On Mon, Aug 24, 2015 at 3:55 PM, Bill Cole <rtusers-20090...@billmail.scconsult.com> wrote: > On 24 Aug 2015, at 15:40, Matt Zagrabelny wrote: > >> On Mon, Aug 24, 2015 at 2:02 PM, Joseph D. Wagner >> <j...@josephdwagner.info> wrote: >>>> >>>> What do you mean by "without logins"? The email address needs >>>> to correspond to a user that already exists on the system? >>> >>> >>> Yes. Here's what happened. A privileged user entered an external email >>> address into the CC field, which did not have an account. RT autocreated an >>> account for that person, and it accepted that external email address on the >>> CC field. I need to prevent that. >>> >>> How can I limit CC and AdminCC to email addresses that already have >>> accounts? Either rejecting the ticket or silently failing to add the >>> CC/AdminCC email address would be acceptable. >> >> >> Use a callback. >> >> Do you know what those are? > > > > Specifically: You can use the BeforeCreate callback to prevent accidental > creation of . It is available in Ticket/Create.html, > SelfService/Create.html, and m/ticket/create. It is NOT available for the > "QuickCreate" widget, so users of that widget could add bogus Requestors at > will.
For reference, BestPractical is not averse to accepting patches which have new callback hooks. It would probably be a one-liner to add a callback hook to the QuickCreate widget. -m
