[whups] Ticket editing permissions

Richard Wallace rwallace at thewallacepack.net
Mon Mar 21 15:30:17 PST 2005


I've been using whups for a while now for our software issue tracking 
system.  It's worked well for us to this point.

Until now we've had our users just create tickets as guests and fill in 
their email address.  We're to a point where we want to change it so 
that only users logged in can add tickets.  The problem with that is 
that to be able to add a ticket to a queue they need to have edit 
permissions on the queue.  But if they have edit permissions on the 
queue they can go in and change the status and other attributes of 
tickets on the system.  What I'd like is to be able to specify a 
"Developers" group that can edit attributes of the tickets in the 
"Development" queue.  The rest of the users can see what's in the queue 
and can add comments or attach files to other tickets, but not edit 
state, priority, etc.

We'd also like to start using whups for our internal help desk system. 
In this case users shouldn't be able to see all the tickets in the 
queue, even if they have show/read permissions on it.  They should only 
be able to see tickets that they've created and they can only make 
comments and add attachments to those tickets.

I'm not sure what the best approach is to solve these problems in whups. 
  I'm thinking that maybe I could extend the permissions in whups and 
add a PERMS_ADMIN permission.  Then, if someone has that permission, 
either because they've been explicitly assigned it or are in a group 
that has been assigned that permission on the queue, they have the full 
range of editing capabilities on tickets in the queue.  Then, if a user 
only has show/read/edit permissions and not the admin permission they 
can add tickets and comment and attach files to tickets already in the 
queue, but nothing else.

That doesn't solve the problem in the second scenario, the internal help 
desk, where users shouldn't even see tickets unless they're the ones 
that created them.  I suppose one way would be to change the way 
permissions are checked for users so that if they have edit access they 
can create tickets and comment on their own, and if they don't have 
show/read permissions they can't see any one elses tickets, only those 
that they've created.  I'm afraid that this might be a break in the 
standard horde permissions model where it would be assumed that if a 
person has edit permissions they would naturally have to have show and 
read permissions.  I'm not sure if that's the case or not so whether I'm 
"breaking" something or not, I'm not really sure.

What do you guys think?


More information about the whups mailing list