Perl Script to Add/Remove Privileged status

All,

Since I use AD groups to manage rights to queues in RT, (queues are all set
up with group rights, and the helpdesk can add/remove people to AD groups
w/o rights in RT). I needed to make sure that users that need to be
privileged are and ones that no longer (transferred to a department w/o a
queue) are not. So I wrote the below perl script it makes sure anyone with
the Own Ticket right on any queue and a list of exceptions are privileged.
I have it set to run once an hour. I am not the best with perl as I am
just learning it, however I hope this can help someone else.

April

#!/usr/bin/perl -w

use strict;

use warnings;

my @excludedUsers = (“root”); # Users who will keep privileged status

my @excludedGroups = (“RTAdmin”); # Groups of users who will get privileged
status without the own ticket right.

open (LogFile, ‘>>/var/log/request-tracker4/Privileged.log’);

use lib qw(/usr/local/share/request-tracker4/lib
/usr/share/request-tracker4/lib);

use RT;

use DateTime;

my $date = DateTime->now(time_zone=>‘local’);

Load the config – at compile-time, so we can adjust lib paths for plugin

packages

BEGIN { RT::LoadConfig(); }

RT::Init();

use RT::Queue;

print LogFile “********************************************\n”;

print LogFile $date->datetime()."\n";

print LogFile “********************************************\n”;

my $queues = RT::Queues->new(RT->SystemUser);

$queues->UnLimit;

my @privUsers;

while ( my $queue = $queues->Next ) {

my $Users = RT::Users->new(RT->SystemUser);

$Users->WhoHaveRight(

Right               => 'OwnTicket',

Object              => $queue,

IncludeSystemRights => 1,

IncludeSuperUsers   => 1,

);

while ( my $User = $Users->Next() ) {

if ( $User->Name ne "Nobody" ) {

  unless (grep { $User->Name eq $_ } @privUsers ) {

    $User->SetPrivileged(1);

    print LogFile "User, ".$User->Name.", set as privileged.\n";

    push @privUsers, $User->Name;

  }

}

}

}

foreach my $group (@excludedGroups) {

my $Groups = RT::Group->new(RT->SystemUser);

$Groups->LoadUserDefinedGroup( $group );

my $Users = RT::Users->new(RT->SystemUser);

$Users->MemberOfGroup( $Groups->id );

while ( my $User = $Users->Next() ) {

unless (grep { $User->Name eq $_ } @privUsers ) {

  $User->SetPrivileged(1);

  print LogFile "User, ".$User->Name.", set as privileged.\n";

  push @privUsers, $User->Name;

}

}

}

foreach my $name (@excludedUsers) {

push @privUsers, $name;

}

my $SuperUsers = RT::Users->new(RT->SystemUser);

$SuperUsers->LimitToPrivileged;

$SuperUsers->UnLimit;

while ( my $User = $SuperUsers->Next() ) {

unless (grep { User->Name eq _ } @privUsers ) {

$User->SetPrivileged(0);

print LogFile "User, ".$User->Name.", removed from privileged.\n";

}

}

close (LogFile);

exit;

[image: Yelp!]

April Rosenberg
e: aprilr@yelp.com t: 415.632.4020