Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
’(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can select
that ‘-’, then result is from ALL queues, and that’s not good.
How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he have
only one option, his/her own queue?
JJussi
OK…
I managed to fix this… And this would be nice change to orginal code (of
course “real” programmer would write it maybe little different way)
So I made copy of SelectQueue to ‘local/html/Elements’ and changed that…
diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
77c77
< $ShowNullOption => 1
$ShowNullOption => undef
87a88,97my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}
Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
‘(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?
JJussi
OK…
I managed to fix this… And this would be nice change to orginal code (of
course “real” programmer would write it maybe little different way)
If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.
-kevin
OK…
Have to search and test that… Strange thing is that Report is only place
where customer can see too many tickets (just a number, how many tickets there
is)…
Everywhere, where there is list of tickets, customer cannot see anything else
than his/her own queue.
BTW, this “rights” thing with multi layer rights is… Sometimes hard to
handle. ;-)> On Thu, Feb 11, 2010 at 12:43:37PM +0200, JJussi wrote:
OK…
I managed to fix this… And this would be nice change to orginal code
(of course “real” programmer would write it maybe little different way)If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.-kevin
So I made copy of SelectQueue to ‘local/html/Elements’ and changed
that…diff share/html/Elements/SelectQueue local/html/Elements/SelectQueue
77c77
< $ShowNullOption => 1$ShowNullOption => undef
87a88,97
my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}On Wednesday, 10. Februaryta 2010 11:34:11 you wrote:
Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
‘(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?
JJussi