Re: [rt-users] ModifyTicket/Steal/Take privileges
I'm a little hesitant to change the source code just because I know I'll forget
I did it when I install the next update - also, this is only affecting one
queue. I'm also not too concerned as it is the IT Staff group that is being
assigned the tickets, and they are told not to change the ownership. If it was
something for the general user base I could definitely see the possibility for
confusion.
I wonder, is there a way in the scrip to push to the message stack that
displays at the top after the transaction has happened?
On Feb 17, 2011, at 12:40 PM, Raed El-Hames wrote:
> Jon:
>
> Another way to achieve what you want and eliminate having to set owner then
> revoke it via the script is by modifying
> /Elements/SelectOwner
>
> Just get it to return the owner name as a string if the
> $session{'CurrentUser'} is not a member of the IT Admin group.
> Else If CurrentUser IT Admin then display the Owners dropdown.
>
> The only reason I am suggesting this, is because many times my users do not
> realise an action have been rolled back automatically via the system.
>
> Regards;
> Roy
--
Jon Baker
Systems Administrator
Church on the Move
1003 N 129th E Ave
Tulsa OK 74116
(918) 234-5656
CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to
legal privilege. If you are not the intended recipient of this message, you
may not review, disclose, print, copy or disseminate this information. If you
have received this in error, please reply and notify the sender (only) and
delete the message. Unauthorized interception of this e-mail is a violation of
federal criminal law.
Re: [rt-users] ModifyTicket/Steal/Take privileges
Jon:
Another way to achieve what you want and eliminate having to set owner then
revoke it via the script is by modifying
/Elements/SelectOwner
Just get it to return the owner name as a string if the $session{'CurrentUser'}
is not a member of the IT Admin group.
Else If CurrentUser IT Admin then display the Owners dropdown.
The only reason I am suggesting this, is because many times my users do not
realise an action have been rolled back automatically via the system.
Regards;
Roy
> -Original Message-
> From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-
> boun...@lists.bestpractical.com] On Behalf Of Jon Baker
> Sent: 17 February 2011 18:19
> To: rt-users@lists.bestpractical.com
> Subject: Re: [rt-users] ModifyTicket/Steal/Take privileges
>
> That's what I ended up doing and it looks like it's working great. Here's
> the scrip action that I ended up using in case anyone else is looking for
> the solution:
>
> my $GroupObj = RT::Group->new( $RT::SystemUser );
> $GroupObj->LoadUserDefinedGroup( 'IT Admin' );
> my $PrincipalObj = RT::Principal->new( $RT::SystemUser );
> $PrincipalObj->Load( $self->TransactionObj->Creator );
>
> if($GroupObj->HasMemberRecursively($PrincipalObj)) {
> # IT Admin is allowed to change the owner.
> return;
> } else {
> if ($self->TransactionObj->Creator != 1) {
># User 1 is the RT system, if we've recursed into here we don't want to
> do it again
>$self->TicketObj->SetOwner($self->TransactionObj->OldValue,'Force');
> }
> }
>
> On Feb 17, 2011, at 12:13 PM, rt-users-requ...@lists.bestpractical.com
> wrote:
>
> > Jon,
> >
> > Well, here's a thought.
> >
> > 1) For each Queue you want this type of situation, either make the
> > "assigner" the AdminCc, or create a group for just those users allowed
> to
> > assign tickets.
> > 2) Then create scrip for that Queue that is conditioned by "ChangeOwner"
> and
> > in the action section, check to see that the actor of this transaction
> is in
> > that "Assigner" group or that they are the AdminCc. If they are, allow
> the
> > change. If not, change the owner back.
> >
> > That might work.
> >
> > Kenn
> > LBNL
>
> --
> Jon Baker
> Systems Administrator
> Church on the Move
> 1003 N 129th E Ave
> Tulsa OK 74116
> (918) 234-5656
>
>
>
>
> CONFIDENTIALITY NOTICE: This transmission may be confidential and subject
> to legal privilege. If you are not the intended recipient of this
> message, you may not review, disclose, print, copy or disseminate this
> information. If you have received this in error, please reply and notify
> the sender (only) and delete the message. Unauthorized interception of
> this e-mail is a violation of federal criminal law.
Re: [rt-users] ModifyTicket/Steal/Take privileges
That's what I ended up doing and it looks like it's working great. Here's the
scrip action that I ended up using in case anyone else is looking for the
solution:
my $GroupObj = RT::Group->new( $RT::SystemUser );
$GroupObj->LoadUserDefinedGroup( 'IT Admin' );
my $PrincipalObj = RT::Principal->new( $RT::SystemUser );
$PrincipalObj->Load( $self->TransactionObj->Creator );
if($GroupObj->HasMemberRecursively($PrincipalObj)) {
# IT Admin is allowed to change the owner.
return;
} else {
if ($self->TransactionObj->Creator != 1) {
# User 1 is the RT system, if we've recursed into here we don't want to do
it again
$self->TicketObj->SetOwner($self->TransactionObj->OldValue,'Force');
}
}
On Feb 17, 2011, at 12:13 PM, rt-users-requ...@lists.bestpractical.com wrote:
> Jon,
>
> Well, here's a thought.
