You are not logged in.

Announcement

 Téléchargez la dernière version stable de GLPI      -     Et vous, que pouvez vous faire pour le projet GLPI ? :  Contribuer
 Download last stable version of GLPI                      -     What can you do for GLPI ? :  Contribute

#1 2022-02-15 16:32:09

Loiseau2nuit
Member
From: 01000001 01001110 01000101
Registered: 2021-08-29
Posts: 47

GLPI 9.5.7 / bug with notification & attached files

Hello and first : many thanks for all the work done on GLPI since the begining of the project.

However, I'd like to report a major inconsistency with the way GLPI notifications (native ones, as we're not using David Durieux's plugin) handle attached files.

When the option "Add documents into ticket notifications" is set to "Yes" :

What's actually sent each time a notification is triggered (whatever which one), are each and every file attached to the ticket

This is non sense to me for a lot of reasons, but most importantly :
1- no one, following an ongoing ticket, should receive X times the same files & documents each time he gets notified
2- some attached elements are meant to be seen ONLY by their notified recipients (and NOT by everyone listed in the ticket)


What SHOULD be sent then, are only the files that have been attached to the followup, or the task, triggering the notification

With maybe one exception tho' : if the move triggering the notification is made on the whole ticket (exemple: new assignee)


Thanks for reading and feedbacks
Feel free to ask for more details or clarification if needed.




 
GLPI 9.5.7 ( => /var/www/glpi)
Installation mode: TARBALL
Current language:fr_FR

Server
 
Operating system: Linux uvappp02 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64
PHP 7.4.27 fpm-fcgi (Core, FFI, PDO, Phar, Reflection, SPL, SimpleXML, Zend OPcache, apc, apcu, bz2, calendar, cgi-fcgi, ctype,
	curl, date, dom, exif, fileinfo, filter, ftp, gd, gettext, hash, iconv, imap, intl, json, ldap, libxml, mbstring, mysqli,
	mysqlnd, openssl, pcre, pdo_mysql, posix, readline, session, shmop, soap, sockets, sodium, standard, sysvmsg, sysvsem, sysvshm,
	tokenizer, xml, xmlreader, xmlrpc, xmlwriter, xsl, zip, zlib)
Setup: max_execution_time="600" memory_limit="256M" post_max_size="11M" safe_mode="" session.save_handler="files"
	upload_max_filesize="10M" 
Software: nginx/1.14.2
	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36
Server Software: Debian 10
	Server Version: 10.3.31-MariaDB-0+deb10u1
	Server SQL Mode: 
	Parameters: GLPIdbAdmin@localhost/glpi
	Host info: Localhost via UNIX socket
	
PHP version is at least 7.2.0 - Perfect!PHP version is at least 7.2.0 - Perfect!
Sessions support is available - Perfect!Sessions support is available - Perfect!
Allocated memory > 64 Mio - Perfect!Allocated memory > 64 Mio - Perfect!
mysqli extension is installedmysqli extension is installed
ctype extension is installedctype extension is installed
fileinfo extension is installedfileinfo extension is installed
json extension is installedjson extension is installed
mbstring extension is installedmbstring extension is installed
iconv extension is installediconv extension is installed
zlib extension is installedzlib extension is installed
curl extension is installedcurl extension is installed
gd extension is installedgd extension is installed
simplexml extension is installedsimplexml extension is installed
intl extension is installedintl extension is installed
ldap extension is installedldap extension is installed
apcu extension is installedapcu extension is installed
Zend OPcache extension is installedZend OPcache extension is installed
xmlrpc extension is installedxmlrpc extension is installed
exif extension is installedexif extension is installed
zip extension is installedzip extension is installed
bz2 extension is installedbz2 extension is installed
sodium extension is installedsodium extension is installed
Database version seems correct (10.3.31) - Perfect!Database version seems correct (10.3.31) - Perfect!

