Queue owner see too much

Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
’(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can select
that ‘-’, then result is from ALL queues, and that’s not good.

How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he have
only one option, his/her own queue?

JJussi

OK…
I managed to fix this… And this would be nice change to orginal code (of
course “real” programmer would write it maybe little different way)

So I made copy of SelectQueue to ‘local/html/Elements’ and changed that…

diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
77c77
< $ShowNullOption => 1

$ShowNullOption => undef
87a88,97

my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;

while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}

Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
’(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.

How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?

JJussi

OK…
I managed to fix this… And this would be nice change to orginal code (of
course “real” programmer would write it maybe little different way)

If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.

-kevin

OK…
Have to search and test that… Strange thing is that Report is only place
where customer can see too many tickets (just a number, how many tickets there
is)…
Everywhere, where there is list of tickets, customer cannot see anything else
than his/her own queue.

BTW, this “rights” thing with multi layer rights is… Sometimes hard to
handle. ;-)> On Thu, Feb 11, 2010 at 12:43:37PM +0200, JJussi wrote:

OK…
I managed to fix this… And this would be nice change to orginal code
(of course “real” programmer would write it maybe little different way)

If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.

-kevin

So I made copy of SelectQueue to ‘local/html/Elements’ and changed
that…

diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
77c77
< $ShowNullOption => 1

$ShowNullOption => undef

87a88,97

my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;

while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}

On Wednesday, 10. Februaryta 2010 11:34:11 you wrote:

Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
’(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.

How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?

JJussi