If a user of RT 3.3/3.4 is not allowed to see the value
of certain custom fields, what keeps them from seeing
the value being set in the ticket history. Is a rights
check done for each transaction?
And yes, I’m too busy at the moment to look at the code
myself. 
BTW, Asset Tracker v0.1alpha is coming along nicely!
-Todd
A quick test in 3.3.12 suggests there’s nothing to prevent the user from
seeing the transaction in the ticket history.
Steve
At Thursday 12/2/2004 02:15 PM, Todd Chapman wrote:
If a user of RT 3.3/3.4 is not allowed to see the value
of certain custom fields, what keeps them from seeing
the value being set in the ticket history. Is a rights
check done for each transaction?And yes, I’m too busy at the moment to look at the code
myself.BTW, Asset Tracker v0.1alpha is coming along nicely!
-Todd
Rt-devel mailing list
Rt-devel@lists.bestpractical.com
The rt-devel Archives
Stephen Turner
Senior Programmer/Analyst - Client Support Services
Information Services and Technology (IS&T)
sturner@mit.edu
A quick test in 3.3.12 suggests there’s nothing to prevent the user from
seeing the transaction in the ticket history.
Yep. I expect to have this fixed today.
A quick test in 3.3.12 suggests there’s nothing to prevent the user from
seeing the transaction in the ticket history.
Revision 1953 fixes this issue. I’ve got a couple more things to go in
before the next point release, which I may try to make 3.4RC1.
