We are happy to announce that RT 3.8.4 is now available. You can download it from:
http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz http://download.bestpractical.com/pub/rt/release/rt-3.8.4.tar.gz.sig SHA1 sums c786eb78dd6c8374da3bc0dd10414e040d69864f rt-3.8.4.tar.gz 7af1be26513b2b26390a456a3360e5cda7d63008 rt-3.8.4.tar.gz.sig This is primarily a bugfix and security release of RT. The most important fix is that RT now requires the SuperUser right to edit global RT at a Glance. In all previous 3.8 releases, the "ShowConfigTab" right unintentionally enabled this. If you have not granted this right to any non-administrative user, then this issue should not affect you. A patch that resolves this issue without requiring an upgrade to 3.8.4 is attached to this announcement. A more complete list of bugs and features can be found below. Please note that there is a change to database content in this release, see UPGRADING for more. -kevin FEATURES ======== * Clean up NotifyGroup action * obsolete old storable format in NotifyGroup action * add support for group name, user name, user's email address and just an email address in NotifyGroup action. This will make easier to use it in crontool * add upgrade script for RT 3.8.4 * use new format and obsolete old format, we have upgrade script for conversion * add support to rt-crontool for --template argument that allows you to specify the name of a template. Template overridings will work for names. Hide --template-id from help, but don't disable it. * use RT::Plugin in RT->PluginDirs, so we can override only one place in our tests FIXES AND CLEANUPS ================== * Force some widgets to fit at max parent box. * Use true arrow (html entities) in button for SelectionBox Widget (closes: #13481). * Add ability to change graph groupby and type once the graph is displayed. (closes: #13479) * Add a link in search tickets tab to jump easily to Chart when a query exist. * Be more consistent in Create/Save Changes buttons across objects. * Be more consistent in Select/New links (most don't list the object name so do this everywhere). * Fix overlapping of password file by login button on login page (closes: #13496). * Show difference in Dashboard queries between saved searches and graphs (like in RT at a glance pref) (closes: #13497). * Don't show empty value in ticket edit basics queue dropdown, as a ticket must be in a queue. * in RT::Plugin->Path don't add trailing slash when requested subdir is not defined or empty * Typo in IsCc|IsAdminCc documentations. * Don't show "deleted" status in cerate ticket page as it doesn't make sense to create deleted tickets... (closes: #13500). * use GET for firefox2 in ahah (fixes Bookmarks on FF2) * allow the creation of tickets in disabled Queues This is how Approvals work * Factor out the quickbar-personal div into its own template * fix failing tests caused by wording changes * Avoid undef warning if this is the first time a dashboard has been sent * Pull out the value of Counter only once * perl.org is a better canonical URL for Perl than .com (in README) * pass more context into callbacks when editing custom fields * localize custom field name on edit * Don't update watcher in queue watcher edit page when we search for people and one or more current watchers are selected (closes: #13425). * Require SuperUser for editing global RT at a Glance * Add a ReadOnly mode for SelectionBox widgets * Show the RT at a Glance selection boxes as ReadOnly if there's no permission to edit them
--- share/html/Admin/Global/MyRT.html +++ share/html/Admin/Global/MyRT.html @@ -91,8 +91,13 @@ current_portlets => $default_portlets->Content, OnSave => sub { my ( $conf, $pane ) = @_; - $default_portlets->SetContent( $conf ); - push @actions, loc( 'Global portlet [_1] saved.', $pane ); + if (!$session{'CurrentUser'}->HasRight( Object=> $RT::System, Right => 'SuperUser')) { + push @actions, loc( 'Permission denied' ); + } + else { + $default_portlets->SetContent( $conf ); + push @actions, loc( 'Global portlet [_1] saved.', $pane ); + } } );
pgp98p7ndXAlE.pgp
Description: PGP signature
_______________________________________________ RT-Announce mailing list rt-annou...@lists.bestpractical.com http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-announce
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com