This project has moved. For the latest updates, please go here.

Ability to restrict user creation to admin users only.

Feb 21, 2009 at 6:14 PM
Hi Stephen
Feature request.
Would it be feasible to add as feature, the ability to hide the new user creation from the login.aspx. It would be useful if this could be controlled by the already logged in admin users only. As the site will be running over the local intranet, it would be useful to have more control over user creation. This is over a Novell network so AD is not an option.
Thoughts?
Regards
Colin Williams
Coordinator
Feb 21, 2009 at 11:10 PM
I have ideas along those lines, but not exactly that feature specifically.

The general request is nearly the opposite of the requirments for  [workitem:9945] and [workitem:9899]. There are a number of related feature requests. Mostly these deal with people that want to use ticketdesk in different environments than the one we originally wrote it for. 

TicketDesk assumes that it is being used as an internal help desk tool within a single organization. Users are encouraged to sign-up and participate in the system with a high degree of transparency so that both end-users can share information among themselves as well as with help desk. It also assumes that the system is not accessible to the general public.

There seem to be two trends towards other environments. The first is people that want to use ticket desk as a support site for the general public or with external "customers". The second are the beurocratics that want tigher control over the system, reduced transparancy, and a heirarchical internal workflow (escalations, management approvals, time tracking, reporting, etc). 

The first group I will accomidate as soon as I can get time to implement the features they would need and beef up the security with anti-spam and anti-attack features. Currently I'd be concerned about cross-site scripting and various injection attacks in particular.

The second group tends to want features that work against their own self-interest and are contrary to the open and cooperative nature of the system. I'm willing to provide some limited functionality towards less trusted internal environments, but there are limits as to how far I'll go in that direction with the public open source project directly. 

Eventaully I'll seperate the registration and login features, and add features to the admin tools to allow admins to create, delete, and edit user accounts along with the necessary features to control anonymous ticket creation (tickets with just an email as the owner/creator) and control other various user settings.

Those are not on the short-list though, so it could be a while before I get to them.

In the mean time, you can simply create your own simple edit/create user page in the admin section and then remove the register controls from the login page. TicketDesk, when configured for SQL security uses the standard asp.net membership system. All the code you'd need to create users via an admin tool is already in the login page's code-behind (the only special trick is putting the display name in the comments field).