Re: [rt-users] Owner not showing in search results?

[Alex Hall]

Never mind the SQL logging question, I got it. Something really weird: in
the ticket insertion, I see no owner value at all. Here it is:

INSERT INTO Tickets
(Resolved, Priority, Starts, Creator, InitialPriority, SLA, Created,
LastUpdatedBy, Type, Queue, LastUpdated, Started, Due, Subject,
FinalPriority, Status)
VALUES ('1970-01-01 00:00:00', '1', '1970-01-01 00:00:00', '28', '1', NULL,
'2017-01-05 22:51:29', '28', 'ticket', '5', '2017-01-05 22:51:29',
'1970-01-01 00:00:00', '2017-01-07 22:51:29', 'Test', '50', 'new')

Of course, I see nothing for the custom field I set either. Still, why
would owner not be set in the initial ticket insertion? Later, I see this
insertion, for some reason:

INSERT INTO Groups
(Instance, LastUpdated, Name, Created, LastUpdatedBy, Domain, Description,
id, Creator)
VALUES ('1164', '2017-01-05 22:51:29', 'Owner', '2017-01-05 22:51:29',
'28', 'RT::Ticket-Role', NULL, '4856', '28')

I have no idea what that's about. I have to run, so there may be more in
the log file I'll get to tomorrow. But what's going on here, and could this
explain why owners don't show in search results but they do in ticket
displays? Thanks.



On Thu, Jan 5, 2017 at 1:40 PM, Alex Hall  wrote:

>
>
> On Mon, Nov 28, 2016 at 11:41 AM, Kenneth Marshall  wrote:
>
>> On Mon, Nov 28, 2016 at 11:32:36AM -0500, Alex Hall wrote:
>> > Thanks, I didn't know that would happen. I did that to suppress the
>> email notification; we want users notified if their tickets change owners,
>> but only if that change is NOT from "nobody" to themselves.
>> >
>> > I just updated the script to record the transaction. It worked, because
>> I got the email I wanted suppressed, and the owner still changed. Oddly,
>> "nobody" is still the owner when I search for my ticket, though. Should I
>> flush a cache or something? Mason cache wouldn't have anything to do with
>> this, would it?
>>
>> Hi Alex,
>>
>> Well, that is not what I would have expected to happen. I do not know
>> enough
>> about the DB queries that are being run to generate the search results.
>> Probably,
>> my next step would be to look at the actual query and see where the
>> incorrect
>> results are being produced. I am not much help because we use PostgreSQL
>> as
>> the DB and not MySQL. Sorry, I cannot be of more assistance.
>>
>
> How do I view the actual query being used? Is there a way to get RT to
> store it, or some other trick? Thanks.
>
>>
>> Regards,
>> Ken
>>
>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

[rt-users] Manage Group Memberships via REST API

[Matt Brennan]

Hello,

  At the moment I don't see a way to do this, but I just wanted to make
sure I wasn't missing anything.

  When we terminate employees that had access to RT, we put them into a
group called Terminated Employees. Being a member of this group will
re-assign any tickets they owned, on reply, back to nobody.

  I would like to be able to add the user to this group when our
termination script runs, but I don't see any way to do that. Can anyone
confirm if there is a way to modify group memberships via the REST API?
Currently running 4.2, but upgrading to 4.4 soon.

Thanks
-Matt

Re: [rt-users] no alert for invalid mail addresses

[Jeffrey Pilant]

Petr Hanousek writes:
>Hi geeks,
>sometimes someone here mistypes the mail address of Requestor or CC. The
>typos in addresses are various, my question is about the really obvious
>ones. Like if you put to CC an address "a@b". Is there any mechanism in
>RT to detect such mistakes and say something at least? Or can I have a
>feature request for this? :)
>
>If you try this in Gmail or Thunderbird, an error is raised and the
>message is not sent.

Check out
http://www.regular-expressions.info/email.html
It indicates the 'most' official regex is:
\A(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*
 |  "(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])*")
@ (?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?
  |  \[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}
   (?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:
  (?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]
  |  \\[\x01-\x09\x0b\x0c\x0e-\x7f])+)
 \])\z

Yeah.  Quite a mouthful.  This is because there are quite a few ways to express 
email addresses.  And even this is not foolproof.

The same page also has other simpler regex expressions that work a fair amount 
of the time, but are less complicated, like:
\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b

The page claims it is 99% effective.

That, however, does not solve your problem.  Just because it is formulated 
correctly does not mean it is a valid address.

