Hey folks, I opened RT 8071 (http://rt3.fsck.com/Ticket/Display.html?id=8071) for this, but I wanted to jump on the list and see if anyone can help me debug further or offer any other help.
After an upgrade from 3.0.8 to 3.6.1, rights granted to roles (in this case AdminCC, done globally), don't work. I picked one specific access and followed it through the code... ModifyCustomFields. I modified Principal_Overlay.pm to print out the SQL query, and it's: SELECT ACL.id from ACL, Groups, Principals, CachedGroupMembers WHERE (ACL.RightName = 'SuperUser' OR ACL.RightName = 'ModifyCustomField') AND Principals.Disabled = 0 AND CachedGroupMembers.Disabled = 0 AND Principals.id = Groups.id AND Principals.PrincipalType = 'Group' AND Principals.id = CachedGroupMembers.GroupId AND CachedGroupMembers.MemberId = 38665 AND ((ACL.ObjectType = 'RT::CustomField' AND ACL.ObjectId = 19) OR (ACL.ObjectType = 'RT::System')) AND ACL.PrincipalType = Groups.Type AND ((Groups.Domain = 'RT::CustomField-Role' AND Groups.Instance = '19') OR (Groups.Domain = 'RT::System-Role')) LIMIT 1; Everyone of those conditions is true... EXCEPT for: CachedGroupMembers.MemberId = 38665 That query converges on Principals.id 9 (and GroupId 9), but none of the rows in CachedGroupMembers have a GroupId=9. I suspect a bug in the updating of that CachedGroupMembers table - but I can't figure out where. On a very related note, it turns out that you cannot assign the ModifyCustomFields permission within a queue to a given group. In other words, if I go to Configuration -> Queues -> <some queue> -> Group rights the ModifyCustomField right isn't in the list for any of the groups! So the only way I can give people access to modify custom fields at this point is to give it to people globally rather than at their queue level, which is fairly problematic. Any help would be appreciated. -- Phil Dibowitz P: 310-360-2330 C: 213-923-5115 Unix Admin, Ticketmaster.com "Never write it in C if you can do it in 'awk'; Never do it in 'awk' if 'sed' can handle it; Never use 'sed' when 'tr' can do the job; Never invoke 'tr' when 'cat' is sufficient; Avoid using 'cat' whenever possible" -- Taylor's Laws of Programming
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
