API: Ticket creation - wrong user in notifcations, activity stream

[pgodzwa]

My previous issue was closed without proper testing, so I'm creating new one. @muhammadn old issue

Infos:

• Used Zammad version: 2.3.x / 2.4.x
• Installation method (source, package, ..): package
• Operating system: Ubuntu 16.04.3
• Database + version: MySQL
• Elasticsearch version: 5.6.7
• Browser + version: Chrome / doesn't matter

Expected behavior:

When creating ticket using api, it should show customer as ticket creator in mail/slack notifications and activity stream.

Actual behavior:

In the ticket it looks fine, but notifications and activity stream shows that ticket was created by the authentication user.

Steps to reproduce the behavior:

Try it. In the real example, I'm using php form with zammad php api library, but it doesn't matter since with curl it's the same.

Proof: CURL that I used to create ticket (from docs):

curl -u LoginUser@test.com -H "Content-Type: application/json" -X POST -d '{"title":"Help me!","group": "Users","article":{"subject":"some subject","body":"some message","type":"note","internal":false},"customer":"RealCustomer@test.com","note": "some note"}' http://mysite.com/api/v1/tickets

Details: loginuser@test.com = Login User realcustomer@test.com = Real Customer

Result:

As you can see, on ticket view it's fine. But it's wrong in activity stream (and the same in mail, slack notification, it should show Real customer instead of Login user.)

I have tried to change created_by_id and updated_by_id to the Real Customer id, but it still creates ticket with Login User id.

Yes I'm sure this is a bug and no feature request or a general question. Tested it both in 2.3.x and 2.4.x on two different servers.

I hope it can be fixed since it's very annoying. Thank you.

[rolfschmidt]

Hi @sheLbyPL , what is the usecase for this? In the normal case the creator of the action is always listed in the activity stream. So if you created a ticket for a customer then you are also displayed in the activity stream.

Best regards, Rolf

[pgodzwa]

Hi @rolfschmidt I have created php form (which I use in my outlook addon). It sends data by the api (using zammad php library). You have to specify 1 account/http token/oauth token that has permissions to do stuff with the api (in my example it's "Login User").

My php form gets customer email from current outlook logged in account (using office javascript api), then I set this email as customer. It works fine, the only problem is that in notifications and activity stream it shows that ticket is created by the "Login user", and I want it to show as customer instead.

I hope it can be fixed or changed somehow. If you need any more details just let me know.

Thank you!

[rolfschmidt]

Hi @sheLbyPL , good news! We decided to implement a new header to support actions in the API in behalf of a different user by setting a header.

I added some documentation, which will help you to implement it in your application.

The feature is currently available in the develop branch and will be released with zammad 2.4.

documentation: https://docs.zammad.org/en/latest/api-intro.html#example-curl-request-on-behalf-of-a-different-user

I also added some issues for our apis in ruby, php and .net to support it in the future:

https://github.com/zammad/zammad-api-client-ruby/issues/4 https://github.com/zammad/zammad-api-client-php/issues/11 https://github.com/Asesjix/Zammad-Client/issues/9

If you are able to test the develop branch version then i would appreciate some feedback.

If you really need a workaround for older zammad versions, you maybe consider a dirty hack to solve your problem. While debugging the situation, i found out that maybe the api of the feedback formular would solve your problem too. If you are enabling the feedback formulars in the admin interface then you could use your javascript api to kind of forward the information to the zammad system:

curl -u master@example.com:test -H "Content-Type: application/json" -X POST -d '{"fingerprint": "yoooooooooooooooooooooooooooooooooooooooooooooooooooo"}' http://ubuntu-rs:3000/api/v1/form_config

{"enabled":true,"endpoint":"http://zammad.example.com/api/v1/form_submit","token":"TWpCVU56ZDBTVFZHVUdrME5HSmpVV3hNTDFSRWJVTm9hbkpJWVVORlUyZzNZalZoVmtSV1ptbFVWRmRKWkd0VWVsWkJWVnBQYWs0NE9IaDFNSE0yWlVaNGNYUm9Nek5QTDNnMVptRXpPRzlPZGpKWk9YTjBRbGxZZW5oTFpWRlFRalpGZURaR1psSm9VVEZoY25GQk9HaHJVR2xvTUhkVVVFazJVSEpsUjNoS2FVSTBVMk5hTjNGNmNXbGhSMDVvV1UxMk1VYzJPU3REVmpOQlIyaEpaM0JaY0ZoUGJEbHJSVUkwUFMwdFpVcDNiVzlVVTNGaWNTdEJLMjFzUkdWMGNFaFFaejA5LS1lYjIyZmIxZmE0MmRiYTk0OGE5MDA5YzA3NmU0NGM1YzRiZjFiNGYw"}

curl -u master@example.com:test -H "Content-Type: application/json" -X POST -d '{"name":"Rolf","email":"rs@znuny.com","title": "rs title", "body":"rs body", "token":"TWpCVU56ZDBTVFZHVUdrME5HSmpVV3hNTDFSRWJVTm9hbkpJWVVORlUyZzNZalZoVmtSV1ptbFVWRmRKWkd0VWVsWkJWVnBQYWs0NE9IaDFNSE0yWlVaNGNYUm9Nek5QTDNnMVptRXpPRzlPZGpKWk9YTjBRbGxZZW5oTFpWRlFRalpGZURaR1psSm9VVEZoY25GQk9HaHJVR2xvTUhkVVVFazJVSEpsUjNoS2FVSTBVMk5hTjNGNmNXbGhSMDVvV1UxMk1VYzJPU3REVmpOQlIyaEpaM0JaY0ZoUGJEbHJSVUkwUFMwdFpVcDNiVzlVVTNGaWNTdEJLMjFzUkdWMGNFaFFaejA5LS1lYjIyZmIxZmE0MmRiYTk0OGE5MDA5YzA3NmU0NGM1YzRiZjFiNGYw", "fingerprint": "yoooooooooooooooooooooooooooooooooooooooooooooooooooo"}' http://ubuntu-rs:3000/api/v1/form_submit

{"ticket":{"id":11,"number":"89011"}

Best regards, Rolf

[pgodzwa]

Thank you! Tested it with curl on develop version and it works fine. Now I just have to wait for 2.4.0 release and zammad php api update :)

About workaround, I'm not sure if I can do it with php api (i think not), but thanks anyway!