RT::ACE example? (I think!)

I’m looking to write a small perl script to provision new queues. I tend
to make them all the same way:

Create a group for the users who can handle tickets in the queue
Create the queue, and make that group a watcher on it
We use the exim-mysql config, so the mail gateway is done by magic
Add the same set of rights for that group, and a few roles - Everyone
can Create, Requestor and Owner can reply.

I have got as far as a Queue created, and a Group created. I think I
need to create RT::ACE objects to add the appropriate rights. Is that
correct? I couldn’t find any examples of doing this… how are Everyone,
Owner and Requestor done? It seems that the PrincipalID would be id of
the group I’ve just created, right?

Thanks in advance for any illumination!

Howie

Hi,

Search for GrantRight and also look at “sub *right” in lib/RT/Test.pm.On Thu, Feb 24, 2011 at 10:39 PM, Howard Jones howie@thingy.com wrote:

I’m looking to write a small perl script to provision new queues. I tend
to make them all the same way:

Create a group for the users who can handle tickets in the queue
Create the queue, and make that group a watcher on it
We use the exim-mysql config, so the mail gateway is done by magic
Add the same set of rights for that group, and a few roles - Everyone
can Create, Requestor and Owner can reply.

I have got as far as a Queue created, and a Group created. I think I
need to create RT::ACE objects to add the appropriate rights. Is that
correct? I couldn’t find any examples of doing this… how are Everyone,
Owner and Requestor done? It seems that the PrincipalID would be id of
the group I’ve just created, right?

Thanks in advance for any illumination!

Howie

Best regards, Ruslan.

I’m looking to write a small perl script to provision new queues. I tend
to make them all the same way:

Create a group for the users who can handle tickets in the queue
Create the queue, and make that group a watcher on it
We use the exim-mysql config, so the mail gateway is done by magic
Add the same set of rights for that group, and a few roles - Everyone
can Create, Requestor and Owner can reply.

I have got as far as a Queue created, and a Group created. I think I
need to create RT::ACE objects to add the appropriate rights. Is that
correct? I couldn’t find any examples of doing this… how are Everyone,
Owner and Requestor done? It seems that the PrincipalID would be id of
the group I’ve just created, right?

Thanks to Ruslan for pointing me in the right direction, here’s what I
ended up with in case it’s useful to someone else. You’ll need to tweak
the perl and RT paths near the top, most likely.

This script will create a queue, create a new group, and give that group
(and some roles) a set of rights. The rights are in an easily editable
form near the top of the script. Just add appropriate users to the new
group to finish (assuming you have something in place to automate the
mailgate side of things). If the queue or group already exists, it will
use those, so you can also use it to ‘open’ an existing queue I guess.

e.g: ./create_queue.pl internalsupport internal@example.com InternalSupport

– snip –

#!/opt/perl/bin/perl

$queuename = $ARGV[0];
$email = $ARGV[1];
$groupname = $ARGV[2];

if ( $queuename eq “” || $email eq “” || $groupname eq “” ) {
print
"Usage: $0 queuename mailaddress groupname\n Creates a queue, a new
group, and assigns standard permissions for the queue.\n";
exit();
}

use lib qw(/opt/rt3/local/lib /opt/rt3/lib);

use RT;
use Date::Parse;
use Data::Dumper;

use RT::Interface::CLI qw(CleanEnv GetCurrentUser GetMessageContent loc);
use RT::Tickets;
use RT::Template;

QUEUEGROUP is a placeholder for the group name specified on the

command-line
%Permissions = (

'Everyone'  => ['CreateTicket'],
'Requestor' => [ 'OwnTicket', 'ReplyToTicket', 'ShowTicket' ],

'Owner'      => [ 'ReplyToTicket', 'ShowTicket' ],
'QUEUEGROUP' => [
    'CommentOnTicket',    'CreateTicket',
    'ForwardMessage',     'ModifyTicket',
    'OwnTicket',          'ReplyToTicket',
    'SeeCustomField',     'SeeQueue',
    'ShowOutgoingEmail',  'ShowTicket',
    'ShowTicketComments', 'TakeTicket'
],

);

#Clean out all the nasties from the environment
CleanEnv();

Load the config file

RT::LoadConfig();

