Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.I would like to add a "reported_by" case field. When the case is created it is assigned $user->uid. Then, depending on users role, options will be:
1) only view & edit my reported cases - want "assigned_to" hidden from this role
2) view & edit my cases and view other reported_by cases- want "assigned_to" hidden from this role
3) view and edit all cases - want "assigned_to" visible and selectable from this role
Comments
Comment #1
jmiccolis commentedDoesn't most of this concept already get captured by case's author? You may still need extra/modified permissions but I think starting by using the author of the case as the user who reported it should get you started.
Comment #2
pdarnell commentedHi jmiccolis,
I didn't expect such a fast response!
What is the case author field? I was looking for it, but didn't find it.
All I could find was the assigned_to field.
I really like your case tracker tool, by the way. Nice work.
...
Aha! I figured it out. The casetracker_case record has a nid (node id) pointer to a node, and all nodes have a UID (author user ID). That's what I'm looking for, so I respectfully change my feature request to allow me restrict certain user roles to viewing only their authored cases. I also don't want those users to see the assigned to field.
In Admin view, I want to see the "authored by" field.
Comment #3
jmiccolis commentedExactly, the author UID is what I'm talking about.
So I understand what you need here, and what would be most helpful to me is if you could look at you request in relation to the existing permissions and how they work and tell me more about how you see them fitting in and what exactly they mean in the module. Just tacking them on is probably not going to give you the results you expect.
FYI we can't switch to a 'view my cases'/'view all cases' permission split. This would not have any affect on listing pages! Drupal uses the node access system (most commonly implemented with Organic Groups) to control from the query level what a user gets to see or not. So 'view my cases' would never get checked on case listing pages and could only be enforced when going to the node/nid page itself. By design permissions are the wrong tool for this kind of access control, node_access modules, like OG, are what can be used here.
Comment #4
pdarnell commentedWe want to distinguish between a user role and a maintainer role.
We want a user to be restricted to seeing only cases they authored.
Maintainers can use casetracker as it is currently, seeing all cases, or all cases assigned to them
Comment #5
jmiccolis commentedOk, if the issue is only allowing users to view cases they authored then this then is a duplicate of an existing issue http://drupal.org/node/445960
Lets keep further discussion over there.