The usual solution is to whitelist the addresses and do a lookup.  Any address 
not found gets added tentatively, but flagged for testing.  You can also at 
this time prompt for acceptance vs. going back to an edit screen.  This does 
require you maintain a list of valid email addresses somewhere.  The user list 
is a likely place, but if you are sending emails to people who are not users, 
then that fails.

/jeff

The information contained in this e-mail is for the exclusive use of the 
intended recipient(s) and may be confidential, proprietary, and/or 
legally privileged.  Inadvertent disclosure of this message does not 
constitute a waiver of any privilege.  If you receive this message in 
error, please do not directly or indirectly use, print, copy, forward,
or disclose any part of this message.  Please also delete this e-mail 
and all copies and notify the sender.  Thank you. 

Re: [rt-users] Owner not showing in search results?

[Alex Hall]

On Mon, Nov 28, 2016 at 11:41 AM, Kenneth Marshall  wrote:

> On Mon, Nov 28, 2016 at 11:32:36AM -0500, Alex Hall wrote:
> > Thanks, I didn't know that would happen. I did that to suppress the
> email notification; we want users notified if their tickets change owners,
> but only if that change is NOT from "nobody" to themselves.
> >
> > I just updated the script to record the transaction. It worked, because
> I got the email I wanted suppressed, and the owner still changed. Oddly,
> "nobody" is still the owner when I search for my ticket, though. Should I
> flush a cache or something? Mason cache wouldn't have anything to do with
> this, would it?
>
> Hi Alex,
>
> Well, that is not what I would have expected to happen. I do not know
> enough
> about the DB queries that are being run to generate the search results.
> Probably,
> my next step would be to look at the actual query and see where the
> incorrect
> results are being produced. I am not much help because we use PostgreSQL as
> the DB and not MySQL. Sorry, I cannot be of more assistance.
>

How do I view the actual query being used? Is there a way to get RT to
store it, or some other trick? Thanks.

>
> Regards,
> Ken
>



-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] __active__ including stalled tickets?

[Jeff Voskamp]

On 05/01/17 11:12 AM, Matt Zagrabelny wrote:

...and I see that Shawn has answered, too. Here is what I had to say:

"stalled" is an active status. I know the word feels "inactive", but
according to the default lifecycle, it is active.

https://github.com/bestpractical/rt/blob/stable/etc/RT_Config.pm.in#L3034

An active status is one where you expect it to change: new, open, stalled.
An in-active status is one where you don't, i.e. a "final resting 
state": rejected, resolved, deleted.


Jeff

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Felix Defrance]

Hi,

In your example you said :
"I've got 2 unprivileged users with a single queue, each being the owner
of multiple tickets in that queue."

But in my case, the users is a customer, and they never owner of the
tickets.

So, the users see only the tickets they are requestor.

I would like to provide to a set of user, the ablillity to see all
ticket requestor in the queue..

Felix.

Le 05/01/2017 à 16:00, Martin Wheldon a écrit :
> Hi,
>
> No need to add the custom role to the tickets, just to the queue.
>
> Best Regards
>
> Martin
>
> On 2017-01-05 14:26, Felix Defrance wrote:
>> Le 05/01/2017 à 12:22, Alex Hall a écrit :
>>> Martin's suggestion makes sense, but I thought Felix was trying to
>>> restrict user search, not ticket search? That is, he doesn't want
>>> users to be able to search (and thus view the names of) all users?
>>> It's quite early here, so my brain may still be muttled and I could
>>> be wrong.
>> Alex, after I see it was possible to display any tickets via the search
>> module, I want to restrict this too.
>>
>>>
>>> Sent from my iPhone
>>>
 On Jan 5, 2017, at 06:08, Martin Wheldon
  wrote:

 Hi Félix,

 I've just tried to configure this on a RT 4.4.1 install using a
 custom role and it seems to work fine.
 Here is the process I carried out.

 I've got 2 unprivileged users with a single queue, each being the
 owner of multiple tickets in that queue.
 I created a new custom role, then assigned it to the queue. Next I
 added the users to the custom role. (Done on the queue, watchers tab)
 The I added the SeeQueue and ShowTickets permissions to the custom
 role on the queue.

