privileges again. 

All takes effect in the local tree. The files in the WebRT tree seem to be 
necessary, because RT needs a dummy.

How to install?
---------------
1. Patch the autohandler file.
2. Copy the dummy files to the WebRT tree.
3. Copy the local files to the appropriate place.




More information about the rt-users mailing list