[rt-users] Perl Script to Add/Remove Privileged status

April Rosenberg aprilr at yelp.com
Fri Dec 7 15:42:15 EST 2012


All,



Since I use AD groups to manage rights to queues in RT, (queues are all set
up with group rights, and the helpdesk can add/remove people to AD groups
w/o rights in RT).  I needed to make sure that users that need to be
privileged are and ones that no longer (transferred to a department w/o a
queue) are not.  So I wrote the below perl script it makes sure anyone with
the Own Ticket right on any queue and a list of exceptions are privileged.
I have it set to run once an hour.  I am not the best with perl as I am
just learning it, however I hope this can help someone else.



April



#!/usr/bin/perl -w

use strict;

use warnings;



my @excludedUsers = ("root");  # Users who will keep privileged status

my @excludedGroups = ("RTAdmin"); # Groups of users who will get privileged
status without the own ticket right.



open (LogFile, '>>/var/log/request-tracker4/Privileged.log');



use lib qw(/usr/local/share/request-tracker4/lib
/usr/share/request-tracker4/lib);

use RT;

use DateTime;



my $date = DateTime->now(time_zone=>'local');



# Load the config -- at compile-time, so we can adjust lib paths for plugin
packages



BEGIN { RT::LoadConfig(); }



RT::Init();

use RT::Queue;



print LogFile "********************************************\n";

print LogFile $date->datetime()."\n";

print LogFile "********************************************\n";

my $queues = RT::Queues->new(RT->SystemUser);

$queues->UnLimit;

my @privUsers;

while ( my $queue = $queues->Next ) {

  my $Users = RT::Users->new(RT->SystemUser);

  $Users->WhoHaveRight(

    Right               => 'OwnTicket',

    Object              => $queue,

    IncludeSystemRights => 1,

    IncludeSuperUsers   => 1,

  );

  while ( my $User = $Users->Next() ) {

    if ( $User->Name ne "Nobody" ) {

      unless (grep { $User->Name eq $_ } @privUsers ) {

        $User->SetPrivileged(1);

        print LogFile "User, ".$User->Name.", set as privileged.\n";

        push @privUsers, $User->Name;

      }

    }

  }

}

foreach my $group (@excludedGroups) {

  my $Groups = RT::Group->new(RT->SystemUser);

  $Groups->LoadUserDefinedGroup( $group );

  my $Users = RT::Users->new(RT->SystemUser);

  $Users->MemberOfGroup( $Groups->id );

  while ( my $User = $Users->Next() ) {

    unless (grep { $User->Name eq $_ } @privUsers ) {

      $User->SetPrivileged(1);

      print LogFile "User, ".$User->Name.", set as privileged.\n";

      push @privUsers, $User->Name;

    }

  }

}

foreach my $name (@excludedUsers) {

  push @privUsers, $name;

}

my $SuperUsers = RT::Users->new(RT->SystemUser);

$SuperUsers->LimitToPrivileged;

$SuperUsers->UnLimit;

while ( my $User = $SuperUsers->Next() ) {

  unless (grep { $User->Name eq $_ } @privUsers ) {

    $User->SetPrivileged(0);

    print LogFile "User, ".$User->Name.", removed from privileged.\n";

  }

}



close (LogFile);

exit;





[image: Yelp!]

*April Rosenberg*
*e:*  aprilr at yelp.com  *t:*  415.632.4020
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121207/46fca795/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1358 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20121207/46fca795/attachment.gif>


More information about the rt-users mailing list