Viewing user profiles without modification rights?

I thought there was some way for ticket responders to view the
information about the user who requested the ticket, specifically, the
user’s profile. However, I can’t see that anywhere. I know that I can
turn on the “AdminUsers” right, but I don’t really want to give out
the ability to modify a user’s profile, just view it. Is this
possible? What do I need to do?

Thanks,
Johnathan

Johnathan Bell
Internet System Administrator, Baker College

We have custom fields that are populated with that information
when the ticket is created. They can be viewed without the
AdminUsers right.

One idea.
KenOn Thu, Jul 09, 2009 at 08:09:50AM -0400, Johnathan Bell wrote:

I thought there was some way for ticket responders to view the
information about the user who requested the ticket, specifically, the
user’s profile. However, I can’t see that anywhere. I know that I can
turn on the “AdminUsers” right, but I don’t really want to give out
the ability to modify a user’s profile, just view it. Is this
possible? What do I need to do?

Thanks,
Johnathan


Johnathan Bell
Internet System Administrator, Baker College


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

If I recall correctly, the profile page is still displayable without
the ACL, but the ticket display page uses the ACL to determine whether
or not to link to the page.

Tickets/Elements/ShowRequestor has:

title_href => $has_right_adminusers? RT->Config->Get('WebPath')."/Admin/User

s/Modify.html?id=".$requestor->id: undef

but there is no HasRight check in Admin/Users/Modify.html

So you ought to be make a local variant of the former to always link…

You don’t have to give the “AdminUsers” right. I think it is enough
givinig the “Global” “ShowConfigTab” right for the users who can see
others profile. Giving this right allows them to see the profile of
others but not to modify them unless you also grant “AdminUser” or any
other grant. On the other hand, giving this right also allows them to
see almost any other configuration (but not modifying it unless you give
additional rights, so be careful).

Take care,
Carlos

Johnathan Bell wrote:

I thought there was some way for ticket responders to view the
information about the user who requested the ticket, specifically, the
user’s profile. However, I can’t see that anywhere. I know that I can
turn on the “AdminUsers” right, but I don’t really want to give out
the ability to modify a user’s profile, just view it. Is this
possible? What do I need to do?

Thanks,
Johnathan


Johnathan Bell
Internet System Administrator, Baker College


http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com


| __ __ | Carlos Garc�a Montoro Ingeniero Inform�tico
|_Y/| Instituto de F�sica Corpuscular Centro Mixto CSIC - UV
|_] [
/| Servicios Inform�ticos
| [] | Edificio Institutos de Investigaci�n cgarcia@ific.uv.es
|C S I C| Apartado de Correos 22085 E-46071 Valencia Tel: +34 963543706
|
______| Espa�a / Spain Fax: +34 963543488

cgarcia.vcf (441 Bytes)

I figured it out. It may not be the “cleanest”, but it works…

I have an overlaid version of “Ticket/Elements/ShowRequestor”, below
are my modificaitons (in the order that they are in the file):

Change this:
next if $requestor->Privileged;

To this:
#next if $requestor->Privileged;

Change this:
title_href => $has_right_adminusers? RT->Config->Get(‘WebPath’)."/
Admin/Users/Modify.html?id=".$requestor->id: undef,

To this:
title_href => RT->Config->Get(‘WebPath’)."/Admin/Users/Modify.html?
id=".$requestor->id,

Add this:
<&|/l&>User Profile</&>:

% my $requestorP = RT::User->new($RT::SystemUser);
% $requestorP->Load($requestor->id);
% my @items = (
%# Change “etc” to whatever makes sense for your org.
% [“etc”, $requestorP->Organization],
% [“etc”, $requestorP->WorkPhone],
% [“etc”, $requestorP->City],
% [“etc”, $requestorP->Address2] );

    % foreach my $item ( @items ) { % if ( ${$item}[1] ne "" ) {
  • <% ${$item}[0] %>: <% ${$item}[1] %>
  • % } % }

Wherever you want in the profile (I do just before “<&|/l&>Groups this
user belongs to</&>”)

Thanks,
JohnathanOn Aug 6, 2009, at 2:01 PM, Jerrad Pierce wrote:

On Mon, Jul 27, 2009 at 08:57, Johnathan Belljohnathan.bell@baker.edu wrote:

Actually, no, the modify user page produces an error… the page
actually
doesn’t say anything, (except for the page footer text of “Time to
display:
x.xxxxxxx” and “RT 3.8.4 Copyright 1996-2009 Best Practical blah blah
blah”… the long itself says nothing either.

Apparently you also need ShowConfigTab


Cambridge Energy Alliance: Save money. Save the planet.

Johnathan Bell
Internet System Administrator, Baker College

Office Hours: 7A - 4P Eastern, M-F