On Mon, Jan 27, 2014 at 6:02 PM, Ryan Ollos <[email protected]> wrote:
> On Mon, Jan 27, 2014 at 10:43 AM, Apache Bloodhound < > [email protected]> wrote: > > [...] > > > > Comment (by olemis): > > > > Replying to [comment:8 rjollos]: > > [...] > > > > > > A related issue is that, since `process_request` is checking for > > `TICKET_CREATE` permission, the user must have `TICKET_CREATE` for their > > current scope in order to use the QCT. > > > > > > > this is by design , if creating a ticket via QCT user must be granted > with > > TICKET_CREATE in both the active env and the target env . The former > case > > is not a big deal since > > > > > > [source:trunk/bloodhound_theme/bhtheme/templates/bloodhound_theme.html@1553998 > > :339-356 > > QCT form is not displayed] . Nevertheless it must still be asserted in > > code to be consistent in case of direct requests hijacking system logic > . > > > > We should reconsider whether it is a good design in light of recent > changes. Given that tickets must be associated with a product, it make > little sense to require that a user has `TICKET_CREATE` at global scope in > order for the QCT form to be available at global scope. The QCT would be > more useful if a user could create a ticket in any product for which they > have TICKET_CREATE permission, regardless of the permissions they have in > the current scope (i.e. a the active environment). > I'm not sure about this , but honestly 0+ . My interpretation is TICKET_CREATE revoked => do not create tickets in this product . AFAICT your interpretation is also valid OTOH this has ramifications to the ticket I'm working on now #602 aimed at adding product <select/> input control in /newticket . Again I still think the form should only be visible if TICKET_CREATE has been granted to the user , but again I'm 0+ on getting this done otherwise . -- Regards, Olemis - @olemislc Apache(tm) Bloodhound contributor http://issues.apache.org/bloodhound http://blood-hound.net Blog ES: http://simelo-es.blogspot.com/ Blog EN: http://simelo-en.blogspot.com/ Featured article:
