Leo C. Ureel II wrote:
Hello,
How do I restrict user access by queue? I've some users who only have
been granted rights in certain queues. And this limits their 'RT at a
Glance' view, such that they only can browse tickets in their
particular queues. However, the '10 newest unowned tickets' section
still shows unowned tickets in other queues. In fact, it seems that
any ticket that is not owned or assigned to a particular queue is
potentially visible to these users. And if the user knows the number
of a ticket - or can compose a search query that returns a ticket in
another queue, they have the ability to view tickets that should
otherwise be restricted.
I'm not afraid to dive under the hood if need be. I hope somebody has
a solution for me.
This what you're looking for...?
--- share/html/Elements/MyRequests.orig Wed Feb 2 00:20:40 2005
+++ share/html/Elements/MyRequests Mon Sep 18 21:37:08 2006
@@ -58,8 +58,17 @@
</&>
<%init>
my $rows = $RT::MyRequestsLength;
+my $Queues = RT::Queues->new($session{'CurrentUser'});
+$Queues->UnLimit();
+my $myQueues = "";
+while (my $queue = $Queues->Next) {
+ next unless ($queue->CurrentUserHasRight('ShowTicket'));
+ $myQueues .= " OR Queue = '" . $queue->Name . "'";
+}
+$myQueues =~ s/^ OR //g;
+
-my $Query = "Owner = 'Nobody' AND ( Status = 'new' OR Status = 'open')";
+my $Query = "Owner = 'Nobody' AND $myQueues AND ( Status = 'new' OR
Status = 'open')";
my $QueryString = '?' . $m->comp('/Elements/QueryString',
Query => $Query,
_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