The log file has been created successfully.The log file has been created successfully.
Write access to /var/www/glpi/files/_cache has been validated.Write access to /var/www/glpi/files/_cache has been validated.
Write access to /var/www/glpi/config has been validated.Write access to /var/www/glpi/config has been validated.
Write access to /var/www/glpi/files/_cron has been validated.Write access to /var/www/glpi/files/_cron has been validated.
Write access to /var/www/glpi/files has been validated.Write access to /var/www/glpi/files has been validated.
Write access to /var/www/glpi/files/_dumps has been validated.Write access to /var/www/glpi/files/_dumps has been validated.
Write access to /var/www/glpi/files/_graphs has been validated.Write access to /var/www/glpi/files/_graphs has been validated.
Write access to /var/www/glpi/files/_lock has been validated.Write access to /var/www/glpi/files/_lock has been validated.
Write access to /var/www/glpi/files/_pictures has been validated.Write access to /var/www/glpi/files/_pictures has been validated.
Write access to /var/www/glpi/files/_plugins has been validated.Write access to /var/www/glpi/files/_plugins has been validated.
Write access to /var/www/glpi/files/_rss has been validated.Write access to /var/www/glpi/files/_rss has been validated.
Write access to /var/www/glpi/files/_sessions has been validated.Write access to /var/www/glpi/files/_sessions has been validated.
Write access to /var/www/glpi/files/_tmp has been validated.Write access to /var/www/glpi/files/_tmp has been validated.
Write access to /var/www/glpi/files/_uploads has been validated.Write access to /var/www/glpi/files/_uploads has been validated.
Write access to /var/www/glpi/marketplace has been validated.Write access to /var/www/glpi/marketplace has been validated.
Web access to the files directory should not be allowed Check the .htaccess file and the web server configuration.Web access to the files directory should not be allowed
Check the .htaccess file and the web server configuration.

GLPI constants
 
GLPI_ROOT: /var/www/glpi
GLPI_CONFIG_DIR: /var/www/glpi/config
GLPI_VAR_DIR: /var/www/glpi/files
GLPI_MARKETPLACE_DIR: /var/www/glpi/marketplace
GLPI_USE_CSRF_CHECK: 1
GLPI_CSRF_EXPIRES: 7200
GLPI_CSRF_MAX_TOKENS: 100
GLPI_USE_IDOR_CHECK: 1
GLPI_IDOR_EXPIRES: 7200
GLPI_ALLOW_IFRAME_IN_RICH_TEXT: 
GLPI_TELEMETRY_URI: https://telemetry.glpi-project.org
GLPI_INSTALL_MODE: TARBALL
GLPI_NETWORK_MAIL: glpi@teclib.com
GLPI_NETWORK_SERVICES: https://services.glpi-network.com
GLPI_MARKETPLACE_PRERELEASES: 
GLPI_MARKETPLACE_ALLOW_OVERRIDE: 1
GLPI_MARKETPLACE_MANUAL_DOWNLOADS: 1
GLPI_USER_AGENT_EXTRA_COMMENTS: 
GLPI_AJAX_DASHBOARD: 1
GLPI_CALDAV_IMPORT_STATE: 0
GLPI_DEMO_MODE: 0
GLPI_FORCE_EMPTY_SQL_MODE: 1
GLPI_DOC_DIR: /var/www/glpi/files
GLPI_CACHE_DIR: /var/www/glpi/files/_cache
GLPI_CRON_DIR: /var/www/glpi/files/_cron
GLPI_DUMP_DIR: /var/www/glpi/files/_dumps
GLPI_GRAPH_DIR: /var/www/glpi/files/_graphs
GLPI_LOCAL_I18N_DIR: /var/www/glpi/files/_locales
GLPI_LOCK_DIR: /var/www/glpi/files/_lock
GLPI_LOG_DIR: /var/www/glpi/files/_log
GLPI_PICTURE_DIR: /var/www/glpi/files/_pictures
GLPI_PLUGIN_DOC_DIR: /var/www/glpi/files/_plugins
GLPI_RSS_DIR: /var/www/glpi/files/_rss
GLPI_SESSION_DIR: /var/www/glpi/files/_sessions
GLPI_TMP_DIR: /var/www/glpi/files/_tmp
GLPI_UPLOAD_DIR: /var/www/glpi/files/_uploads
GLPI_NETWORK_REGISTRATION_API_URL: https://services.glpi-network.com/api/registration/
GLPI_MARKETPLACE_PLUGINS_API_URI: https://services.glpi-network.com/api/glpi-plugins/
GLPI_I18N_DIR: /var/www/glpi/locales
GLPI_VERSION: 9.5.7
GLPI_SCHEMA_VERSION: 9.5.7
GLPI_MIN_PHP: 7.2.0
GLPI_YEAR: 2022

