[whups] Ticket editing permissions
rwallace at thewallacepack.net
Mon Mar 21 15:30:17 PST 2005
I've been using whups for a while now for our software issue tracking
system. It's worked well for us to this point.
Until now we've had our users just create tickets as guests and fill in
their email address. We're to a point where we want to change it so
that only users logged in can add tickets. The problem with that is
that to be able to add a ticket to a queue they need to have edit
permissions on the queue. But if they have edit permissions on the
queue they can go in and change the status and other attributes of
tickets on the system. What I'd like is to be able to specify a
"Developers" group that can edit attributes of the tickets in the
"Development" queue. The rest of the users can see what's in the queue
and can add comments or attach files to other tickets, but not edit
state, priority, etc.
We'd also like to start using whups for our internal help desk system.
In this case users shouldn't be able to see all the tickets in the
queue, even if they have show/read permissions on it. They should only
be able to see tickets that they've created and they can only make
comments and add attachments to those tickets.
I'm not sure what the best approach is to solve these problems in whups.
I'm thinking that maybe I could extend the permissions in whups and
add a PERMS_ADMIN permission. Then, if someone has that permission,
either because they've been explicitly assigned it or are in a group
that has been assigned that permission on the queue, they have the full
range of editing capabilities on tickets in the queue. Then, if a user
only has show/read/edit permissions and not the admin permission they
can add tickets and comment and attach files to tickets already in the
queue, but nothing else.
That doesn't solve the problem in the second scenario, the internal help
desk, where users shouldn't even see tickets unless they're the ones
that created them. I suppose one way would be to change the way
permissions are checked for users so that if they have edit access they
can create tickets and comment on their own, and if they don't have
show/read permissions they can't see any one elses tickets, only those
that they've created. I'm afraid that this might be a break in the
standard horde permissions model where it would be assumed that if a
person has edit permissions they would naturally have to have show and
read permissions. I'm not sure if that's the case or not so whether I'm
"breaking" something or not, I'm not really sure.
What do you guys think?
More information about the whups