NAME
Kernel::System::Ticket::TicketACL – ticket ACL lib
DESCRIPTION
All ticket ACL functions.
TicketAcl()
Restricts the Data parameter sent to a subset of it, depending on a group of user defied rules called ACLs. The reduced subset can be access from TicketAclData() if ReturnType parameter is set to: Ticket, Process or ActivityDialog, or in TicketAclActionData(), if ReturnType Action is used.
Each ACL can contain different restrictions for different objects the ReturnType parameter defines which object is considered for this restrictions, in the case of the Ticket object a second parameter called ReturnSubtype is needed, to specify the ticket attribute to be restricted, like: Queue, State, Owner, etc. While for the rest of the objects a "-" value must be set. The ReturnType and ReturnSubType must be set according to the Data parameter sent.
The rest of the attributes define the matching options for the ACL rules.
Example to restrict ticket actions:
my $Success = $TicketObject->TicketAcl(
Data => { # Values to restrict
1 => AgentTicketZoom,
# ...
},
Action => 'AgentTicketZoom', # Optional
Endpoint => 'ExternalFrontend::TicketCreate' # Optional
TicketID => 123, # Optional
DynamicField => { # Optional
DynamicField_NameX => 123,
DynamicField_NameZ => 'some value',
},
# or:
DynamicField_NameX => 123, # Optional
DynamicField_NameZ => 'some value', # Optional
# or:
DynamicFields.NameX => 123, # Optional
DynamicFields.NameZ => 'some value', # Optional
QueueID => 123, # Optional
Queue => 'some queue name', # Optional
NewQueueID => 123, # Optional, QueueID or NewQueueID can be
# used and they both refers to QueueID
ServiceID => 123, # Optional
Service => 'some service name', # Optional
TypeID => 123,
Type => 'some ticket type name', # Optional
PriorityID => 123, # Optional
NewPriorityID => 123, # Optional, PriorityID or NewPriorityID can be
# used and they both refers to PriorityID
Priority => 'some priority name', # Optional
SLAID => 123,
SLA => 'some SLA name', # Optional
StateID => 123, # Optional
NextStateID => 123, # Optional, StateID or NextStateID can be
# used and they both refers to StateID
State => 'some ticket state name', # Optional
OwnerID => 123, # Optional
NewOwnerID => 123, # Optional, OwnerID or NewOwnerID can be
# used and they both refers to OwnerID
Owner => 'some user login' # Optional
ResponsibleID => 123, # Optional
NewResponsibleID => 123, # Optional, ResponsibleID or NewResposibleID
# can be used and they both refers to
# ResponsibleID
Responsible => 'some user login' # Optional
ReturnType => 'Action', # To match Possible, PossibleAdd or
# PossibleNot key in ACL
ReturnSubType => '-', # To match Possible, PossibleAdd or
# PossibleNot sub-key in ACL
UserID => 123, # UserID => 1 is not affected by this function
CustomerUserID => 'customer login', # UserID or CustomerUserID are mandatory
# Process Management Parameters
ProcessEntityID => 123, # Optional
ActivityEntityID => 123, # Optional
ActivityDialogEntityID => 123, # Optional
);
or to restrict ticket states:
$Success = $TicketObject->TicketAcl(
Data => {
1 => 'new',
2 => 'open',
# ...
},
ReturnType => 'Ticket',
ReturnSubType => 'State',
UserID => 123,
);
returns: $Success = 1, # if an ACL matches, or false otherwise.
If ACL modules are configured in the Ticket::Acl::Module
config key, they are invoked during the call to TicketAcl
. The configuration of a module looks like this:
$ConfigObject->{'Ticket::Acl::Module'}->{'TheName'} = {
Module => 'Kernel::System::Ticket::Acl::TheAclModule',
Checks => ['Owner', 'Queue', 'SLA', 'Ticket'],
ReturnType => 'Ticket',
ReturnSubType => ['State', 'Service'],
};
Each time the ReturnType
and one of the ReturnSubType
entries is identical to the same arguments passed to TicketAcl
, the module of the name in Module
is loaded, the new
method is called on it, and then the Run
method is called.
The Checks
array reference in the configuration controls what arguments are passed. to the Run
method. Valid keys are CustomerUser
, DynamicField
, Frontend
, Owner
, Priority
, Process
, Queue
, Responsible
, Service
, SLA
, State
, Ticket
and Type
. If any of those are present, the Checks
argument passed to Run
contains an entry with the same name, and as a value the associated data.
The Run
method can add entries to the Acl
param hash, which are then evaluated along with all other ACL. It should only add entries whose conditionals can be checked with the data specified in the Checks
configuration entry.
The return value of the Run
method is ignored.
TicketAclData()
return the current ACL data hash after TicketAcl()
my %Acl = $TicketObject->TicketAclData();
TicketAclActionData()
return the current ACL action data hash after TicketAcl()
my %AclAction = $TicketObject->TicketAclActionData();