I think this is very similar to what Justin was saying a couple of weeks ago: http://lists.bestpractical.com/pipermail/rt-users/2010-July/065538.html
Though it looked like that bug was fixed by 3.8.8 On 21 Jul 2010, at 19:04, James Berwick wrote: > On 7/21/2010 1:46 PM, Kenneth Crocker wrote: >> Jeff, >> >> Not if I'm not supposed to. So what if there aren't 10 unowned tickets in >> the list? As a matter of security, I sure wouldn't want someone looking at >> sensitive payroll info on requests in the Payroll Queue if they aren't even >> allowed to have access to the payroll Queue. >> >> Kenn >> LBNL > If I understand correctly: > There are 100 open tickets. The 10 newest unowned tickets belong to a queue > that a user can't see. The user logs in and the 10 newest unowned tickets > box is empty. There are 90 other tickets that are new and unowned that the > user should be allowed to see but are not displayed. > > What I believe Mark and Jeff are saying (and that UseSQLForACLChecks does) is > have the box be filled with the 10 newest unowned tickets that a user is > allowed to see, ie, filter the tickets during the search as opposed to > finding the top 10 and then filtering out what shouldn't be visible. > > Discover RT's hidden secrets with RT Essentials from O'Reilly Media. > Buy a copy at http://rtbook.bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
