[rt-users] CommandByMail problem

Kenneth Crocker kfcrocker at lbl.gov
Thu Apr 22 17:00:59 EDT 2010 

To List & Kevin & Jeff,

Whomever created RightsMatrix, I owe them a beer. Actually a pitcher.

I SSOOOOOOOOOOO embarrassed by this mistake. However, confession is good for
the soul.

I've been on 3.6.4 so for so long, I completely forgot that 3.8.7 allows the
granting of "SuperUser" at the group level, whereas in 3.6.4, that was not
possible. I am BIG on *not *granting rights to individual users, but because
of 3.6.4, I had granted the "SuperUser" right to a few individuals.

Then along comes 3.8.7 and I had found out we could grant "SuperUser" at the
*group* level so I did. Then just recently, wanted to do a test and the
person I wanted to do the test was a "SuperUser". Since that would defeat
the test, I removed the "SuperUser" right for that *individual*, but forgot
about that right having been granted for a group he was in. So when I looked
at his individual rights, he shouldn't have that right, yet he was creating
a ticket. So I finally woke up and used RightsMatrix and clicked the Y under
that right under "ALL" and lo and behold, the answer.

It is now corrected and it works fine.

The problem with the never-ending email loop is, of course, unrelated. We
think it has to do with the "Timeline" directory/code bumping into
"CommandByMail" directory/code in that Takeaction seems to keep repeating
it's rejection. We're going to remove TImeline and try again.

Thanks again for your time and effort.

Kenn
LBNL

On Thu, Apr 22, 2010 at 6:53 AM, Kevin Falcone <falcone at bestpractical.com>wrote:

> On Wed, Apr 21, 2010 at 01:39:04PM -0700, Kenneth Crocker wrote:
> >    1) Email from any RT User creates a ticket in a queue, EVEN when the
> right "CreateTicket" has
> >    NOT been applied to that User/group/role/Sys group for that Queue. It
> still gets in and
> >    becomes a ticket. I checked the rights on this VERY thoroughly.
>
> You must have a misconfiguration, setting up a vanilla 3.8.7 with a
> user who has no CreateTicket rights anywhere and injecting mail from
> that user gets
> not ok - Ticket creation failed: No permission to create tickets in
> the queue 'General'
> as a result.  This is because Auth::MailFrom will reject the user
> before CommandByMail gets to it
>
> >    2) Email from NON-RT Users and NON-LDAP Users gets sent back to the
> "from" address in a
> >    never-ending loop.
> >
> >    I know how to turn off the loop, by temporarily turning off
> "TakeAction:" from the Plugin and
> >    then bouncing RT.
> >
> >    The two questions I have are:
>
> It isn't clear to me why notifying the From: in your environment
> causes a loop
>
> -kevin
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20100422/a45ad6f1/attachment.htm>

More information about the rt-users mailing list