Help: How do I restrict user access by queue?

Hello,

How do I restrict user access by queue? I’ve some users who only have
been granted rights in certain queues. And this limits their ‘RT at a
Glance’ view, such that they only can browse tickets in their particular
queues. However, the ‘10 newest unowned tickets’ section still shows
unowned tickets in other queues. In fact, it seems that any ticket that
is not owned or assigned to a particular queue is potentially visible to
these users. And if the user knows the number of a ticket - or can
compose a search query that returns a ticket in another queue, they have
the ability to view tickets that should otherwise be restricted.

I’m not afraid to dive under the hood if need be. I hope somebody has a
solution for me.

Thank you,
Leo C. Ureel II
REMC #1
Copper Country Intermediate School District

Leo C. Ureel II wrote:

Hello,

How do I restrict user access by queue? I’ve some users who only have
been granted rights in certain queues. And this limits their ‘RT at a
Glance’ view, such that they only can browse tickets in their
particular queues. However, the ‘10 newest unowned tickets’ section
still shows unowned tickets in other queues. In fact, it seems that
any ticket that is not owned or assigned to a particular queue is
potentially visible to these users. And if the user knows the number
of a ticket - or can compose a search query that returns a ticket in
another queue, they have the ability to view tickets that should
otherwise be restricted.

I’m not afraid to dive under the hood if need be. I hope somebody has
a solution for me.

This what you’re looking for…?

— share/html/Elements/MyRequests.orig Wed Feb 2 00:20:40 2005
+++ share/html/Elements/MyRequests Mon Sep 18 21:37:08 2006
@@ -58,8 +58,17 @@
</&>
<%init>
my $rows = $RT::MyRequestsLength;
+my $Queues = RT::Queues->new($session{‘CurrentUser’});
+$Queues->UnLimit();
+my $myQueues = “”;
+while (my $queue = $Queues->Next) {

  •   next unless ($queue->CurrentUserHasRight('ShowTicket'));
    
  •   $myQueues .= " OR Queue = '" . $queue->Name . "'";
    

+}
+$myQueues =~ s/^ OR //g;

-my $Query = “Owner = ‘Nobody’ AND ( Status = ‘new’ OR Status = ‘open’)”;
+my $Query = “Owner = ‘Nobody’ AND $myQueues AND ( Status = ‘new’ OR
Status = ‘open’)”;

my $QueryString = ‘?’ . $m->comp(’/Elements/QueryString’,
Query => $Query,

Leo C. Ureel II wrote:

Hello,

How do I restrict user access by queue? I’ve some users who only have
been granted rights in certain queues. And this limits their ‘RT at a
Glance’ view, such that they only can browse tickets in their
particular queues. However, the ‘10 newest unowned tickets’ section
still shows unowned tickets in other queues. In fact, it seems that
any ticket that is not owned or assigned to a particular queue is
potentially visible to these users. And if the user knows the number
of a ticket - or can compose a search query that returns a ticket in
another queue, they have the ability to view tickets that should
otherwise be restricted.

one question

how can you have a ticket that is not assigned to a queue, afaik all
tickets when opened/created belong to a queue, if your user only has
access to queue 2 then all tickets in queue 1 no matter their status
will not be visible to that user.

do you perhaps have a global setting that allows anybody to view
tickets/queues ?

eats the blues for breakfast,
does unix for rent,
plays harp for food,
will play the flute for kicks
rides for the freedom

www.up-south.com

Thank you. After rearranging the global group permissions, all is well.

-Leo

Chaim Rieger wrote: