[rt-users] RT For an ISP

Bob Goldstein bobg at uic.edu
Wed Feb 22 10:10:42 EST 2006 

>Actually I was wondering if this could be done by configuring RT itself. It
>would be more secure that way. If it is not configurable through RT I think
>this would be a major drawback! It would be much more professional if my
>clients logon to a self services portal and use it to send their tickets.
>Having RT automatically create new users as watchers each time a client use=
>s
>a new name/email in the requestor field is nonsense! Moreover, the user get=

    
    I don't follow your logic.  Obviously each ticket needs to contain
    whatever email address was used, so that you can send any response
    back to the requestor. 

    RT doesn't actually store that email address with the ticket.
    Instead, it puts it in a separate table called "Users" and
    stores the internal id of the row (user) with the ticket.

    Think of it this way -- a watcher or requestor is not
    a simple email address, it is a complicated structure that
    can hold name, phone, comments, and so on.  And, if a given
    watcher ends up connected to many tickets, RT can tell you that.
    There is a lot of sense in this design.

    You want only the requestor to view the ticket?  You need to
    identify the logged-on person, before you can determine what
    he is a reqestor for. How else would you do that?  Generally,
    if a person uses multiple email addresses, it's quite hard
    to know it's the same person.

       bobg



>s
>an error saying that he has no permissions to view the ticket since I have
>only given the requestor the permission to view the ticket and in our case,
>the requestor is not the person logged on to RT because he used another
>name/email in the requestor field. I might have perceived the system wrongl=
>y
>but this is the conclusion I came up with. If anyone has other ideas please
>let me know.
>
>
>Mustafa Badawi
>
>On 2/21/06, Ben Robson <ben.robson at classicblue.com.au> wrote:
>>
>>  This link might be of help:
>> http://www.htmlhelp.com/reference/html40/forms/input.html
>>
>> You should be able to (and note I havn't checked this at all) modify the
>> code that shows the ticket creation form and set the READONLY flag on the
>> <INPUT> box for the Requestor.
>>
>> That way the requestor, autofilled, gets displayed, but the user can't
>> edit it.
>>
>> The other way would be to edit the same code, just don't display the
>> $ticket->requestor (not actual syntax) value in a pre-completed <INPUT> b=
>ox,
>> just display it as text instead.
>>
>> So if the code said <INPUT NAME=3Drequestor VALUE=3D$ticket->requestor>
>> change this to just be <B>$ticket->requestor</B> thus removing the abilit=
>y
>> to change the value.
>>
>> BenR
>>
>> ------------------------------
>> *From:* rt-users-bounces at lists.bestpractical.com on behalf of Jason Fenne=
>r
>> *Sent:* Wed 22/02/2006 2:31 AM
>> *To:* Mustafa Badawi
>> *Cc:* rt-users at lists.bestpractical.com
>> *Subject:* Re: [rt-users] RT For an ISP
>>
>>  Have you found a fix for this yet?
>>
>> Mustafa Badawi wrote:
>>
>> >Dear All
>> >
>> >I am trying to use RT for my dialup clients. I only want my clients to
>> use
>> >the web interface to create tickets and not the email interface. I have
>> >created an unprivileged RT account for each of my users. The problem I
>> have
>> >is that when the user logs on and selects the queue I have provided
>> he/she
>> >can enter any value in the requestor field thus automatically creating a
>> new
>> >user as a watcher. The rightful requestor of the ticket (the account I
>> have
>> >created) cannot actually view the new ticket because he/she has no
>> >permission to view it.
>> >Is there a way of forcing the requestor to be the RT account I have
>> already
>> >created! Keeping in mind that I do not want users seeing all the tickets
>> in
>> >the queue - only their own tickets.
>> >Any hints would be greatly appreciated
>> >
>> >Mustafa Badawi
>> >
>> >
>> >
>> >------------------------------------------------------------------------
>> >
>> >_______________________________________________
>> > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>> >
>> >Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>> >
>> >Download a free sample chapter of RT Essentials from O'Reilly Media at
>> http://rtbook.bestpractical.com
>> >
>> >WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
>> >San Francisco - Find out more at
>> http://bestpractical.com/services/training.html
>> >
>>
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>>
>> Download a free sample chapter of RT Essentials from O'Reilly Media at
>> http://rtbook.bestpractical.com
>>
>> WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
>> San Francisco - Find out more at
>> http://bestpractical.com/services/training.html
>>
>> .........................................................................=
>...................................................
>>
>> This email (including all attachments) is intended solely for the named a=
>ddressee. It is confidential and may contain legally privileged information=
>. If you receive it in error, please let us know by reply email, do not dis=
