[rt-users] ModifyTicket/Steal/Take privileges

[Jon Baker]

I was able to sort of hack it into resetting the ownership if someone outside of the group attempts to change it.  I created a scrip on "Owner Change" with the following custom action:

my $GroupObj = RT::Group->new( $RT::SystemUser );
$GroupObj->LoadUserDefinedGroup( 'IT Admin' );
my $PrincipalObj = RT::Principal->new( $RT::SystemUser );
$PrincipalObj->Load( $self->TransactionObj->Creator );
  
if($GroupObj->HasMemberRecursively($PrincipalObj)) {
  # IT Admin is allowed to change the owner.
  return;
} else {
  if ($self->TransactionObj->Creator != 1) {
    # User 1 is the RT system, if we've recursed into here we don't want to do it again
    $self->TicketObj->SetOwner($self->TransactionObj->OldValue,'Force');
  }
}

Looks like that is doing the job.

> I am trying to set up a group in a queue that has the ability to change the status but not the owner; i.e. can't steal/take it (a different group is assigning tickets to them and they're not allowed to get out of it) but they need to be able to resolve their own tickets.
> 
> It seems to me that Steal and Take are subsets of ModifyTicket (i.e, if you have ModifyTicket you implicitly have Steal and Take) but I can't figure out how to separate ownership changes from status changes.  Is this possible?
> 
> Thanks -

-- 
Jon Baker
Systems Administrator
Church on the Move
1003 N 129th E Ave
Tulsa OK 74116
(918) 234-5656




CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to legal privilege.  If you are not the intended recipient of this message, you may not review, disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law.