MyRequests apparent bug

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

I have (for argument’s sake) two queues: QA and QB.
I have two users: UA and UB who only have permissions on their
respective queue (no globals)

QA has 12 unowned tickets
QB has 1 unowned ticket.

Root can see 13 unowned tickets and is told there is 13.
UA can see 12 unowned tickets but is told there is 13.
UB can see 1 unowned ticket but is told there is 13.

UA’s MyRequests shows only 9 tickets as the 1 QB ticket is in the top 10
list.

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Same with the counting.

This is about to be a large problem for me as QB is about to go live and
will quickly get a pile of tickets. On average then we can assume that
both UA and UB will only see 5 tickets in MyRequests, but may see zero
at some times.

Is this a known bug? Is there a patch? I don’t understand enough of the
inner-inner-inner workings of RT to track this one down!

Cheers!
Rick

signature.asc (189 Bytes)

At Friday 3/4/2005 12:12 AM, Rick Measham wrote:

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Is this a known bug? Is there a patch? I don’t understand enough of the
inner-inner-inner workings of RT to track this one down!

Hello Rick,

I reported this issue for version 3.1.14 last July (rt bug #5832). I don’t
know the status of the bug report, rt3.fsck.com seems to be not responding.
Your analysis in the second paragraph above is correct.

I did send in the following patch (for 3.1.14), but I’m not sure it’s a
good idea - it loops through all the tickets and checks permissions for
each one until it finds 10 or reaches the end of the list - it seems like
it would be slow. We ended up removing the ticket listings from the home
page anyway, so I didn’t worry too much about this issue. Anyway, here’s
the patch - you can at least play with something similar and see if it works.

Steve

— share/html/Elements/TicketList Fri Mar 5 00:05:28 2004
+++ local/html/Elements/TicketList Thu Jul 8 14:53:28 2004
@@ -36,6 +36,7 @@
% while (my $record = $Collection->Next) {
% $i++;
<& .Row, Format => @Format, i => $i, record => $record &>
+% last if $i >= $Rows;
% }

% if ($ShowNavigation) { @@ -364,7 +365,6 @@

$Collection->OrderBy(FIELD => $OrderBy, ORDER => $Order);
-$Collection->RowsPerPage($Rows);
$Collection->GotoPage($Page-1); # SB uses page 0 as the first page
my $TotalFound = $Collection->CountAll();

Stephen Turner
Senior Programmer/Analyst - Client Support Services
MIT Information Services and Technology (IS&T)

sturner@mit.edu

At Friday 3/4/2005 12:12 AM, Rick Measham wrote:

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

At Friday 3/4/2005 12:12 AM, Rick Measham wrote:

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

How many sites have 100K non-closed tickets in their DB?

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

At Friday 3/4/2005 12:12 AM, Rick Measham wrote:

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

How many sites have 100K non-closed tickets in their DB?

100,000 was a number I pulled out of the air. Even a couple hundred
tickets would result in an unacceptable performance penalty.

What I was trying to say is “the solution will be worse than the
problem.” Sites can always change the queries displayed on the frontpage
to be something that works better locally.

At Friday 3/4/2005 12:12 AM, Rick Measham wrote:

MyRequests, MyTickets and I imagine a whole pile of other places in 3.22
seem to have a bug …

SO … it looks like we’re getting the top ten, then checking each for
permissions rather than checking permissions on all tickets and then
showing the top 10.

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

How many sites have 100K non-closed tickets in their DB?

100,000 was a number I pulled out of the air. Even a couple hundred
tickets would result in an unacceptable performance penalty.

What I was trying to say is “the solution will be worse than the
problem.” Sites can always change the queries displayed on the frontpage
to be something that works better locally.

Hmmm… are you not using subselects? It would seem – and I haven’t
looked at the query – that if the ACL join was only running on the
subselect, and the subselect wasn’t that large, that it wouldn’t be a
horrible impact.

You could hack it, too, by limiting the subselect to an arbitrary
number usually high enough to provide the ACL select with 10 results,
assuming that you can do LIMIT on both halves of a subselect.

Assuming it’s a subselect at all.

But you’re right, whether it’s worth doing at all is very sensitive to
your ticket universe. I guess someone for whom it’s painful enough
will find a solution. Isn’t open source great? :slight_smile:

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

  If you can read this... thank a system adminstrator.  Or two.  --me

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

Before I go ahead, please poke holes in this thought:

I can get a list of Queues for which CurrentUserHasRight(‘ShowTicket’).
I will then add limit the tickets returned in MyRequests to tickets from
these queues.

Am I missing something obvious here? Would there be a reason why a user
could see a queue but not a particular ticket in that queue? Would there
be a ticket he could see in a queue he could not see? If so would these
only be ultra-rare edge cases?

Cheers!
Rick

signature.asc (189 Bytes)

Right. So, asume there are 100,000 tickets in the database. The
performance issue alone makes it a no-go.

Before I go ahead, please poke holes in this thought:

I can get a list of Queues for which CurrentUserHasRight(‘ShowTicket’).
I will then add limit the tickets returned in MyRequests to tickets from
these queues.

What if the Requestors or AdminCcs have the right ShowTicket? That’s a
pretty standard case. And what about an RT instance with 50 queues. How
long can your SQL statement safely get?