This project has moved and is read-only. For the latest updates, please go here.

How to hide All Open Tickets Tab only for submitter group

Jun 29, 2012 at 1:50 AM

Hello, this application was awesome and useful enough.

I just wondering why submitter group (owner of the tickets) can see menu All Open Tickets Tab which is show all open tickets on ticketdesk. How can we hide this menu only for role submitter group? All answer will be appreciated.

 

Thanks,

Azl

Coordinator
Jun 29, 2012 at 5:49 AM

The primary use of that ability is so that submitters can look at existing open tickets to see if the issue they want to report has already been reported. They can then add comments and participate in the discussion on the existing ticket rather than submit another ticket about an issue that's already being handled. This consolidates all communication about the issue into one ticket, rather than having that information spread across multiple tickets. It will also keep the same issue from being routed to multiple help desk staffers, which can result in wasted time and effort. But most importantly it might keep you from getting 150 separate "my yahoo is broken" tickets every time your network gets the hiccups.

TicketDesk is an open system intended for internal help desks within a single company. As such, it attempts to foster as much communication between users as possible. Hiding information or restricting access to information works against the best interests of users, as well as those of the help desk staff. Trust your users to use their judgment and encourage them to act responsibly in how they use the system. You'll be surprised how well that works... I know I have been.      

Jun 29, 2012 at 8:51 AM

Oh thank you for your suggestion.  Good point, good ways of thinking :)

Coordinator
Jun 29, 2012 at 9:41 PM

You might be interested in further explaination of the design, which I wrote about on my personal site.

Jan 13, 2014 at 9:05 PM
Edited Jan 13, 2014 at 9:05 PM
StephenRedd,

I understand the importance of what you're saying and the benefits of an open design. However, I'm currently working on beta medical software, and I've found my users are unfortunately prone to post sensitive patient medical data in their tickets, which we clearly cannot allow to be seen by other offices. I understand your reluctance, but given my situation, is there an easy way I could disable the ability to view All Open Tickets for submitters, or will I need to work forward from the source code?

Thanks,
AtmaJR
Coordinator
Jan 14, 2014 at 4:18 AM
It should be very easy to limit the all open tickets tab to just TdStaff users. The relevant code is in UserSettingsService.cs around line 174... this block defines the list view for open tickets. You'll notice that the views that are reserved for staff are defined first, then the lists that are shared by all. Simply move the open tickets block of code up inside the section used only for views available to TdStaff. Once this change is made, you will need to delete all existing profiles from the aspnet_profiles table in the DB (the system will regenerate the lists based on the code you just changed when the users login again).

Now, this will not prevent users from viewing other tickets if they obtain a link to those tickets by other means (such as search for example); but it will eliminate the all open tickets tab in ticket center, as requested. If you wanted to lock the application down to where submitters cannot see tickets for which they are not the owner, you would need to add a check for this condition in the TicketEditorControler (and possibly other controllers)... just have the controller check if the user is a member of the staff or admin role, and if not redirect them instead of rendering the ticket.

TicketDesk 3 will be adding support for external (low-trust) user scenarios, and so it will provide built-in support for this kind of limited access.
Jan 14, 2014 at 2:21 PM
Great, I'll take a look at that.

Thanks very much for the quick response.