>close any information contained in it, delete it from your system and destr=
>oy any copies. This email is also subject to copyright. No part of it shoul=
>d be reproduced, adapted or transmitted without the written consent of the =
>copyright owner. Emails may be interfered with, may contain computer viruse=
>s or other defects and may not be successfully replicated on other systems.
>>
>>
>> We give no warranties in relation to these matters. If you have any doubt=
>s about the authenticity of an email purportedly sent by us, please contact=
> us immediately.  Privacy - Please be aware that information provided in re=
>sponse to this email may contain personal information, which Classic Blue m=
>ay collect, and use for the purposes of marketing information technology pr=
>oducts and services to you.  For further information regarding Classic Blue=
>'s privacy policies please refer to
>> www.classicblue.com.au
>> .........................................................................=
>...................................................
>>
>>
>
>------=_Part_16644_25236981.1140598274888
>Content-Type: text/html; charset=ISO-8859-1
>Content-Transfer-Encoding: quoted-printable
>Content-Disposition: inline
>
>Thanks for your reply.<br><br>Actually I was wondering if this could be don=
>e by configuring RT itself. It would be more secure that way. If it is not =
>configurable through RT I think this would be a major drawback! It would be=
> much more professional if my clients logon to a self services portal and u=
>se it to send their tickets. Having RT automatically create new users as wa=
>tchers each time a client uses a new name/email in the requestor field is n=
>onsense! Moreover, the user gets an error saying that he has no permissions=
> to view the ticket since I have only given the requestor the permission to=
> view the ticket and in our case, the requestor is not the person logged on=
> to RT because he used another name/email in the requestor field. I might h=
>ave perceived the system wrongly but this is the conclusion I came up with.=
> If anyone has other ideas please let me know.
><br><br><br>Mustafa Badawi<br><br><div><span class=3D"gmail_quote">On 2/21/=
>06, <b class=3D"gmail_sendername">Ben Robson</b> <<a href=3D"mailto:ben.=
>robson at classicblue.com.au" target=3D"_blank" onclick=3D"return top.js.OpenE=
>xtLink(window,event,this)">
>ben.robson at classicblue.com.au</a>> wrote:</span>
><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
>204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
>
>
>
>
>
>
>
>
><div dir=3D"ltr">
><div dir=3D"ltr"><font color=3D"#000000" face=3D"Arial" size=3D"2">This lin=
>k might be of help:=20
><a href=3D"http://www.htmlhelp.com/reference/html40/forms/input.html" targe=
>t=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">http:=
>//www.htmlhelp.com/reference/html40/forms/input.html</a></font></div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2"></font> </div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2">You should be able to (and=
> note I havn't=20
>checked this at all) modify the code that shows the ticket creation form an=
>d set=20
>the READONLY flag on the <INPUT> box for the Requestor.</font></div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2"></font> </div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2">That way the requestor, au=
>tofilled, gets=20
>displayed, but the user can't edit it.</font></div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2"></font> </div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2">The other way would be to =
>edit the same=20
>code, just don't display the $ticket->requestor (not actual=20
>syntax) value in a pre-completed <INPUT> box, just display it as=
> text=20
>instead.</font></div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2"></font> </div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2">So if the code said <IN=
>PUT=20
>NAME=3Drequestor VALUE=3D$ticket->requestor>  change this to jus=
>t be=20
><B>$ticket->requestor</B> thus removing the ability to chang=
>e the=20
>value.</font></div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2"></font> </div>
><div dir=3D"ltr"><font face=3D"Arial" size=3D"2">BenR</font></div></div>
><div dir=3D"ltr"><br>
><hr>
><font face=3D"Tahoma" size=3D"2"><b>From:</b> <a href=3D"mailto:rt-users-bo=
>unces at lists.bestpractical.com" target=3D"_blank" onclick=3D"return top.js.O=
>penExtLink(window,event,this)">rt-users-bounces at lists.bestpractical.com</a>=
>=20
>on behalf of Jason Fenner<br><b>Sent:</b> Wed 22/02/2006 2:31 AM<br><b>To:<=
>/b>=20
>Mustafa Badawi<br><b>Cc:</b> <a href=3D"mailto:rt-users at lists.bestpractical=
>.com" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,t=
>his)">rt-users at lists.bestpractical.com</a><br><b>Subject:</b>=20
>Re: [rt-users] RT For an ISP<br></font><br></div><div><span>
><div>
><p><font size=3D"2">Have you found a fix for this yet?<br><br>Mustafa Badaw=
>i=20
>wrote:<br><br>>Dear All<br>><br>>I am trying to use RT for my dial=
>up=20
>clients. I only want my clients to use<br>>the web interface to create=
>=20
>tickets and not the email interface. I have<br>>created an unprivileged =
>RT=20
>account for each of my users. The problem I have<br>>is that when the us=