Libraries
 
htmlawed/htmlawed version 1.2.5 in (/var/www/glpi/vendor/htmlawed/htmlawed)
phpmailer/phpmailer version 6.1.6 in (/var/www/glpi/vendor/phpmailer/phpmailer/src)
simplepie/simplepie version 1.5.6 in (/var/www/glpi/vendor/simplepie/simplepie/library)
tecnickcom/tcpdf version 6.3.5 in (/var/www/glpi/vendor/tecnickcom/tcpdf)
michelf/php-markdown in (/var/www/glpi/vendor/michelf/php-markdown/Michelf)
true/punycode in (/var/www/glpi/vendor/true/punycode/src)
iamcal/lib_autolink in (/var/www/glpi/vendor/iamcal/lib_autolink)
sabre/dav in (/var/www/glpi/vendor/sabre/dav/lib/DAV)
sabre/http in (/var/www/glpi/vendor/sabre/http/lib)
sabre/uri in (/var/www/glpi/vendor/sabre/uri/lib)
sabre/vobject in (/var/www/glpi/vendor/sabre/vobject/lib)
laminas/laminas-cache in (/var/www/glpi/vendor/laminas/laminas-cache/src)
laminas/laminas-i18n in (/var/www/glpi/vendor/laminas/laminas-i18n/src)
laminas/laminas-serializer in (/var/www/glpi/vendor/laminas/laminas-serializer/src)
monolog/monolog in (/var/www/glpi/vendor/monolog/monolog/src/Monolog)
sebastian/diff in (/var/www/glpi/vendor/sebastian/diff/src)
elvanto/litemoji in (/var/www/glpi/vendor/elvanto/litemoji/src)
symfony/console in (/var/www/glpi/plugins/formcreator/vendor/symfony/console)
scssphp/scssphp in (/var/www/glpi/plugins/formcreator/vendor/scssphp/scssphp/src)
laminas/laminas-mail in (/var/www/glpi/vendor/laminas/laminas-mail/src/Protocol)
laminas/laminas-mime in (/var/www/glpi/vendor/laminas/laminas-mime/src)
rlanvin/php-rrule in (/var/www/glpi/vendor/rlanvin/php-rrule/src)
blueimp/jquery-file-upload in (/var/www/glpi/vendor/blueimp/jquery-file-upload/server/php)
ramsey/uuid in (/var/www/glpi/vendor/ramsey/uuid/src)
psr/log in (/var/www/glpi/vendor/psr/log/Psr/Log)
psr/simple-cache in (/var/www/glpi/vendor/psr/simple-cache/src)
mexitek/phpcolors in (/var/www/glpi/vendor/mexitek/phpcolors/src/Mexitek/PHPColors)
guzzlehttp/guzzle in (/var/www/glpi/vendor/guzzlehttp/guzzle/src)
guzzlehttp/psr7 in (/var/www/glpi/vendor/guzzlehttp/psr7/src)
wapmorgan/unified-archive in (/var/www/glpi/vendor/wapmorgan/unified-archive/src)
paragonie/sodium_compat in (/var/www/glpi/vendor/paragonie/sodium_compat/src)

LDAP directories
 
Server: 'srv-ad01.*********.fr', Port: '389', BaseDN: 'ou=Utilisateurs,ou=Mairie,dc=*********,dc=fr', Connection filter:
		'(&(objectClass=user)(objectCategory=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))', RootDN: 'glpi@*********.fr', Use
		TLS: none

SQL replicas
 
Not active

Notifications
 
Way of sending emails: SMTP (anonymous@*****.***********.***)

Mails receivers
 
Name: 'Créer Ticket' Active: Yes
	Server: '{*****.***********.***:143/imap}' Login: 'glpi' Password: Yes

Plugins list
 
	treeview             Name: Arborescence                   Version: 1.9.1      State: Enabled
	behaviors            Name: Comportements                  Version: 2.5.1      State: Enabled
	datainjection        Name: Data injection                 Version: 2.9.0      State: Enabled
	formcreator          Name: Form Creator                   Version: 2.12.3     State: Enabled
	fusioninventory      Name: FusionInventory                Version: 9.5+3.0    State: Enabled
	manufacturersimports Name: Imports fabricants             Version: 2.3.1      State: Enabled
	mailbehaviours       Name: Mail Behaviours                Version: 1.0.3      State: Enabled
	moreticket           Name: More ticket                    Version: 1.6.1      State: Enabled
	notifications        Name: Notifications                  Version: 9.5+1.0    State: Installed / not activated
	reservation          Name: Reservation                    Version: 2.3.6      State: Enabled
	dashboard            Name: Tableau de bord                Version: 1.0.2      State: Enabled
	ticketmail           Name: Ticket Mail                    Version: 3.4.0      State: Enabled

GLPI 10.0.17-git - Glpi-agent 1.11 / Debian 12.8 / Nginx 1.22.1 - php 8.2.25 - mariaDB 10.11.6
Find me also on h**ps://glpi.userecho.com/users/1121-loiseau2nuit/topics/

Offline

#2 2022-03-11 18:26:32

Loiseau2nuit
Member
From: 01000001 01001110 01000101
Registered: 2021-08-29
Posts: 47

Re: GLPI 9.5.7 / bug with notification & attached files

Hello.

