Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Felix Defrance
Hi,

In your example you said :
"I've got 2 unprivileged users with a single queue, each being the owner
of multiple tickets in that queue."

But in my case, the users is a customer, and they never owner of the
tickets.

So, the users see only the tickets they are requestor.

I would like to provide to a set of user, the ablillity to see all
ticket requestor in the queue..

Felix.

Le 05/01/2017 à 16:00, Martin Wheldon a écrit :
> Hi,
>
> No need to add the custom role to the tickets, just to the queue.
>
> Best Regards
>
> Martin
>
> On 2017-01-05 14:26, Felix Defrance wrote:
>> Le 05/01/2017 à 12:22, Alex Hall a écrit :
>>> Martin's suggestion makes sense, but I thought Felix was trying to
>>> restrict user search, not ticket search? That is, he doesn't want
>>> users to be able to search (and thus view the names of) all users?
>>> It's quite early here, so my brain may still be muttled and I could
>>> be wrong.
>> Alex, after I see it was possible to display any tickets via the search
>> module, I want to restrict this too.
>>
>>>
>>> Sent from my iPhone
>>>
 On Jan 5, 2017, at 06:08, Martin Wheldon
  wrote:

 Hi Félix,

 I've just tried to configure this on a RT 4.4.1 install using a
 custom role and it seems to work fine.
 Here is the process I carried out.

 I've got 2 unprivileged users with a single queue, each being the
 owner of multiple tickets in that queue.
 I created a new custom role, then assigned it to the queue. Next I
 added the users to the custom role. (Done on the queue, watchers tab)
 The I added the SeeQueue and ShowTickets permissions to the custom
 role on the queue.

 Now when I login as either of the users I see all the tickets in
 that queue owner by those users.
>> In this case, unprivileged users via (SelfService of course), just see
>> their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
>> foobar".
>>
>> In Tickets, I just see "Open tickets" and "Closed Tickets". In both
>> pages, I just see tickets that users declarated as requestor.
>>
>> The custom role not provide an access to see all ticket in the queue (as
>> elacour told to us).
>>
>> Now I understand the goal of the roles, maybe it's possible to
>> automaticaly add custom role as a watcher to the right queue on all
>> existing tickets and  the futur new ticket.
>>
>> Do you think it's possible ?
>>
>> Thx
>>

 Hope that helps

 Best Regards

 Martin

> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>> Hi all,
>> I don't find how I could add ShowTickets or QueueList in
>> SelfService.
>> I want to allow my unprivileged users, grouped by company name, to
>> see all tickets in their queue.
>> The group rights on the queue is correctly defined and users could
>> access to the tickets by entring the ticket number in the "goto
>> Ticket" field (top right in SelfService).
>> I have tried to play with CustomRole but it's not working for me. So
>> anybody known how I can do it?
> SelfService filters ticket list to tickets the user is watcher on
> (requestor or Cc). This is hard coded in
> share/html/SelfService/Elements/MyRequests:
> my $id = $session{'CurrentUser'}->id;
> my $Query = "( Watcher.id = $id )";
> if ($status) {
>$status =~ s/(['\\])/\\$1/g;
>$Query .= " AND Status = '$status'";
> }
> so if you wan't to relax this to all tickets users have ShowTicket
> rights, you have to modify this query ;)
> But I strongly discourage (unless really needed) to setup an RT
> instance with one queue per customer, best to think queues per
> internal support team and play with customroles/groups or
> customfields
> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57



Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Martin Wheldon

Hi,

No need to add the custom role to the tickets, just to the queue.

Best Regards

Martin

On 2017-01-05 14:26, Felix Defrance wrote:

Le 05/01/2017 à 12:22, Alex Hall a écrit :
Martin's suggestion makes sense, but I thought Felix was trying to 
restrict user search, not ticket search? That is, he doesn't want 
users to be able to search (and thus view the names of) all users? 
It's quite early here, so my brain may still be muttled and I could be 
wrong.

Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.



Sent from my iPhone

On Jan 5, 2017, at 06:08, Martin Wheldon 
 wrote:


Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a 
custom role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the 
owner of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I 
added the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom 
role on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.

In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged 
in

foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue 
(as

elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx



Hope that helps

Best Regards

Martin


On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :
Hi all,
I don't find how I could add ShowTickets or QueueList in
SelfService.
I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.
The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).
I have tried to play with CustomRole but it's not working for me. 
So

anybody known how I can do it?

SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:
my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";
if ($status) {
   $status =~ s/(['\\])/\\$1/g;
   $Query .= " AND Status = '$status'";
}
so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)
But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or 
customfields

to set the customer.


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Alex Hall
Ah, got it. If you want to restrict users from seeing the user search
option, and from searching tickets, it seems like both Martin's and my
emails will do it. The only potential problem I see with mine is that one
could still type in a username, though queue/group restrictions should
still stop tickets involving that user from appearing.

On Thu, Jan 5, 2017 at 9:26 AM, Felix Defrance  wrote:

>
>
> Le 05/01/2017 à 12:22, Alex Hall a écrit :
> > Martin's suggestion makes sense, but I thought Felix was trying to
> restrict user search, not ticket search? That is, he doesn't want users to
> be able to search (and thus view the names of) all users? It's quite early
> here, so my brain may still be muttled and I could be wrong.
> Alex, after I see it was possible to display any tickets via the search
> module, I want to restrict this too.
>
> >
> > Sent from my iPhone
> >
> >> On Jan 5, 2017, at 06:08, Martin Wheldon  co.uk> wrote:
> >>
> >> Hi Félix,
> >>
> >> I've just tried to configure this on a RT 4.4.1 install using a custom
> role and it seems to work fine.
> >> Here is the process I carried out.
> >>
> >> I've got 2 unprivileged users with a single queue, each being the owner
> of multiple tickets in that queue.
> >> I created a new custom role, then assigned it to the queue. Next I
> added the users to the custom role. (Done on the queue, watchers tab)
> >> The I added the SeeQueue and ShowTickets permissions to the custom role
> on the queue.
> >>
> >> Now when I login as either of the users I see all the tickets in that
> queue owner by those users.
> In this case, unprivileged users via (SelfService of course), just see
> their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
> foobar".
>
> In Tickets, I just see "Open tickets" and "Closed Tickets". In both
> pages, I just see tickets that users declarated as requestor.
>
> The custom role not provide an access to see all ticket in the queue (as
> elacour told to us).
>
> Now I understand the goal of the roles, maybe it's possible to
> automaticaly add custom role as a watcher to the right queue on all
> existing tickets and  the futur new ticket.
>
> Do you think it's possible ?
>
> Thx
>
> >>
> >> Hope that helps
> >>
> >> Best Regards
> >>
> >> Martin
> >>
> >>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>  Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>  Hi all,
>  I don't find how I could add ShowTickets or QueueList in
>  SelfService.
>  I want to allow my unprivileged users, grouped by company name, to
>  see all tickets in their queue.
>  The group rights on the queue is correctly defined and users could
>  access to the tickets by entring the ticket number in the "goto
>  Ticket" field (top right in SelfService).
>  I have tried to play with CustomRole but it's not working for me. So
>  anybody known how I can do it?
> >>> SelfService filters ticket list to tickets the user is watcher on
> >>> (requestor or Cc). This is hard coded in
> >>> share/html/SelfService/Elements/MyRequests:
> >>> my $id = $session{'CurrentUser'}->id;
> >>> my $Query = "( Watcher.id = $id )";
> >>> if ($status) {
> >>>$status =~ s/(['\\])/\\$1/g;
> >>>$Query .= " AND Status = '$status'";
> >>> }
> >>> so if you wan't to relax this to all tickets users have ShowTicket
> >>> rights, you have to modify this query ;)
> >>> But I strongly discourage (unless really needed) to setup an RT
> >>> instance with one queue per customer, best to think queues per
> >>> internal support team and play with customroles/groups or customfields
> >>> to set the customer.
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Felix Defrance


Le 05/01/2017 à 12:22, Alex Hall a écrit :
> Martin's suggestion makes sense, but I thought Felix was trying to restrict 
> user search, not ticket search? That is, he doesn't want users to be able to 
> search (and thus view the names of) all users? It's quite early here, so my 
> brain may still be muttled and I could be wrong. 
Alex, after I see it was possible to display any tickets via the search
module, I want to restrict this too.