#Connect to the database and get RT::SystemUser and RT::Nobody loaded
RT::Init();

print “\n\n\n”;

my $CurrentUser = RT::SystemUser;

unless ( $CurrentUser->Id ) {
print loc(“No RT user found. Please consult your RT administrator.\n”);
exit(1);
}

my $group = RT::Group->new($RT::SystemUser);
$res = $group->LoadUserDefinedGroup($groupname);

if ( $res eq “Found Object” ) {
print “Group $groupname already exists.\n”;
}
else {
print “Creating group $groupname\n”;

$groupid = $group->CreateUserDefinedGroup(
    Name        => $groupname,
    Description => "Users for $queuename queue",
);

}

my $queue = RT::Queue->new($RT::SystemUser);
$res = $queue->Load($queuename);

if ( $res eq “” ) {

print "Creating queue $queuename\n";

my ($queueid) = $queue->Create(
    Name              => $queuename,
    Description       => "Auto-created Queue",
    CorrespondAddress => $email,
    CommentAddress    => $email,
);

}
else {
print “Loaded existing queue $queuename\n”;
}

print “Seeding permissions for queue $queuename\n”;

foreach $role ( keys %Permissions ) {
print “------------------------\n”;

$realrole = $role;
if ( $role eq "QUEUEGROUP" ) {
    $realrole = $group;
}

foreach $right ( @{ $Permissions{$role} } ) {
    print "Granting $right to $role\n";

    add_right( $queue, $realrole, $right );
}

}

sub add_right {

my ( $queueobject, $principal, $right ) = @_;

unless ( ref $principal ) {
    if (   $principal eq "Everyone"
        || $principal eq "Privileged"
        || $principal eq "Unprivileged" )
    {
        $p         = $principal;
        $principal = RT::Group->new($RT::SystemUser);
        $principal->LoadSystemInternalGroup($p);

    }
    elsif ($principal eq "Owner"
        || $principal eq "Requestor"
        || $principal eq "AdminCc"
        || $principal eq "Cc" )
    {
        $p         = $principal;
        $principal = RT::Group->new($RT::SystemUser);
        $principal->LoadQueueRoleGroup(
            Queue => ( $queueobject->id ),
            Type  => $p
        );

    }
    else {
        die("Principal is not an object or a system group\n");
    }
}

unless ( $principal->isa('RT::Principal') ) {

    if ( $principal->can('PrincipalObj') ) {
        $principal = $principal->PrincipalObj;
    }

}

my ( $status, $msg ) =
  $principal->GrantRight( Object => $queueobject, Right => $right );

$RT::Logger->debug($msg);

}

So our $rtname is CA

When a ticket sits in our General Queue which we renames to Unassigned any
replies sent on those tickets use $Ticket which is CA # (ticket number)

When we move the ticket to our Desktop Queue and reply the subject changes to
Desktop # (ticket number)

Is there a way to have RT maintain the CA rather than changing to the quese
name.

Is there something I can use like $TicketID vs Ticket to get it just to use
the tucket number and I can put CA in manually in the templates?

Vance Walsh
Network and Systems Administrator
Concord Academy - Concord, Mass.

So our $rtname is CA

When a ticket sits in our General Queue which we renames to Unassigned
any replies sent on those tickets use $Ticket which is CA # (ticket number)

When we move the ticket to our Desktop Queue and reply the subject
changes to Desktop # (ticket number)

You don’t say what RT version you’re running, but that sounds like you
have a queue subject tag set for your Desktop queue. Check on the Queue
configuration page.

Thomas

Yes, you were correct and it is 3.8.8

Though when I remove the tag and select save changes it says it removed the
tag but it has not actually done so. When I return to that Queue it shows up
again.

Vance Walsh
Network and Systems Administrator
Concord Academy - Concord, Mass.

Yes, you were correct and it is 3.8.8

Though when I remove the tag and select save changes it says it removed
the tag but it has not actually done so. When I return to that Queue it
shows up again.

What you’re probably seeing is a caching bug we’ve fixed since 3.8.8. I
believe the fix will be in 3.8.10 (unfortunately it’s not in 3.8.9).

If you restart apache, you should see that the queue no longer has the
subject tag.

Thomas