 Now when I login as either of the users I see all the tickets in
 that queue owner by those users.
>> In this case, unprivileged users via (SelfService of course), just see
>> their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
>> foobar".
>>
>> In Tickets, I just see "Open tickets" and "Closed Tickets". In both
>> pages, I just see tickets that users declarated as requestor.
>>
>> The custom role not provide an access to see all ticket in the queue (as
>> elacour told to us).
>>
>> Now I understand the goal of the roles, maybe it's possible to
>> automaticaly add custom role as a watcher to the right queue on all
>> existing tickets and  the futur new ticket.
>>
>> Do you think it's possible ?
>>
>> Thx
>>

 Hope that helps

 Best Regards

 Martin

> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>> Hi all,
>> I don't find how I could add ShowTickets or QueueList in
>> SelfService.
>> I want to allow my unprivileged users, grouped by company name, to
>> see all tickets in their queue.
>> The group rights on the queue is correctly defined and users could
>> access to the tickets by entring the ticket number in the "goto
>> Ticket" field (top right in SelfService).
>> I have tried to play with CustomRole but it's not working for me. So
>> anybody known how I can do it?
> SelfService filters ticket list to tickets the user is watcher on
> (requestor or Cc). This is hard coded in
> share/html/SelfService/Elements/MyRequests:
> my $id = $session{'CurrentUser'}->id;
> my $Query = "( Watcher.id = $id )";
> if ($status) {
>$status =~ s/(['\\])/\\$1/g;
>$Query .= " AND Status = '$status'";
> }
> so if you wan't to relax this to all tickets users have ShowTicket
> rights, you have to modify this query ;)
> But I strongly discourage (unless really needed) to setup an RT
> instance with one queue per customer, best to think queues per
> internal support team and play with customroles/groups or
> customfields
> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57

Re: [rt-users] __active__ including stalled tickets?

[Alex Hall]

Okay, I can see that. I was thinking of active/inactive as now, as in a
stalled ticket is inactive until someone un-stalls it. But from RT's
perspective, it does make sense that a ticket not deleted or resolved is
still, in some way, active. I'll have to adjust my crontool script too, or
people will get warnings about stalled tickets when I promised they
wouldn't. Glad I checked!

On Thu, Jan 5, 2017 at 11:12 AM, Matt Zagrabelny  wrote:

> ...and I see that Shawn has answered, too. Here is what I had to say:
>
> "stalled" is an active status. I know the word feels "inactive", but
> according to the default lifecycle, it is active.
>
> https://github.com/bestpractical/rt/blob/stable/etc/RT_Config.pm.in#L3034
>
> On Thu, Jan 5, 2017 at 10:07 AM, Alex Hall  wrote:
> >
> >
> > On Thu, Jan 5, 2017 at 11:01 AM, Matt Zagrabelny 
> wrote:
> >>
> >> __Active__ is case sensitive, I believe.
> >
> >  I should have said that I tried capital and lowercase A in my searches,
> > along with making the word all caps. I keep getting the same result.
> >
> >>
> >> -m
> >>
> >> On Thu, Jan 5, 2017 at 9:56 AM, Alex Hall  wrote:
> >> > Hey all,
> >> > I just did a search:
> >> > Priority > 9 and Status = '__active__'
> >> > Five of the resulting tickets are stalled, but I thought __active__
> >> > ignored
> >> > stalled tickets. Any idea why they're appearing? Did I miss a setting
> or
> >> > something, or is this intended behavior? Thanks.
> >> > --
> >> > Alex Hall
> >> > Automatic Distributors, IT department
> >> > ah...@autodist.com
> >
> >
> >
> >
> > --
> > Alex Hall
> > Automatic Distributors, IT department
> > ah...@autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] __active__ including stalled tickets?

[Matt Zagrabelny]

...and I see that Shawn has answered, too. Here is what I had to say:

"stalled" is an active status. I know the word feels "inactive", but
according to the default lifecycle, it is active.

https://github.com/bestpractical/rt/blob/stable/etc/RT_Config.pm.in#L3034

On Thu, Jan 5, 2017 at 10:07 AM, Alex Hall  wrote:
>
>
> On Thu, Jan 5, 2017 at 11:01 AM, Matt Zagrabelny  wrote:
>>
>> __Active__ is case sensitive, I believe.
>
>  I should have said that I tried capital and lowercase A in my searches,
> along with making the word all caps. I keep getting the same result.
>
>>
>> -m
>>
>> On Thu, Jan 5, 2017 at 9:56 AM, Alex Hall  wrote:
>> > Hey all,
>> > I just did a search:
>> > Priority > 9 and Status = '__active__'
>> > Five of the resulting tickets are stalled, but I thought __active__
>> > ignored
>> > stalled tickets. Any idea why they're appearing? Did I miss a setting or
>> > something, or is this intended behavior? Thanks.
>> > --
>> > Alex Hall
>> > Automatic Distributors, IT department
>> > ah...@autodist.com
>
>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com

Re: [rt-users] __active__ including stalled tickets?

