| ... | ... | @@ -31,20 +31,26 @@ See [Category] for an example. |
|
|
|
|
|
|
|
## Tickets
|
|
|
|
|
|
|
|
Apart from read, write and delete actions, there is an additional "set_department" action which
|
|
|
|
Apart from read, create, edit and delete actions, there is an additional "set_department" action which
|
|
|
|
will set the value of the cost_bearing_department of a ticket. Here is a quick overview of who can do which
|
|
|
|
action:
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
list join on write delete set_department
|
|
|
|
------------------------------------------------------------
|
|
|
|
employee all [private,public] all all -
|
|
|
|
customer own [public] own own -
|
|
|
|
list join on create edit delete set_department
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
employee all [private,public] yes all all -
|
|
|
|
customer own [public] yes own own -
|
|
|
|
accounting all - - - only own departments
|
|
|
|
------------------------------------------------------------
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
```
|
|
|
|
|
|
|
|
An employee can create a ticket on behalf of a different user. A customer can
|
|
|
|
only create tickets for herself.
|
|
|
|
|
|
|
|
A delete will automatically cascade to referenced instances, regardless of
|
|
|
|
permissions on the referenced instances.
|
|
|
|
|
|
|
|
## Category
|
|
|
|
|
|
|
|
The category table has no explicit permission set at all. But, to enable
|
| ... | ... | @@ -53,12 +59,12 @@ access is granted to anyone who can create tickets: |
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
list join on write delete
|
|
|
|
-----------------------------------
|
|
|
|
employee all [ticket] - -
|
|
|
|
customer all [ticket] - -
|
|
|
|
accounting - [ticket] - -
|
|
|
|
------------------------------------
|
|
|
|
list join on create edit delete
|
|
|
|
-------------------------------------------------
|
|
|
|
employee all [ticket] - - -
|
|
|
|
customer all [ticket] - - -
|
|
|
|
accounting - [ticket] - - -
|
|
|
|
--------------------------------------------------
|
|
|
|
```
|
|
|
|
|
|
|
|
Accounting has no direct read access but can still join any category which is being
|
| ... | ... | @@ -67,4 +73,43 @@ a role has list rights on. |
|
|
|
|
|
|
|
## Public Comments
|
|
|
|
|
|
|
|
## Private Comments |
|
|
\ No newline at end of file |
|
|
|
Public comments can be written by customers and employees, only the ticket creator
|
|
|
|
can edit or delete a ticket.
|
|
|
|
|
|
|
|
```
|
|
|
|
list join on create edit delete
|
|
|
|
-------------------------------------------------
|
|
|
|
employee created [ticket] created created created
|
|
|
|
customer created [ticket] created created created
|
|
|
|
accounting - - - - -
|
|
|
|
-------------------------------------------------
|
|
|
|
```
|
|
|
|
|
|
|
|
Because the binding of the actions on this table is the "creating_client", a listing
|
|
|
|
of this entity will returned only those owned by the user.
|
|
|
|
|
|
|
|
Nevertheless, joining this table on ticket will work and return any instances
|
|
|
|
that reference a ticket a user has rights to.
|
|
|
|
|
|
|
|
So, in our case, an employee has access to all tickets and will therefore be able to join
|
|
|
|
all public comments.
|
|
|
|
|
|
|
|
A customer will be able to join her own and any other user's comments onto
|
|
|
|
her own tickets.
|
|
|
|
|
|
|
|
## Private Comments
|
|
|
|
|
|
|
|
Public comments are not accessable to customers.
|
|
|
|
|
|
|
|
```
|
|
|
|
list join on create edit delete
|
|
|
|
-------------------------------------------------
|
|
|
|
employee all [ticket] all all all
|
|
|
|
customer - - - - -
|
|
|
|
accounting - - - - -
|
|
|
|
-------
|
|
|
|
|
|
|
|
Because customers have no actions defined on this entity and it's not referenced
|
|
|
|
by any other entity (they have access to), they do not see it at all.
|
|
|
|
|
|
|
|
## Departments |
|
|
\ No newline at end of file |