>
> Sent from my iPhone
>
>> On Jan 5, 2017, at 06:08, Martin Wheldon 
>>  wrote:
>>
>> Hi Félix,
>>
>> I've just tried to configure this on a RT 4.4.1 install using a custom role 
>> and it seems to work fine.
>> Here is the process I carried out.
>>
>> I've got 2 unprivileged users with a single queue, each being the owner of 
>> multiple tickets in that queue.
>> I created a new custom role, then assigned it to the queue. Next I added the 
>> users to the custom role. (Done on the queue, watchers tab)
>> The I added the SeeQueue and ShowTickets permissions to the custom role on 
>> the queue.
>>
>> Now when I login as either of the users I see all the tickets in that queue 
>> owner by those users.
In this case, unprivileged users via (SelfService of course), just see
their own tickets. For me, I have just 2 menus: "Tickets" and "Logged in
foobar".

In Tickets, I just see "Open tickets" and "Closed Tickets". In both
pages, I just see tickets that users declarated as requestor.

The custom role not provide an access to see all ticket in the queue (as
elacour told to us).

Now I understand the goal of the roles, maybe it's possible to
automaticaly add custom role as a watcher to the right queue on all
existing tickets and  the futur new ticket.

Do you think it's possible ?

Thx

>>
>> Hope that helps
>>
>> Best Regards
>>
>> Martin
>>
>>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
 Le 03/01/2017 à 18:27, Felix Defrance a écrit :
 Hi all,
 I don't find how I could add ShowTickets or QueueList in
 SelfService.
 I want to allow my unprivileged users, grouped by company name, to
 see all tickets in their queue.
 The group rights on the queue is correctly defined and users could
 access to the tickets by entring the ticket number in the "goto
 Ticket" field (top right in SelfService).
 I have tried to play with CustomRole but it's not working for me. So
 anybody known how I can do it?
>>> SelfService filters ticket list to tickets the user is watcher on
>>> (requestor or Cc). This is hard coded in
>>> share/html/SelfService/Elements/MyRequests:
>>> my $id = $session{'CurrentUser'}->id;
>>> my $Query = "( Watcher.id = $id )";
>>> if ($status) {
>>>$status =~ s/(['\\])/\\$1/g;
>>>$Query .= " AND Status = '$status'";
>>> }
>>> so if you wan't to relax this to all tickets users have ShowTicket
>>> rights, you have to modify this query ;)
>>> But I strongly discourage (unless really needed) to setup an RT
>>> instance with one queue per customer, best to think queues per
>>> internal support team and play with customroles/groups or customfields
>>> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57




Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Alex Hall
Martin's suggestion makes sense, but I thought Felix was trying to restrict 
user search, not ticket search? That is, he doesn't want users to be able to 
search (and thus view the names of) all users? It's quite early here, so my 
brain may still be muttled and I could be wrong. 

Sent from my iPhone

> On Jan 5, 2017, at 06:08, Martin Wheldon  
> wrote:
> 
> Hi Félix,
> 
> I've just tried to configure this on a RT 4.4.1 install using a custom role 
> and it seems to work fine.
> Here is the process I carried out.
> 
> I've got 2 unprivileged users with a single queue, each being the owner of 
> multiple tickets in that queue.
> I created a new custom role, then assigned it to the queue. Next I added the 
> users to the custom role. (Done on the queue, watchers tab)
> The I added the SeeQueue and ShowTickets permissions to the custom role on 
> the queue.
> 
> Now when I login as either of the users I see all the tickets in that queue 
> owner by those users.
> 
> Hope that helps
> 
> Best Regards
> 
> Martin
> 
>> On 2017-01-04 08:45, Emmanuel Lacour wrote:
>>> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>>> Hi all,
>>> I don't find how I could add ShowTickets or QueueList in
>>> SelfService.
>>> I want to allow my unprivileged users, grouped by company name, to
>>> see all tickets in their queue.
>>> The group rights on the queue is correctly defined and users could
>>> access to the tickets by entring the ticket number in the "goto
>>> Ticket" field (top right in SelfService).
>>> I have tried to play with CustomRole but it's not working for me. So
>>> anybody known how I can do it?
>> SelfService filters ticket list to tickets the user is watcher on
>> (requestor or Cc). This is hard coded in
>> share/html/SelfService/Elements/MyRequests:
>> my $id = $session{'CurrentUser'}->id;
>> my $Query = "( Watcher.id = $id )";
>> if ($status) {
>>$status =~ s/(['\\])/\\$1/g;
>>$Query .= " AND Status = '$status'";
>> }
>> so if you wan't to relax this to all tickets users have ShowTicket
>> rights, you have to modify this query ;)
>> But I strongly discourage (unless really needed) to setup an RT
>> instance with one queue per customer, best to think queues per
>> internal support team and play with customroles/groups or customfields
>> to set the customer.


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Martin Wheldon

Hi Félix,

I've just tried to configure this on a RT 4.4.1 install using a custom 
role and it seems to work fine.

Here is the process I carried out.

I've got 2 unprivileged users with a single queue, each being the owner 
of multiple tickets in that queue.
I created a new custom role, then assigned it to the queue. Next I added 
the users to the custom role. (Done on the queue, watchers tab)
The I added the SeeQueue and ShowTickets permissions to the custom role 
on the queue.


Now when I login as either of the users I see all the tickets in that 
queue owner by those users.


Hope that helps

Best Regards

Martin

On 2017-01-04 08:45, Emmanuel Lacour wrote:

Le 03/01/2017 à 18:27, Felix Defrance a écrit :


Hi all,

I don't find how I could add ShowTickets or QueueList in
SelfService.

I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.

The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).

I have tried to play with CustomRole but it's not working for me. So
anybody known how I can do it?


SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:

my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";

if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}

so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)

But I strongly discourage (unless really needed) to setup an RT
instance with one queue per customer, best to think queues per
internal support team and play with customroles/groups or customfields
to set the customer.


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-05 Thread Felix Defrance
Thanks for your answers.

Before work on overlay to custom my rt setup, i have a question.

Privileged users have a rights to search in all RT database. But in my
setup,  some users are customers and they are grouping in RT groups
called by their compagny name.
On the queues (called by compagny name too), the rights are applied by
using groups.

So, why they are able to search in all queues. I supposed they are
restricted to search just on their queue.

Thus, is it a mistake in my setup or RT have a security issue ? Is it
possible to limit the search instead of hide the search menu ?

