ModifySelf right produces "Permission Denied"

Hi All,

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

Can anyone else reproduce this with their setup?

Ian,-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me a
"Permission Denied" error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

I get the same error also.-----Original Message-----
From: rt-devel-bounces@lists.bestpractical.com rt-devel-bounces@lists.bestpractical.com
To: rt-devel@lists.bestpractical.com rt-devel@lists.bestpractical.com
Sent: Tue Mar 15 07:17:19 2005
Subject: [Rt-devel] ModifySelf right produces “Permission Denied”

Hi All,

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

Can anyone else reproduce this with their setup?

Ian,

-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me a
"Permission Denied" error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

CONFIDENTIALITY NOTICE: The information contained in this message and
or attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

Are you also using Postgres or are you using MySQL?-----Original Message-----
From: Mai Le [mailto:mle@Niku.com]
Sent: 15 March 2005 15:53
To: Norton, Ian; rt-devel@lists.bestpractical.com
Subject: Re: [Rt-devel] ModifySelf right produces “Permission Denied”

I get the same error also.

-----Original Message-----
From: rt-devel-bounces@lists.bestpractical.com
rt-devel-bounces@lists.bestpractical.com
To: rt-devel@lists.bestpractical.com rt-devel@lists.bestpractical.com
Sent: Tue Mar 15 07:17:19 2005
Subject: [Rt-devel] ModifySelf right produces “Permission Denied”

Hi All,

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

Can anyone else reproduce this with their setup?

Ian,

-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me a
"Permission Denied" error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

CONFIDENTIALITY NOTICE: The information contained in this message and or
attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

I’m using MySQL 4.0.23 innoDB-----Original Message-----
From: Norton, Ian [mailto:i.norton@lancaster.ac.uk]
Sent: Tuesday, March 15, 2005 8:58 AM
To: Mai Le; rt-devel@lists.bestpractical.com
Subject: RE: [Rt-devel] ModifySelf right produces “Permission Denied”

Are you also using Postgres or are you using MySQL?

-----Original Message-----
From: Mai Le [mailto:mle@Niku.com]
Sent: 15 March 2005 15:53
To: Norton, Ian; rt-devel@lists.bestpractical.com
Subject: Re: [Rt-devel] ModifySelf right produces “Permission Denied”

I get the same error also.

-----Original Message-----
From: rt-devel-bounces@lists.bestpractical.com
rt-devel-bounces@lists.bestpractical.com
To: rt-devel@lists.bestpractical.com rt-devel@lists.bestpractical.com
Sent: Tue Mar 15 07:17:19 2005
Subject: [Rt-devel] ModifySelf right produces “Permission Denied”

Hi All,

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

Can anyone else reproduce this with their setup?

Ian,

-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me a
"Permission Denied" error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

CONFIDENTIALITY NOTICE: The information contained in this message and or
attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

CONFIDENTIALITY NOTICE: The information contained in this message and
or attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

Well, at least that rules that out.

Thanks!-----Original Message-----
From: Mai Le [mailto:mle@Niku.com]
Sent: 15 March 2005 16:59
To: Norton, Ian; rt-devel@lists.bestpractical.com
Subject: RE: [Rt-devel] ModifySelf right produces “Permission Denied”

I’m using MySQL 4.0.23 innoDB

-----Original Message-----
From: Norton, Ian [mailto:i.norton@lancaster.ac.uk]
Sent: Tuesday, March 15, 2005 8:58 AM
To: Mai Le; rt-devel@lists.bestpractical.com
Subject: RE: [Rt-devel] ModifySelf right produces “Permission Denied”

Are you also using Postgres or are you using MySQL?

-----Original Message-----
From: Mai Le [mailto:mle@Niku.com]
Sent: 15 March 2005 15:53
To: Norton, Ian; rt-devel@lists.bestpractical.com
Subject: Re: [Rt-devel] ModifySelf right produces “Permission Denied”

I get the same error also.

-----Original Message-----
From: rt-devel-bounces@lists.bestpractical.com
rt-devel-bounces@lists.bestpractical.com
To: rt-devel@lists.bestpractical.com rt-devel@lists.bestpractical.com
Sent: Tue Mar 15 07:17:19 2005
Subject: [Rt-devel] ModifySelf right produces “Permission Denied”

Hi All,

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

Can anyone else reproduce this with their setup?

Ian,

-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me a
"Permission Denied" error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

CONFIDENTIALITY NOTICE: The information contained in this message and or
attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

CONFIDENTIALITY NOTICE: The information contained in this message and or
attachments is intended only for the person or entity to which it is
addressed and may contain confidential and/or privileged material. Any
review, retransmission, dissemination, copying, or other use of this
information by persons or entities other than the intended recipient is
prohibited. If you received this e-mail or its attachments in error,
please contact the sender and delete the material from any system and
destroy any copies.

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.
You’re right – this is a bug. I’ve got a patch (attached, against
3.4.2), but I’m not sure it’s the right patch. In any case, I’ve bcc’d
rt-bugs@fsck.com

  • Alex

user-updates.patch (942 Bytes)

Alex,

Thanks for the patch - that’s fixed it.

Ian.From: chmrr@zoq-fot-pik.mit.edu [mailto:chmrr@zoq-fot-pik.mit.edu] On
Behalf Of Alex Vandiver
Sent: 15 March 2005 22:43
To: Norton, Ian
Cc: rt-devel@lists.bestpractical.com
Subject: Re: [Rt-devel] ModifySelf right produces “Permission Denied”

My apologies for posting this here in addition to rt-users, but I’m
beginning to be pretty convinced that this is a bug rather than a
configuration problem.

