I’ve just been trying to track down a “Permission Denied” error when extracting articles from tickets for staff users that aren’t admins. I’ve sorted it (it turns out that the user needs the ModifyTicket rights on the ticket that is being extracted, so that the AddLink() function works, which means our users couldn’t generate articles from tickets they could see in some queues but not change), but it would have been so much easier if the error when trying to create the extracted article was a bit more descriptive than just “Permission Denied”. There’s a lot of places that “Permission Denied” can come from after all.
The way I tracked it down in the end was to alter all the “Permission Denied” errors in a local copy of the Perl modules that are called during article creation and appending the right that was being denied to the error string. Thus eventually I got “Permission Denied : Missing ModifyTicket” which let me home in on the problem. Now some may worry that this gives away too much information on the rights security, but if that was the case it could just be turned on/off with a config setting, or generate a server log entry. Either way it would still make debugging this sort of thing easier.
Would that be a useful feature for others? Opinions? Or am I the only person this dopey?