Thanks,
Félix

Le 04/01/2017 à 21:53, Martin Wheldon a écrit :
> Hi,
>
> If you are looking at modifying menus then the following will help.
>
>  
> https://docs.bestpractical.com/rt/4.4.1/writing_extensions.html#Adding-and-Modifying-Menus
>
> Best Regards
>
> Martin
>
> On 2017-01-04 17:31, Alex Hall wrote:
>> I'm honestly not sure which file you want, but my guess is
>> share/html/Elements/Tabs. In that file is a line that goes something
>> like:
>>
>> $search->child( users ...
>>
>> If you wrap that bit in a conditional, checking that the active user
>> is not a member of the group as I said in a previous message, that
>> should do the job.
>>
>> On Wed, Jan 4, 2017 at 12:21 PM, Felix Defrance 
>> wrote:
>>
>>> Le 04/01/2017 à 15:47, Alex Hall a écrit :
>>>
>>> On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance 
>>> wrote:
>>>
>>> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>>>
>>> Okay, searching users is the problem? I'm not sure, but what about
>>> an overlay that conditionally shows that part of page templates? You
>>> could create a group to which you'd assign any user you don't want
>>> viewing other users, then find the element that displays the user
>>> search and add a condition to return nothing if the user belongs to
>>> that group?
>>> Yes, this is a part of the problem. The second, but not important,
>>> it's just for the look&feel, the ability to custom "Rt at a glance"
>>> by user groups.
>>>
>>> For the first, I don't known how I can do " then find the element
>>> that displays the user search and add a condition to return nothing
>>> if the user belongs to that group"
>>
>> In one template, I was able to find this snippet to get the user
>> object:
>>
>> my $user = $session{'CurrentUser'}->UserObj;
>>
>> From there, I imagine you could check if the user is a member of a
>> certain group. Then "return 0" or something like that to stop the
>> element from loading. My Perl skills aren't worthy of being called
>> skills in any way, and I've never tried something quite like this, but
>> it's my first thought. Sorry I can't help more; hopefully a more
>> experienced user has a much simpler solution for you. :)
>>
>> Do you know if the menu search come from :
>> rt/share/html/Dashboards/Elements/* ? Or from another file ?
>>
>> I don't find documentation about these files and what are they doing
>> :(
>>
>> Thanks
>>
>>> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
>>> wrote:
>>>
>>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>>
>>> Can you describe your setup more? I'm not sure why unprivileged
>>> users would need access to all queue tickets, or why each user would
>>> have their own queue? As I understand it, unprivileged users are end
>>> users (i.e. customers, those who don't work for your organization).
>>> Thus, they shouldn't be able to access an entire queue, only tickets
>>> they open. Make them privileged, and restrict their rights by adding
>>> them to a certain group, and your life may be a lot easier.
>>> Yes! In the begining, that's what I tried to do. Restrict
>>> privilieged users. But I didn't find how restrict the access to the
>>> SearchUser.
>>>
>>> A member of a queue can search and view all users.
>>>
>>> In my setup, a queue and group, are dedicated to a customer.
>>>
>>> A customer should not be able to fetch other informations that are
>>> not inside of their queue. Thus, not be able to search all user in
>>> RT database..
>>>
>>> Maybe, it's possible to limit the search function to their queue or
>>> desactivate the access to the menu search. Do you know about that ?
>>>
>>> Thanks,
>>>
>>> For example, you might have a group called "basic users" to which
>>> you'd add the users you currently consider unprivileged. That group
>>> would have only a few rights, but since its members would be
>>> privileged, you wouldn't run into RT's built-in restrictions.
>>>
>>> As to one queue per user, that would quickly get hard to manage.
>>> Queues are for organizing tickets and users. Sure, a queue may have
>>> just one user, but each user shouldn't have their own queue. Trying
>>> to keep track of the rights of such a setup would be a nightmare,
>>> assuming you have a good amount of users. As an example, we have
>>> queues for technology, warehouse, customer service, and other
>>> divisions within the company. Some queues have a lot of people, some
>>> have a few, butthey are all logical grouping

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Martin Wheldon

Hi,

If you are looking at modifying menus then the following will help.

  
https://docs.bestpractical.com/rt/4.4.1/writing_extensions.html#Adding-and-Modifying-Menus


Best Regards

Martin

On 2017-01-04 17:31, Alex Hall wrote:

I'm honestly not sure which file you want, but my guess is
share/html/Elements/Tabs. In that file is a line that goes something
like:

$search->child( users ...

If you wrap that bit in a conditional, checking that the active user
is not a member of the group as I said in a previous message, that
should do the job.

On Wed, Jan 4, 2017 at 12:21 PM, Felix Defrance 
wrote:


Le 04/01/2017 à 15:47, Alex Hall a écrit :

On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 15:10, Alex Hall a écrit :

Okay, searching users is the problem? I'm not sure, but what about
an overlay that conditionally shows that part of page templates? You
could create a group to which you'd assign any user you don't want
viewing other users, then find the element that displays the user
search and add a condition to return nothing if the user belongs to
that group?
Yes, this is a part of the problem. The second, but not important,
it's just for the look&feel, the ability to custom "Rt at a glance"
by user groups.

For the first, I don't known how I can do " then find the element
that displays the user search and add a condition to return nothing
if the user belongs to that group"


In one template, I was able to find this snippet to get the user
object:

my $user = $session{'CurrentUser'}->UserObj;

From there, I imagine you could check if the user is a member of a
certain group. Then "return 0" or something like that to stop the
element from loading. My Perl skills aren't worthy of being called
skills in any way, and I've never tried something quite like this, but
it's my first thought. Sorry I can't help more; hopefully a more
experienced user has a much simpler solution for you. :)

Do you know if the menu search come from :
rt/share/html/Dashboards/Elements/* ? Or from another file ?

I don't find documentation about these files and what are they doing
:(

Thanks


On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 14:02, Alex Hall a écrit :

Can you describe your setup more? I'm not sure why unprivileged
users would need access to all queue tickets, or why each user would
have their own queue? As I understand it, unprivileged users are end
users (i.e. customers, those who don't work for your organization).
Thus, they shouldn't be able to access an entire queue, only tickets
they open. Make them privileged, and restrict their rights by adding
them to a certain group, and your life may be a lot easier.
Yes! In the begining, that's what I tried to do. Restrict
privilieged users. But I didn't find how restrict the access to the
SearchUser.

A member of a queue can search and view all users.

In my setup, a queue and group, are dedicated to a customer.

A customer should not be able to fetch other informations that are
not inside of their queue. Thus, not be able to search all user in
RT database..

Maybe, it's possible to limit the search function to their queue or
desactivate the access to the menu search. Do you know about that ?

Thanks,

For example, you might have a group called "basic users" to which
you'd add the users you currently consider unprivileged. That group
would have only a few rights, but since its members would be
privileged, you wouldn't run into RT's built-in restrictions.

As to one queue per user, that would quickly get hard to manage.
Queues are for organizing tickets and users. Sure, a queue may have
just one user, but each user shouldn't have their own queue. Trying
to keep track of the rights of such a setup would be a nightmare,
assuming you have a good amount of users. As an example, we have
queues for technology, warehouse, customer service, and other
divisions within the company. Some queues have a lot of people, some
have a few, butthey are all logical groupings of tasks. If I made a
new queue for every user, I'd have dozens of them, and tickets would
be all over the place! Plus, there's email to consider; if you want
to accept incoming emails for ticket replies, you have to make a new
Fetchmail or Postfix entry for every single user/queue you have.

I hope this makes some sense. As I said, a lot of this depends on
your usage pattern and setup concept. If you can explain that to us
more, we might be able to help better.

On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance 
wrote:

Hello,

You right, this rights isn't checked.