You’re right – this is a bug. I’ve got a patch (attached, against
3.4.2), but I’m not sure it’s the right patch. In any case, I’ve bcc’d
rt-bugs@fsck.com

  • Alex

-------- Original Message --------
Subject: ModifySelf right produces "Permission Denied"
Date: Mon, 14 Mar 2005 14:41:09 +0000
From: Ian Norton i.norton@lancaster.ac.uk
To: rt-users@lists.bestpractical.com

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences
page and the database gets updated. The problem is that it gives me a

“Permission Denied” error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,

it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is

granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do
it with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck
tracking this one down :frowning:

Thanks, Ian.

Ian Norton
Mail & Systems Support
University of Lancaster


Rt-devel mailing list
Rt-devel@lists.bestpractical.com
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-devel

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences page
and the database gets updated. The problem is that it gives me an
access denied error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from Everyone,
it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone is
granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do it
with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck tracking
this one down :frowning:

Thanks, Ian.
Ian Norton
Mail & Systems Support
University of Lancaster

Was there ever an answer for this? I have the same problem, though I
have noticed that modifying “Organization” is denied.

Joby Walker
C&C Computer Operations Software Support Group

Ian Norton wrote:

I believe I have found the source of the problem in:

lib/RT/User_Overlay.pm: sub _Set

at the end of the method is (I removed the _NewTransaction parameter:

 my ($ret, $msg) = $self->SUPER::_Set( Field => $args{'Field'},
                                       Value => $args{'Value'} );

 if ( $args{'RecordTransaction'} == 1 ) {
     my ( $Trans, $Msg, $TransObj ) = $self->_NewTransaction(...)
     return ( $Trans, scalar $TransObj->Description );
 }
 else {
     return ( $ret, $msg );
 }

The “Permission Denied” error is not from setting the attribute that is
$msg which is “The new value has been set”, but from the “scalar
$TransObj->Description” – because the acting user doesn’t have
permission to run that method of the Transaction Object.

Joby Walker
C&C Computer Operations Software Support Group

Joby Walker wrote:

Hi Joby,

I was sent a patch for this by Alex Vandiver via the rt-devel list.
Seems to be something to do with the permissions validation that should
only apply to tickets and not to other objects.

Regards, Ian.From: Joby Walker [mailto:joby@u.washington.edu]
Sent: 08 April 2005 01:31
To: Joby Walker
Cc: Norton, Ian; rt-users@lists.bestpractical.com
Subject: Re: [rt-users] ModifySelf right produces “Permission Denied”

I believe I have found the source of the problem in:

lib/RT/User_Overlay.pm: sub _Set

at the end of the method is (I removed the _NewTransaction parameter:

 my ($ret, $msg) = $self->SUPER::_Set( Field => $args{'Field'},
                                       Value => $args{'Value'} );

 if ( $args{'RecordTransaction'} == 1 ) {
     my ( $Trans, $Msg, $TransObj ) = $self->_NewTransaction(...)
     return ( $Trans, scalar $TransObj->Description );
 }
 else {
     return ( $ret, $msg );
 }

The “Permission Denied” error is not from setting the attribute that is
$msg which is “The new value has been set”, but from the “scalar
$TransObj->Description” – because the acting user doesn’t have
permission to run that method of the Transaction Object.

Joby Walker
C&C Computer Operations Software Support Group

Joby Walker wrote:

Was there ever an answer for this? I have the same problem, though I
have noticed that modifying “Organization” is denied.

Joby Walker
C&C Computer Operations Software Support Group

Ian Norton wrote:

Hi all,

I’ve granted the ModifySelf right to System group Everyone and I’m
getting some odd behaviour.

I can change my password and all my details within the preferences
page and the database gets updated. The problem is that it gives me
an access denied error, even though it has succeeded.

If I grant the right explicitly to a user and remove it from
Everyone, it still gives the same problem.

I’m seeing a similar problem with personal groups, in that everyone
is granted AdminOwnPersonalGroups which they can do, but there’s a
Permission Denied error - even though the edits happen.

I’ve enabled debugging in my RT_SiteConfig.pm but it’s not showing
anything unusual:

[Mon Mar 14 14:30:54 2005] [debug]: About to think about scrips for
transaction #6335
(/usr/local/packages/rt-3.4.1/lib/RT/Transaction_Overlay.pm:154)

I’m using RT 3.4.1 on Fedora Core 3 with Postgres 7.4.7.
DBD::Pg is version 1.31
DBIx::SearchBuilder is version 1.22

The only time I don’t get errors on updating users details is if I do

it with a SuperUser enabled account.

Any suggestions gratefully received as I’m not having any luck
tracking this one down :frowning:

Thanks, Ian.

Ian Norton
Mail & Systems Support
University of Lancaster


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Administrator and Developer training is coming to your town soon!
(Boston, San Francisco, Austin, Sydney) Contact
training@bestpractical.com for details.

Be sure to check out the RT Wiki at http://wiki.bestpractical.com


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

RT Administrator and Developer training is coming to your town soon!
(Boston, San Francisco, Austin, Sydney) Contact
training@bestpractical.com for details.

Be sure to check out the RT Wiki at http://wiki.bestpractical.com

user-updates.patch (942 Bytes)

I was sent a patch for this by Alex Vandiver via the rt-devel list. [snip]
Apologies for not seeing this thread earlier and chiming in. For
reference, a variant of the patch was checked in and will be in 3.4.2.

  • Alex