I whipped something up because of similar problems on our install. It
may work for you. I removed the X Unowned tickets from
local/html/index.html and replaced it with this.
http://wiki.bestpractical.com/index.cgi?TicketsPerQueue
Tim Pritlove wrote:
Hi Gilmar,
thanks for the response
On 04.07.2006, at 17:11, Gilmar Santos Jr wrote:
Hi Tim,
1. There is more than one permission involved. The "SeeQueue" and the
many "ShowTicket*". When someone doesn't have the "SeeQueue" permission
it's still possible to see ticket, exactly as you described.
Remove the ShowTicket and related from those users that don't have the
SeeQueue.
2. If all users can see all queues that's true. Tickets in a queue you
can't see are not shown in your main page...
I do my permission management by assigning people to groups and
assigning group permissions to queues. So this would mean that people
who do not belong to a queue should not have a single right on that
particular queue, right?
However, RT 3.2 does not seem to honor this as people that belong to
other groups that do not have a single right for that queue can still
see the ticket as long as it is not owned by a user.
The funny thing is that while it is visible for me being logged in as
a user with the right to see the queue, the ticket is marked as
belonging to that queue.
But somebody else with an account in that system without queue
permission sees the ticket listed in the "10 newest unowned
tickets..." section on the home page without mentioning which queue
it is assigned to (the queue field is just empty). If the privileged
user know "takes" the ticket, the ticket is no longer showing up in
this list, but the unprivileged user can still see the ticket.
So the "SeeQueue" privilege seems more like a "don't show which queue
the ticket is in" than a "don't show tickets that belong to a queue".
How can I prevent this from happening?
Greetings
Tim
--
Gilmar Santos Jr
Tim Pritlove escreveu:
Hi,
I am using RT 3.2 and just found out two annoying things
1. people who have NO permissions for a queue can still read the
ticket when they get the URL
2. tickets that do not have an owner get listed for every user of the
system on the main page
What can I do to prevent both things?
Greetings
Tim
--Tim Pritlove, Discordian Evangelist, Chaos Computer Club
<mailto:[EMAIL PROTECTED]> <http://tim.geekheim.de/>
<http://www.blinkenlights.de/>
<jabber:[EMAIL PROTECTED]> <gizmo://timpritlove> <skype://timpritlove>
------
Ein Lebenskünstler gedeiht am besten im Spannungsfeld zwischen Bohème
und Askese und ist als gelebtes Gesamtkunstwerk sinnstiftend für sich
selbst. -- Wikipedia
------------------------------------------------------------------------
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
--Tim Pritlove, Discordian Evangelist, Chaos Computer Club
<mailto:[EMAIL PROTECTED]> <http://tim.geekheim.de/>
<http://www.blinkenlights.de/>
<jabber:[EMAIL PROTECTED]> <gizmo://timpritlove> <skype://timpritlove>
------
"We have Ph.D.s here who know the stuff cold, and we don't
believe it's possible to protect digital content" -- Steve Jobs
------------------------------------------------------------------------
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
--
Drew Barnes
Applications Analyst
Raymond Walters College
University of Cincinnati
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
We're hiring! Come hack Perl for Best Practical:
http://bestpractical.com/about/jobs.html
