[rt-users] Perl Script to Add/Remove Privileged status
April Rosenberg
aprilr at yelp.com
Fri Dec 7 15:42:15 EST 2012
All,
Since I use AD groups to manage rights to queues in RT, (queues are all set
up with group rights, and the helpdesk can add/remove people to AD groups
w/o rights in RT). I needed to make sure that users that need to be
privileged are and ones that no longer (transferred to a department w/o a
queue) are not. So I wrote the below perl script it makes sure anyone with
the Own Ticket right on any queue and a list of exceptions are privileged.
I have it set to run once an hour. I am not the best with perl as I am
just learning it, however I hope this can help someone else.
April
#!/usr/bin/perl -w
use strict;
use warnings;
my @excludedUsers = ("root"); # Users who will keep privileged status
my @excludedGroups = ("RTAdmin"); # Groups of users who will get privileged
status without the own ticket right.
open (LogFile, '>>/var/log/request-tracker4/Privileged.log');
use lib qw(/usr/local/share/request-tracker4/lib
/usr/share/request-tracker4/lib);
use RT;
use DateTime;
my $date = DateTime->now(time_zone=>'local');
# Load the config -- at compile-time, so we can adjust lib paths for plugin
packages
BEGIN { RT::LoadConfig(); }
RT::Init();
use RT::Queue;
print LogFile "********************************************\n";
print LogFile $date->datetime()."\n";
print LogFile "********************************************\n";
my $queues = RT::Queues->new(RT->SystemUser);
$queues->UnLimit;
my @privUsers;
while ( my $queue = $queues->Next ) {
my $Users = RT::Users->new(RT->SystemUser);
$Users->WhoHaveRight(
Right => 'OwnTicket',
Object => $queue,
IncludeSystemRights => 1,
IncludeSuperUsers => 1,
);
while ( my $User = $Users->Next() ) {
if ( $User->Name ne "Nobody" ) {
unless (grep { $User->Name eq $_ } @privUsers ) {
$User->SetPrivileged(1);
print LogFile "User, ".$User->Name.", set as privileged.\n";
push @privUsers, $User->Name;
}
}
}
}
foreach my $group (@excludedGroups) {
my $Groups = RT::Group->new(RT->SystemUser);
$Groups->LoadUserDefinedGroup( $group );
my $Users = RT::Users->new(RT->SystemUser);
$Users->MemberOfGroup( $Groups->id );
while ( my $User = $Users->Next() ) {
unless (grep { $User->Name eq $_ } @privUsers ) {
$User->SetPrivileged(1);
print LogFile "User, ".$User->Name.", set as privileged.\n";
push @privUsers, $User->Name;
}
}
}
foreach my $name (@excludedUsers) {
push @privUsers, $name;
}
my $SuperUsers = RT::Users->new(RT->SystemUser);
$SuperUsers->LimitToPrivileged;
$SuperUsers->UnLimit;
while ( my $User = $SuperUsers->Next() ) {
unless (grep { $User->Name eq $_ } @privUsers ) {
$User->SetPrivileged(0);
print LogFile "User, ".$User->Name.", removed from privileged.\n";
}
}
close (LogFile);
exit;
[image: Yelp!]
*April Rosenberg*
*e:* aprilr at yelp.com *t:* 415.632.4020
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121207/46fca795/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1358 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121207/46fca795/attachment.gif>
More information about the rt-users
mailing list