Hiding users in ticket search

Our company policies require that a customer cannot see other customers
besides those who shares access to same queues he can watch.

Yet, users working for same company must be able to see tickets created 

by other employes of that company. The only way to achieve such
functionality is to make them ‘privileged’ users. As a downside of such
approach we have a situation where any user searching for a ticket can
see all other customers in ‘Owner is’ criteria drop-down list.

To make things a little more complicated, some users can have access to 

more than one queue.

I have found a proper way of fixing this situation by restricting the 

drop-down list to only those users who has ‘OwnTicket’ right in queues
accessible for CurrentUser. It works perfectly o.k. from the point of
view of ultimate result: only valid accounts are displayed.

But the code is way too slow be considered acceptable: it takes 10-18 

seconds to build the final list from approx. 30 queues and 80 users! Who
would ever want waiting so long every time a ticket search requested? Heh…

The code I've tried is shown below (never mind the naming conventions - 

this is for testing only). As one can see, two different fetching
techniques were tried giving the same timing.

The ultimate question is: can it be made faster?

=== cut ===
<%init>
my @users;

  my $stime = time;
  my $ql = RT::Queues->new($session{'CurrentUser'});
  $ql->LimitToEnabled;
  my @ql;
  while (my $q = $ql->Next) {
          push @ql, $q;
  }

  my %uall;
  foreach my $q (@ql) {
      print STDERR "Queue: ", $q->Name, "\n";
      my $ul = RT::Users->new($session{'CurrentUser'});
      $ul->WhoHaveRight(Object => $q, Right => 'OwnTicket',
                        IncludeSuperusers => 1,
                        IncludeSubgroupMembers => 1,
      );
  if (0) {
      my @qul = @{$ul->ItemsArrayRef};
      @uall{map {$_->Name} @qul} = @qul;
  } else {
      while (my $u = $ul->Next) {
          $uall{$u->Name} = $u;
      }
  }
  }
  @users = map {$uall{$_}} sort keys %uall;

  my $etime = time;
  print STDERR "4: ", $etime - $stime, "\n";

  </%init>

=== cut ===

		/Vadim Belman

Vadim Belman voland@lflat.org writes:

I have found a proper way of fixing this situation by
restricting the drop-down list to only those users who has 'OwnTicket’
right in queues accessible for CurrentUser. It works perfectly
o.k. from the point of view of ultimate result: only valid accounts
are displayed.

But the code is way too slow be considered acceptable: it
takes 10-18 seconds to build the final list from approx. 30 queues and
80 users! Who would ever want waiting so long every time a ticket
search requested? Heh…

you could also just replace it with a text input field. Not quite as
convient as a drop down, but faster.

seph

seph wrote:

I have found a proper way of fixing this situation by
restricting the drop-down list to only those users who has 'OwnTicket’
right in queues accessible for CurrentUser. It works perfectly
o.k. from the point of view of ultimate result: only valid accounts
are displayed.

But the code is way too slow be considered acceptable: it
takes 10-18 seconds to build the final list from approx. 30 queues and
80 users! Who would ever want waiting so long every time a ticket
search requested? Heh…

you could also just replace it with a text input field. Not quite as
convient as a drop down, but faster.

This means a customer must know all possible owner accounts which makes

the whole thing useless.

I have a hack in mind, but it's only applicable for us whereas common

solution would be useful for lots of people.

		/Vadim Belman