[Shawn M Moore]

> On Jan 5, 2017, at 10:56, Alex Hall  wrote:
> 
> Hey all,

Hi Alex,

> I just did a search:
> Priority > 9 and Status = '__active__'
> Five of the resulting tickets are stalled, but I thought __active__ ignored 
> stalled tickets. Any idea why they're appearing? Did I miss a setting or 
> something, or is this intended behavior? Thanks.

In RT's default lifecycle, stalled is an active status, because it indicates 
there is more work to be done before the ticket can be resolved.

> -- 
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com 

Best,
Shawn

Re: [rt-users] __active__ including stalled tickets?

[Alex Hall]

On Thu, Jan 5, 2017 at 11:01 AM, Matt Zagrabelny  wrote:

> __Active__ is case sensitive, I believe.
>
 I should have said that I tried capital and lowercase A in my searches,
along with making the word all caps. I keep getting the same result.


> -m
>
> On Thu, Jan 5, 2017 at 9:56 AM, Alex Hall  wrote:
> > Hey all,
> > I just did a search:
> > Priority > 9 and Status = '__active__'
> > Five of the resulting tickets are stalled, but I thought __active__
> ignored
> > stalled tickets. Any idea why they're appearing? Did I miss a setting or
> > something, or is this intended behavior? Thanks.
> > --
> > Alex Hall
> > Automatic Distributors, IT department
> > ah...@autodist.com
>



-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] no alert for invalid mail addresses

[Matt Zagrabelny]

On Thu, Jan 5, 2017 at 9:59 AM, Petr Hanousek  wrote:
> Thank you Matt, this will also help. BTW, for the curiosity, the "Merge
> with an alternate user" option behaves the same way like
> http://search.cpan.org/~bps/RT-Extension-MergeUsers/lib/RT/Extension/MergeUsers.pm
> or does it have some extra functionality?

No extra functionality. In fact the module in question depends on the
MergeUsers module.

-m

Re: [rt-users] __active__ including stalled tickets?

[Matt Zagrabelny]

__Active__ is case sensitive, I believe.

-m

On Thu, Jan 5, 2017 at 9:56 AM, Alex Hall  wrote:
> Hey all,
> I just did a search:
> Priority > 9 and Status = '__active__'
> Five of the resulting tickets are stalled, but I thought __active__ ignored
> stalled tickets. Any idea why they're appearing? Did I miss a setting or
> something, or is this intended behavior? Thanks.
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com

Re: [rt-users] no alert for invalid mail addresses

[Petr Hanousek]

Thank you Matt, this will also help. BTW, for the curiosity, the "Merge
with an alternate user" option behaves the same way like
http://search.cpan.org/~bps/RT-Extension-MergeUsers/lib/RT/Extension/MergeUsers.pm
or does it have some extra functionality?

But my main focus with this question was about to help that desperate
users who make that typos to realize, that no mail will come to the
intended recipient. Something like warning "Hey, this address is not
valid so your answer never reach anybody".

Imagine sending some info (like "downtime will occur next monday") to
multiple recipients and one of them has a typo like invalid domain in
his mail address. You feel safe that you've sent info to everybody
important but someone never receive that and surely will complain during
the unexpected downtime.

Petr


On 5.1.2017 16:09, Matt Zagrabelny wrote:
> Hi Petr,
> 
> We have this problem a lot.
> 
> BP wrote us this module to help manage autocreated users that don't
> belong in the database:
> 
> https://github.com/bestpractical/rt-extension-manageautocreatedusers
> 
> -m
> 
> On Thu, Jan 5, 2017 at 3:53 AM, Petr Hanousek  wrote:
>> Hi geeks,
>> sometimes someone here mistypes the mail address of Requestor or CC. The
>> typos in addresses are various, my question is about the really obvious
>> ones. Like if you put to CC an address "a@b". Is there any mechanism in
>> RT to detect such mistakes and say something at least? Or can I have a
>> feature request for this? :)
>>
>> If you try this in Gmail or Thunderbird, an error is raised and the
>> message is not sent.
>>
>> Thank you, Petr

[rt-users] __active__ including stalled tickets?

[Alex Hall]

Hey all,
I just did a search:
Priority > 9 and Status = '__active__'
Five of the resulting tickets are stalled, but I thought __active__ ignored
stalled tickets. Any idea why they're appearing? Did I miss a setting or
something, or is this intended behavior? Thanks.
-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] no alert for invalid mail addresses

[Matt Zagrabelny]

Hi Petr,

We have this problem a lot.

