[rt-users] Auth::Mailfrom error in 3.8.1 -- Unprivileged vs. Everyone
RT
rt at ragweed.net
Fri Sep 5 11:17:18 EDT 2008
Frustrated with Auth::Mailfrom not actually working properly, I
decided to remove it's ability to create users via e-mail.
# $CurrentUser = CreateUser( undef, $Address, $Name, $Address,
$args{'Message'} );
"lib/RT/Interface/Email/Auth/MailFrom.pm" line 172 of 183 --93%-- col 3
--
I discovered the issue is that either Auth::Mailfrom is not reading
the queue permissions for Unprivileged users properly.
In "Modify group rights for queue Support" --
Unprivileged: No rights granted.
Privileged: No rights granted.
Everyone: No rights granted.
I added the following statement to Auth/MailFrom.pm:
# check to see whether "Everybody" or "Unprivileged users" can
create tickets in this queue
unless ( $everyone->PrincipalObj->HasRight( Object =>
$args{'Queue'}, Right => 'CreateTicket' ) )
{ $RT::Logger->debug("PERMISSIONS: Everyone role has no right
to create ticket in queue '$qname'"); }
if ( $unpriv->PrincipalObj->HasRight( Object =>
$args{'Queue'}, Right => 'ModifyTicket' ) )
{ $RT::Logger->debug("PERMISSIONS: Unprivileged users have
rights to modify ticket in queue '$qname'"); }
Lo and behold,
[Fri Sep 5 15:03:02 2008] [debug]: PERMISSIONS: Everyone role has no
right to create ticket in queue 'Support'
(/opt/rt3/bin/../lib/RT/Interface/Email/Auth/MailFrom.pm:105)
[Fri Sep 5 15:03:02 2008] [debug]: PERMISSIONS: Unprivileged users
have rights to modify ticket in queue 'Support'
(/opt/rt3/bin/../lib/RT/Interface/Email/Auth/MailFrom.pm:108)
I went into the web interface and enabled->save, then disabled->saved
the "Modify" permissions on Support by Unprivileged. (To ensure the
permissions were being set properly.)
It doesn't seem to have any effect! Unprivileged users are still shown
by the debug output as having permissions.
In the end, it turns out there was a global setting where Unprivileged
users had Modify privileges on tickets.
**** For the RT Programmers: ****
Why are Unprivileged users with "Modify" privileges and Everyone users
treated the same in Auth::Mailfrom?
Worded differently --
if Unprivileged users have Modify permissions, why does Auth::Mailfrom
assume you want new users Auto-created on ticket submission?
I'm not understanding the connection at all.
Thanks for your time.
More information about the rt-users
mailing list