######### TicketACL ######### **** NAME **** Kernel::System::Ticket::TicketACL - ticket ACL lib *********** DESCRIPTION *********** All ticket ACL functions. TicketAcl() =========== Restricts the Data parameter sent to a subset of it, depending on a group of user defied rules called ACLs. The reduced subset can be access from TicketACLData() if ReturnType parameter is set to: Ticket, Process or ActivityDialog, or in TicketACLActionData(), if ReturnType Action is used. Each ACL can contain different restrictions for different objects the ReturnType parameter defines which object is considered for this restrictions, in the case of the Ticket object a second parameter called ReturnSubtype is needed, to specify the ticket attribute to be restricted, like: Queue, State, Owner, etc. While for the rest of the objects a "-" value must be set. The ReturnType and ReturnSubType must be set according to the Data parameter sent. The rest of the attributes define the matching options for the ACL rules. Example to restrict ticket actions: .. code-block:: perl my $Success = $TicketObject->TicketAcl( Data => { # Values to restrict 1 => AgentTicketZoom, # ... }, Action => 'AgentTicketZoom', # Optional TicketID => 123, # Optional DynamicField => { # Optional DynamicField_NameX => 123, DynamicField_NameZ => 'some value', }, QueueID => 123, # Optional Queue => 'some queue name', # Optional NewQueueID => 123, # Optional, QueueID or NewQueueID can be # used and they both refers to QueueID ServiceID => 123, # Optional Service => 'some service name', # Optional TypeID => 123, Type => 'some ticket type name', # Optional PriorityID => 123, # Optional NewPriorityID => 123, # Optional, PriorityID or NewPriorityID can be # used and they both refers to PriorityID Priority => 'some priority name', # Optional SLAID => 123, SLA => 'some SLA name', # Optional StateID => 123, # Optional NextStateID => 123, # Optional, StateID or NextStateID can be # used and they both refers to StateID State => 'some ticket state name', # Optional OwnerID => 123, # Optional NewOwnerID => 123, # Optional, OwnerID or NewOwnerID can be # used and they both refers to OwnerID Owner => 'some user login', # Optional ResponsibleID => 123, # Optional NewResponsibleID => 123, # Optional, ResponsibleID or NewResposibleID # can be used and they both refers to # ResponsibleID Responsible => 'some user login', # Optional ReturnType => 'Action', # To match Possible, PossibleAdd or # PossibleNot key in ACL ReturnSubType => '-', # To match Possible, PossibleAdd or # PossibleNot sub-key in ACL UserID => 123, # UserID => 1 is not affected by this function CustomerUserID => 'customer login', # UserID or CustomerUserID are mandatory # Process Management Parameters ProcessEntityID => 123, # Optional ActivityEntityID => 123, # Optional ActivityDialogEntityID => 123, # Optional ); or to restrict ticket states: .. code-block:: perl $Success = $TicketObject->TicketAcl( Data => { 1 => 'new', 2 => 'open', # ... }, ReturnType => 'Ticket', ReturnSubType => 'State', UserID => 123, ); returns: .. code-block:: perl $Success = 1, # if an ACL matches, or false otherwise. If ACL modules are configured in the \ ``Ticket::Acl::Module``\ config key, they are invoked during the call to \ ``TicketAcl``\ . The configuration of a module looks like this: .. code-block:: perl $ConfigObject->{'Ticket::Acl::Module'}->{'TheName'} = { Module => 'Kernel::System::Ticket::Acl::TheAclModule', Checks => ['Owner', 'Queue', 'SLA', 'Ticket'], ReturnType => 'Ticket', ReturnSubType => ['State', 'Service'], }; Each time the \ ``ReturnType``\ and one of the \ ``ReturnSubType``\ entries is identical to the same arguments passed to \ ``TicketAcl``\ , the module of the name in \ ``Module``\ is loaded, the \ ``new``\ method is called on it, and then the \ ``Run``\ method is called. The \ ``Checks``\ array reference in the configuration controls what arguments are passed. to the \ ``Run``\ method. Valid keys are \ ``CustomerUser``\ , \ ``DynamicField``\ , \ ``Frontend``\ , \ ``Owner``\ , \ ``Priority``\ , \ ``Process``\ , \ ``Queue``\ , \ ``Responsible``\ , \ ``Service``\ , \ ``SLA``\ , \ ``State``\ , \ ``Ticket``\ and \ ``Type``\ . If any of those are present, the \ ``Checks``\ argument passed to \ ``Run``\ contains an entry with the same name, and as a value the associated data. The \ ``Run``\ method can add entries to the \ ``Acl``\ param hash, which are then evaluated along with all other ACL. It should only add entries whose conditionals can be checked with the data specified in the \ ``Checks``\ configuration entry. The return value of the \ ``Run``\ method is ignored. TicketAclData() =============== return the current ACL data hash after TicketAcl() .. code-block:: perl my %Acl = $TicketObject->TicketAclData(); TicketAclActionData() ===================== return the current ACL action data hash after TicketAcl() .. code-block:: perl my %AclAction = $TicketObject->TicketAclActionData(); _GetChecks() ============ creates two check hashes (one for current data updatable via AJAX refreshes and another for static ticket data stored in the DB) with the required data to use as a basis to match the ACLs .. code-block:: perl my $ChecskResult = $TicketObject->_GetChecks( CheckAll => '1', # Optional RequiredChecks => $RequiredCheckHashRef, # Optional a hash reference with the # attributes to gather: # e. g. User => 1, will fetch all user # information from the database, this data # will be tried to match with current ACLs Action => 'AgentTicketZoom', # Optional TicketID => 123, # Optional DynamicField => { # Optional DynamicField_NameX => 123, DynamicField_NameZ => 'some value', }, QueueID => 123, # Optional Queue => 'some queue name', # Optional ServiceID => 123, # Optional Service => 'some service name', # Optional TypeID => 123, Type => 'some ticket type name', # Optional PriorityID => 123, # Optional NewPriorityID => 123, # Optional, PriorityID or NewPriorityID can be # used and they both refers to PriorityID Priority => 'some priority name', # Optional SLAID => 123, SLA => 'some SLA name', # Optional StateID => 123, # Optional NextStateID => 123, # Optional, StateID or NextStateID can be # used and they both refers to StateID State => 'some ticket state name', # Optional OwnerID => 123, # Optional NewOwnerID => 123, # Optional, OwnerID or NewOwnerID can be # used and they both refers to OwnerID Owner => 'some user login', # Optional ResponsibleID => 123, # Optional NewResponsibleID => 123, # Optional, ResponsibleID or NewResposibleID # can be used and they both refers to # ResponsibleID Responsible => 'some user login', # Optional UserID => 123, # UserID => 1 is not affected by this function CustomerUserID => 'customer login', # UserID or CustomerUserID are mandatory # Process Management Parameters ProcessEntityID => 123, # Optional ActivityEntityID => 123, # Optional ActivityDialogEntityID => 123, # Optional ); returns: .. code-block:: perl $ChecksResult = { Checks => { # ... Ticket => { TicketID => 123, # ... Queue => 'some queue name', QueueID => '123', # ... }, Queue => { Name => 'some queue name', # ... }, # ... }, ChecksDatabase => # ... Ticket => { TicketID => 123, # ... Queue => 'original queue name', QueueID => '456', # ... }, Queue => { Name => 'original queue name', # ... }, # ... }, }; _CompareMatchWithData() ======================= Compares a properties element with the data sent to the ACL, the compare results varies on how the ACL properties where defined including normal, negated, regular expression and negated regular expression comparisons. .. code-block:: perl my $Result = $TicketObject->_CompareMatchWithData( Match => 'a value', # or '[Not]a value', or '[RegExp]val' or '[NotRegExp]val' # or '[Notregexp]val' or '[Notregexp]' Data => 'a value', SingleItem => 1, # or 0, optional, default 0 ); Returns: .. code-block:: perl $Result = { Success => 1, # or false Match => 1, # or false Skip => 1, # or false (in certain cases where SingleItem is set) };