Bug #5523

Check is linked to Ticket:OWN right

Added by tsmr over 2 years ago. Updated over 2 years ago.

Status:RejectedStart date:03/20/2017
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-

Description

If you don't have Ticket:OWN right, no check are effective :

Ticket.class.php :
if (!is_numeric(Session::getLoginUserID(false)) || !Session::haveRight('ticket', Ticket::OWN)) {
return false; // No check
}

So if you are super-admin without this right you can override checks ?

History

#1 Updated by yllen over 2 years ago

I don't understand your question.
This part is to block solve/close ticket in the interface. It's the technician's job to do that.
A Super-admin profile never works on GLPI, just configures it.

#2 Updated by tsmr over 2 years ago

Not only for super-admin profile ? Any profile which have all rights into tickets (but not the ticket::own) is concerned, no ?

#3 Updated by yllen over 2 years ago

If you have rights on ticket it's correct to can update it.

#4 Updated by yllen over 2 years ago

  • Status changed from New to Rejected

Also available in: Atom PDF