I’m interested in additing some ACL checking functionality to
RTx::EmailCompletion[1] but there doesn’t seem to be any existing
ACL that corresponds to “view all users” (and in any case I’d want
a separate one for “view all LDAP users”). I’m not sure whether it’s
possible to easily define a new ACL in an extension without making
schema management a nightmare; does anyone have any thoughts on this?
Thanks,
Dominic.
[1] Bug #50338 for RTx-EmailCompletion: Should have better ACLs
Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford
I’m interested in additing some ACL checking functionality to
RTx::EmailCompletion[1] but there doesn’t seem to be any existing
ACL that corresponds to “view all users” (and in any case I’d want
a separate one for “view all LDAP users”). I’m not sure whether it’s
possible to easily define a new ACL in an extension without making
schema management a nightmare; does anyone have any thoughts on this?
New ACLs don’t have to change the DB schema.
You can inject new rights into the package %RIGHTS and
RT::ACE::LOWERCASERIGHTNAMES to make a new ACL available.
Depending on what you’re doing with user info, you may also need to
tweak User::Accessible
-kevin