[rt-users] Lockdown CC and AdminCC
mzagrabe at d.umn.edu
Mon Aug 24 17:00:43 EDT 2015
On Mon, Aug 24, 2015 at 3:55 PM, Bill Cole
<rtusers-20090205 at billmail.scconsult.com> wrote:
> On 24 Aug 2015, at 15:40, Matt Zagrabelny wrote:
>> On Mon, Aug 24, 2015 at 2:02 PM, Joseph D. Wagner
>> <joe at josephdwagner.info> wrote:
>>>> What do you mean by "without logins"? The email address needs
>>>> to correspond to a user that already exists on the system?
>>> Yes. Here's what happened. A privileged user entered an external email
>>> address into the CC field, which did not have an account. RT autocreated an
>>> account for that person, and it accepted that external email address on the
>>> CC field. I need to prevent that.
>>> How can I limit CC and AdminCC to email addresses that already have
>>> accounts? Either rejecting the ticket or silently failing to add the
>>> CC/AdminCC email address would be acceptable.
>> Use a callback.
>> Do you know what those are?
> Specifically: You can use the BeforeCreate callback to prevent accidental
> creation of . It is available in Ticket/Create.html,
> SelfService/Create.html, and m/ticket/create. It is NOT available for the
> "QuickCreate" widget, so users of that widget could add bogus Requestors at
For reference, BestPractical is not averse to accepting patches which
have new callback hooks. It would probably be a one-liner to add a
callback hook to the QuickCreate widget.
More information about the rt-users