ACLs defined by extensions

I’m interested in additing some ACL checking functionality to
RTx::EmailCompletion[1] but there doesn’t seem to be any existing
ACL that corresponds to “view all users” (and in any case I’d want
a separate one for “view all LDAP users”). I’m not sure whether it’s
possible to easily define a new ACL in an extension without making
schema management a nightmare; does anyone have any thoughts on this?

Thanks,
Dominic.

[1] https://rt.cpan.org/Ticket/Display.html?id=50338

Dominic Hargreaves, Systems Development and Support Team
Computing Services, University of Oxford

I’m interested in additing some ACL checking functionality to
RTx::EmailCompletion[1] but there doesn’t seem to be any existing
ACL that corresponds to “view all users” (and in any case I’d want
a separate one for “view all LDAP users”). I’m not sure whether it’s
possible to easily define a new ACL in an extension without making
schema management a nightmare; does anyone have any thoughts on this?

New ACLs don’t have to change the DB schema.
You can inject new rights into the package %RIGHTS and
RT::ACE::LOWERCASERIGHTNAMES to make a new ACL available.

Depending on what you’re doing with user info, you may also need to
tweak User::Accessible

-kevin