[rt-users] How unprivileged users could see all tickets in their queue?

Felix Defrance felix at d2france.fr
Thu Jan 5 09:26:59 EST 2017



Le 05/01/2017 à 12:22, Alex Hall a écrit :
> Martin's suggestion makes sense, but I thought Felix was trying to restrict user search, not ticket search? That is, he doesn't want users to be able to search (and thus view the names of) all users? It's quite early here, so my brain may still be muttled and I could be wrong. 
Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.

>
> Sent from my iPhone
>
>> On Jan 5, 2017, at 06:08, Martin Wheldon <martin.wheldon at greenhills-it.co.uk> wrote:
>>
>> Hi Félix,
>>
>> I've just tried to configure this on a RT 4.4.1 install using a custom role and it seems to work fine.
>> Here is the process I carried out.
>>
>> I've got 2 unprivileged users with a single queue, each being the owner of multiple tickets in that queue.
>> I created a new custom role, then assigned it to the queue. Next I added the users to the custom role. (Done on the queue, watchers tab)
>> The I added the SeeQueue and ShowTickets permissions to the custom role on the queue.
>>
>> Now when I login as either of the users I see all the tickets in that queue owner by those users.
In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue (as
elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx

>>
>> Hope that helps
>>
>> Best Regards
>>
>> Martin
>>
>>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>>>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>>>> Hi all,
>>>> I don't find how I could add ShowTickets or QueueList in
>>>> SelfService.
>>>> I want to allow my unprivileged users, grouped by company name, to
>>>> see all tickets in their queue.
>>>> The group rights on the queue is correctly defined and users could
>>>> access to the tickets by entring the ticket number in the "goto
>>>> Ticket" field (top right in SelfService).
>>>> I have tried to play with CustomRole but it's not working for me. So
>>>> anybody known how I can do it?
>>> SelfService filters ticket list to tickets the user is watcher on
>>> (requestor or Cc). This is hard coded in
>>> share/html/SelfService/Elements/MyRequests:
>>> my $id = $session{'CurrentUser'}->id;
>>> my $Query = "( Watcher.id = $id )";
>>> if ($status) {
>>>    $status =~ s/(['\\])/\\$1/g;
>>>    $Query .= " AND Status = '$status'";
>>> }
>>> so if you wan't to relax this to all tickets users have ShowTicket
>>> rights, you have to modify this query ;)
>>> But I strongly discourage (unless really needed) to setup an RT
>>> instance with one queue per customer, best to think queues per
>>> internal support team and play with customroles/groups or customfields
>>> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57





More information about the rt-users mailing list