Hi Gilmar, thanks for the response
On 04.07.2006, at 17:11, Gilmar Santos Jr wrote:
Hi Tim, 1. There is more than one permission involved. The "SeeQueue" and themany "ShowTicket*". When someone doesn't have the "SeeQueue" permissionit's still possible to see ticket, exactly as you described. Remove the ShowTicket and related from those users that don't have the SeeQueue.
2. If all users can see all queues that's true. Tickets in a queue you can't see are not shown in your main page...
I do my permission management by assigning people to groups and assigning group permissions to queues. So this would mean that people who do not belong to a queue should not have a single right on that particular queue, right?
However, RT 3.2 does not seem to honor this as people that belong to other groups that do not have a single right for that queue can still see the ticket as long as it is not owned by a user.
The funny thing is that while it is visible for me being logged in as a user with the right to see the queue, the ticket is marked as belonging to that queue.
But somebody else with an account in that system without queue permission sees the ticket listed in the "10 newest unowned tickets..." section on the home page without mentioning which queue it is assigned to (the queue field is just empty). If the privileged user know "takes" the ticket, the ticket is no longer showing up in this list, but the unprivileged user can still see the ticket.
So the "SeeQueue" privilege seems more like a "don't show which queue the ticket is in" than a "don't show tickets that belong to a queue".
How can I prevent this from happening? Greetings Tim
-- Gilmar Santos Jr Tim Pritlove escreveu:Hi, I am using RT 3.2 and just found out two annoying things 1. people who have NO permissions for a queue can still read the ticket when they get the URL 2. tickets that do not have an owner get listed for every user of the system on the main page What can I do to prevent both things? Greetings Tim --Tim Pritlove, Discordian Evangelist, Chaos Computer Club <mailto:[EMAIL PROTECTED]> <http://tim.geekheim.de/> <http://www.blinkenlights.de/><jabber:[EMAIL PROTECTED]> <gizmo://timpritlove> <skype:// timpritlove>------ Ein Lebenskünstler gedeiht am besten im Spannungsfeld zwischen Bohème und Askese und ist als gelebtes Gesamtkunstwerk sinnstiftend für sich selbst. -- Wikipedia--------------------------------------------------------------------- ---_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.comWe're hiring! Come hack Perl for Best Practical: http:// bestpractical.com/about/jobs.html_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.comWe're hiring! Come hack Perl for Best Practical: http:// bestpractical.com/about/jobs.html
-- Tim Pritlove, Discordian Evangelist, Chaos Computer Club<mailto:[EMAIL PROTECTED]> <http://tim.geekheim.de/> <http:// www.blinkenlights.de/>
<jabber:[EMAIL PROTECTED]> <gizmo://timpritlove> <skype://timpritlove> ------ "We have Ph.D.s here who know the stuff cold, and we don't believe it's possible to protect digital content" -- Steve Jobs
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