But I can't view all tickets in selfservice anymore.

I verify the same rights in :

Admin > Queue, "select the queue name" and  Group Rights, select
and grant "unprivileged users" to Seequeue & Showtickets

In the same section:

grant group "compagny name" to Seequeue & Showtickets

But no effect.

I try to add a user to watchers 'CC', and grant watchers 'CC' to
Seequeue & Showtickets but no effect too :(

Another i

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Alex Hall
I'm honestly not sure which file you want, but my guess is
share/html/Elements/Tabs. In that file is a line that goes something like:

$search->child( users ...

If you wrap that bit in a conditional, checking that the active user is not
a member of the group as I said in a previous message, that should do the
job.

On Wed, Jan 4, 2017 at 12:21 PM, Felix Defrance  wrote:

>
>
> Le 04/01/2017 à 15:47, Alex Hall a écrit :
>
>
>
> On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance  wrote:
>
>>
>> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>>
>> Okay, searching users is the problem? I'm not sure, but what about an
>> overlay that conditionally shows that part of page templates? You could
>> create a group to which you'd assign any user you don't want viewing other
>> users, then find the element that displays the user search and add a
>> condition to return nothing if the user belongs to that group?
>>
>> Yes, this is a part of the problem. The second, but not important, it's
>> just for the look&feel, the ability to custom "Rt at a glance" by user
>> groups.
>>
>> For the first, I don't known how I can do " then find the element that
>> displays the user search and add a condition to return nothing if the user
>> belongs to that group"
>>
>> In one template, I was able to find this snippet to get the user object:
> my $user = $session{'CurrentUser'}->UserObj;
>
> From there, I imagine you could check if the user is a member of a certain
> group. Then "return 0" or something like that to stop the element from
> loading. My Perl skills aren't worthy of being called skills in any way,
> and I've never tried something quite like this, but it's my first thought.
> Sorry I can't help more; hopefully a more experienced user has a much
> simpler solution for you. :)
>
>
> Do you know if the menu search come from : rt/share/html/Dashboards/Elements/*
> ? Or from another file ?
>
> I don't find documentation about these files and what are they doing :(
>
> Thanks
>
>
>>
>> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance  wrote:
>>
>>>
>>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>>
>>> Can you describe your setup more? I'm not sure why unprivileged users
>>> would need access to all queue tickets, or why each user would have their
>>> own queue? As I understand it, unprivileged users are end users (i.e.
>>> customers, those who don't work for your organization). Thus, they
>>> shouldn't be able to access an entire queue, only tickets they open. Make
>>> them privileged, and restrict their rights by adding them to a certain
>>> group, and your life may be a lot easier.
>>>
>>> Yes! In the begining, that's what I tried to do. Restrict privilieged
>>> users. But I didn't find how restrict the access to the SearchUser.
>>>
>>> A member of a queue can search and view all users.
>>>
>>> In my setup, a queue and group, are dedicated to a customer.
>>>
>>> A customer should not be able to fetch other informations that are not
>>> inside of their queue. Thus, not be able to search all user in RT database..
>>>
>>> Maybe, it's possible to limit the search function to their queue or
>>> desactivate the access to the menu search. Do you know about that ?
>>>
>>> Thanks,
>>>
>>>
>>> For example, you might have a group called "basic users" to which you'd
>>> add the users you currently consider unprivileged. That group would have
>>> only a few rights, but since its members would be privileged, you wouldn't
>>> run into RT's built-in restrictions.
>>>
>>> As to one queue per user, that would quickly get hard to manage. Queues
>>> are for organizing tickets and users. Sure, a queue may have just one user,
>>> but each user shouldn't have their own queue. Trying to keep track of the
>>> rights of such a setup would be a nightmare, assuming you have a good
>>> amount of users. As an example, we have queues for technology, warehouse,
>>> customer service, and other divisions within the company. Some queues have
>>> a lot of people, some have a few, butthey are all logical groupings of
>>> tasks. If I made a new queue for every user, I'd have dozens of them, and
>>> tickets would be all over the place! Plus, there's email to consider; if
>>> you want to accept incoming emails for ticket replies, you have to make a
>>> new Fetchmail or Postfix entry for every single user/queue you have.
>>>
>>> I hope this makes some sense. As I said, a lot of this depends on your
>>> usage pattern and setup concept. If you can explain that to us more, we
>>> might be able to help better.
>>>
>>> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance 
>>> wrote:
>>>
 Hello,

 You right, this rights isn't checked.

 But I can't view all tickets in selfservice anymore.

 I verify the same rights in :

  Admin > Queue, "select the queue name" and  Group Rights, select and
 grant "unprivileged users" to Seequeue & Showtickets

 In the same section:

  grant group "compagny name" to Seequeue & Showtickets


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Felix Defrance


Le 04/01/2017 à 15:47, Alex Hall a écrit :
>
>
> On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance  > wrote:
>
>
> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>> Okay, searching users is the problem? I'm not sure, but what
>> about an overlay that conditionally shows that part of page
>> templates? You could create a group to which you'd assign any
>> user you don't want viewing other users, then find the element
>> that displays the user search and add a condition to return
>> nothing if the user belongs to that group?
> Yes, this is a part of the problem. The second, but not important,
> it's just for the look&feel, the ability to custom "Rt at a
> glance" by user groups.
>
> For the first, I don't known how I can do " then find the element
> that displays the user search and add a condition to return
> nothing if the user belongs to that group"
>
> In one template, I was able to find this snippet to get the user object:
> my $user = $session{'CurrentUser'}->UserObj;
>
> From there, I imagine you could check if the user is a member of a
> certain group. Then "return 0" or something like that to stop the
> element from loading. My Perl skills aren't worthy of being called
> skills in any way, and I've never tried something quite like this, but
> it's my first thought. Sorry I can't help more; hopefully a more
> experienced user has a much simpler solution for you. :)

Do you know if the menu search come from :
rt/share/html/Dashboards/Elements/* ? Or from another file ?

I don't find documentation about these files and what are they doing :(

Thanks

>
>>
>> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance > > wrote:
>>
>>
>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>> Can you describe your setup more? I'm not sure why
>>> unprivileged users would need access to all queue tickets,
>>> or why each user would have their own queue? As I understand
>>> it, unprivileged users are end users (i.e. customers, those
>>> who don't work for your organization). Thus, they shouldn't
>>> be able to access an entire queue, only tickets they open.
>>> Make them privileged, and restrict their rights by adding
>>> them to a certain group, and your life may be a lot easier.
>> Yes! In the begining, that's what I tried to do. Restrict
>> privilieged users. But I didn't find how restrict the access
>> to the SearchUser.
>>
>> A member of a queue can search and view all users.
>>
>> In my setup, a queue and group, are dedicated to a customer.
>>
>> A customer should not be able to fetch other informations
>> that are not inside of their queue. Thus, not be able to
>> search all user in RT database..
>>
>> Maybe, it's possible to limit the search function to their
>> queue or desactivate the access to the menu search. Do you
>> know about that ?
>>
>> Thanks,
>>>
>>> For example, you might have a group called "basic users" to
>>> which you'd add the users you currently consider
>>> unprivileged. That group would have only a few rights, but
>>> since its members would be privileged, you wouldn't run into
>>> RT's built-in restrictions.
>>>
>>> As to one queue per user, that would quickly get hard to
>>> manage. Queues are for organizing tickets and users. Sure, a
>>> queue may have just one user, but each user shouldn't have
>>> their own queue. Trying to keep track of the rights of such
>>> a setup would be a nightmare, assuming you have a good
>>> amount of users. As an example, we have queues for
>>> technology, warehouse, customer service, and other divisions
>>> within the company. Some queues have a lot of people, some
>>> have a few, butthey are all logical groupings of tasks. If I
>>> made a new queue for every user, I'd have dozens of them,
>>> and tickets would be all over the place! Plus, there's email
>>> to consider; if you want to accept incoming emails for
>>> ticket replies, you have to make a new Fetchmail or Postfix
>>> entry for every single user/queue you have.
>>>
>>> I hope this makes some sense. As I said, a lot of this
>>> depends on your usage pattern and setup concept. If you can
>>> explain that to us more, we might be able to help better.
>>>
>>> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance
>>> mailto:fe...@d2france.fr>> wrote:
>>>
>>> Hello,
>>>
>>> You right, this rights isn't checked.
>>>
>>> But I can't view all tickets in selfservice anymore.
>>>
>>> I verify the same rights in :
>>>
>>>  Admin > Queue, "select the queue name" and  Group
>>> Rights, select and g

