[rt-users] Request tracker perl acl
johnathan.bell at baker.edu
johnathan.bell at baker.edu
Fri Apr 15 08:46:29 EDT 2011
Sure! The trick, I found, was that you need to use "LoadSystemInternalGroup" for groups like "Everyone". This should be enough to get you there. The other part though, if you have multiple queues, is you'll have to also grant it to "Everyone" for every queue you have, I think... I haven't experimented with it that much because we want things a little locked down here, so try "global" first, and if that doesn't work, go queue by queue.
--snip--
# RT working vars
my $groupObj = new RT::Group($currentUser);
my $queueObj = new RT::Queue($currentUser);
# Load our RT queue (use one of the two indented snippets here)
# For "Global" permissions, put $RT::System in the queue object.
($status, $msg) = $queueObj = $RT::System;
$status or die("Error loading \$RT::System: ".$msg."\n");
# For semi-global permissions, you can use "General" for the queue name if you're not going global
($status, $msg) = $queueObj->Load($queueName);
$status or die("Error loading RT queue \"$queueName\"");
# Load the system internal group (use "everyone" for $groupname)
($status, $msg) = $groupObj->LoadSystemInternalGroup($groupName);
$status or die("Error loading RT System group \"$groupName\"\nInput File line $line:\n> $_\n\nRT Error: ".$msg."\n");
# Actually grant the right (Use "ReplyToTicket" or whatever for "$rightName"
# And use "RevokeRight" if you want to revoke instead of grant)
($status, $msg) = $groupObj->PrincipalObj->GrantRight(
Right => $rightName,
Object => $queueObj);
print $status ? "Granting right \"$rightName\" to group \"$groupName\" on queue \"$queueName\"\n"
: "Group \"$groupName\" on queue \"$queueName\" already had right \"$rightName\"\n";
--/snip--
That should be good enough to get you started. Like I said, I'm not sure if you can just say "Everyone @ Global -> ReplyToTicket", but if you can, this should do it for you. If that ACL doesn't work, though, I'm not quite sure what to do for you.
Also, in case the snippet wrapped, I have it on pastebin at http://pastebin.com/cQxCMYsZ
Happy trails,
Johnathan
On Apr 14, 2011, at 3:45 PM, Sukhwinder Romana wrote:
> Hi Johnathan,
>
> I came across your post on http://www.mail-archive.com/rt-users@lists.bestpractical.com/msg24131.html regarding perl api for setting global group rights. I'm having some issues with giving the Everyone group permissions to CreateTicket and ReplyToTicket globally. Do you happen to have a snippet of code that would work for this?
>
> Thanks.
--
Johnathan Bell
Internet System Administrator, Baker College
Office Hours: 7A-4P Eastern, M-F
More information about the rt-users
mailing list