TicketACL#
NAME#
Kernel::System::Ticket::TicketACL - ticket ACL lib
DESCRIPTION#
All ticket ACL functions.
TicketAcl()#
Restricts the Data parameter sent to a subset of it, depending on a group of user defied rules called ACLs. The reduced subset can be access from TicketACLData() if ReturnType parameter is set to: Ticket, Process or ActivityDialog, or in TicketACLActionData(), if ReturnType Action is used.
Each ACL can contain different restrictions for different objects the ReturnType parameter defines which object is considered for this restrictions, in the case of the Ticket object a second parameter called ReturnSubtype is needed, to specify the ticket attribute to be restricted, like: Queue, State, Owner, etc. While for the rest of the objects a “-” value must be set. The ReturnType and ReturnSubType must be set according to the Data parameter sent.
The rest of the attributes define the matching options for the ACL rules.
Example to restrict ticket actions:
my $Success = $TicketObject->TicketAcl(
Data => { # Values to restrict
1 => AgentTicketZoom,
# ...
},
Action => 'AgentTicketZoom', # Optional
TicketID => 123, # Optional
DynamicField => { # Optional
DynamicField_NameX => 123,
DynamicField_NameZ => 'some value',
},
QueueID => 123, # Optional
Queue => 'some queue name', # Optional
NewQueueID => 123, # Optional, QueueID or NewQueueID can be
# used and they both refers to QueueID
ServiceID => 123, # Optional
Service => 'some service name', # Optional
TypeID => 123,
Type => 'some ticket type name', # Optional
PriorityID => 123, # Optional
NewPriorityID => 123, # Optional, PriorityID or NewPriorityID can be
# used and they both refers to PriorityID
Priority => 'some priority name', # Optional
SLAID => 123,
SLA => 'some SLA name', # Optional
StateID => 123, # Optional
NextStateID => 123, # Optional, StateID or NextStateID can be
# used and they both refers to StateID
State => 'some ticket state name', # Optional
OwnerID => 123, # Optional
NewOwnerID => 123, # Optional, OwnerID or NewOwnerID can be
# used and they both refers to OwnerID
Owner => 'some user login', # Optional
ResponsibleID => 123, # Optional
NewResponsibleID => 123, # Optional, ResponsibleID or NewResposibleID
# can be used and they both refers to
# ResponsibleID
Responsible => 'some user login', # Optional
ReturnType => 'Action', # To match Possible, PossibleAdd or
# PossibleNot key in ACL
ReturnSubType => '-', # To match Possible, PossibleAdd or
# PossibleNot sub-key in ACL
UserID => 123, # UserID => 1 is not affected by this function
CustomerUserID => 'customer login', # UserID or CustomerUserID are mandatory
# Process Management Parameters
ProcessEntityID => 123, # Optional
ActivityEntityID => 123, # Optional
ActivityDialogEntityID => 123, # Optional
);
or to restrict ticket states:
$Success = $TicketObject->TicketAcl(
Data => {
1 => 'new',
2 => 'open',
# ...
},
ReturnType => 'Ticket',
ReturnSubType => 'State',
UserID => 123,
);
- returns:
$Success = 1, # if an ACL matches, or false otherwise.
If ACL modules are configured in the Ticket::Acl::Module config key, they are invoked
during the call to TicketAcl. The configuration of a module looks like this:
$ConfigObject->{'Ticket::Acl::Module'}->{'TheName'} = {
Module => 'Kernel::System::Ticket::Acl::TheAclModule',
Checks => ['Owner', 'Queue', 'SLA', 'Ticket'],
ReturnType => 'Ticket',
ReturnSubType => ['State', 'Service'],
};
Each time the ReturnType and one of the ReturnSubType entries is identical to the same
arguments passed to TicketAcl, the module of the name in Module is loaded, the new method
is called on it, and then the Run method is called.
