#59 user ticket permissions/visibility

[Guy Rowson]

Hi all,

fantastic app. Congrats Edwin and others.

I have a few ideas for improvements or enhancements
but I am new to php so I can't do any example mods for
you.

One feature which I think would add alot of value is the
ability to restrict a user to only their own created or
assigned tickets.

It would be good to have separate security groups as
opposed to ticket/issue list groups.

Also to have the option of having a
company/organisation attribute which can be used to
limit ticket viewing.

Let's try this by example:

1. To view anything in a list(currently group) a user
must be a member of the associated group for that list.
This already is true I believe.

2. A user can view and contribute/modify any ticket
created by their userid (possibly with an option of being
able to limit a user to create/submit only but not
modify). This presumably would already exist.

3. By default a user can only see tickets which they
created or for which they have been assigned. i.e. even
if they browse an issue list that they belong to they will
only see their own tickets.

4. If configured (at the user level) the user can view
anything that has been logged by another member of
their company/organisation (another id/entity that is
collected and has members) if permitted at the list/group
level.

5. Any group can be configured to enforce user only,
company only, or all ticket viewing. i.e. Users can be
limited to view only their own tickets, their companies
tickets, or all tickets within a specific list/group.

So there would be:
1. There would be a new entity type of company or
organisation to which users would belong. To get around
end-users that are not associated with one there could
be a default company/organisation called 'public'.

2. A control at the issue list level would be implemented
that restricts ticket visibility to user, company, or
unrestricted/all.

3. A control (which I think exists) that does not allow a
users to see any issues/tickets from lists/groups that
they do not belong.

A futher enhancement would be to have companies
associated with specific lists/groups (sum of their
members lists/groups) so that when a new user is
created and associate with an organisation by default it
would pre-select them for the issuelists that a company
belongs/uses so that they do not need to be found.
Could even ask by tick box as part of the reg if they
wanted them pre-selected or not.

If this suggestion is not clear I would be happy to try to
clarify it.

I think it would make it immensely more functional.
Especially for use as a public support site (e.g.
hardware/software retailer that wants to provide
warranty support or ISP/HSP that wants to provide
private support to end users).

I would like to implement it to provide issue tracking for
business clients but I don't want to have a group for
every client as there would be too many groups. I would
also like to be able to do some parts and service sales
and provide after sales support through the same tool.

Cheers, MelbGuy