search

znuny / Znuny

Znuny/Znuny LTS is a fork of the ((OTRS)) Community Edition, one of the most flexible web-based ticketing systems used for Customer Service, Help Desk, IT Service Management.
https://www.znuny.org
GNU General Public License v3.0
332 stars 82 forks source link

Bug - agent without rights to edit customer see link on AgentTicketZoom screen #558

Open BuilderNSV opened 2 months ago

BuilderNSV commented 2 months ago

Environment

Expected behavior

Agent on AgentTicketZoom screen in TicketInformation block from the right should see link to edit customer company only if approriate permissions have been given

Actual behavior

Link to edit customer company is rendered allways and agent have got error about insufficient rights when click on it.

How to reproduce

Steps to reproduce the behavior:

  1. Set group to X value for system configuration Frontend::Module###AgentCustomerInformationCenter.
  2. Current agent does not have rights on group X.
  3. Create an company and customer user belonged to it
  4. Create an ticket from this customer user.
  5. View this ticket by current agent via detailed view screen (AgentTicketZoom)
  6. See in TicketInformation block that company is displayed with link and error about permissions is display on click on it.

Additional information

The same information about company is rendered correctly on AgentTicketStatusView screen in Medium and Preview modes - link is displayed only if agent has apporpriate permissions. On these screens required permissions are checked and tempate has 2 blocks: my $CustomerIDBlock = $Access ? 'CustomerIDRW' : 'CustomerIDRO';

rkaldung commented 2 months ago

@BuilderNSV Thank you for reporting. I could reproduce it with Znuny 7.0.17 for the AgentTicketZoom and AgentTicketStatusView in the Medium mode. Just the Preview mode had not (working) link for the customer information center.