>
> 1) For each Queue you want this type of situation, either make the
> "assigner" the AdminCc, or create a group for just those users allowed to
> assign tickets.
> 2) Then create scrip for that Queue that is conditioned by "ChangeOwner" and
> in the action section, check to see that the actor of this transaction is in
> that "Assigner" group or that they are the AdminCc. If they are, allow the
> change. If not, change the owner back.
>
> That might work.
>
> Kenn
> LBNL
--
Jon Baker
Systems Administrator
Church on the Move
1003 N 129th E Ave
Tulsa OK 74116
(918) 234-5656
CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to
legal privilege. If you are not the intended recipient of this message, you
may not review, disclose, print, copy or disseminate this information. If you
have received this in error, please reply and notify the sender (only) and
delete the message. Unauthorized interception of this e-mail is a violation of
federal criminal law.
Re: [rt-users] ModifyTicket/Steal/Take privileges
I was able to sort of hack it into resetting the ownership if someone outside
of the group attempts to change it. I created a scrip on "Owner Change" with
the following custom action:
my $GroupObj = RT::Group->new( $RT::SystemUser );
$GroupObj->LoadUserDefinedGroup( 'IT Admin' );
my $PrincipalObj = RT::Principal->new( $RT::SystemUser );
$PrincipalObj->Load( $self->TransactionObj->Creator );
if($GroupObj->HasMemberRecursively($PrincipalObj)) {
# IT Admin is allowed to change the owner.
return;
} else {
if ($self->TransactionObj->Creator != 1) {
# User 1 is the RT system, if we've recursed into here we don't want to do
it again
$self->TicketObj->SetOwner($self->TransactionObj->OldValue,'Force');
}
}
Looks like that is doing the job.
> I am trying to set up a group in a queue that has the ability to change the
> status but not the owner; i.e. can't steal/take it (a different group is
> assigning tickets to them and they're not allowed to get out of it) but they
> need to be able to resolve their own tickets.
>
> It seems to me that Steal and Take are subsets of ModifyTicket (i.e, if you
> have ModifyTicket you implicitly have Steal and Take) but I can't figure out
> how to separate ownership changes from status changes. Is this possible?
>
> Thanks -
--
Jon Baker
Systems Administrator
Church on the Move
1003 N 129th E Ave
Tulsa OK 74116
(918) 234-5656
CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to
legal privilege. If you are not the intended recipient of this message, you
may not review, disclose, print, copy or disseminate this information. If you
have received this in error, please reply and notify the sender (only) and
delete the message. Unauthorized interception of this e-mail is a violation of
federal criminal law.
Re: [rt-users] ModifyTicket/Steal/Take privileges
Jon, Well, here's a thought. 1) For each Queue you want this type of situation, either make the "assigner" the AdminCc, or create a group for just those users allowed to assign tickets. 2) Then create scrip for that Queue that is conditioned by "ChangeOwner" and in the action section, check to see that the actor of this transaction is in that "Assigner" group or that they are the AdminCc. If they are, allow the change. If not, change the owner back. That might work. Kenn LBNL On Thu, Feb 17, 2011 at 8:26 AM, Kevin Falcone wrote: > On Thu, Feb 17, 2011 at 08:06:03AM -0600, Jon Baker wrote: > > Thanks for the reply, Kenn - I want the users to be able to be > > assigned the ticket by the admin, but I don't want them to be able > > to change any ticket assignments themselves. So Joe is in the Users > > group, and Sam is in the Admin group. Sam needs to be able to > > assign ownership of a ticket to Joe. Joe needs to be able to > > resolve tickets. But Joe should not be able to assign the ticket to > > anyone else, nor should he be able to steal or take a ticket. > > > > I'm going to see if I can figure out a way to do this with a Scrip unless > there's some permission voodoo that i'm missing. > > ModifyTicket implies being able to change the owner, so you'll need to > enforce your no-changes rule elsewhere > > -kevin > > > On Feb 16, 2011, at 8:10 PM, rt-users-request@lists.bestpractical.comwrote: > > > > > Jon, > > > > > > Remove the right to "OwnTicket" as well as "Steal" and "Take". You can > grant > > > the "ModifyTicket" to that group as well as "ShowTicket" and that way > they > > > can See tickets in a Queue, Modify them, but not Own them. > > > > > > Kenn > > > LBNL > > > > -- > > Jon Baker > > Systems Administrator > > Church on the Move > > 1003 N 129th E Ave > > Tulsa OK 74116 > > (918) 234-5656 > > > > > > > > > > CONFIDENTIALITY NOTICE: This transmission may be confidential and subject > to legal privilege. If you are not the intended recipient of this message, > you may not review, disclose, print, copy or disseminate this information. > If you have received this in error, please reply and notify the sender > (only) and delete the message. Unauthorized interception of this e-mail is a > violation of federal criminal law. >
Re: [rt-users] ModifyTicket/Steal/Take privileges
