From e48b94252c0bb4ab55587515cf695c0300b72d03 Mon Sep 17 00:00:00 2001 From: Alex Vandiver Date: Fri, 22 Mar 2013 14:18:43 -0700 Subject: [PATCH] Only display privileged users in Owner drop-downs Configurations in which unprivileged users are expected to own tickets are vanishingly small or non-existant; however, it is a common misconfiguration to grant Everyone the OwnTicket right. Limit entries in the Owner dropdown to only privileged users. Configurations which require unprivileged users be able to own tickets may use the autocompleter. --- docs/UPGRADING-4.2 | 7 +++++++ share/html/Elements/SelectOwnerDropdown | 1 + 2 files changed, 8 insertions(+) diff --git a/docs/UPGRADING-4.2 b/docs/UPGRADING-4.2 index 9257929e791..81723c44883 100644 --- a/docs/UPGRADING-4.2 +++ b/docs/UPGRADING-4.2 @@ -76,3 +76,10 @@ UPGRADING FROM RT 4.0.0 and greater using this in an rt-crontool cronjob or had used a Googleish_Local.pm to add features, you will need to convert to using RT::Search::Simple instead. + +* The Owner drop-down now only includes privileged users (no matter if + unprivileged users have been granted the OwnTicket right) because + configurations which have unprivileged Owners are exceedingly rare, + and granting Everyone the OwnTicket right is a common cause of + performance problems. Unprivileged Owners (if they exist) may still + be set using the Autocompleter. diff --git a/share/html/Elements/SelectOwnerDropdown b/share/html/Elements/SelectOwnerDropdown index d47cf4fbd7e..4f3db0256dc 100644 --- a/share/html/Elements/SelectOwnerDropdown +++ b/share/html/Elements/SelectOwnerDropdown @@ -67,6 +67,7 @@ my $isSU = $session{CurrentUser} ->HasRight( Right => 'SuperUser', Object => $RT::System ); foreach my $object (@$Objects) { my $Users = RT::Users->new( $session{CurrentUser} ); + $Users->LimitToPrivileged; $Users->WhoHaveRight( Right => 'OwnTicket', Object => $object,