Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User without customer role can still create tickets over webform and e-mail #2357

Closed
SEGGER-NV opened this issue Nov 16, 2018 · 5 comments
Closed

User without customer role can still create tickets over webform and e-mail #2357

SEGGER-NV opened this issue Nov 16, 2018 · 5 comments
Labels
enhancement verified

Comments

@SEGGER-NV
Copy link

Infos:

  • Used Zammad version: 2.6.x
  • Installation method (source, package, ..): package
  • Operating system:
  • Database + version:
  • Elasticsearch version:
  • Browser + version: Firefox

Expected behavior:

  • If e.g. an unwanted SPAM user is set as inactive and has customer roles removed (also has no other role) he should not be able to create tickets via e-mail or the web form.

Actual behavior:

  • The opposite. Any user ever registered to the Zammad system can always open tickets via web-form or if API is used and the Zammad Admin can't do anything against it if the mentioned channels are used. This is horrible behaviour and makes any web form approach basically unusable.
  • Mail can at least be blocked via Mail filter rules so the spammer e-mail is added. This is still very inconvenient but at least works to block users.

Steps to reproduce the behavior:

  • Create new ticket via e-mail or web-form (external web forms that use the API are also affected).
  • Set the user to inactive and remove his customer role.
  • Try creating a new ticket using the aforementioned channels. Still works.

Yes I'm sure this is a bug and no feature request or a general question.
@martini
Copy link
Collaborator

martini commented Nov 16, 2018
edited

Just a short note: inactive != blocked. There are use cases where you need to create tickets for inactive users. But it seems that we need another attribute to block users.

@SEGGER-NV
Copy link
Author

Hello,

Thank you for clarifying the inactive state.
A blocked state would be highly appreciated.

@bebosudo
Copy link

Hi!
being able to block/ignore certain users/servers that spam emails is a vital feature that we need in a ticketing system. Any news on this?

@zammad zammad locked and limited conversation to collaborators Nov 5, 2019
@MrGeneration
Copy link
Member

I'm locking the conversation of this issue to contributors only.
Please don't get us wrong, but this is to reduce noise on the tracker like "I need this", "when does this come" etc.

We're working hard on solving issues and bugs.
However, this is a feature backlog enhancement which has no ETA as of now.

If anything changes on this issue, we'll update this issue accordingly. :-)
If you absolutely need this feature, you're always welcome to sponsor these kind of features (or develop an addon).

Bests!

@Mirtaaa
Copy link

Mirtaaa commented Sep 22, 2023
edited

Hello!
We are currently re-structuring our Backlogs and new Feature Requests should be created directly in our community. Therefore, I imported this request into our community and will close it here. You can follow the progress here:
User without customer role can still create tickets over webform and e-mail

@Mirtaaa Mirtaaa closed this as completed Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@martini @bebosudo @thorsteneckel @MrGeneration @SEGGER-NV @Mirtaaa