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Martin Wheldon

Hi,

You can modify the Ticket Owner dropdowns by using the UpdateObjectList 
callback in Elements/SelectOwner,
you would remove all unwanted users from the list of objects passed to 
this callback.


You possibly need to use the Modify callback in Elements/ShowUser too, I 
suspect there are others, but those should get you started.


Best Regards

Martin

On 2017-01-04 14:35, Felix Defrance wrote:

Le 04/01/2017 à 15:10, Alex Hall a écrit :


Okay, searching users is the problem? I'm not sure, but what about
an overlay that conditionally shows that part of page templates? You
could create a group to which you'd assign any user you don't want
viewing other users, then find the element that displays the user
search and add a condition to return nothing if the user belongs to
that group?

 Yes, this is a part of the problem. The second, but not important,
it's just for the look&feel, the ability to custom "Rt at a glance" by
user groups.

For the first, I don't known how I can do " then find the element that
displays the user search and add a condition to return nothing if the
user belongs to that group"


On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance 
wrote:

Le 04/01/2017 à 14:02, Alex Hall a écrit :

Can you describe your setup more? I'm not sure why unprivileged
users would need access to all queue tickets, or why each user would
have their own queue? As I understand it, unprivileged users are end
users (i.e. customers, those who don't work for your organization).
Thus, they shouldn't be able to access an entire queue, only tickets
they open. Make them privileged, and restrict their rights by adding
them to a certain group, and your life may be a lot easier.
Yes! In the begining, that's what I tried to do. Restrict
privilieged users. But I didn't find how restrict the access to the
SearchUser.

A member of a queue can search and view all users.

In my setup, a queue and group, are dedicated to a customer.

A customer should not be able to fetch other informations that are
not inside of their queue. Thus, not be able to search all user in
RT database..

Maybe, it's possible to limit the search function to their queue or
desactivate the access to the menu search. Do you know about that ?

Thanks,

For example, you might have a group called "basic users" to which
you'd add the users you currently consider unprivileged. That group
would have only a few rights, but since its members would be
privileged, you wouldn't run into RT's built-in restrictions.

As to one queue per user, that would quickly get hard to manage.
Queues are for organizing tickets and users. Sure, a queue may have
just one user, but each user shouldn't have their own queue. Trying
to keep track of the rights of such a setup would be a nightmare,
assuming you have a good amount of users. As an example, we have
queues for technology, warehouse, customer service, and other
divisions within the company. Some queues have a lot of people, some
have a few, butthey are all logical groupings of tasks. If I made a
new queue for every user, I'd have dozens of them, and tickets would
be all over the place! Plus, there's email to consider; if you want
to accept incoming emails for ticket replies, you have to make a new
Fetchmail or Postfix entry for every single user/queue you have.

I hope this makes some sense. As I said, a lot of this depends on
your usage pattern and setup concept. If you can explain that to us
more, we might be able to help better.

On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance 
wrote:

Hello,

You right, this rights isn't checked.

But I can't view all tickets in selfservice anymore.

I verify the same rights in :

Admin > Queue, "select the queue name" and  Group Rights, select
and grant "unprivileged users" to Seequeue & Showtickets

In the same section:

grant group "compagny name" to Seequeue & Showtickets

But no effect.

I try to add a user to watchers 'CC', and grant watchers 'CC' to
Seequeue & Showtickets but no effect too :(

Another ideas ?

Thanks,

Félix.

Le 03/01/2017 à 18:39, Alex Hall a écrit :

Have you granted the rights? In Admin > Global > Group Rights,
select the "unprivileged users" tab, then grant "view queue". That
should help, though our setup is quite different so I can't verify
it.

On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance 
wrote:

Hi all,

I don't find how I could add ShowTickets or QueueList in
SelfService.

I want to allow my unprivileged users, grouped by company name, to
see all tickets in their queue.

The group rights on the queue is correctly defined and users could
access to the tickets by entring the ticket number in the "goto
Ticket" field (top right in SelfService).

I have tried to play with CustomRole but it's not working for me. So
anybody known how I can do it?
Thank you,

--
Félix Defrance
PGP: 0x0F04DC57

--

Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


--
Félix Defrance
PGP: 0x0F04DC57

--

Alex Hall
 Automatic Distributors, IT department
 ah...@autod

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Alex Hall
On Wed, Jan 4, 2017 at 9:35 AM, Felix Defrance  wrote:

>
> Le 04/01/2017 à 15:10, Alex Hall a écrit :
>
> Okay, searching users is the problem? I'm not sure, but what about an
> overlay that conditionally shows that part of page templates? You could
> create a group to which you'd assign any user you don't want viewing other
> users, then find the element that displays the user search and add a
> condition to return nothing if the user belongs to that group?
>
> Yes, this is a part of the problem. The second, but not important, it's
> just for the look&feel, the ability to custom "Rt at a glance" by user
> groups.
>
> For the first, I don't known how I can do " then find the element that
> displays the user search and add a condition to return nothing if the user
> belongs to that group"
>
> In one template, I was able to find this snippet to get the user object:
my $user = $session{'CurrentUser'}->UserObj;

>From there, I imagine you could check if the user is a member of a certain
group. Then "return 0" or something like that to stop the element from
loading. My Perl skills aren't worthy of being called skills in any way,
and I've never tried something quite like this, but it's my first thought.
Sorry I can't help more; hopefully a more experienced user has a much
simpler solution for you. :)