BP wrote us this module to help manage autocreated users that don't
belong in the database:

https://github.com/bestpractical/rt-extension-manageautocreatedusers

-m

On Thu, Jan 5, 2017 at 3:53 AM, Petr Hanousek  wrote:
> Hi geeks,
> sometimes someone here mistypes the mail address of Requestor or CC. The
> typos in addresses are various, my question is about the really obvious
> ones. Like if you put to CC an address "a@b". Is there any mechanism in
> RT to detect such mistakes and say something at least? Or can I have a
> feature request for this? :)
>
> If you try this in Gmail or Thunderbird, an error is raised and the
> message is not sent.
>
> Thank you, Petr
>
> --
> +---+
>Petr Hanousek   e-mail: petr.hanou...@cesnet.cz
>MetaCentrum User Supportphone: +420 950 072 112
>CESNET z.s.p.o. mobile: +420 606 665 139
>location: Zikova 13a, Praha room: 32b
> Czech Republic
> +---+

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi,

No need to add the custom role to the tickets, just to the queue.

Best Regards

Martin

On 2017-01-05 14:26, Felix Defrance wrote:

Le 05/01/2017 à 12:22, Alex Hall a écrit :
Martin's suggestion makes sense, but I thought Felix was trying to 
restrict user search, not ticket search? That is, he doesn't want 
users to be able to search (and thus view the names of) all users? 
It's quite early here, so my brain may still be muttled and I could be 
wrong.

Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.



Sent from my iPhone

On Jan 5, 2017, at 06:08, Martin Wheldon 
 wrote:


Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a 
custom role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the 
owner of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I 
added the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom 
role on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.

In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged 
in

foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue 
(as

elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx



Hope that helps

Best Regards

Martin


On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :
Hi all,
I don't find how I could add ShowTickets or QueueList in
SelfService.
I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.
The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).
I have tried to play with CustomRole but it's not working for me. 
So

anybody known how I can do it?

SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:
my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";
if ($status) {
   $status =~ s/(['\\])/\\$1/g;
   $Query .= " AND Status = '$status'";
}
so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)
But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or 
customfields

to set the customer.

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Alex Hall]

Ah, got it. If you want to restrict users from seeing the user search
option, and from searching tickets, it seems like both Martin's and my
emails will do it. The only potential problem I see with mine is that one
could still type in a username, though queue/group restrictions should
still stop tickets involving that user from appearing.

On Thu, Jan 5, 2017 at 9:26 AM, Felix Defrance  wrote:

>
>
> Le 05/01/2017 à 12:22, Alex Hall a écrit :
> > Martin's suggestion makes sense, but I thought Felix was trying to
> restrict user search, not ticket search? That is, he doesn't want users to
> be able to search (and thus view the names of) all users? It's quite early
> here, so my brain may still be muttled and I could be wrong.
> Alex, after I see it was possible to display any tickets via the search
> module, I want to restrict this too.
>
> >
> > Sent from my iPhone
> >
> >> On Jan 5, 2017, at 06:08, Martin Wheldon  co.uk> wrote:
> >>
> >> Hi Félix,
> >>
> >> I've just tried to configure this on a RT 4.4.1 install using a custom
> role and it seems to work fine.
> >> Here is the process I carried out.
> >>
> >> I've got 2 unprivileged users with a single queue, each being the owner
> of multiple tickets in that queue.
> >> I created a new custom role, then assigned it to the queue. Next I
> added the users to the custom role. (Done on the queue, watchers tab)
> >> The I added the SeeQueue and ShowTickets permissions to the custom role
> on the queue.
> >>
> >> Now when I login as either of the users I see all the tickets in that
> queue owner by those users.
> In this case, unprivileged users via (SelfService of course), just see
> their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
> foobar".
>
> In Tickets, I just see "Open tickets" and "Closed Tickets". In both
> pages, I just see tickets that users declarated as requestor.
>
> The custom role not provide an access to see all ticket in the queue (as
> elacour told to us).
>
> Now I understand the goal of the roles, maybe it's possible to
> automaticaly add custom role as a watcher to the right queue on all
> existing tickets and  the futur new ticket.
>
> Do you think it's possible ?
>
> Thx
>
> >>
> >> Hope that helps
> >>
> >> Best Regards
> >>
> >> Martin
> >>
> >>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>  Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>  Hi all,
>  I don't find how I could add ShowTickets or QueueList in
>  SelfService.
>  I want to allow my unprivileged users, grouped by company name, to
>  see all tickets in their queue.
>  The group rights on the queue is correctly defined and users could
>  access to the tickets by entring the ticket number in the "goto
>  Ticket" field (top right in SelfService).
>  I have tried to play with CustomRole but it's not working for me. So
>  anybody known how I can do it?
> >>> SelfService filters ticket list to tickets the user is watcher on
> >>> (requestor or Cc). This is hard coded in
> >>> share/html/SelfService/Elements/MyRequests:
> >>> my $id = $session{'CurrentUser'}->id;
> >>> my $Query = "( Watcher.id = $id )";
> >>> if ($status) {
> >>>$status =~ s/(['\\])/\\$1/g;
> >>>$Query .= " AND Status = '$status'";
> >>> }
> >>> so if you wan't to relax this to all tickets users have ShowTicket
> >>> rights, you have to modify this query ;)
> >>> But I strongly discourage (unless really needed) to setup an RT
> >>> instance with one queue per customer, best to think queues per
> >>> internal support team and play with customroles/groups or customfields
> >>> to set the customer.
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Felix Defrance]