Is it possible to get a feedback from the team here ?
Is that going to be fixed in the next major version about to be released ?

Thanks


GLPI 10.0.17-git - Glpi-agent 1.11 / Debian 12.8 / Nginx 1.22.1 - php 8.2.25 - mariaDB 10.11.6
Find me also on h**ps://glpi.userecho.com/users/1121-loiseau2nuit/topics/

Offline

#3 2022-03-11 23:45:41

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,809
Website

Re: GLPI 9.5.7 / bug with notification & attached files

I don't recall seeing any change for GLPI 10 that would address this, but if you can, could you test the latest nightly "master" release (not in production as it is still in beta)?
https://nightly.glpi-project.org/glpi/


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#4 2023-05-09 11:09:47

vlcek_vratko
Member
Registered: 2023-05-09
Posts: 4

Re: GLPI 9.5.7 / bug with notification & attached files

Hi Loiseau2nuit,


I know it's been a while, but this problem still exists, have you found any solution?

Thanks a lot.

V.

Offline

#5 2023-05-10 11:24:46

Loiseau2nuit
Member
From: 01000001 01001110 01000101
Registered: 2021-08-29
Posts: 47

Re: GLPI 9.5.7 / bug with notification & attached files

Hi there !

Nope ! Not a single bit of a solution...

It's sad tho' and should be adressed IMHO, because :

- it's kind of a bummer to send X times the same all attached pieces each time you need your actors to be notified of something, considering the actual fuss around digital sobriety and useless data transfer

- it also may lead, in some cases, to databreach. for exemple, when I use a follow up to adress my final users and/or send a task to adress my tech teams, I don't need my final user to see what's have been attached to a task s-he is not supposed to know about, as s-he has no right to see them.

I hope something be done soon on this issue.

Last edited by Loiseau2nuit (2023-05-10 11:26:25)


GLPI 10.0.17-git - Glpi-agent 1.11 / Debian 12.8 / Nginx 1.22.1 - php 8.2.25 - mariaDB 10.11.6
Find me also on h**ps://glpi.userecho.com/users/1121-loiseau2nuit/topics/

Offline

#6 2023-05-10 14:54:31

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,809
Website

Re: GLPI 9.5.7 / bug with notification & attached files

Loiseau2nuit wrote:

- it also may lead, in some cases, to databreach. for exemple, when I use a follow up to adress my final users and/or send a task to adress my tech teams, I don't need my final user to see what's have been attached to a task s-he is not supposed to know about, as s-he has no right to see them.

There is no such thing as a private document or other visibility restrictions for documents linked to tickets. If a user has access to read a ticket, they have access to view the documents linked to it.
Adding a document while making a private followup or task doesn't mean the document is private.
If security is a priority, you should be using plain links to the uploaded document within a private followup or task.


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#7 2023-05-20 23:14:48

Loiseau2nuit
Member
From: 01000001 01001110 01000101
Registered: 2021-08-29
Posts: 47

Re: GLPI 9.5.7 / bug with notification & attached files

Adding a document while making a private followup or task doesn't mean the document is private.

Yeah ! My point exactly ! And I think that's a... well... one of the problems held by the actual system (main being the fact that all attached files are sent in each and every mail notification)

Also I think a difference should be made between :
- attaching a file to the ticket (accessible by everyone)
- attaching a file to a follow up or task (accessible by their only recipients)


But I might be awaiting a bit to much of it, probably ...


GLPI 10.0.17-git - Glpi-agent 1.11 / Debian 12.8 / Nginx 1.22.1 - php 8.2.25 - mariaDB 10.11.6
Find me also on h**ps://glpi.userecho.com/users/1121-loiseau2nuit/topics/

Offline

#8 2023-05-22 00:25:17

cconard96
Moderator
Registered: 2018-07-31
Posts: 2,809
Website

Re: GLPI 9.5.7 / bug with notification & attached files

If you haven't already, you may want to upvote the related request(s) on the UserEcho site:
https://glpi.userecho.com/communities/1 … -documents
https://glpi.userecho.com/communities/1 … -and-tasks


GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.

Offline

#9 2023-05-22 15:50:29

Loiseau2nuit
Member
From: 01000001 01001110 01000101
Registered: 2021-08-29
Posts: 47

Re: GLPI 9.5.7 / bug with notification & attached files

Thanks a lot ! I just did :-)


GLPI 10.0.17-git - Glpi-agent 1.11 / Debian 12.8 / Nginx 1.22.1 - php 8.2.25 - mariaDB 10.11.6
Find me also on h**ps://glpi.userecho.com/users/1121-loiseau2nuit/topics/

Offline

Board footer

Powered by FluxBB