You are not logged in.
- Topics: Active | Unanswered
Announcement
Download last stable version of GLPI - What can you do for GLPI ? : Contribute
#1 2024-04-29 11:14:34
- pewson
- Member
- Registered: 2024-04-29
- Posts: 4
Problem with tickets in the new user profile
Hi everyone,
I need to create a profile for users so that they can only see tickets that are assigned to them.
I created a new profile with the following settings:
I see the correct tickets in the list, but when I try to open them I get the message:
You don't have permission to perform this action.
Return to previous page
I have the following error in the files/_log/access-errors.log file:
User ID: 7351 tried to access or perform an action on /front/ticket.form.php?id=30494 with insufficient rights. Additional information: Missing READ right. Cannot view the item.
Stack Trace:
/var/www/glpi/src/CommonDBTM.php:6449 displayRightError()
/var/www/glpi/src/CommonDBTM.php:6542 displayAccessDeniedPage()
/var/www/glpi/front/ticket.form.php:265 displayFullPageForItem()
/var/www/glpi/public/index.php:82 require()As you can see in the attached screenshot, the "Read" option cannot be selected.
Where am I going wrong?
GLPI 10.0.14
Last edited by pewson (2024-04-29 11:39:34)
Offline
#2 2024-04-29 13:33:07
- cconard96
- Moderator
- Registered: 2018-07-31
- Posts: 2,809
- Website
Re: Problem with tickets in the new user profile
The numeric representation for the READ permission is 1 which is the same as the "See my Ticket" permission for tickets.
In fact, the error comes from the part of the code that checks the item type's "canViewItem" method which in this case, actually checks multiple things.
Checks:
1. Does the user have access to the ticket's entity? If not, the check fails.
2. Can the user see all tickets?
3. Can the user see their own tickets and are they the writer, requester or an observer on the ticket?
4. Can the user see tickets from their group(s) and is one of their groups a requester or observer?
5. Can the user see assigned tickets and are they assigned either directly or through one of their groups?
6. Can the user validate tickets and is there a pending validation for them in the ticket?
GLPI Collaborator and Plugin Developer.
My non-English comments are automated translations. Sorry for any confusion that causes.
Mes commentaires non anglais sont des traductions automatiques. Désolé pour toute confusion qui cause.
Mis comentarios que no están en inglés son traducciones automáticas. Perdón por cualquier confusión que cause.
Offline
#3 2024-04-29 14:26:10
- pewson
- Member
- Registered: 2024-04-29
- Posts: 4
Re: Problem with tickets in the new user profile
Thank you for your answer.
1. The user has access to the ticket entity.
2. If I check the "See all tickets" option, it has access to all tickets and everything seems to be working. However, I don't want him to see all of them, only those assigned to him.
3. If the user is a writer/requester, then he has access to the ticket. If the ticket is assigned to a user, then there is no access to it.
4. I haven't tested groups yet. First of all, I want him to have access to the tickets assigned to him.
5. The user sees the tickets assigned to him on the list, but when he click on it, the "access denied" message appears. Tickets are assigned directly to the user.
6. I haven't checked if the user can validate tickets, but there are no pending validations for him in the ticket.
If something is still not clear, I will answer the remaining questions.
Offline
#4 2024-05-06 12:31:31
- pewson
- Member
- Registered: 2024-04-29
- Posts: 4
Re: Problem with tickets in the new user profile
Any ideas what else I should check or change in config?
Thanks in advance.
Offline
#5 2024-05-14 08:52:38
- pewson
- Member
- Registered: 2024-04-29
- Posts: 4
Re: Problem with tickets in the new user profile
Additional info:
When I set option "See Assigned" then user have access to tickets assigned to him, but also have access to tickets not assigned to anyone with status "New".
Offline