Hide/display fields based on user credentials

[GardenDwarf]

Hello,

I have duplicated the "New phone ticket" item in the menu bar in order to have two calls to AgentTicketPhone.
The first call has a parameter set as "full" (and is visible to admin only) and the other one set as "simple" (and visible to non-admin users only).

The goal is to allow administrator to have more control on the ticket creation than the other users.

This is working, however not in a "secure" way. The URL contains the parameter and by knowing the possible values, it is easy to access the two versions of the template.

Is there any other way to proceed ? Thank you in advance !

[reneeb]

Add code to Kernel/Modules/AgentTicketPhone.pm that checks the group of the user based on the provided parameter. Something like:

Code: Select all

   my %Groups = $GroupObject->GroupMemberList(
       UserID => $ID,
       Type   => 'rw',
       Result => 'HASH',
   );

  my $VersionParam = $Self->{ParamObject}->GetParam( Param => 'xxxx' );
  if ( $VersionParam eq 'full' && !grep{ $_ eq 'admin' }values %Groups ) {
      die "You're not allowed to use this feature";
  }

Note that this code probably does not work. You have to adopt it to your system...

[GardenDwarf]

Wow, faster than light! Thanks, I'll work on this immediately!

[GardenDwarf]

Hi again,

I have tried with success ( ) by adding the below lines into the "new" sub of AgentTicketPhone.pm.
Now the agents member of "admin" have access to the "FULL" version of the template and the other agents have access to the "SIMPLE" version of the same template.

Code: Select all

my $ID = $Self->{UserID};
my %Groups = $Self->{GroupObject}->GroupMemberList(
       UserID => $Self->{UserID},
       Type   => 'rw',
       Result => 'HASH',
   );
my $VersionParam = $Self->{ParamObject}->GetParam( Param => 'DynamicField_AgentTemplate' );
if ( $VersionParam eq "SIMPLE" ) {
  if ( grep{ $_ eq 'admin' }values %Groups ) {
    die "You're not allowed to use this feature";
  }
} elsif ( $VersionParam eq "FULL") {
  if ( !grep{ $_ eq 'admin' }values %Groups ) {
    die "You're not allowed to use this feature";
  }
} else {
  die "You're not allowed to use this feature";
}

As I'm a beginner with OTRS, could you please just take a look and tell me if it looks ok?
Thanks a lot!

[GardenDwarf]

Well, and there should be a way to force the parameter to FULL/SIMPLE according to the group like in the code below, right?

Code: Select all

my %Groups = $Self->{GroupObject}->GroupMemberList(
       UserID => $Self->{UserID},
       Type   => 'rw',
       Result => 'HASH',
   );
if ( grep{ $_ eq 'admin' }values %Groups ) {
  $Self->{'ParamObject'}->{'Query'}->{'param'}->{'DynamicField_AgentTemplate'}="FULL";
} else {
  $Self->{'ParamObject'}->{'Query'}->{'param'}->{'DynamicField_AgentTemplate'}="SIMPLE";
}

The above code has no effect, however I can see in a Dump that the scalar seems to be set correctly.

[GardenDwarf]

Ok, I'll post my solution in case someone finds it useful.

1. First step is to create a dynamic field (named AgentTemplate in my example).

2. Then, in the AgentTicketPhone.pm module, sub new, I have added the below code to provide information to the AgentTicketPhone.dtl:

Code: Select all

# provide information to the ticket template (admin=FULL, others=SIMPLE)
my %Groups = $Self->{GroupObject}->GroupMemberList(
   UserID => $Self->{UserID},
   Type   => 'rw',
   Result => 'HASH',
);

if ( grep{ $_ eq 'admin' }values %Groups ) {
  push(@{$Self->{'ParamObject'}->{'Query'}->{'param'}->{'DynamicField_AgentTemplate'}},"FULL")
} else {
  push(@{$Self->{'ParamObject'}->{'Query'}->{'param'}->{'DynamicField_AgentTemplate'}},"SIMPLE")
}

3. Add the following to AgentTicketPhone.dtl (at the end, after the Core.Agent.TicketAction.Init()):

Code: Select all

  switch($('#DynamicField_AgentTemplate').val()) {
    case "FULL":
      ...
      break;
    case "SIMPLE":
      ...
      break;
    default:
  }

Into the "case" statement, I setup what I want to show/hide, and other settings to be applied in specific cases.