[rt-users] Queue owner see too much
JJussi
rt-users at jjussi.com
Thu Feb 11 14:02:46 EST 2010
On Thursday, 11. Februaryta 2010 17:06:42 Kevin Falcone wrote:
OK..
Have to search and test that.. Strange thing is that Report is only place
where customer can see too many tickets (just a number, how many tickets there
is)..
Everywhere, where there is list of tickets, customer cannot see anything else
than his/her own queue.
BTW, this "rights" thing with multi layer rights is... Sometimes hard to
handle. ;-)
> On Thu, Feb 11, 2010 at 12:43:37PM +0200, JJussi wrote:
> > OK..
> > I managed to fix this... And this would be nice change to orginal code
> > (of course "real" programmer would write it maybe little different way)
>
> If a report is showing too many tickets, it means you've granted
> ShowTicket too broadly. Preventing your users from selecting - in the
> queue drop down is just masking over a permissions problem. All they
> have to do is delete Queue=7 from the query string and they'll still
> be able to see all tickets.
>
> -kevin
>
> > So I made copy of SelectQueue to 'local/html/Elements' and changed
> > that...
> >
> > diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
> > 77c77
> > < $ShowNullOption => 1
> > ---
> >
> > > $ShowNullOption => undef
> >
> > 87a88,97
> >
> > > my $qu = new RT::Queues($session{'CurrentUser'});
> > > $qu->UnLimit;
> > >
> > > while (my $quu = $qu->Next){
> > > if ($quu->CurrentUserHasRight('SuperUser')) {
> > > $ShowNullOption = 1;
> > > }
> > > }
> >
> > On Wednesday, 10. Februaryta 2010 11:34:11 you wrote:
> > > Hi!
> > > At report Tools > Reports > Created in a date range
> > > user have "Queue" drop down, where there is two choises. '-' and
> > > '(current)Queue'.
> > > If user selects his/her queue, result is from that queue. BUT s/he can
> > > select that '-', then result is from ALL queues, and that's not good.
> > >
> > > How to prevent that user cannot see reports from all queues?
> > > How to make so that everywhere where user can/should select queue, s/he
> > > have only one option, his/her own queue?
>
--
JJussi
More information about the rt-users
mailing list