GrantShowTicket

In our organization we often have tickets that are linked with a dependency link. The role AdminCCs is given permission to see a ticket, but they could not see other tickets that their specific ticket depended on. This code makes it possible to view a ticket if the AdminCc has permission to see a ticket that is depended on by a ticket they could see.

Ticket_Local.pm:

use strict;
no warnings qw(redefine);

sub HasRight {
   my $self = shift;
   my %args = (
       Right     => undef,
       Principal => undef,
       @_
   );

   unless ( ( defined $args{'Principal'} ) and ( ref( $args{'Principal'} ) ) )
   {
       Carp::cluck;
       $RT::Logger->crit("Principal attrib undefined for Ticket::HasRight");
       return(undef);
   }

   my @Equiv;
   if ($args{Right} eq 'ShowTicket') {
       my $deps = RT::Tickets->new($self->CurrentUser);

       $deps->LimitDependsOn($self->Id);
       while (my $tick = $deps->Next) {
           push @Equiv, $tick;
       }
   }


   return (
       $args{'Principal'}->HasRight(
           Object => $self,
           EquivObjects => \@Equiv,
           Right     => $args{'Right'}
         )
   );
}

1;

This could be extended to recursively add all tickets in a dependency chain. Note that this does not give the user rights to the transaction, but that can be accomplished in a similar manner.

--Todd Chapman