Le 05/01/2017 à 12:22, Alex Hall a écrit :
> Martin's suggestion makes sense, but I thought Felix was trying to restrict 
> user search, not ticket search? That is, he doesn't want users to be able to 
> search (and thus view the names of) all users? It's quite early here, so my 
> brain may still be muttled and I could be wrong. 
Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.

>
> Sent from my iPhone
>
>> On Jan 5, 2017, at 06:08, Martin Wheldon 
>>  wrote:
>>
>> Hi Félix,
>>
>> I've just tried to configure this on a RT 4.4.1 install using a custom role 
>> and it seems to work fine.
>> Here is the process I carried out.
>>
>> I've got 2 unprivileged users with a single queue, each being the owner of 
>> multiple tickets in that queue.
>> I created a new custom role, then assigned it to the queue. Next I added the 
>> users to the custom role. (Done on the queue, watchers tab)
>> The I added the SeeQueue and ShowTickets permissions to the custom role on 
>> the queue.
>>
>> Now when I login as either of the users I see all the tickets in that queue 
>> owner by those users.
In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue (as
elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx

>>
>> Hope that helps
>>
>> Best Regards
>>
>> Martin
>>
>>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
 Le 03/01/2017 à 18:27, Felix Defrance a écrit :
 Hi all,
 I don't find how I could add ShowTickets or QueueList in
 SelfService.
 I want to allow my unprivileged users, grouped by company name, to
 see all tickets in their queue.
 The group rights on the queue is correctly defined and users could
 access to the tickets by entring the ticket number in the "goto
 Ticket" field (top right in SelfService).
 I have tried to play with CustomRole but it's not working for me. So
 anybody known how I can do it?
>>> SelfService filters ticket list to tickets the user is watcher on
>>> (requestor or Cc). This is hard coded in
>>> share/html/SelfService/Elements/MyRequests:
>>> my $id = $session{'CurrentUser'}->id;
>>> my $Query = "( Watcher.id = $id )";
>>> if ($status) {
>>>$status =~ s/(['\\])/\\$1/g;
>>>$Query .= " AND Status = '$status'";
>>> }
>>> so if you wan't to relax this to all tickets users have ShowTicket
>>> rights, you have to modify this query ;)
>>> But I strongly discourage (unless really needed) to setup an RT
>>> instance with one queue per customer, best to think queues per
>>> internal support team and play with customroles/groups or customfields
>>> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Alex Hall]

Martin's suggestion makes sense, but I thought Felix was trying to restrict 
user search, not ticket search? That is, he doesn't want users to be able to 
search (and thus view the names of) all users? It's quite early here, so my 
brain may still be muttled and I could be wrong. 

Sent from my iPhone

> On Jan 5, 2017, at 06:08, Martin Wheldon  
> wrote:
> 
> Hi Félix,
> 
> I've just tried to configure this on a RT 4.4.1 install using a custom role 
> and it seems to work fine.
> Here is the process I carried out.
> 
> I've got 2 unprivileged users with a single queue, each being the owner of 
> multiple tickets in that queue.
> I created a new custom role, then assigned it to the queue. Next I added the 
> users to the custom role. (Done on the queue, watchers tab)
> The I added the SeeQueue and ShowTickets permissions to the custom role on 
> the queue.
> 
> Now when I login as either of the users I see all the tickets in that queue 
> owner by those users.
> 
> Hope that helps
> 
> Best Regards
> 
> Martin
> 
>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>>> Hi all,
>>> I don't find how I could add ShowTickets or QueueList in
>>> SelfService.
>>> I want to allow my unprivileged users, grouped by company name, to
>>> see all tickets in their queue.
>>> The group rights on the queue is correctly defined and users could
>>> access to the tickets by entring the ticket number in the "goto
>>> Ticket" field (top right in SelfService).
>>> I have tried to play with CustomRole but it's not working for me. So
>>> anybody known how I can do it?
>> SelfService filters ticket list to tickets the user is watcher on
>> (requestor or Cc). This is hard coded in
>> share/html/SelfService/Elements/MyRequests:
>> my $id = $session{'CurrentUser'}->id;
>> my $Query = "( Watcher.id = $id )";
>> if ($status) {
>>$status =~ s/(['\\])/\\$1/g;
>>$Query .= " AND Status = '$status'";
>> }
>> so if you wan't to relax this to all tickets users have ShowTicket
>> rights, you have to modify this query ;)
>> But I strongly discourage (unless really needed) to setup an RT
>> instance with one queue per customer, best to think queues per
>> internal support team and play with customroles/groups or customfields
>> to set the customer.