>er=20
>logs on and selects the queue I have provided he/she<br>>can enter any v=
>alue=20
>in the requestor field thus automatically creating a new<br>>user as a=
>=20
>watcher. The rightful requestor of the ticket (the account I=20
>have<br>>created) cannot actually view the new ticket because he/she has=
>=20
>no<br>>permission to view it.<br>>Is there a way of forcing the reque=
>stor=20
>to be the RT account I have already<br>>created! Keeping in mind that I =
>do=20
>not want users seeing all the tickets in<br>>the queue - only their own=
>=20
>tickets.<br>>Any hints would be greatly appreciated<br>><br>>Musta=
>fa=20
>Badawi<br>><br>> <br>><br>>-------------------------------=
>-----------------------------------------<br>><br>>__________________=
>_____________________________<br>><a href=3D"http://lists.bestpractical.=
>com/cgi-bin/mailman/listinfo/rt-users" target=3D"_blank" onclick=3D"return =
>top.js.OpenExtLink(window,event,this)">
>
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users</a><br>&gt=
>;<br>>Be=20
>sure to check out the RT Wiki at <a href=3D"http://wiki.bestpractical.com" =
>target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">=
>http://wiki.bestpractical.com</a><br>><br>>Download=20
>a free sample chapter of RT Essentials from O'Reilly Media at <a href=3D"ht=
>tp://rtbook.bestpractical.com" target=3D"_blank" onclick=3D"return top.js.O=
>penExtLink(window,event,this)">http://rtbook.bestpractical.com</a><br>><=
>br>
>
>>WE'RE=20
>COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and<br>>San=
>=20
>Francisco - Find out more at <a href=3D"http://bestpractical.com/services/t=
>raining.html" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window=
>,event,this)">http://bestpractical.com/services/training.html</a><br>><b=
>r>
>
><br><br>_______________________________________________<br><a href=3D"http:=
>//lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users" target=3D"_bla=
>nk" onclick=3D"return top.js.OpenExtLink(window,event,this)">http://lists.b=
>estpractical.com/cgi-bin/mailman/listinfo/rt-users
></a><br><br>Be=20
>sure to check out the RT Wiki at <a href=3D"http://wiki.bestpractical.com" =
>target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,this)">=
>http://wiki.bestpractical.com</a><br><br>Download=20
>a free sample chapter of RT Essentials from O'Reilly Media at <a href=3D"ht=
>tp://rtbook.bestpractical.com" target=3D"_blank" onclick=3D"return top.js.O=
>penExtLink(window,event,this)">http://rtbook.bestpractical.com</a><br><br>W=
>E'RE=20
>COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and<br>San Fran=
>cisco=20
>- Find out more at <a href=3D"http://bestpractical.com/services/training.ht=
>ml" target=3D"_blank" onclick=3D"return top.js.OpenExtLink(window,event,thi=
>s)">http://bestpractical.com/services/training.html</a><br></font></p></div=
>>
>
></span></div>
>
><pre>......................................................................=
>......................................................<br><br>This email (i=
>ncluding all attachments) is intended solely for the named addressee. It is=
> confidential and may contain legally privileged information. If you receiv=
>e it in error, please let us know by reply email, do not disclose any infor=
>mation contained in it, delete it from your system and destroy any copies. =
>This email is also subject to copyright. No part of it should be reproduced=
>, adapted or transmitted without the written consent of the copyright owner=
>. Emails may be interfered with, may contain computer viruses or other defe=
>cts and may not be successfully replicated on other systems.
><br><br><br>We give no warranties in relation to these matters. If you have=
> any doubts about the authenticity of an email purportedly sent by us, plea=
>se contact us immediately.  Privacy - Please be aware that information prov=
>ided in response to this email may contain personal information, which Clas=
>sic Blue may collect, and use for the purposes of marketing information tec=
>hnology products and services to you.  For further information regarding Cl=
>assic Blue's privacy policies please refer to=20
><br><a href=3D"http://www.classicblue.com.au" target=3D"_blank" onclick=3D"=
>return top.js.OpenExtLink(window,event,this)">www.classicblue.com.au</a>
>...........................................................................=
>.................................................<br></pre>
>
></blockquote></div><br>
>
>
>------=_Part_16644_25236981.1140598274888--
>
>--===============0688665070==
>Content-Type: text/plain; charset="us-ascii"
>MIME-Version: 1.0
>Content-Transfer-Encoding: 7bit
>Content-Disposition: inline
>
>_______________________________________________
>http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
>Be sure to check out the RT Wiki at http://wiki.bestpractical.com
>
>Download a free sample chapter of RT Essentials from O'Reilly Media at http://
>rtbook.bestpractical.com
>
>WE'RE COMING TO YOUR TOWN SOON - RT Training in Amsterdam, Boston and
>San Francisco - Find out more at http://bestpractical.com/services/training.ht
>ml
>--===============0688665070==--
>

More information about the rt-users mailing list