Giving rights to Creator

Hi RT hackers,

I’m trying to give rights ShowTicket/ReplyToTicket rights to the ticket
creator.

For this I add a quick check in Principal::_HasRight, but there seems to
be somewhere (where??) a check that prevent me to get
$args{‘Object’}->Creator.

Seems accessing ->Creator run HasRight, but I do not understand where.

Any idea?

Hi Emmanuel;

I am guessing its rt-3.8.x ??
What have you done so far? I am guessing with HasRight sub you did
%args = @
;

Then I would suggest at the top of _HasRight above
{
my ($hit, @other) = $self->HasGroupRight( @ );

You intercept it and do:
if ( $args{Object}{’_Class’} eq ‘RT::Ticket’ and $args{Right} =~
/(ReplyTo|Show)Ticket/) {
return (1) if ($args{Object}->Creator == $self->CurrentUser->id)
}

Regards;
Roy

Emmanuel Lacour wrote:

Hi Emmanuel;

I am guessing its rt-3.8.x ??
What have you done so far? I am guessing with HasRight sub you did
%args = @
;

Then I would suggest at the top of _HasRight above
{
my ($hit, @other) = $self->HasGroupRight( @ );

You intercept it and do:
if ( $args{Object}{’_Class’} eq ‘RT::Ticket’ and $args{Right} =~
/(ReplyTo|Show)Ticket/) {
return (1) if ($args{Object}->Creator == $self->CurrentUser->id)
}

That’s about what I did (a little bit more complicate as I also handle
rights with customfields ;)). But If you try what you wrote above, you
will find that calling $args{Object}->Creator trigger an infinite loop…

You intercept it and do:
if ( $args{Object}{’_Class’} eq ‘RT::Ticket’ and $args{Right} =~
/(ReplyTo|Show)Ticket/) {
return (1) if ($args{Object}->Creator == $self->CurrentUser->id)
}

That’s about what I did (a little bit more complicate as I also handle
rights with customfields ;)). But If you try what you wrote above, you
will find that calling $args{Object}->Creator trigger an infinite loop…

I have n’t tried the $args{Object}->Creator myself I was just guessing,
however I have come across an infinite loop within _HasRight while
trying other Rights manupilation.
I have posted to this very same list about this early this month.
Is $UseSQLForACLChecks set ?? I noticed when this is set , all kind of
problems popup when you try to modify Rights ??

Possibly something else you can try is ($args{Object}->CreatorObj->Id)
and by the way you need to make sure you are dealing with a Ticket Obj .

Can you post the working solution when you get there.

Roy

I have n’t tried the $args{Object}->Creator myself I was just guessing,
however I have come across an infinite loop within _HasRight while
trying other Rights manupilation.
I have posted to this very same list about this early this month.
Is $UseSQLForACLChecks set ?? I noticed when this is set , all kind of
problems popup when you try to modify Rights ??

I do not use UseSQLForACLChecks on this RT.

Possibly something else you can try is ($args{Object}->CreatorObj->Id)
and by the way you need to make sure you are dealing with a Ticket Obj .

I tried $args{Object}->CreatorObj->Id, this doesn’t trigger the loop,
but this doesn’t return the creator Id.

Can you post the working solution when you get there.

sure :slight_smile:

Possibly something else you can try is ($args{Object}->CreatorObj->Id)
and by the way you need to make sure you are dealing with a Ticket Obj .

I tried $args{Object}->CreatorObj->Id, this doesn’t trigger the loop,
but this doesn’t return the creator Id.

I’ve not gone and examined the code in question, but does
$args{Object}->__Value(‘Creator’) work for you? It is evil and
bypasses all ACLs, but may be the only way to do what you want.

-kevin

Possibly something else you can try is ($args{Object}->CreatorObj->Id)
and by the way you need to make sure you are dealing with a Ticket Obj .

I tried $args{Object}->CreatorObj->Id, this doesn’t trigger the loop,
but this doesn’t return the creator Id.

I’ve not gone and examined the code in question, but does
$args{Object}->__Value(‘Creator’) work for you? It is evil and
bypasses all ACLs, but may be the only way to do what you want.

And this is the only way to get value protected by ACLs inside ACLs checker :slight_smile:

Best regards, Ruslan.

Possibly something else you can try is ($args{Object}->CreatorObj->Id)
and by the way you need to make sure you are dealing with a Ticket Obj .

I tried $args{Object}->CreatorObj->Id, this doesn’t trigger the loop,
but this doesn’t return the creator Id.

I’ve not gone and examined the code in question, but does
$args{Object}->__Value(‘Creator’) work for you? It is evil and
bypasses all ACLs, but may be the only way to do what you want.

It works fine, thanks Kevin :slight_smile: