[rt-users] Limiting the information unprivileged users are able to see via the webinterface

[Lars Braeuer]

Hello Joop,

thanks a lot for this hint. This really saved my day. :)

Actually, I finally achieved what I wanted to do with the following (in case someone else is looking
for this):

<%init>
return if $session{'CurrentUser'}->Privileged;
my $myskip=1;

if ( $Transaction->Type =~ /^(Correspond|Create)$/ ) {
        $myskip = 0;
}
$$skip=$myskip;

</%init>

<%args>
$Transaction => undef
$skip
</%args>


This skips everything but Correspond and the initial Create message.

Also thanks to Thomas about the "return" hint.

Best regards,

Lars


Am 28.09.2011 17:08, schrieb Joop:
> Lars Braeuer wrote:
>> Hello,
>>
>> is there a way in RT 4.x to reduce the information an unprivileged user can see when he's accessing
>> his tickets via the RT webinterface?
>>   
> Yes, use Callbacks to skip the transactions you don't want.
> The Callback you want to add is:
> /opt/rt3/local/html/Callbacks/mococo/Ticket/Elements/ShowHistory/SkipTransaction
> with SkipTransaction having something like:
> <%init>
> my $myskip=0;
> 
> if ( $Transaction->Type =~ /^(Set|Told)$/ ) {
>    if ( $Transaction->Field =~ /^(TimeWorked|Told|Starts|Started|Due)$/ ) {
>        $myskip = 1;
>    }
>    else {
>        $myskip = 0;
>    }
> }
> $$skip=$myskip;
> 
> </%init>
> 
> <%args>
> $Transaction => undef
> $skip
> </%args>
> Which skips the TimeWorked,Told,Starts,Started,Due transactions.
> You might want to consider modifying other files in SelfService to not show the user who worked on
> it but to show for example  'helpdesk'.
> 
> Greetings,
> 
> Joop
> 
> 
> --------
> RT Training Sessions (http://bestpractical.com/services/training.html)
> *  Chicago, IL, USA  September 26 & 27, 2011
> *  San Francisco, CA, USA  October 18 & 19, 2011
> *  Washington DC, USA  October 31 & November 1, 2011
> *  Melbourne VIC, Australia  November 28 & 29, 2011
> *  Barcelona, Spain  November 28 & 29, 2011