TicketACL#

NAME#

Kernel::System::Ticket::TicketACL - ticket ACL lib

DESCRIPTION#

All ticket ACL functions.

TicketAcl()#

Restricts the Data parameter sent to a subset of it, depending on a group of user defied rules called ACLs. The reduced subset can be access from TicketACLData() if ReturnType parameter is set to: Ticket, Process or ActivityDialog, or in TicketACLActionData(), if ReturnType Action is used.

Each ACL can contain different restrictions for different objects the ReturnType parameter defines which object is considered for this restrictions, in the case of the Ticket object a second parameter called ReturnSubtype is needed, to specify the ticket attribute to be restricted, like: Queue, State, Owner, etc. While for the rest of the objects a “-” value must be set. The ReturnType and ReturnSubType must be set according to the Data parameter sent.

The rest of the attributes define the matching options for the ACL rules.

Example to restrict ticket actions:

my $Success = $TicketObject->TicketAcl(
    Data => {                            # Values to restrict
        1 => AgentTicketZoom,
        # ...
    },

    Action        => 'AgentTicketZoom',           # Optional
    TicketID      => 123,                         # Optional
    DynamicField  => {                            # Optional
        DynamicField_NameX => 123,
        DynamicField_NameZ => 'some value',
    },

    QueueID          => 123,                      # Optional
    Queue            => 'some queue name',        # Optional
    NewQueueID       => 123,                      # Optional, QueueID or NewQueueID can be
                                                  #   used and they both refers to QueueID

    ServiceID        => 123,                      # Optional
    Service          => 'some service name',      # Optional

    TypeID           => 123,
    Type             => 'some ticket type name',  # Optional

    PriorityID       => 123,                      # Optional
    NewPriorityID    => 123,                      # Optional, PriorityID or NewPriorityID can be
                                                  #   used and they both refers to PriorityID
    Priority         => 'some priority name',     # Optional

    SLAID            => 123,
    SLA              => 'some SLA name',          # Optional

    StateID          => 123,                      # Optional
    NextStateID      => 123,                      # Optional, StateID or NextStateID can be
                                                  #   used and they both refers to StateID
    State            => 'some ticket state name', # Optional

    OwnerID          => 123,                      # Optional
    NewOwnerID       => 123,                      # Optional, OwnerID or NewOwnerID can be
                                                  #   used and they both refers to OwnerID
    Owner            => 'some user login',        # Optional

    ResponsibleID    => 123,                      # Optional
    NewResponsibleID => 123,                      # Optional, ResponsibleID or NewResposibleID
                                                  #   can be used and they both refers to
                                                  #     ResponsibleID
    Responsible      => 'some user login',        # Optional

    ReturnType     => 'Action',                   # To match Possible, PossibleAdd or
                                                  #   PossibleNot key in ACL
    ReturnSubType  => '-',                        # To match Possible, PossibleAdd or
                                                  #   PossibleNot sub-key in ACL

    UserID         => 123,                        # UserID => 1 is not affected by this function
    CustomerUserID => 'customer login',           # UserID or CustomerUserID are mandatory

    # Process Management Parameters
    ProcessEntityID        => 123,                # Optional
    ActivityEntityID       => 123,                # Optional
    ActivityDialogEntityID => 123,                # Optional
);

or to restrict ticket states:

$Success = $TicketObject->TicketAcl(
    Data => {
        1 => 'new',
        2 => 'open',
        # ...
    },
    ReturnType    => 'Ticket',
    ReturnSubType => 'State',
    UserID        => 123,
);
returns:

$Success = 1, # if an ACL matches, or false otherwise.

If ACL modules are configured in the Ticket::Acl::Module config key, they are invoked during the call to TicketAcl. The configuration of a module looks like this:

$ConfigObject->{'Ticket::Acl::Module'}->{'TheName'} = {
    Module => 'Kernel::System::Ticket::Acl::TheAclModule',
    Checks => ['Owner', 'Queue', 'SLA', 'Ticket'],
    ReturnType => 'Ticket',
    ReturnSubType => ['State', 'Service'],
};

Each time the ReturnType and one of the ReturnSubType entries is identical to the same arguments passed to TicketAcl, the module of the name in Module is loaded, the new method is called on it, and then the Run method is called.

