[rt-users] ModifySelf right produces "Permission Denied"
Norton, Ian
i.norton at lancaster.ac.uk
Fri Apr 8 04:08:23 EDT 2005
Hi Joby,
I was sent a patch for this by Alex Vandiver via the rt-devel list.
Seems to be something to do with the permissions validation that should
only apply to tickets and not to other objects.
Regards, Ian.
-----Original Message-----
From: Joby Walker [mailto:joby at u.washington.edu]
Sent: 08 April 2005 01:31
To: Joby Walker
Cc: Norton, Ian; rt-users at lists.bestpractical.com
Subject: Re: [rt-users] ModifySelf right produces "Permission Denied"
I believe I have found the source of the problem in:
lib/RT/User_Overlay.pm: sub _Set
at the end of the method is (I removed the _NewTransaction parameter:
my ($ret, $msg) = $self->SUPER::_Set( Field => $args{'Field'},
Value => $args{'Value'} );
if ( $args{'RecordTransaction'} == 1 ) {
my ( $Trans, $Msg, $TransObj ) = $self->_NewTransaction(...)
return ( $Trans, scalar $TransObj->Description );
}
else {
return ( $ret, $msg );
}
The "Permission Denied" error is not from setting the attribute that is
$msg which is "The new value has been set", but from the "scalar
$TransObj->Description" -- because the acting user doesn't have
permission to run that method of the Transaction Object.
Joby Walker
C&C Computer Operations Software Support Group
Joby Walker wrote:
> Was there ever an answer for this? I have the same problem, though I
> have noticed that modifying "Organization" *is* denied.
>
> Joby Walker
> C&C Computer Operations Software Support Group
>
>
> Ian Norton wrote:
>
>> Hi all,
>>
>> I've granted the ModifySelf right to System group Everyone and I'm
>> getting some odd behaviour.
>>
>> I can change my password and all my details within the preferences
>> page and the database gets updated. The problem is that it gives me
>> an access denied error, even though it has succeeded.
>>
>> If I grant the right explicitly to a user and remove it from
>> Everyone, it still gives the same problem.
>>
>> I'm seeing a similar problem with personal groups, in that everyone
>> is granted AdminOwnPersonalGroups which they can do, but there's a
>> Permission Denied error - even though the edits happen.
>>
>> I've enabled debugging in my RT_SiteConfig.pm but it's not showing
>> anything unusual:
>>
>> [Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
>> transaction #6335
>> (/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)
>>
>> I'm using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
>> DBD::Pg is version 1.31
>> DBIx::SearchBuilder is version 1.22
>>
>> The only time I don't get errors on updating users details is if I do
>> it with a SuperUser enabled account.
>>
>> Any suggestions gratefully received as I'm not having any luck
>> tracking this one down :(
>>
>> Thanks, Ian.
>> --
>> Ian Norton
>> Mail & Systems Support
>> University of Lancaster
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> RT Administrator and Developer training is coming to your town soon!
>> (Boston, San Francisco, Austin, Sydney) Contact
>> training at bestpractical.com for details.
>>
>> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> RT Administrator and Developer training is coming to your town soon!
> (Boston, San Francisco, Austin, Sydney) Contact
> training at bestpractical.com for details.
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: user-updates.patch
Type: application/octet-stream
Size: 942 bytes
Desc: user-updates.patch
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20050408/e404c652/attachment.obj>
More information about the rt-users
mailing list