- users whose id is <foo>
- users who are watchers of type <requestor/cc/admincc> for <queue/ticket> <id>
- users who are watchers of type <requestor/cc/admincc> for <this ticket / this queue>
-
-
-what scope do these rights apply to
- queue <id>
- system
-
-
-What rights can be granted
- Display Ticket
- Manipulate Ticket
- Only users with manipulate ticket level access will see comments
- Maniplulate Ticket Status
- Create Ticket
-
- Admin Queue Watchers
- Admin Ticket Watchers
- Admin user accounts
- Admin scrips
- Admin scripscopes
- Admin Queue ACLS
- Admin System ACLs
-
-# }}}
-
-
-# {{{ Prinicpals These are the entities in your Access Control Element
-#
-
-Principal: What user does this right apply to
-
- Made up of:
- PrincipalScope, PrincipalType and PrincipalId
-
-
- User:
- Scope: User
- Type: null
- Id: A userid or 0
-
- Owner:
- Scope: Owner
- Type: null
- Id: none
-
-
- Watchers:
-
- Scope: Ticket
- Type: Requestors; Cc; AdminCc
- Id: A ticket id or 0 for "this ticket"
-
- Scope: Queue
- Type: Cc; AdminCc
- Id: A queue id or 0 for "this queue"
-
-
-# }}}
-
-# {{{ Object: What object does this right apply to
-
- Object is composed of an ObjectType and an ObjectId
-
- Type: System
- Id: NULL
-
- Type: Queue
- Id: Integer ref to queue id or 0 for all queues
-
-# }}}
-
-# {{{ Right: (What does this entry give the principal the right to do)
-
-
-
- For the Object System:
- System::SetACL
- System::AdminScrips
-
- User::Display
- User::Create
- User::Destroy
- User::Modify
- User::SetPassword
-
-
-
- For the Object "Queue":
- Queue::Admin
- Queue::SetACL
- Queue::Create
- Queue::Display
- Queue::Destroy
- Queue::ModifyWatchers
- Ticket::Create
- Ticket::Destory
- Ticket::Display
- Ticket::Update
- Ticket::UpdateRequestors
- Ticket::UpdateCc
- Ticket::UpdateAdminCc
- Ticket::NotifyWatchers
-
-
- DEFERRED
-
- Ticket::SetStatus: (Values)
- Open
- Resolved
- Stalled
- <null> means any
-
-
-# }}}
-
-
-# {{{ Implementation:
-
-# {{{ SQL Schema
-CREATE TABLE ACL (
- id int not null primary_key autoincrement,
- PrinicpalId INT(11),
- PrincipalType VARCHAR(16),
- PrincipalScope VARCHAR(16),
- ObjectType VARCHAR(16),
- ObjectId INT,
- Right VARCHAR(16)
-);
-
-# }}}
-
-# {{{ perl implementation of rights searches
-
-sub Principals {
-if (defined $Ticket) {
- return "($UserPrincipal) OR ($OwnerPrincipal) OR ($WatchersPrincipal)";
- }
-else {
- return "($UserPrincipal) OR ($WatchersPrincipal)";
- }