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Martin Wheldon]

Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a custom 
role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the owner 
of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I added 
the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom role 
on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.


Hope that helps

Best Regards

Martin

On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :


Hi all,

I don't find how I could add ShowTickets or QueueList in
SelfService.

I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.

The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).

I have tried to play with CustomRole but it's not working for me. So
anybody known how I can do it?


SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:

my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";

if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}

so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)

But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or customfields
to set the customer.

Re: [rt-users] Where to put crontool scripts?

[Alex Hall]

Thanks for the thoughts, everyone. I think we'll keep them under local, in 
their own folder. Good to know upgrading won't touch anything. 

Sent from my iPhone

> On Jan 5, 2017, at 00:54, Alex Vandiver  wrote:
> 
> On Wed, 4 Jan 2017 11:13:38 -0500
> Alex Hall  wrote:
>> I'm considering putting them in /opt/rt4/etc, maybe in a "crontool-scripts"
>> folder, but I don't know what RT upgrades might do to that.
> 
> RT upgrades won't remove any extra files you have lying around.
> - Alex

[rt-users] no alert for invalid mail addresses

[Petr Hanousek]

Hi geeks,
sometimes someone here mistypes the mail address of Requestor or CC. The
typos in addresses are various, my question is about the really obvious
ones. Like if you put to CC an address "a@b". Is there any mechanism in
RT to detect such mistakes and say something at least? Or can I have a
feature request for this? :)

If you try this in Gmail or Thunderbird, an error is raised and the
message is not sent.

Thank you, Petr

-- 
+---+
   Petr Hanousek   e-mail: petr.hanou...@cesnet.cz
   MetaCentrum User Supportphone: +420 950 072 112
   CESNET z.s.p.o. mobile: +420 606 665 139
   location: Zikova 13a, Praha room: 32b
Czech Republic
+---+

Re: [rt-users] How unprivileged users could see all tickets in their queue?

[Felix Defrance]

Thanks for your answers.

Before work on overlay to custom my rt setup, i have a question.

Privileged users have a rights to search in all RT database. But in my
setup,  some users are customers and they are grouping in RT groups
called by their compagny name.
On the queues (called by compagny name too), the rights are applied by
using groups.

So, why they are able to search in all queues. I supposed they are
restricted to search just on their queue.

Thus, is it a mistake in my setup or RT have a security issue ? Is it
possible to limit the search instead of hide the search menu ?

