Upgrade 2.0.4 -> 2.0.8 and user rights

Hello everybody,

Since the upgrade from 2.0.4 to 2.0.8 I have a new “change status from
open to open” transaction created for each correspondance sent by a
requestor, and this for EVERY ticket.

After some debugging, I see that the piece of code that reopens a ticket
when it’s not “open” or “new”, call the method “$self->Status”, but
debugging this method shows me that a check is done on the right
"ShowTicket":

$ = RT::ticket::CurrentUserHasRight(ref(RT::Ticket), ‘ShowTicket’)
called from file /opt/rt2/lib/RT/Ticket.pm' line 2811 @ = RT::Ticket::_Value(undef, ref(RT::Ticket), 'Status') called from file/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record.pm’ line
406
@ = DBIx::SearchBuilder::Record::AUTOLOAD(ref(Term::ReadLine::Gnu::Var),
undef, ref(RT::Ticket)) called from file `./rt-mailgate’ line 290

The Requestor does not have the “ShowTicket” ACL set.

So, $Ticket->Status returns undef. Returning undef, the checks
status=“open” or status=“new” fail and a transaction is created to set
the status to “open”.

My questions:

  1. Is there a difference in this point of view between 2.0.4 and 2.0.8?
  2. Any ideas? I could set the right “ShowTicket” to the Everyone (so
    everyone can send a correspondance regarding any ticket) but it seems to
    be a bad solution
  3. Sould it be more logical that this kind of fields be “public”

Thanks
Rafael

Oh. wow! Thanks for the great debugging. That was a change between 2.0.4 and 2.0.8, yes. Andyou’re not the only one who’d been seeing the bug manifest.
But I know how to make it better. it should be fixed in 2.0.9

Status is the sort of thing that shouldn’t necessarily be public, but I can
do the right thing in the code so this check doesn’t break because of it.

Thanks,
JesseOn Wed, Oct 24, 2001 at 06:09:21PM +0200, Rafael Corvalan wrote:

Hello everybody,

Since the upgrade from 2.0.4 to 2.0.8 I have a new “change status from
open to open” transaction created for each correspondance sent by a
requestor, and this for EVERY ticket.

After some debugging, I see that the piece of code that reopens a ticket
when it’s not “open” or “new”, call the method “$self->Status”, but
debugging this method shows me that a check is done on the right
"ShowTicket":

$ = RT::ticket::CurrentUserHasRight(ref(RT::Ticket), ‘ShowTicket’)
called from file /opt/rt2/lib/RT/Ticket.pm' line 2811 @ = RT::Ticket::_Value(undef, ref(RT::Ticket), 'Status') called from file/usr/lib/perl5/site_perl/5.6.0/DBIx/SearchBuilder/Record.pm’ line
406
@ = DBIx::SearchBuilder::Record::AUTOLOAD(ref(Term::ReadLine::Gnu::Var),
undef, ref(RT::Ticket)) called from file `./rt-mailgate’ line 290

The Requestor does not have the “ShowTicket” ACL set.

So, $Ticket->Status returns undef. Returning undef, the checks
status=“open” or status=“new” fail and a transaction is created to set
the status to “open”.

My questions:

  1. Is there a difference in this point of view between 2.0.4 and 2.0.8?
  2. Any ideas? I could set the right “ShowTicket” to the Everyone (so
    everyone can send a correspondance regarding any ticket) but it seems to
    be a bad solution
  3. Sould it be more logical that this kind of fields be “public”

Thanks
Rafael


rt-users mailing list
rt-users@lists.fsck.com
http://lists.fsck.com/mailman/listinfo/rt-users

http://www.bestpractical.com/products/rt – Trouble Ticketing. Free.