Limit assigned users

Casetracker provides Organic Groups integration which can limit the options to users from the group you are about to post into.

It is possible to extend this functionality to target kinds of user groups in a custom modules. I'm also open to patches that would make the assignee form options more generic and extensible.

I would have thought that OG would be a bit overkill for just limiting the users that can be assigned.

I'd love to be able to do a patch via a custom module; but its beyond my capabilities I'm afraid.

I am using 5x version and would like to be able to limit the assign option to users in a certain role as well. Currently you can assign any user which makes it confusing for folks that have permissions to do so and mistakes are prone to happen

I've done some exploration here and I just wanted to share my thoughts.

I looked into creating a new permission "receive case tracker assignments". The issue here is that I had to implement an additional way of checking permissions besides how drupal generally does it. This is really not ideal and prone create security issues.

Additionally because of how Drupal stores the relationship between users and the authenticated user role (as in, it doesn't store it at all) and how the anonymous user role works in general I had to add some special logic that I'm not happy about, and I feel is overly complex (basically it's a query builder).

Based on this it looked like I'd need to change approaches here and add a setting to admin/settings/casetracker that lets you select what roles can be assigned to. I'm not sure how I feel about this. It would mean an additional location where you can basically determine what permissions a user role gets. This also seems like an abuse of the permission system as It would basically be leveraging roles as a convenient way to group users, but not using the system to assign permissions in the way it was designed.

The one idea I've got left is to use views for this (as we're already depending on views it's and using it in a similar capacity elsewhere in the module). With this approach a site admin could swap out the view the determines what users can receive cases, giving them full control on how it works.

The short of all this is that the problem needs some further thought. Any input from other developers is very welcome.

Looking back over the issue queue I came across this ticked http://drupal.org/node/285763 which has this patch http://drupal.org/files/issues/casetracker.module-filterbyrole.patch and is basically the second approach I outlined above. I'm sticking to my objections, and it's looking like a views based solution may be the way to go.

Hi Jeff,

Thanks for looking at this.

I happen to have used the second approach outlined above (i.e. the manual hack of the module to limit the query by role). I wasnt aware of the patch that had been previously posted, but our solutions are just about identical.

I agree that putting this into permissions page may not be the way to go.

However, I would postulate that putting some permissions into /admin/casetracker is not actually that bad, and it certainly wouldnt be the only module to do so. Have a look at http://drupal.org/project/forum_access for another module that does exactly this. If you do decide to go down this route, I would suggest that its a completely seperate module, so that those who install it know that its a permission that is not on the default drupal permissions page.

I am intrigued as to your mention of using views to do this. I have already modified the casetracker_project_cases on my site, by changing the Basic>Access permission to only allow those roles that I want to have access. This works fine - no one outside those roles can access /casetracker. The one caveat is that search results still come up by casetracker results. I digress; how would you limit the 'assignable' users to specific roles using views?

The views approach would look like this;

* casetracker would provide a default view that retrieved all users (minus anonymous).
* this view would be used to populate the options in the assignment field drop down.
* a site administrator could override this view, or tell the site to use an entirely different one.

This way you could use views to craft just about any listing of users based on any criteria that views can be made aware of. I'm not sure when I'll have to the time to tackle this, but I think it's what I'd like to see happen.

Oh, my mistake, I thought that it could already be done with views in the current version.

To be honest, it sounds fantastic, and would work pefectly for me.

Hey,

Here's a patch that makes casetracker use views for assignment listing and that provides a very simple default view that just lists all users. The view can also be selected by name for both project options and assignee options. This removes the built-in user OG functionality, which can just be added back in through views. This may be confusing for some novice users, so perhaps this functionality should be made in the default? Also, the og filters seem a bit problematic--I ended up using an argument with custom PHP code in testing, which doesn't seem all that elegant, to get something that would return every user without a group and all group users within a context.

Thanks,
David

I added a tag, sort and filter to the view but otherwise nice work David.

I'm setting this fo fixed, but I'm going to look at the OG stuff as we need a easy solution for that.

I wrote this a few weeks ago

http://drupal.org/node/428500

And now I notice this new options to show the list of users to assign throw "Assignee options view" but I can't get to filter it with arguments, any light?

thanks

I found this and work fine to filter

http://drupal.org/node/335358

Hi Jeff and David Goode

Just wanted to let you know that the latest dev version works great - really easy to change the users shown in the "Assign to" field by modifying the view.

Many thanks.

Automatically closed -- issue fixed for 2 weeks with no activity.