The Checks array reference in the configuration controls what arguments are passed. to the Run method. Valid keys are CustomerUser, DynamicField, Frontend, Owner, Priority, Process, Queue, Responsible, Service, SLA, State, Ticket and Type. If any of those are present, the Checks argument passed to Run contains an entry with the same name, and as a value the associated data.

The Run method can add entries to the Acl param hash, which are then evaluated along with all other ACL. It should only add entries whose conditionals can be checked with the data specified in the Checks configuration entry.

The return value of the Run method is ignored.

TicketAclData()#

return the current ACL data hash after TicketAcl()

my %Acl = $TicketObject->TicketAclData();

TicketAclActionData()#

return the current ACL action data hash after TicketAcl()

my %AclAction = $TicketObject->TicketAclActionData();

_GetChecks()#

creates two check hashes (one for current data updatable via AJAX refreshes and another for static ticket data stored in the DB) with the required data to use as a basis to match the ACLs

my $ChecskResult = $TicketObject->_GetChecks(
    CheckAll => '1',                              # Optional
    RequiredChecks => $RequiredCheckHashRef,      # Optional a hash reference with the
                                                  #    attributes to gather:
                                                  #    e. g. User => 1, will fetch all user
                                                  #    information from the database, this data
                                                  #    will be tried to match with current ACLs
    Action        => 'AgentTicketZoom',           # Optional
    TicketID      => 123,                         # Optional
    DynamicField  => {                            # Optional
        DynamicField_NameX => 123,
        DynamicField_NameZ => 'some value',
    },

    QueueID          => 123,                      # Optional
    Queue            => 'some queue name',        # Optional

    ServiceID        => 123,                      # Optional
    Service          => 'some service name',      # Optional

    TypeID           => 123,
    Type             => 'some ticket type name',  # Optional

    PriorityID       => 123,                      # Optional
    NewPriorityID    => 123,                      # Optional, PriorityID or NewPriorityID can be
                                                  #   used and they both refers to PriorityID
    Priority         => 'some priority name',     # Optional

    SLAID            => 123,
    SLA              => 'some SLA name',          # Optional

    StateID          => 123,                      # Optional
    NextStateID      => 123,                      # Optional, StateID or NextStateID can be
                                                  #   used and they both refers to StateID
    State            => 'some ticket state name', # Optional

    OwnerID          => 123,                      # Optional
    NewOwnerID       => 123,                      # Optional, OwnerID or NewOwnerID can be
                                                  #   used and they both refers to OwnerID
    Owner            => 'some user login',        # Optional

    ResponsibleID    => 123,                      # Optional
    NewResponsibleID => 123,                      # Optional, ResponsibleID or NewResposibleID
                                                  #   can be used and they both refers to
                                                  #     ResponsibleID
    Responsible      => 'some user login',        # Optional

    UserID         => 123,                        # UserID => 1 is not affected by this function
    CustomerUserID => 'customer login',           # UserID or CustomerUserID are mandatory

    # Process Management Parameters
    ProcessEntityID        => 123,                # Optional
    ActivityEntityID       => 123,                # Optional
    ActivityDialogEntityID => 123,                # Optional
);
returns:
$ChecksResult = {
Checks => {

# … Ticket => {

TicketID => 123, # … Queue => ‘some queue name’, QueueID => ‘123’, # …

}, Queue => {

Name => ‘some queue name’, # …

}, # …

}, ChecksDatabase =>

# … Ticket => {

TicketID => 123, # … Queue => ‘original queue name’, QueueID => ‘456’, # …

}, Queue => {

Name => ‘original queue name’, # …

}, # …

},

};

_CompareMatchWithData()#

Compares a properties element with the data sent to the ACL, the compare results varies on how the ACL properties where defined including normal, negated, regular expression and negated regular expression comparisons.

my $Result = $TicketObject->_CompareMatchWithData(
    Match => 'a value',         # or '[Not]a value', or '[RegExp]val' or '[NotRegExp]val'
                                #    or '[Notregexp]val' or '[Notregexp]'
    Data => 'a value',
    SingleItem => 1,            # or 0, optional, default 0
);

Returns:

$Result = {
    Success => 1,               # or false
    Match   => 1,               # or false
    Skip    => 1,               # or false (in certain cases where SingleItem is set)
};