[rt-users] Viewing user profiles without modification rights?

Jerrad Pierce jpierce at cambridgeenergyalliance.org
Thu Jul 9 09:38:38 EDT 2009


If I recall correctly, the profile page is still displayable without
the ACL, but the ticket display page uses the ACL to determine whether
or not to link to the page.

Tickets/Elements/ShowRequestor has:

    title_href => $has_right_adminusers? RT->Config->Get('WebPath')."/Admin/User
s/Modify.html?id=".$requestor->id: undef

but there is no HasRight check in Admin/Users/Modify.html

So you ought to be make a local variant of the former to always link....



More information about the rt-users mailing list