pluginsGLPI
Validator have no permission to validate a ticket generated from a multiple targets form in simplified interface
Describe the bug Validator have no permission to validate a ticket generated from a multiple targets form in simplified interface To Reproduce Steps to reproduce the behavior:
- Send a approval request to user in such a ticket
- Validator clicks on link in received notification mail
- When using simplified interface, he get "You don't have permission to perform this action" message
When connected to standard interface (with technician profile), he's able to validate
When an approval is sent from a ticket generated by a form which has a single target, Validator is able to validate from simplified interface
In glpi_plugin_formcreator_issues, the difference is the itemtype : PluginFormcreatorFormAnswer when generated from multiple targets form, Ticket otherwise. When connected in simplified interface, the link in notification mail https://glpi..com/front/ticket.form.php?id=9611&forcetab=Ticket$1 is redirected to https://glpi..com/marketplace/formcreator/front/issue.form.php?id=179281&tickets_id=9611
When connected in standard interface, there is no redirection.
Expected behavior Any validator should be able to validate from simplified interface
GLPI / Plugins (please complete the following information):
- GLPI version : GLPI 10.0.10
- list of all plugins with their version (available in GLPI > Setup > General > tab System > bottom of the page)
accounts Name: Accounts Version: 3.0.3 State: Enabled
Install Method: Marketplace fields Name: Additional Fields Version: 1.20.0 State: Enabled
Install Method: Marketplace badges Name: Badges Version: 3.0.0 State: Not installed
Install Method: Marketplace behaviors Name: Behaviours Version: 2.7.2 State: Enabled
Install Method: Marketplace connections Name: Connections Version: 10.0.0 State: Enabled
Install Method: Marketplace datainjection Name: Data injection Version: 2.13.3 State: Enabled
Install Method: Marketplace archimap Name: Diagrams Version: 3.3.0 State: Installed / not activated
Install Method: Marketplace formcreator Name: Form Creator Version: 2.13.8 State: Enabled
Install Method: Marketplace glpiinventory Name: GLPI Inventory Version: 1.2.1 State: Enabled
Install Method: Marketplace geninventorynumber Name: Inventory number generation Version: 2.8.3 State: Enabled
Install Method: Marketplace addressing Name: IP Adressing Version: 3.0.1 State: Enabled
Install Method: Marketplace oauthimap Name: Oauth IMAP Version: 1.4.2 State: Enabled
Install Method: Marketplace genericobject Name: Objects management Version: 2.14.8 State: Enabled
Install Method: Marketplace screenshot Name: Screenshot Version: 2.0.2 State: Enabled
Install Method: Marketplace singlesignon Name: Single Sign-on Version: 1.3.3 State: Enabled
Install Method: Manual tag Name: Tag Management Version: 2.11.6 State: Enabled
Install Method: Marketplace
Desktop (please complete the following information):
- OS: Windows
- Browser : chrome, brave, firefox, edge
Hi
Please show the URL found in the notification email, and the URL displayed in the browser after clicking on it (I expect that the URL changes due to some redirections).
You may redact the domain name.
OK, I see you already provided the 2 link.
I think there is a need to enhance the redirection code in the plugin.
I would say that it's a bug, not an enhancement request. Self-Service user should be able to validate tickets when they are requested in all cases.
Any idea what should be done ? This behavior difference creates confusion. I have to add technician profile to validators of such tickets just to give them the ability to vaildate and explain them they have to switch to this profile. It does not make sense. Do you see another less confusing way ? I could not test but i guess the problem may be the same for observors who have only self-service profile.