Hello again,
I'm trying to see if anyone has a way to limit access to the "Company Ticket" view in the Customer Portal via the users title listed in Active Directory. Obviously our customers are stored in AD via LDAP and I'm using OTRS 3.2 on Centos 6.3 if that makes any difference.
I have seen this solution:
http://lists.otrs.org/pipermail/otrs/20 ... 29780.html
But that uses Customer Groups within OTRS to filter access which doesn't work with our LDAP set up. Is there anyway to filter by the user's Title instead? The AD title field is mapped tot he OTRS title field.
Thanks,
Dan
[SOLVED] Limit Company Ticket in customer.pl via LDAP Title
Moderator: crythias
-
dantheman972
- Znuny newbie
- Posts: 16
- Joined: 11 Oct 2012, 00:11
- Znuny Version: 3.100
- Real Name: Dan S
[SOLVED] Limit Company Ticket in customer.pl via LDAP Title
Last edited by dantheman972 on 19 Mar 2013, 16:32, edited 1 time in total.
-
crythias
- Moderator
- Posts: 10170
- Joined: 04 May 2010, 18:38
- Znuny Version: 5.0.x
- Location: SouthWest Florida, USA
- Contact:
Re: Limit Company Ticket view in customer portal via LDAP Ti
viewtopic.php?f=60&t=7531
CompanyTickets obeys CustomerID field.
Access to that interface can be by group membership. (Module Registration in SysConfig)
There is no mapping between Customer LDAP attributes (or OUs or Group Membership) and OTRS Customer Groups.
CompanyTickets obeys CustomerID field.
Access to that interface can be by group membership. (Module Registration in SysConfig)
There is no mapping between Customer LDAP attributes (or OUs or Group Membership) and OTRS Customer Groups.
OTRS 6.0.x (private/testing/public) on Linux with MySQL database.
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
Please edit your signature to include your OTRS version, Operating System, and database type.
Click Subscribe Topic below to get notifications. Consider amending your topic title to include [SOLVED] if it is so.
Need help? Before you ask
-
dantheman972
- Znuny newbie
- Posts: 16
- Joined: 11 Oct 2012, 00:11
- Znuny Version: 3.100
- Real Name: Dan S
Re: Limit Company Ticket view in customer portal via LDAP Ti
I was thinking as much, but I also noticed that when I pull up the customer users their titles are listed in the 'Title' field of OTRS. Instead of filtering by the group(OTRS customer groups or otherwise), is there any way I could filter by the title? Is there any attribute/property for the Customer User's title that I could pull?
Thanks,
Dan
Thanks,
Dan
-
dantheman972
- Znuny newbie
- Posts: 16
- Joined: 11 Oct 2012, 00:11
- Znuny Version: 3.100
- Real Name: Dan S
Re: Limit Company Ticket view in customer portal via LDAP Ti
Hello everyone, I am happy to report that I found a solution to this. This is not a perfect solution but I believe it's a very good starting point. In CustomerTicketOverview.pm I added the following code around line 200, right after the filters are declared and checked to be valid in the Run subroutine.
And then add the following code to the bottom of tickets.xml, before the final ending tag:
This will add an array to Ticket -> Frontend::Customer in Sysconfig where you can add titles. This setup also assumes you are using LDAP with the default mapping names(Or at least that usertitle is present.)
Basically, what's happening is, anytime someone tries to load the "CompanyTickets" filter, a check is run to see if the user's title matches the options defined in sysconfig. Please let me know if anyone has questions as this is probably a poor explanation. Critique is also welcome as I am a novice coder.
Code: Select all
# #***********************SBI MODS*****************************#
# # If CompanyTickets filter is selected, check the users title#
# #***********************SBI MODS*****************************#
if ($Self->{Subaction} eq 'CompanyTickets' && $Self->{Filter}) {
#Set initial access to 0 or false.
my $mgrAccess = 0;
#Gather the user's data from LDAP into a hash, %userData, via the UserObject's CustomerUserDataGet subroutine.
my %userData = $Self->{UserObject}->CustomerUserDataGet( User => $Self->{UserID} );
#Cycle through the approved titles stored in Sysconfig under Ticket::Frontend::CustomerUser###ManagerTitles. If the presented user's title matches, set access to 1 or true.
foreach (@{$Self->{ConfigObject}->Get('Ticket::Frontend::CustomerUser')->{ManagerTitles}}) {
if ($userData{'UserTitle'} eq $_) {
$mgrAccess = 1; }}
#If none of the titles match, access will still be false, output an access denied message and quit.
if ($mgrAccess == 0){
my $Output .= $Self->{LayoutObject}->CustomerHeader( Title => 'Access Denied' );
$Output .= $Self->{LayoutObject}->CustomerWarning(
Message => "You do not have access to this section.",
);
$Output .= $Self->{LayoutObject}->CustomerFooter();
return $Output;
}}
##***********************SBI MODS*****************************#
## END OF SBI MODS #
##***********************SBI MODS*****************************#
Code: Select all
<ConfigItem Name="Ticket::Frontend::CustomerUser###ManagerTitles" Require="0" Valid="1">
<Description Translatable="1">Defines the Titles in AD which will have access to view tickets other than their own matching their customer ID aka "Company Tickets"</Description>
<Group>Ticket</Group>
<SubGroup>Frontend::Customer</SubGroup>
<Setting>
<Array>
</Array>
</Setting>
</ConfigItem>
Basically, what's happening is, anytime someone tries to load the "CompanyTickets" filter, a check is run to see if the user's title matches the options defined in sysconfig. Please let me know if anyone has questions as this is probably a poor explanation. Critique is also welcome as I am a novice coder.