Open joelhellman opened 8 years ago
Nebopolis
commented
8 years ago Hi @joelhellman. Unfortunately there is not a role that can be set which allows agents to modify other agents. This is on the Zendesk roles side so it isn't something that we can work around in the app. The app is set up to detect permissions, so if such a role is added in the future it should begin allowing users who have that access to change status for other agents.
Nebopolis
commented
8 years ago I will leave this issue open for a while and will investigate workarounds, but it is something that I have looked into in the past and it is likely something that will have to wait for expanded role functionality.
Maxcraft90
commented
7 years ago hi @Nebopolis is there a possibility to get a second app, which uses an admin token, that is provided, to do the update? this app can be role restricted.
Nebopolis
commented
7 years ago @Maxcraft90 Unfortunately this is not straightforward to do. There are a number of places where the app framework forces requests to the API to use the current user. While it may be possible by breaking out of the framework, obviously that isn't something that can be done with a public app.
joelhellman
commented
7 years ago @Maxcraft90 I did some tests with OAuth and token credentials just to verify this, but it seems like what @Nebopolis is saying holds true; all requests are rejected. Also tried to break out of the framework but had no luck with those requests either.
Bouncing the user-update request off a backend service that makes the user update request using another user's admin credentials is they only way I have been able to fix this (that's what I'm currently doing).
I'd love to hear if anyone finds a simpler solution sometime.
Maxcraft90
commented
7 years ago @joelhellman can you give me a more brief explanation how you did that?
I need all team members to be able to update the OOO status of their colleagues who are not at work, and work in the same team. The team part is doable, my issue is they will all need to be Administrators for this. There are lots of reasons why I don't want more Administrators in my Zendesk.
I understand the issue here must be with permissions; as the Administrator role is the only one with permissions to change agent user data and we rely on updating agent's user tags.
There is an permission property called "can_modify_user_tags" that I see when I query the /users endpoint and side-loaded the abilities object, that I thought I might be able to add to my agent's custom roles to work around this, but I cannot find a setting for this in Zendesk custom role interface.
We've come to rely on the functionality of this app. As far as I know, there is no way to temporarily escalate the privileges within the apps framework, to work around this? Any ideas if this could be implemented?