Thanks,
Félix

Le 04/01/2017 à 21:53, Martin Wheldon a écrit :
> Hi,
>
> If you are looking at modifying menus then the following will help.
>
>  
> https://docs.bestpractical.com/rt/4.4.1/writing_extensions.html#Adding-and-Modifying-Menus
>
> Best Regards
>
> Martin
>
> On 2017-01-04 17:31, Alex Hall wrote:
>> I'm honestly not sure which file you want, but my guess is
>> share/html/Elements/Tabs. In that file is a line that goes something
>> like:
>>
>> $search->child( users ...
>>
>> If you wrap that bit in a conditional, checking that the active user
>> is not a member of the group as I said in a previous message, that
>> should do the job.
>>
>> On Wed, Jan 4, 2017 at 12:21 PM, Felix Defrance 
>> wrote:
>>
>>> Le 04/01/2017 à 15:47, Alex Hall a écrit :
>>>
>>> On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance 
>>> wrote:
>>>
>>> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>>>
>>> Okay, searching users is the problem? I'm not sure, but what about
>>> an overlay that conditionally shows that part of page templates? You
>>> could create a group to which you'd assign any user you don't want
>>> viewing other users, then find the element that displays the user
>>> search and add a condition to return nothing if the user belongs to
>>> that group?
>>> Yes, this is a part of the problem. The second, but not important,
>>> it's just for the look, the ability to custom "Rt at a glance"
>>> by user groups.
>>>
>>> For the first, I don't known how I can do " then find the element
>>> that displays the user search and add a condition to return nothing
>>> if the user belongs to that group"
>>
>> In one template, I was able to find this snippet to get the user
>> object:
>>
>> my $user = $session{'CurrentUser'}->UserObj;
>>
>> From there, I imagine you could check if the user is a member of a
>> certain group. Then "return 0" or something like that to stop the
>> element from loading. My Perl skills aren't worthy of being called
>> skills in any way, and I've never tried something quite like this, but
>> it's my first thought. Sorry I can't help more; hopefully a more
>> experienced user has a much simpler solution for you. :)
>>
>> Do you know if the menu search come from :
>> rt/share/html/Dashboards/Elements/* ? Or from another file ?
>>
>> I don't find documentation about these files and what are they doing
>> :(
>>
>> Thanks
>>
>>> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
>>> wrote:
>>>
>>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>>
>>> Can you describe your setup more? I'm not sure why unprivileged
>>> users would need access to all queue tickets, or why each user would
>>> have their own queue? As I understand it, unprivileged users are end
>>> users (i.e. customers, those who don't work for your organization).
>>> Thus, they shouldn't be able to access an entire queue, only tickets
>>> they open. Make them privileged, and restrict their rights by adding
>>> them to a certain group, and your life may be a lot easier.
>>> Yes! In the begining, that's what I tried to do. Restrict
>>> privilieged users. But I didn't find how restrict the access to the
>>> SearchUser.
>>>
>>> A member of a queue can search and view all users.
>>>
>>> In my setup, a queue and group, are dedicated to a customer.
>>>
>>> A customer should not be able to fetch other informations that are
>>> not inside of their queue. Thus, not be able to search all user in
>>> RT database..
>>>
>>> Maybe, it's possible to limit the search function to their queue or
>>> desactivate the access to the menu search. Do you know about that ?
>>>
>>> Thanks,
>>>
>>> For example, you might have a group called "basic users" to which
>>> you'd add the users you currently consider unprivileged. That group
>>> would have only a few rights, but since its members would be
>>> privileged, you wouldn't run into RT's built-in restrictions.
>>>
>>> As to one queue per user, that would quickly get hard to manage.
>>> Queues are for organizing tickets and users. Sure, a queue may have
>>> just one user, but each user shouldn't have their own queue. Trying
>>> to keep track of the rights of such a setup would be a nightmare,
>>> assuming you have a good amount of users. As an example, we have
>>> queues for technology, warehouse, customer service, and other
>>> divisions within the company. Some queues have a lot of people, 

Re: [rt-users] How to create a new RoleGroup?

[patrick . schoenenberg]

Hi,

I finally found the problem.
Some Upgrade-Script deleted the "AdminCc, Cc, Owner, Requestor"-entries in the 
column 'name' in the
table group. Column updated (the correct entries are also in the column type) 
and it works. 

Greetings
Patrick
 
 

Gesendet: Mittwoch, 04. Januar 2017 um 15:41 Uhr
Von: "Matt Zagrabelny" 
An: patrick.schoenenb...@web.de
Cc: rt-users 
Betreff: Re: [rt-users] How to create a new RoleGroup?
On Wed, Jan 4, 2017 at 8:30 AM,  wrote:

> I logged into RT as an admin:
> -> Admin -> Queues -> Select Queue -> Watchers
>
> Then:
> - New Watcher -> Find NAME -> Choose Option "AdminCc" --> Save Changes
> ERROR: Role group 'AdminCc' not found

I just ran a quick test and it works for me with 4.2.11.

> The Debug-Log says:
>
> "[7814] [Wed Jan 4 14:28:00 2017] [warning]: Use of uninitialized value in
> join or string at /usr/share/perl5/DBIx/SearchBuilder.pm line 1087, 
> line 1662. (/usr/share/perl5/DBIx/SearchBuilder.pm:1087)
> [7814] [Wed Jan 4 14:28:00 2017] [warning]: DBD::Pg::st execute failed:
> FEHLER: Syntaxfehler bei »)«
> LINE 1: ...nt(main.id) FROM GroupMembers main WHERE (main.GroupId = )
> ^ at
> /usr/share/perl5/DBIx/SearchBuilder/Handle.pm line 586,  line 1662.
> (/usr/share/perl5/DBIx/SearchBuilder/Handle.pm:586)

Looking at the above SQL error it looks lie there is no main.GroupId
in the query. The formatting of the email causes the caret (^)
indicator to not point at the right error.

What would cause the GroupId to be scrubbed?

Do you have some custom JS or any Overlays or Callbacks that would interfere?

-m