>
>
> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance  wrote:
>
>>
>> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>>
>> Can you describe your setup more? I'm not sure why unprivileged users
>> would need access to all queue tickets, or why each user would have their
>> own queue? As I understand it, unprivileged users are end users (i.e.
>> customers, those who don't work for your organization). Thus, they
>> shouldn't be able to access an entire queue, only tickets they open. Make
>> them privileged, and restrict their rights by adding them to a certain
>> group, and your life may be a lot easier.
>>
>> Yes! In the begining, that's what I tried to do. Restrict privilieged
>> users. But I didn't find how restrict the access to the SearchUser.
>>
>> A member of a queue can search and view all users.
>>
>> In my setup, a queue and group, are dedicated to a customer.
>>
>> A customer should not be able to fetch other informations that are not
>> inside of their queue. Thus, not be able to search all user in RT database..
>>
>> Maybe, it's possible to limit the search function to their queue or
>> desactivate the access to the menu search. Do you know about that ?
>>
>> Thanks,
>>
>>
>> For example, you might have a group called "basic users" to which you'd
>> add the users you currently consider unprivileged. That group would have
>> only a few rights, but since its members would be privileged, you wouldn't
>> run into RT's built-in restrictions.
>>
>> As to one queue per user, that would quickly get hard to manage. Queues
>> are for organizing tickets and users. Sure, a queue may have just one user,
>> but each user shouldn't have their own queue. Trying to keep track of the
>> rights of such a setup would be a nightmare, assuming you have a good
>> amount of users. As an example, we have queues for technology, warehouse,
>> customer service, and other divisions within the company. Some queues have
>> a lot of people, some have a few, butthey are all logical groupings of
>> tasks. If I made a new queue for every user, I'd have dozens of them, and
>> tickets would be all over the place! Plus, there's email to consider; if
>> you want to accept incoming emails for ticket replies, you have to make a
>> new Fetchmail or Postfix entry for every single user/queue you have.
>>
>> I hope this makes some sense. As I said, a lot of this depends on your
>> usage pattern and setup concept. If you can explain that to us more, we
>> might be able to help better.
>>
>> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance  wrote:
>>
>>> Hello,
>>>
>>> You right, this rights isn't checked.
>>>
>>> But I can't view all tickets in selfservice anymore.
>>>
>>> I verify the same rights in :
>>>
>>>  Admin > Queue, "select the queue name" and  Group Rights, select and
>>> grant "unprivileged users" to Seequeue & Showtickets
>>>
>>> In the same section:
>>>
>>>  grant group "compagny name" to Seequeue & Showtickets
>>>
>>>
>>> But no effect.
>>>
>>> I try to add a user to watchers 'CC', and grant watchers 'CC' to Seequeue
>>> & Showtickets but no effect too :(
>>>
>>> Another ideas ?
>>>
>>> Thanks,
>>>
>>> Félix.
>>> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>>>
>>> Have you granted the rights? In Admin > Global > Group Rights, select
>>> the "unprivileged users" tab, then grant "view queue". That should help,
>>> though our setup is quite different so I can't verify it.
>>>
>>> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance 
>>> wrote:
>>>
 Hi all,

 I don't find how I could add ShowTickets or QueueList in SelfService.

 I want to allow my unprivileged users, grouped by company name, to see
 all tickets in their queue.

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Felix Defrance

Le 04/01/2017 à 15:10, Alex Hall a écrit :
> Okay, searching users is the problem? I'm not sure, but what about an
> overlay that conditionally shows that part of page templates? You
> could create a group to which you'd assign any user you don't want
> viewing other users, then find the element that displays the user
> search and add a condition to return nothing if the user belongs to
> that group?
Yes, this is a part of the problem. The second, but not important, it's
just for the look&feel, the ability to custom "Rt at a glance" by user
groups.

For the first, I don't known how I can do " then find the element that
displays the user search and add a condition to return nothing if the
user belongs to that group"


>
> On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance  > wrote:
>
>
> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>> Can you describe your setup more? I'm not sure why unprivileged
>> users would need access to all queue tickets, or why each user
>> would have their own queue? As I understand it, unprivileged
>> users are end users (i.e. customers, those who don't work for
>> your organization). Thus, they shouldn't be able to access an
>> entire queue, only tickets they open. Make them privileged, and
>> restrict their rights by adding them to a certain group, and your
>> life may be a lot easier.
> Yes! In the begining, that's what I tried to do. Restrict
> privilieged users. But I didn't find how restrict the access to
> the SearchUser.
>
> A member of a queue can search and view all users.
>
> In my setup, a queue and group, are dedicated to a customer.
>
> A customer should not be able to fetch other informations that are
> not inside of their queue. Thus, not be able to search all user in
> RT database..
>
> Maybe, it's possible to limit the search function to their queue
> or desactivate the access to the menu search. Do you know about that ?
>
> Thanks,
>>
>> For example, you might have a group called "basic users" to which
>> you'd add the users you currently consider unprivileged. That
>> group would have only a few rights, but since its members would
>> be privileged, you wouldn't run into RT's built-in restrictions.
>>
>> As to one queue per user, that would quickly get hard to manage.
>> Queues are for organizing tickets and users. Sure, a queue may
>> have just one user, but each user shouldn't have their own queue.
>> Trying to keep track of the rights of such a setup would be a
>> nightmare, assuming you have a good amount of users. As an
>> example, we have queues for technology, warehouse, customer
>> service, and other divisions within the company. Some queues have
>> a lot of people, some have a few, butthey are all logical
>> groupings of tasks. If I made a new queue for every user, I'd
>> have dozens of them, and tickets would be all over the place!
>> Plus, there's email to consider; if you want to accept incoming
>> emails for ticket replies, you have to make a new Fetchmail or
>> Postfix entry for every single user/queue you have.
>>
>> I hope this makes some sense. As I said, a lot of this depends on
>> your usage pattern and setup concept. If you can explain that to
>> us more, we might be able to help better.
>>
>> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance > > wrote:
>>
>> Hello,
>>
>> You right, this rights isn't checked.
>>
>> But I can't view all tickets in selfservice anymore.
>>
>> I verify the same rights in :
>>
>>  Admin > Queue, "select the queue name" and  Group Rights,
>> select and grant "unprivileged users" to Seequeue & Showtickets
>>
>> In the same section:
>>
>>  grant group "compagny name" to Seequeue & Showtickets
>>
>>
>> But no effect.
>>
>> I try to add a user to watchers 'CC', and grant watchers 'CC'
>> to Seequeue & Showtickets but no effect too :(
>>
>> Another ideas ?
>>
>> Thanks,
>>
>> Félix.
>>
>> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>>> Have you granted the rights? In Admin > Global > Group
>>> Rights, select the "unprivileged users" tab, then grant
>>> "view queue". That should help, though our setup is quite
>>> different so I can't verify it.
>>>
>>> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance
>>> mailto:fe...@d2france.fr>> wrote:
>>>
>>> Hi all,
>>>
>>> I don't find how I could add ShowTickets or QueueList in
>>> SelfService.
>>>
>>> I want to allow my unprivileged users, grouped by
>>> company name, to see all tickets in their queue.
>>>
>>> The group rights on the queue is correctly defined and
>>> users could access to the tickets by entring the ticket
>>>

Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Alex Hall
Okay, searching users is the problem? I'm not sure, but what about an
overlay that conditionally shows that part of page templates? You could
create a group to which you'd assign any user you don't want viewing other
users, then find the element that displays the user search and add a
condition to return nothing if the user belongs to that group?

