Permissions NOT assigned

Are you sure that you assigned all necessary rights:
> admin/user/access
- casetracker module
- assign case to user
- assign case to user if logged in user is assigned
- set case priority
- set case priority if user is assigned
- set case status
- set status if user is assigned

I'm not sure if this is related but I'm also experiencing issues with the permission system.

I have configured the permissions so that authenticated users can only 'access casetracker' and 'create cases' and 'edit own cases'. My problem arrises when an authenticated user adds a comment, they are given the choice of changing the Title, the Priority and also the Type. Is this the desired effect?

I'd rather people were just able to leave comments but not change anything like the title etc and have finer grained permissions so that only the author of the case could change those things.

Below are hacks. They work. Use at your own risk!

hack 1. Delete lines 1273 to 1295 of casetracker.module (form_alter) to fix #2 above.

hack 2. Regarding permissions, I can't let anyone see other's tickets. To fix that, I created two cck fields for the case content type: case_contact1 and case_contact2. In a custom module (if hacking this module, paste in casetracker.module) I put the following:

//if viewing a new casetracker, update the list of who can view (uid1 bypasses this)
function casetracker_nodeapi(&$node, $op, $teaser, $page) {
switch ($op) {
case 'view':
if ($node->type=="casetracker_basic_case") {
//remove all grants to this node
db_query("DELETE FROM {node_access} where nid=%d",$node->nid);

//insert access for the current user and users referenced on form
//add logged-in user
db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete)
VALUES (%d, %d, '%s', %d, %d, %d)",
$node->nid,$node->uid,'casetracker',1,0,0);
//add contact 1
if ($node->field_case_contact1[0][uid] && $node->field_case_contact1[0][uid]<>$node->uid)
db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete)
VALUES (%d, %d, '%s', %d, %d, %d)",
$node->nid,$node->field_case_contact1[0][uid],'casetracker',1,0,0);
//add contact 2
if ($node->field_case_contact2[0][uid] && $node->field_case_contact2[0][uid]<>$node->uid)
db_query("INSERT INTO {node_access} (nid, gid, realm, grant_view, grant_update, grant_delete)
VALUES (%d, %d, '%s', %d, %d, %d)",
$node->nid,$node->field_case_contact2[0][uid],'casetracker',1,0,0);
}
break;
}
}

//tell drupal what access casetrackers can have
function casetracker_node_grants($account, $op) {
if ($op == 'view') {
$grants['casetracker'] = array($account->uid); //tell drupal to find this in node_access
}
return $grants;
}

In casetracker_basic.module

//This function adds the User Access Control for casetracker, add 2 new stuff to be controlled by the //user
function casetracker_basic_perm() {
return array('create projects', 'create cases', 'edit own projects', 'edit all projects', 'edit own cases', 'edit all cases');
//return array('create projects', 'create cases', 'edit own projects', 'edit own cases');

}

//Modify the casetracker project edits
function casetracker_basic_project_access($op, $node) {
...
case 'update':
//add this here, initially this is empty
return user_access('edit all projects');
break;
//
}

//Modify the casetracker case edits
function casetracker_basic_case_access($op, $node) {
...

case 'update':
//add this here, initially this is empty
return user_access('edit all cases');
break;
//

5.x version is obsolete and will not receive any updates, so i'm closing this issue