I’m running RT 3.0.2 and have set some ‘unprivileged’ users up on my test
system. If I login as one of those users and get the ‘Self Service’ page I
am able to view any ticket (ie not just mine, and from a different Queue)
by entering a number for the Goto Ticket button. I’ve seen references to
this problem in the mailing list archive but not the solution…
Is it a matter of setting permissions differently? The alternative seems
to be to make all users ‘privileged’ which then gives me greater control on
what they can/cannot see but also presents loads of unusable options 
Ultimately I would like to have UserA unprivileged and able to enter
tickets to QueueA only, and UserB unprivileged and able to enter tickets to
QueueB only ie UserA can’t enter tickets to QueueB and vice versa.
Any thoughts?
Thanks,
Peter Watson
I’m running RT 3.0.2 and have set some ‘unprivileged’ users up on my test
system. If I login as one of those users and get the ‘Self Service’ page I
am able to view any ticket (ie not just mine, and from a different Queue)
by entering a number for the Goto Ticket button. I’ve seen references to
this problem in the mailing list archive but not the solution…
I had a similar problem, I didn’t want the unprivileged users from
getting at the other tickets, only ones they were a requestor of. The
Display.html in SelfService (as does the Display.html in Tickets) has a
condition I modified. Where it reads
unless ( $Ticket->CurrentUserHasRight(‘ShowTicket’) ) {
$m->comp( ‘Error.html’,
Why => loc(“No permission to display that ticket”) );
$m->abort();
}
to be instead
unless($Ticket->CurrentUserHasRight(‘ShowTicket’) &&
($session{‘CurrentUser’}->Privileged ||
$Ticket->IsRequestor($session{‘CurrentUser’}->PrincipalId)))
{
$m->comp(‘Error.html’, Why => loc(“No permission to view ticket”) );
$m->abort();
}
Now this modification prolly does more than you want, as only if the
user is privileged or they are a requestor does it let them view it
(that and they have the “Show Ticket” right which I granted Unprivileged
users for the Queue).
I’ve not seen the mailing list archive records of this problem and only
put this together and started using it in the last 24 hours, and it
appears to work fine.
Best Regards,
Chris Fewtrell chris@uk.clara.net
Chris Fewtrell wrote:
Now this modification prolly does more than you want, as only if the
user is privileged or they are a requestor does it let them view it
(that and they have the “Show Ticket” right which I granted Unprivileged
users for the Queue).
Why not instead grant Requestor the “Show Ticket” right? Seems kinda
weird to say that all Unprivileged users can Show Ticket if you’re only
going to hack the code to prevent exactly that…