On Wed, Jan 4, 2017 at 8:57 AM, Felix Defrance  wrote:

>
> Le 04/01/2017 à 14:02, Alex Hall a écrit :
>
> Can you describe your setup more? I'm not sure why unprivileged users
> would need access to all queue tickets, or why each user would have their
> own queue? As I understand it, unprivileged users are end users (i.e.
> customers, those who don't work for your organization). Thus, they
> shouldn't be able to access an entire queue, only tickets they open. Make
> them privileged, and restrict their rights by adding them to a certain
> group, and your life may be a lot easier.
>
> Yes! In the begining, that's what I tried to do. Restrict privilieged
> users. But I didn't find how restrict the access to the SearchUser.
>
> A member of a queue can search and view all users.
>
> In my setup, a queue and group, are dedicated to a customer.
>
> A customer should not be able to fetch other informations that are not
> inside of their queue. Thus, not be able to search all user in RT database..
>
> Maybe, it's possible to limit the search function to their queue or
> desactivate the access to the menu search. Do you know about that ?
>
> Thanks,
>
>
> For example, you might have a group called "basic users" to which you'd
> add the users you currently consider unprivileged. That group would have
> only a few rights, but since its members would be privileged, you wouldn't
> run into RT's built-in restrictions.
>
> As to one queue per user, that would quickly get hard to manage. Queues
> are for organizing tickets and users. Sure, a queue may have just one user,
> but each user shouldn't have their own queue. Trying to keep track of the
> rights of such a setup would be a nightmare, assuming you have a good
> amount of users. As an example, we have queues for technology, warehouse,
> customer service, and other divisions within the company. Some queues have
> a lot of people, some have a few, butthey are all logical groupings of
> tasks. If I made a new queue for every user, I'd have dozens of them, and
> tickets would be all over the place! Plus, there's email to consider; if
> you want to accept incoming emails for ticket replies, you have to make a
> new Fetchmail or Postfix entry for every single user/queue you have.
>
> I hope this makes some sense. As I said, a lot of this depends on your
> usage pattern and setup concept. If you can explain that to us more, we
> might be able to help better.
>
> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance  wrote:
>
>> Hello,
>>
>> You right, this rights isn't checked.
>>
>> But I can't view all tickets in selfservice anymore.
>>
>> I verify the same rights in :
>>
>>  Admin > Queue, "select the queue name" and  Group Rights, select and
>> grant "unprivileged users" to Seequeue & Showtickets
>>
>> In the same section:
>>
>>  grant group "compagny name" to Seequeue & Showtickets
>>
>>
>> But no effect.
>>
>> I try to add a user to watchers 'CC', and grant watchers 'CC' to Seequeue
>> & Showtickets but no effect too :(
>>
>> Another ideas ?
>>
>> Thanks,
>>
>> Félix.
>> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>>
>> Have you granted the rights? In Admin > Global > Group Rights, select the
>> "unprivileged users" tab, then grant "view queue". That should help, though
>> our setup is quite different so I can't verify it.
>>
>> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance 
>> wrote:
>>
>>> Hi all,
>>>
>>> I don't find how I could add ShowTickets or QueueList in SelfService.
>>>
>>> I want to allow my unprivileged users, grouped by company name, to see
>>> all tickets in their queue.
>>>
>>> The group rights on the queue is correctly defined and users could
>>> access to the tickets by entring the ticket number in the "goto Ticket"
>>> field (top right in SelfService).
>>>
>>> I have tried to play with CustomRole but it's not working for me. So
>>> anybody known how I can do it?
>>> Thank you,
>>>
>>> --
>>> Félix Defrance
>>> PGP: 0x0F04DC57
>>>
>>>
>>
>>
>> --
>> Alex Hall
>> Automatic Distributors, IT department
>> ah...@autodist.com
>>
>>
>> --
>> Félix Defrance
>> PGP: 0x0F04DC57
>>
>>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com
>
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Felix Defrance

Le 04/01/2017 à 14:02, Alex Hall a écrit :
> Can you describe your setup more? I'm not sure why unprivileged users
> would need access to all queue tickets, or why each user would have
> their own queue? As I understand it, unprivileged users are end users
> (i.e. customers, those who don't work for your organization). Thus,
> they shouldn't be able to access an entire queue, only tickets they
> open. Make them privileged, and restrict their rights by adding them
> to a certain group, and your life may be a lot easier.
Yes! In the begining, that's what I tried to do. Restrict privilieged
users. But I didn't find how restrict the access to the SearchUser.

A member of a queue can search and view all users.

In my setup, a queue and group, are dedicated to a customer.

A customer should not be able to fetch other informations that are not
inside of their queue. Thus, not be able to search all user in RT database..

Maybe, it's possible to limit the search function to their queue or
desactivate the access to the menu search. Do you know about that ?

Thanks,
>
> For example, you might have a group called "basic users" to which
> you'd add the users you currently consider unprivileged. That group
> would have only a few rights, but since its members would be
> privileged, you wouldn't run into RT's built-in restrictions.
>
> As to one queue per user, that would quickly get hard to manage.
> Queues are for organizing tickets and users. Sure, a queue may have
> just one user, but each user shouldn't have their own queue. Trying to
> keep track of the rights of such a setup would be a nightmare,
> assuming you have a good amount of users. As an example, we have
> queues for technology, warehouse, customer service, and other
> divisions within the company. Some queues have a lot of people, some
> have a few, butthey are all logical groupings of tasks. If I made a
> new queue for every user, I'd have dozens of them, and tickets would
> be all over the place! Plus, there's email to consider; if you want to
> accept incoming emails for ticket replies, you have to make a new
> Fetchmail or Postfix entry for every single user/queue you have.
>
> I hope this makes some sense. As I said, a lot of this depends on your
> usage pattern and setup concept. If you can explain that to us more,
> we might be able to help better.
>
> On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance  > wrote:
>
> Hello,
>
> You right, this rights isn't checked.
>
> But I can't view all tickets in selfservice anymore.
>
> I verify the same rights in :
>
>  Admin > Queue, "select the queue name" and  Group Rights, select
> and grant "unprivileged users" to Seequeue & Showtickets
>
> In the same section:
>
>  grant group "compagny name" to Seequeue & Showtickets
>
>
> But no effect.
>
> I try to add a user to watchers 'CC', and grant watchers 'CC' to
> Seequeue & Showtickets but no effect too :(
>
> Another ideas ?
>
> Thanks,
>
> Félix.
>
> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>> Have you granted the rights? In Admin > Global > Group Rights,
>> select the "unprivileged users" tab, then grant "view queue".
>> That should help, though our setup is quite different so I can't
>> verify it.
>>
>> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance
>> mailto:fe...@d2france.fr>> wrote:
>>
>> Hi all,
>>
>> I don't find how I could add ShowTickets or QueueList in
>> SelfService.
>>
>> I want to allow my unprivileged users, grouped by company
>> name, to see all tickets in their queue.
>>
>> The group rights on the queue is correctly defined and users
>> could access to the tickets by entring the ticket number in
>> the "goto Ticket" field (top right in SelfService).
>>
>> I have tried to play with CustomRole but it's not working for
>> me. So anybody known how I can do it?
>>
>> Thank you,
>>
>> -- 
>> Félix Defrance
>> PGP: 0x0F04DC57
>>
>>
>>
>>
>> -- 
>> Alex Hall
>> Automatic Distributors, IT department
>> ah...@autodist.com 
>
> -- 
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>
>
> -- 
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com 

-- 
Félix Defrance
PGP: 0x0F04DC57



Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Alex Hall
Can you describe your setup more? I'm not sure why unprivileged users would
need access to all queue tickets, or why each user would have their own
queue? As I understand it, unprivileged users are end users (i.e.
customers, those who don't work for your organization). Thus, they
shouldn't be able to access an entire queue, only tickets they open. Make
them privileged, and restrict their rights by adding them to a certain
group, and your life may be a lot easier.

For example, you might have a group called "basic users" to which you'd add
the users you currently consider unprivileged. That group would have only a
few rights, but since its members would be privileged, you wouldn't run
into RT's built-in restrictions.

