Only display privileged users in Owner drop-downs

Configurations in which unprivileged users are expected to own tickets are vanishingly small or non-existant; however, it is a common misconfiguration to grant Everyone the OwnTicket right. Limit entries in the Owner dropdown to only privileged users. Configurations which require unprivileged users be able to own tickets may use the autocompleter.
bestpractical · Mar 22, 2013 · e48b942 · e48b942
1 parent 3056568
commit e48b942
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2
@@ -76,3 +76,10 @@ UPGRADING FROM RT 4.0.0 and greater
   using this in an rt-crontool cronjob or had used a
   Googleish_Local.pm to add features, you will need to convert to
   using RT::Search::Simple instead.
+
+* The Owner drop-down now only includes privileged users (no matter if
+  unprivileged users have been granted the OwnTicket right) because
+  configurations which have unprivileged Owners are exceedingly rare,
+  and granting Everyone the OwnTicket right is a common cause of
+  performance problems.  Unprivileged Owners (if they exist) may still
+  be set using the Autocompleter.
diff --git a/share/html/Elements/SelectOwnerDropdown b/share/html/Elements/SelectOwnerDropdown
@@ -67,6 +67,7 @@ my $isSU = $session{CurrentUser}
     ->HasRight( Right => 'SuperUser', Object => $RT::System );
 foreach my $object (@$Objects) {
     my $Users = RT::Users->new( $session{CurrentUser} );
+    $Users->LimitToPrivileged;
     $Users->WhoHaveRight(
         Right               => 'OwnTicket',
         Object              => $object,