[rt-users] Request tracker perl acl

[johnathan.bell at baker.edu]

Sure! The trick, I found, was that you need to use "LoadSystemInternalGroup" for groups like "Everyone". This should be enough to get you there. The other part though, if you have multiple queues, is you'll have to also grant it to "Everyone" for every queue you have, I think... I haven't experimented with it that much because we want things a little locked down here, so try "global" first, and if that doesn't work, go queue by queue.

--snip--
    # RT working vars
    my $groupObj = new RT::Group($currentUser);
    my $queueObj = new RT::Queue($currentUser);

    # Load our RT queue (use one of the two indented snippets here)
        # For "Global" permissions, put $RT::System in the queue object.  
        ($status, $msg) = $queueObj = $RT::System;
        $status or die("Error loading \$RT::System: ".$msg."\n");
        
        # For semi-global permissions, you can use "General" for the queue name if you're not going global
        ($status, $msg) = $queueObj->Load($queueName);
        $status or die("Error loading RT queue \"$queueName\"");

    # Load the system internal group (use "everyone" for $groupname)
        ($status, $msg) = $groupObj->LoadSystemInternalGroup($groupName);
        $status or die("Error loading RT System group \"$groupName\"\nInput File line $line:\n> $_\n\nRT Error: ".$msg."\n");

    # Actually grant the right (Use "ReplyToTicket" or whatever for "$rightName"
    # And use "RevokeRight" if you want to revoke instead of grant)
    ($status, $msg) = $groupObj->PrincipalObj->GrantRight(
        Right => $rightName,
        Object => $queueObj);

    print $status ? "Granting right \"$rightName\" to group \"$groupName\" on queue \"$queueName\"\n"
        : "Group \"$groupName\" on queue \"$queueName\" already had right \"$rightName\"\n";
--/snip--

That should be good enough to get you started. Like I said, I'm not sure if you can just say "Everyone @ Global -> ReplyToTicket", but if you can, this should do it for you. If that ACL doesn't work, though, I'm not quite sure what to do for you.

Also, in case the snippet wrapped, I have it on pastebin at http://pastebin.com/cQxCMYsZ

Happy trails,
Johnathan

On Apr 14, 2011, at 3:45 PM, Sukhwinder Romana wrote:

> Hi Johnathan,
> 
> I came across your post on http://www.mail-archive.com/rt-users@lists.bestpractical.com/msg24131.html regarding perl api for setting global group rights. I'm having some issues with giving the Everyone group permissions to CreateTicket and ReplyToTicket globally. Do you happen to have a snippet of code that would work for this?
> 
> Thanks.

--
Johnathan Bell
Internet System Administrator, Baker College

Office Hours: 7A-4P Eastern, M-F