As to one queue per user, that would quickly get hard to manage. Queues are
for organizing tickets and users. Sure, a queue may have just one user, but
each user shouldn't have their own queue. Trying to keep track of the
rights of such a setup would be a nightmare, assuming you have a good
amount of users. As an example, we have queues for technology, warehouse,
customer service, and other divisions within the company. Some queues have
a lot of people, some have a few, butthey are all logical groupings of
tasks. If I made a new queue for every user, I'd have dozens of them, and
tickets would be all over the place! Plus, there's email to consider; if
you want to accept incoming emails for ticket replies, you have to make a
new Fetchmail or Postfix entry for every single user/queue you have.

I hope this makes some sense. As I said, a lot of this depends on your
usage pattern and setup concept. If you can explain that to us more, we
might be able to help better.

On Wed, Jan 4, 2017 at 3:57 AM, Felix Defrance  wrote:

> Hello,
>
> You right, this rights isn't checked.
>
> But I can't view all tickets in selfservice anymore.
>
> I verify the same rights in :
>
>  Admin > Queue, "select the queue name" and  Group Rights, select and
> grant "unprivileged users" to Seequeue & Showtickets
>
> In the same section:
>
>  grant group "compagny name" to Seequeue & Showtickets
>
>
> But no effect.
>
> I try to add a user to watchers 'CC', and grant watchers 'CC' to Seequeue
> & Showtickets but no effect too :(
>
> Another ideas ?
>
> Thanks,
>
> Félix.
> Le 03/01/2017 à 18:39, Alex Hall a écrit :
>
> Have you granted the rights? In Admin > Global > Group Rights, select the
> "unprivileged users" tab, then grant "view queue". That should help, though
> our setup is quite different so I can't verify it.
>
> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance  wrote:
>
>> Hi all,
>>
>> I don't find how I could add ShowTickets or QueueList in SelfService.
>>
>> I want to allow my unprivileged users, grouped by company name, to see
>> all tickets in their queue.
>>
>> The group rights on the queue is correctly defined and users could access
>> to the tickets by entring the ticket number in the "goto Ticket" field (top
>> right in SelfService).
>>
>> I have tried to play with CustomRole but it's not working for me. So
>> anybody known how I can do it?
>> Thank you,
>>
>> --
>> Félix Defrance
>> PGP: 0x0F04DC57
>>
>>
>
>
> --
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com
>
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Felix Defrance
Hi Manu,

Thanks for your answer ;)

I have tried to modify MyRequests in an overlay, yesterday, but my perl
coding is quite bad as you known ;)

Nevermind, I try to imagine use CC instead of modifing the hard coded
things, but in this goal, I'll need to define watchers automatically.

For example, I'll need to add "user group" called foobar to all existing
tickets in queue foobar and the futurs created tickets in it!

The question is, is it possible ?

In the other hand, I don't know whyone queue per customer is not a good
workflow.

Thanks,

Félix.

Le 04/01/2017 à 09:45, Emmanuel Lacour a écrit :
> Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>>
>> Hi all,
>>
>> I don't find how I could add ShowTickets or QueueList in SelfService.
>>
>> I want to allow my unprivileged users, grouped by company name, to
>> see all tickets in their queue.
>>
>> The group rights on the queue is correctly defined and users could
>> access to the tickets by entring the ticket number in the "goto
>> Ticket" field (top right in SelfService).
>>
>> I have tried to play with CustomRole but it's not working for me. So
>> anybody known how I can do it?
>>
>
> SelfService filters ticket list to tickets the user is watcher on
> (requestor or Cc). This is hard coded in
> share/html/SelfService/Elements/MyRequests:
>
> my $id = $session{'CurrentUser'}->id;
> my $Query = "( Watcher.id = $id )";
>
> if ($status) {
> $status =~ s/(['\\])/\\$1/g;
> $Query .= " AND Status = '$status'";
> }
>
>
> so if you wan't to relax this to all tickets users have ShowTicket
> rights, you have to modify this query ;)
>
> But I strongly discourage (unless really needed) to setup an RT
> instance with one queue per customer, best to think queues per
> internal support team and play with customroles/groups or customfields
> to set the customer.

-- 
Félix Defrance
PGP: 0x0F04DC57



Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Felix Defrance
Hello,

You right, this rights isn't checked.

But I can't view all tickets in selfservice anymore.

I verify the same rights in :

 Admin > Queue, "select the queue name" and  Group Rights, select and
grant "unprivileged users" to Seequeue & Showtickets

In the same section:

 grant group "compagny name" to Seequeue & Showtickets


But no effect.

I try to add a user to watchers 'CC', and grant watchers 'CC' to
Seequeue & Showtickets but no effect too :(

Another ideas ?

Thanks,

Félix.

Le 03/01/2017 à 18:39, Alex Hall a écrit :
> Have you granted the rights? In Admin > Global > Group Rights, select
> the "unprivileged users" tab, then grant "view queue". That should
> help, though our setup is quite different so I can't verify it.
>
> On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance  > wrote:
>
> Hi all,
>
> I don't find how I could add ShowTickets or QueueList in SelfService.
>
> I want to allow my unprivileged users, grouped by company name, to
> see all tickets in their queue.
>
> The group rights on the queue is correctly defined and users could
> access to the tickets by entring the ticket number in the "goto
> Ticket" field (top right in SelfService).
>
> I have tried to play with CustomRole but it's not working for me.
> So anybody known how I can do it?
>
> Thank you,
>
> -- 
> Félix Defrance
> PGP: 0x0F04DC57
>
>
>
>
> -- 
> Alex Hall
> Automatic Distributors, IT department
> ah...@autodist.com 

-- 
Félix Defrance
PGP: 0x0F04DC57



Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-04 Thread Emmanuel Lacour
Le 03/01/2017 à 18:27, Felix Defrance a écrit :
>
> Hi all,
>
> I don't find how I could add ShowTickets or QueueList in SelfService.
>
> I want to allow my unprivileged users, grouped by company name, to see
> all tickets in their queue.
>
> The group rights on the queue is correctly defined and users could
> access to the tickets by entring the ticket number in the "goto
> Ticket" field (top right in SelfService).
>
> I have tried to play with CustomRole but it's not working for me. So
> anybody known how I can do it?
>

SelfService filters ticket list to tickets the user is watcher on
(requestor or Cc). This is hard coded in
share/html/SelfService/Elements/MyRequests:

my $id = $session{'CurrentUser'}->id;
my $Query = "( Watcher.id = $id )";

if ($status) {
$status =~ s/(['\\])/\\$1/g;
$Query .= " AND Status = '$status'";
}


so if you wan't to relax this to all tickets users have ShowTicket
rights, you have to modify this query ;)

But I strongly discourage (unless really needed) to setup an RT instance
with one queue per customer, best to think queues per internal support
team and play with customroles/groups or customfields to set the customer.


Re: [rt-users] How unprivileged users could see all tickets in their queue?

2017-01-03 Thread Alex Hall
Have you granted the rights? In Admin > Global > Group Rights, select the
"unprivileged users" tab, then grant "view queue". That should help, though
our setup is quite different so I can't verify it.

On Tue, Jan 3, 2017 at 12:27 PM, Felix Defrance  wrote:

> Hi all,
>
> I don't find how I could add ShowTickets or QueueList in SelfService.
>
> I want to allow my unprivileged users, grouped by company name, to see all
> tickets in their queue.
>
> The group rights on the queue is correctly defined and users could access
> to the tickets by entring the ticket number in the "goto Ticket" field (top
> right in SelfService).
>
> I have tried to play with CustomRole but it's not working for me. So
> anybody known how I can do it?
> Thank you,
>
> --
> Félix Defrance
> PGP: 0x0F04DC57
>
>


-- 
Alex Hall
Automatic Distributors, IT department
ah...@autodist.com