Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
’(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can select
that ‘-’, then result is from ALL queues, and that’s not good.
How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he have
only one option, his/her own queue?
my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;
while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}
Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
‘(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.
How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?
OK…
I managed to fix this… And this would be nice change to orginal code (of
course “real” programmer would write it maybe little different way)
If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.
OK…
Have to search and test that… Strange thing is that Report is only place
where customer can see too many tickets (just a number, how many tickets there
is)…
Everywhere, where there is list of tickets, customer cannot see anything else
than his/her own queue.
BTW, this “rights” thing with multi layer rights is… Sometimes hard to
handle. ;-)> On Thu, Feb 11, 2010 at 12:43:37PM +0200, JJussi wrote:
OK…
I managed to fix this… And this would be nice change to orginal code
(of course “real” programmer would write it maybe little different way)
If a report is showing too many tickets, it means you’ve granted
ShowTicket too broadly. Preventing your users from selecting - in the
queue drop down is just masking over a permissions problem. All they
have to do is delete Queue=7 from the query string and they’ll still
be able to see all tickets.
-kevin
So I made copy of SelectQueue to ‘local/html/Elements’ and changed
that…
my $qu = new RT::Queues($session{‘CurrentUser’});
$qu->UnLimit;
while (my $quu = $qu->Next){
if ($quu->CurrentUserHasRight(‘SuperUser’)) {
$ShowNullOption = 1;
}
}
On Wednesday, 10. Februaryta 2010 11:34:11 you wrote:
Hi!
At report Tools > Reports > Created in a date range
user have “Queue” drop down, where there is two choises. ‘-’ and
‘(current)Queue’.
If user selects his/her queue, result is from that queue. BUT s/he can
select that ‘-’, then result is from ALL queues, and that’s not good.
How to prevent that user cannot see reports from all queues?
How to make so that everywhere where user can/should select queue, s/he
have only one option, his/her own queue?