On Mon, Aug 24, 2015 at 3:55 PM, Bill Cole
<rtusers-20090...@billmail.scconsult.com> wrote:
> On 24 Aug 2015, at 15:40, Matt Zagrabelny wrote:
>> On Mon, Aug 24, 2015 at 2:02 PM, Joseph D. Wagner
>> <j...@josephdwagner.info> wrote:
>>>> What do you mean by "without logins"? The email address needs
>>>> to correspond to a user that already exists on the system?
>>> Yes.  Here's what happened.  A privileged user entered an external email
>>> address into the CC field, which did not have an account.  RT autocreated an
>>> account for that person, and it accepted that external email address on the
>>> CC field.  I need to prevent that.
>>> How can I limit CC and AdminCC to email addresses that already have
>>> accounts?  Either rejecting the ticket or silently failing to add the
>>> CC/AdminCC email address would be acceptable.
>> Use a callback.
>> Do you know what those are?
> Specifically: You can use the BeforeCreate callback to prevent accidental
> creation of . It is available in Ticket/Create.html,
> SelfService/Create.html, and m/ticket/create. It is NOT available for the
> "QuickCreate" widget, so users of that widget could add bogus Requestors at
> will.

For reference, BestPractical is not averse to accepting patches which
have new callback hooks. It would probably be a one-liner to add a
callback hook to the QuickCreate widget.


Reply via email to