As mentioned at http://drupal.org/node/395170#comment-1437548 the only view own tickets so-called "permission" is in fact no permission. Instead, it kills most other jobtrack permissions a user might have in another role.

Example: A user is member of the roles "editor" and "looser". The "editor" role has all access (CLIENT) tickets permissions granted. The "looser" role only has jobtrack's only view own tickets permission enabled. Then the editor user will no more have access to any tickets not belonging to herself, making her a looser.

Comments

Miguel.Andrade’s picture

Miguel.Andrade commented

I would like to suggest a "make ticket private" option. All tickets would be (public/private) by default and the user could change them.

leevester’s picture

leevester commented

As a work around, I changed the lines listed below in the jobtrack.module (3 lines) and the jobtrack.user.inc (1 line) files.

if (user_access('only view own tickets') && !user_access('administer jobtrack'))

changed to

if (user_access('only view own tickets') && !user_access('edit any ticket'))

This allows the assigned support people to see the tickets and keeps the users from seeing other tickets.

With the setting in the first line ('administer jobtrack'), the only way for the support people to see the tickets that were assigned to them was to grant them administration of the complete module.

Giving the Support people the "Edit Any Ticket" permission, allows them to view and answer the requests.

jeremy’s picture

jeremy commented
Status: Active » Fixed

I have committed code so that any user with 'edit any ticket' or 'delete any ticket' permissions ignores the 'only view own tickets' permission. Hopefully this is sufficient for your needs. If not, feel free to re-open the issue.

roball’s picture

roball commented
Status: Fixed » Active

Sorry to re-open this ticket, but I still think this permission should be re-thought over. A "permission" that actually removes permissions (instead of adding them) cannot be called "permission". A true permission must be additive to other permissions, otherwise the whole logic of a permission based user management does not make sense.

As suggested at http://drupal.org/node/395170#comment-1437548, you could rename this permission to "view other user's tickets" and handle it the opposite way than it currently works. If it keeps unticked, than the user would only see her own tickets.

jeremy’s picture

jeremy commented
Status: Active » Postponed

Ah, but being the developer I can call it what I want! ;)

Patches are welcome. I'll not be implementing this any time soon.

jeremy’s picture

jeremy commented
Status: Postponed » Fixed

I lied. Feature implemented.

roball’s picture

roball commented

Thank you Jeremy for opening your mind :-)
Just installed version 6.x-1.6-rc1 - the way the jobtrack permissions work there makes sense. Excellent.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.