On Thu, Feb 17, 2011 at 08:06:03AM -0600, Jon Baker wrote: > Thanks for the reply, Kenn - I want the users to be able to be > assigned the ticket by the admin, but I don't want them to be able > to change any ticket assignments themselves. So Joe is in the Users > group, and Sam is in the Admin group. Sam needs to be able to > assign ownership of a ticket to Joe. Joe needs to be able to > resolve tickets. But Joe should not be able to assign the ticket to > anyone else, nor should he be able to steal or take a ticket. > > I'm going to see if I can figure out a way to do this with a Scrip unless > there's some permission voodoo that i'm missing. ModifyTicket implies being able to change the owner, so you'll need to enforce your no-changes rule elsewhere -kevin > On Feb 16, 2011, at 8:10 PM, rt-users-requ...@lists.bestpractical.com wrote: > > > Jon, > > > > Remove the right to "OwnTicket" as well as "Steal" and "Take". You can grant > > the "ModifyTicket" to that group as well as "ShowTicket" and that way they > > can See tickets in a Queue, Modify them, but not Own them. > > > > Kenn > > LBNL > > -- > Jon Baker > Systems Administrator > Church on the Move > 1003 N 129th E Ave > Tulsa OK 74116 > (918) 234-5656 > > > > > CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to > legal privilege. If you are not the intended recipient of this message, you > may not review, disclose, print, copy or disseminate this information. If you > have received this in error, please reply and notify the sender (only) and > delete the message. Unauthorized interception of this e-mail is a violation > of federal criminal law. pgpqssSgempO8.pgp Description: PGP signature
Re: [rt-users] ModifyTicket/Steal/Take privileges
Thanks for the reply, Kenn - I want the users to be able to be assigned the ticket by the admin, but I don't want them to be able to change any ticket assignments themselves. So Joe is in the Users group, and Sam is in the Admin group. Sam needs to be able to assign ownership of a ticket to Joe. Joe needs to be able to resolve tickets. But Joe should not be able to assign the ticket to anyone else, nor should he be able to steal or take a ticket. I'm going to see if I can figure out a way to do this with a Scrip unless there's some permission voodoo that i'm missing. On Feb 16, 2011, at 8:10 PM, rt-users-requ...@lists.bestpractical.com wrote: > Jon, > > Remove the right to "OwnTicket" as well as "Steal" and "Take". You can grant > the "ModifyTicket" to that group as well as "ShowTicket" and that way they > can See tickets in a Queue, Modify them, but not Own them. > > Kenn > LBNL -- Jon Baker Systems Administrator Church on the Move 1003 N 129th E Ave Tulsa OK 74116 (918) 234-5656 CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to legal privilege. If you are not the intended recipient of this message, you may not review, disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law.
Re: [rt-users] ModifyTicket/Steal/Take privileges
Jon, Remove the right to "OwnTicket" as well as "Steal" and "Take". You can grant the "ModifyTicket" to that group as well as "ShowTicket" and that way they can See tickets in a Queue, Modify them, but not Own them. Kenn LBNL On Wed, Feb 16, 2011 at 3:24 PM, Jon Baker wrote: > I am trying to set up a group in a queue that has the ability to change the > status but not the owner; i.e. can't steal/take it (a different group is > assigning tickets to them and they're not allowed to get out of it) but they > need to be able to resolve their own tickets. > > It seems to me that Steal and Take are subsets of ModifyTicket (i.e, if you > have ModifyTicket you implicitly have Steal and Take) but I can't figure out > how to separate ownership changes from status changes. Is this possible? > > Thanks - > -- > Jon Baker > Systems Administrator > Church on the Move > 1003 N 129th E Ave > Tulsa OK 74116 > (918) 234-5656 > > > > > CONFIDENTIALITY NOTICE: This transmission may be confidential and subject > to legal privilege. If you are not the intended recipient of this message, > you may not review, disclose, print, copy or disseminate this information. > If you have received this in error, please reply and notify the sender > (only) and delete the message. Unauthorized interception of this e-mail is a > violation of federal criminal law. >
[rt-users] ModifyTicket/Steal/Take privileges
I am trying to set up a group in a queue that has the ability to change the status but not the owner; i.e. can't steal/take it (a different group is assigning tickets to them and they're not allowed to get out of it) but they need to be able to resolve their own tickets. It seems to me that Steal and Take are subsets of ModifyTicket (i.e, if you have ModifyTicket you implicitly have Steal and Take) but I can't figure out how to separate ownership changes from status changes. Is this possible? Thanks - -- Jon Baker Systems Administrator Church on the Move 1003 N 129th E Ave Tulsa OK 74116 (918) 234-5656 CONFIDENTIALITY NOTICE: This transmission may be confidential and subject to legal privilege. If you are not the intended recipient of this message, you may not review, disclose, print, copy or disseminate this information. If you have received this in error, please reply and notify the sender (only) and delete the message. Unauthorized interception of this e-mail is a violation of federal criminal law.
