[rt-users] urgent: disable search for new watchers

Kevin Falcone falcone at bestpractical.com
Fri Jun 19 10:24:43 EDT 2009 

On Jun 19, 2009, at 10:16 AM, Raed El-Hames wrote:

>
> Open any of the tickets you can see and click on the People tab
> Find people whose
> User Id does n't contain xyz and click Go!

Oh, that user search.  I thought we were allowing
access to the user administration section

Thank you for a clearer bug report Raed

As Jesse said, the full UI is meant for staff, which
explains the ability to see other users.  It isn't clear
to me how people would want this fixed, since
removing the ability to search pretty much dooms
people to typing in email addresses incorrectly

-kevin



> Kevin Falcone wrote:
>> On Jun 19, 2009, at 4:22 AM, Violetta J. Wawryk wrote:
>>
>>
>>> yes I have to make him priviledged because he is a kind of controll
>>> instance who has to see what orders (a ticket is a order) have been
>>> made.
>>>
>>> Thanks to all who answered. I cannot believe that noone ever thought
>>> of
>>> this as a security bug.
>>>
>>> @Kevin: no I did not grant ShowConfigTab to anyone, to be honest I
>>> didn't even know that this one existed.
>>>
>>
>> I just installed RT 3.6.1 and made a privileged tester user
>> that has been globally granted
>> CreateTicket
>> ReplyToTicket
>> SeeQueue
>> ShowTicket
>>
>> When logging in as this user, I don't see the Configuration tab.
>> How do I navigate to the User search page to test userid doesn't
>> contain xyz?
>>
>> -kevin
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> Community help: http://wiki.bestpractical.com
>> Commercial support: sales at bestpractical.com
>>
>>
>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>> Buy a copy at http://rtbook.bestpractical.com
>>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>

More information about the rt-users mailing list