[rt-users] Error with ACL?

Kenneth Crocker KFCrocker at lbl.gov
Fri Nov 30 15:41:04 EST 2007

Thank you. That's what I was referring to.


On 11/30/2007 12:17 PM, Todd Chapman wrote:
> I doubt your patch would be accepted by Jesse. Chances are this isn't
> a result of some mistake. I'm willing to be that in his view Comment
> and Reply both modify the ticket so the ability to do those things is
> implied by the ModifyTicket right. I would recommend doing an _Local
> overlay to accomplish what you want.
> Come to think of it, when a ticket is replied to there are other
> fields in the ticket that are updated. Certain timestamp fields and
> also TimeWorked I think. Those would all fail if you could reply to
> the ticket but not modify it.
> -Todd
> On 11/30/07, Max Clark <max.clark at gmail.com> wrote:
>> :) Fantastic! So I guess this means that I get to learn alot about the
>> internals of RT as I prepare a large patch.
>> On Nov 30, 2007 11:50 AM, Kenneth Crocker <KFCrocker at lbl.gov> wrote:
>>> Max,
>>>         Well, good news for you, ModifyTicket also inherits CommentOnTicket and
>>> I think even DeleteTicket.
>>> Kenn
>>> LBNL
>>> On 11/30/2007 11:14 AM, Max Clark wrote:
>>>>> Why would it be considered a bug? Wouldn't the person making changes be
>>>>> a person of interest? Wouldn't any person of interest want to know what
>>>>> is going on about a ticket?
>>>> What has that have to do with the rights to ReplyToTicket? I am not
>>>> talking about Watcher, AdminCC, or CC privileges here. I am talking
>>>> about the right for a user to reply to a ticket and send
>>>> correspondence. To me ModifyTicket != ReplyToTicket just like it
>>>> shouldn't mean CommentOnTicket or DeleteTicket and that's why I
>>>> perceive this as a bug.
>>>> My permissions requirements for this Queue are straightforward. I need
>>>> to assign rights for a group to view, modify (reassign, move,
>>>> associate, close), and comment on a ticket. This should be
>>>> accomplished by setting CommentOnTicket, ModifyTicket, OwnTicket,
>>>> SeeQueue, ShowTicket, ShowTicketComments, StealTicket, TakeTicket,
>>>> Watch, and WatchAsAdminCc. What was discovered is that ModifyTicket
>>>> inherits ReplyToTicket rights which should not happen.
>>>> -Max

More information about the rt-users mailing list