[rt-users] Viewing user profiles without modification rights?
Jerrad Pierce
jpierce at cambridgeenergyalliance.org
Thu Jul 9 09:38:38 EDT 2009
If I recall correctly, the profile page is still displayable without
the ACL, but the ticket display page uses the ACL to determine whether
or not to link to the page.
Tickets/Elements/ShowRequestor has:
title_href => $has_right_adminusers? RT->Config->Get('WebPath')."/Admin/User
s/Modify.html?id=".$requestor->id: undef
but there is no HasRight check in Admin/Users/Modify.html
So you ought to be make a local variant of the former to always link....
More information about the rt-users
mailing list