The Checks array reference in the configuration controls what arguments are passed. to the
Run method.
Valid keys are CustomerUser, DynamicField, Frontend, Owner, Priority, Process,
Queue, Responsible, Service, SLA, State, Ticket and Type. If any of those are
present, the Checks argument passed to Run contains an entry with the same name, and as a
value the associated data.
The Run method can add entries to the Acl param hash, which are then evaluated along with all
other ACL. It should only add entries whose conditionals can be checked with the data specified in
the Checks configuration entry.
The return value of the Run method is ignored.
TicketAclData()#
return the current ACL data hash after TicketAcl()
my %Acl = $TicketObject->TicketAclData();
TicketAclActionData()#
return the current ACL action data hash after TicketAcl()
my %AclAction = $TicketObject->TicketAclActionData();
_GetChecks()#
creates two check hashes (one for current data updatable via AJAX refreshes and another for static ticket data stored in the DB) with the required data to use as a basis to match the ACLs
my $ChecskResult = $TicketObject->_GetChecks(
CheckAll => '1', # Optional
RequiredChecks => $RequiredCheckHashRef, # Optional a hash reference with the
# attributes to gather:
# e. g. User => 1, will fetch all user
# information from the database, this data
# will be tried to match with current ACLs
Action => 'AgentTicketZoom', # Optional
TicketID => 123, # Optional
DynamicField => { # Optional
DynamicField_NameX => 123,
DynamicField_NameZ => 'some value',
},
QueueID => 123, # Optional
Queue => 'some queue name', # Optional
ServiceID => 123, # Optional
Service => 'some service name', # Optional
TypeID => 123,
Type => 'some ticket type name', # Optional
PriorityID => 123, # Optional
NewPriorityID => 123, # Optional, PriorityID or NewPriorityID can be
# used and they both refers to PriorityID
Priority => 'some priority name', # Optional
SLAID => 123,
SLA => 'some SLA name', # Optional
StateID => 123, # Optional
NextStateID => 123, # Optional, StateID or NextStateID can be
# used and they both refers to StateID
State => 'some ticket state name', # Optional
OwnerID => 123, # Optional
NewOwnerID => 123, # Optional, OwnerID or NewOwnerID can be
# used and they both refers to OwnerID
Owner => 'some user login', # Optional
ResponsibleID => 123, # Optional
NewResponsibleID => 123, # Optional, ResponsibleID or NewResposibleID
# can be used and they both refers to
# ResponsibleID
Responsible => 'some user login', # Optional
UserID => 123, # UserID => 1 is not affected by this function
CustomerUserID => 'customer login', # UserID or CustomerUserID are mandatory
# Process Management Parameters
ProcessEntityID => 123, # Optional
ActivityEntityID => 123, # Optional
ActivityDialogEntityID => 123, # Optional
);
- returns:
- $ChecksResult = {
- Checks => {
# … Ticket => {
TicketID => 123, # … Queue => ‘some queue name’, QueueID => ‘123’, # …
}, Queue => {
Name => ‘some queue name’, # …
}, # …
}, ChecksDatabase =>
# … Ticket => {
TicketID => 123, # … Queue => ‘original queue name’, QueueID => ‘456’, # …
}, Queue => {
Name => ‘original queue name’, # …
}, # …
},
};
_CompareMatchWithData()#
Compares a properties element with the data sent to the ACL, the compare results varies on how the ACL properties where defined including normal, negated, regular expression and negated regular expression comparisons.
my $Result = $TicketObject->_CompareMatchWithData(
Match => 'a value', # or '[Not]a value', or '[RegExp]val' or '[NotRegExp]val'
# or '[Notregexp]val' or '[Notregexp]'
Data => 'a value',
SingleItem => 1, # or 0, optional, default 0
);
Returns:
$Result = {
Success => 1, # or false
Match => 1, # or false
Skip => 1, # or false (in certain cases where SingleItem is set)
};