[rt-users] Permission causes wrong search-results

Eierschmalz, Bernhard Bernhard.Eierschmalz at scheppach.com
Thu Jun 30 11:02:55 EDT 2016 

Hi,

I'm sorry but this doesn't work - Request tracker sais "wrong query" if I try to run the search with "'CF.{category}' exists"

Message is: Wrong query, expecting a OPERATOR in .... AND 'CF.{category}' >exists<--here'




-----Ursprüngliche Nachricht-----
Von: Martin Wheldon [mailto:martin.wheldon at greenhills-it.co.uk] 
Gesendet: Donnerstag, 30. Juni 2016 16:12
An: Eierschmalz, Bernhard
Cc: rt-users at lists.bestpractical.com
Betreff: Re: [rt-users] Permission causes wrong search-results

Hi,

IMO this is working correctly for the following reason, as far as the user is concerned the the custom field does not contain the specified value.

For this situation you would need somthing like:

Queue = 'General' AND Owner = 'Nobody' AND ('CF.{category}' exists AND 'CF.{category}' != 'one')

Best Regards

Martin

On 2016-06-30 10:39, Eierschmalz, Bernhard wrote:
> Hello,
> 
> I'm using RT 4.4.0
> 
> I found the following problem:
> 
> I have a custom field "category" with settings "select one value".
> There are 5 possible values.
> 
> I build a search for all tickets like the following
> 
> Queue = 'General' AND Owner = 'Nobody' AND 'CF.{category}' != 'one'
> 
> I found that the search results ignore the part CF.{category} != 'one'
> and shows all tickets, no matter which category.
> 
> I tested with CF.{category} = 'one' and this works - it shows all the 
> ticket with category 'one'
> 
> I used the same search with root-user, and it always works as expected
> - so I thought this would be a problem with permissions.
> 
> My default-user has the following permissions on this queue:
> 
> "general rights" à all
> 
> "Rights for Staff" à all but "delete tickets" and "forward messages 
> outside of RT"
> 
> "rights for Administrators" à no permissions
> 
> My next try was changing the permissions of the custom field.
> 
> I found out that, as soon as the user has the permission "General 
> rights" à "view custom fields" on the "category"-Custom field, the 
> search is working as expected.
> 
> So in short:
> 
> Search on the CF with = operator works always,
> 
> Search on the CF with != operator works only, if the user has "view 
> custom fields" permission on the custom field.
> 
> So I have a possible solution now, but I would like to understand how 
> this error occurs. Is this a bug or a feature?
> 
> Best regards
> 
> Bernhard
> ---------
> RT 4.4 and RTIR Training Sessions https://bestpractical.com/training
> * Los Angeles - September, 2016

More information about the rt-users mailing list