I installed a clear Drupal 7 with the Support module. I created a client, and one Test user, who can access that client, and I submitted a ticket with the Test user. As uid #1, I replied to the ticket, but the Test user can not see the replies, just the comments posted by itself. If I assign the 'View other users tickets' permission to the Test user, the replies are displayed.
I examined the code, the line that causes this problem is the 2402, so I modified this line. When the $table is comment, then skip the access inspection, because I think, the user always has access to see the replies for his ticket. The patch is attached.
ps.: I do not know exactly what are doing the support_query_alter() function, why do we need it? If I completely remove this function (return on 1st line), then the access system works well. The user can not see other tickets, but see the replies for own tickets.
Comment | File | Size | Author |
---|---|---|---|
#11 | user_replies-1339480-5913294.patch | 1.65 KB | sgerbino |
support.patch | 875 bytes | Zoltán Balogh |
Comments
Comment #1
slampy CreditAttribution: slampy commentedThis bug still exists in beta3. It is really strange that the client cannot see the replies to his/her ticket because the 'View other users tickets' is not set.
Please fix it. Thanks!
Comment #2
Zoltán Balogh CreditAttribution: Zoltán Balogh commentedOhh I posted the patch with wrong status...
Comment #3
bandanaman CreditAttribution: bandanaman commentedWorks for me, thank You.
Comment #4
MrPeanut CreditAttribution: MrPeanut commentedAlso having this issue. Unfortunately, still novice enough to not know how to apply patches, so I will be changing the permissions for now.
Comment #5
Bandy CreditAttribution: Bandy commentedThe user will only have the opportunity to see their tickets and answers, if the note - is around controlling access to content. But this might not be the solution, since it then the user eg then in the Advanced forum can do it all. The patch has not helped. Sorry for my english.
Drupal 7.12
Comment #6
Bandy CreditAttribution: Bandy commentedMy problem is resolved. It was at the Forum Access module. With version 7.x-1.0-rc1 is now anything goes.
Comment #7
Bandy CreditAttribution: Bandy commentedSorry - here are the patch:
support.module
all NODE_ACCESS_IGNORE replace with NODE_ACCESS_ALLOW (line 188)
Comment #8
kevin.klika CreditAttribution: kevin.klika commentedManually applied patch #7 above and tested. Works awesome! Please commit this
Thanks
Comment #9
sgerbino CreditAttribution: sgerbino commentedI'm running in to the same issue and patch #7 isn't resolving it for me.
Comment #10
Jeff Burnz CreditAttribution: Jeff Burnz commentedUnfortunatly the patch is not working for me either. I was running ACL, Content Access, Forum Access but all those have been removed recently and I still have this issue, even on rc1.
Has this anything to do with me using uid1?
As described in the OP, if I give "View other users tickets" to the role allowed to view tickets, it works, but then they can see all tickets, not good, those ticket can contain sensitive data like usernames and passwords.
This really is a critical bug in the module, its really driving my clients insane and many many complaints about this. Some feedback from the developer would be very much appreciated, this issue was posted some time ago and clearly is still an issue, and a bad one.
Comment #11
sgerbino CreditAttribution: sgerbino commentedI have a patch that seems to be working for me. I think that it was comparing the comment uid with the uid of the current user, this worked for nodes but prevented the user from seeing anyone elses comments.
To apply manually:
Line 2354 support.module
Replace:
With:
Comment #12
Jeff Burnz CreditAttribution: Jeff Burnz commentedsgerbino - success!
Will leave this as needs review for now until I have tested this more, but for now its working, I cannot thank you enough!
Comment #13
molavy2003 CreditAttribution: molavy2003 commentedi have same problem.
client'ss can't see user's reply's.
how can i solve this?
latest patch(obove comment) don't work.
Comment #14
molavy2003 CreditAttribution: molavy2003 commentedi solve this issue for my self
but that's may cause other problems that i don't mentioned
i changed
to this:
i don't know why "and must be owned by the user" should be there?
Comment #15
sgerbino CreditAttribution: sgerbino commentedHrmm when I wrote the patch I put it there so people could not see comments to other tickets unless they have "View other tickets" permission or "Administer support tickets" permission.
You should only see comments when it is on the node you have created basically.
Comment #16
augur CreditAttribution: augur commentedWorks for me, thanks!
metin2 private servers
Comment #17
hejazee CreditAttribution: hejazee commented#11 works fine. thanks
Comment #18
dalearyous CreditAttribution: dalearyous commented#11 worked for me too, w00t.
Comment #19
Jeremy CreditAttribution: Jeremy commentedThanks -- sorry to have waited so long to review this bug. Confirmed the bug, and fix -- committed the patch from #11, slightly modified.
http://drupalcode.org/project/support.git/commit/99d624d