I can't reproduce this. For example my registered test-user can not see the tickets from administrator.

Can't See Them LISTED, but try by Browsing the URL of the Ticket of other User (Private or Public), (very easy because the last Number in the Address is Secuencial), and You'll see that ANY User can Access ANY Other User's Tickets, and also if Options for Edit, Open, Close, Delete, Tickets are Enabled then ANY User can do that to ANY Other User's Tickets; the Options for Usergroups of Edit Tickets and Edit ANY Tickets, are the Same because in the Code there isn't any Usage of the Edit/Open/Close/Delete ANY Ticket but the Code is Currently Designed to use the Edit/Open/Close/Delete Tickets as Edit/Open/Close/Delete ANY Ticket.

If Users are not that Smart they won't be Curious to try and access any other User Ticket, but if they are Malicious (or Smart Enough) they'll Start Seeing Other Users Tickets, simply by Changing the Last Number on the Browser's Address to 1 (ticket 1), 2 (ticket 2), ... x (ticket x), so there is Corrently Not Privacy on the Tickets because the Code is Incomplete. :confused:

Review the Code of the File "helpcenter.php" and You'll see that I'm Right. :confused:

I Hope PaulSonny would Share with Us a Fixed and Complete Version of that php File that separates those Permissions. ;)

My Best Regards.

:)

works 99% only the private ticket isent really that private..
but no complains otherwise. :D

Also do this Easy Experiment, so that you can Proof that there is Not Currently Use of the Options for Edit/Delete/Open/Close ANY Ticket:

Set for your Test Usergroup, the following Permissions to YES

Can View HelpCenter: YES
Can View Public Tickets: YES
Can Create Tickets: YES
Can Edit Any Ticket: YES
Can Delete Any Ticket: YES
Can Close Any Ticket: YES
Can Open Any Ticket: YES

and the Other Permissions to NO

Can View IP Addresses: NO
Can Manage Tickets: NO
Can Edit Tickets: NO
Can Delete Tickets: NO
Can Close Tickets: NO
Can Open Tickets: NO

With this, if in the Mod were Code for the Can Edit/Delete/Open/Close ANY Ticket, that Usergroup should be Able to Edit/Delete/Open/Close ANY Ticket.

Try and do that !!

You'll see that You'll Get a Message of "You Don't Have Enough Permissions to...", because on the Code of the "helpcenter.php" only the Options of Can Edit/Delete/Open/Close Ticket are being Used as the Permissions to do that with ANY Ticket, so the Code is Currently Incomplete and have that HUGE BUG :confused::confused::confused:, (AnyBody can Edit/Delete/Open/Close AnyBody's Tickets), or perhaps on the Attached File PaulSonny forgot to Add the Updated File that Includes the Complete Code.

Now Set:

Can View HelpCenter: YES
Can View Public Tickets: YES
Can Create Tickets: YES
Can Edit Tickets: YES
Can Delete Tickets: YES
Can Close Tickets: YES
Can Open Tickets: YES

Can View IP Addresses: NO
Can Manage Tickets: NO
Can Edit Any Ticket: NO
Can Delete Any Ticket: NO
Can Close Any Ticket: NO
Can Open Any Ticket: NO

And Now go to any Ticket, let's say [YOUR_FORUM_PATH]/helpcenter.php?do=ticket&tid=1 and start changing the Last Number to 2, 3, 4, ... and Any Ticket that you Have, and you'll see that No Matter Public or Private you'll be able to Access the Tickets.

Now let's be Nasty...

Access Any Private Ticket of other User (go to one of your Admins Tickets, see the last Number of that Ticket and change the 1 of the [YOUR_FORUM_PATH]/helpcenter.php?do=ticket&tid=1 on the Test User of the Test Usergroup), and then Select the Edit/Delete/Open/Close Options. Surprise !! You've Just Edited/Deleted/Opened/Closed the Private Ticket of Other User (Admin in this Case). :confused::confused::confused:

That's My Exact Point, and that's the Reason Why I Haven't Used this Mod on my Forum Yet, I Have it Installed but Disabled, because with that HUGE BUG there's No Privacy and No Security for the Information that Users Post on their Tickets, so is Not Right to Offer that to them.

I Hope PaulSonny would offer Soon the Solution to that BUG, I think is worth an Urgent Update to this Mod.

My Best Regards.

:)

Yes, you're right. I hope, PaulSonny reads these posts. This is a serious bug. :confused: :)

tested this with a normal user i cannot edit tickets when i change the url

i can reply with a new msg and i can attach stuff
but i cannot edit existing threads in the tickets.

But if im on any moderator,supmod or admin i can edit them all.

Feel free to test, the first 3 tickets are tests
user : pass : that user is a normal "registered" usergroup with wery limited forum acces
but got acces to helpcenter.



Ewen if i try to enter the Closeticket or editticket in the url
helpcenter.php?do=closeticket&tid=3 It just says you dont have acces
helpcenter.php?do=editticket&tid=3 It just says you dont have acces

as im concerned it works fine, only two problems
- private tickets ARE NOT PRIVATE.
- anyone can reply to tickets.

You Haven't Set Premissions for that Test Usergroup to Edit/Open/Close/Delete Tickets, that's why they can't do those Actions Not Even with Their Own Tickets. (I've done the Exercise with a Test User http://www.evisystems.org/forums/hel...o=ticket&tid=4 and that's why the Dropdown Menu that Shoul Appear at the Right of the Ticket doesn't Appear.

Do the Exercise EXACTLY as I Wrote in my Message, setting the Permissions EXACTLY as I've Described, do the Exercise, and You'll see yourself Editing/Deleting/Closing/Opening the Tickets of Any Other User (Even Admins).

I Keep my Conclusions as I mentioned them in my Last Reply, a HUGE BUG and Privacy Problem with the Ticket Info of other Users (Anybody can Edit/Delete/Open/Close Anybodies's Tickets if you set to YES the Options to Edit/Delete/Open/Close Tickets, Not ANY Ticket, just Tickets, because the ANY Tickets Function is Not in Use and the Edit/Delete/Open/Close Tickets is Working as ANY Tickets).

(Read my Other Posts in this Thread, I Reported that Bug many Months Ago but only in my Last Post I decided to Describe the Exact Process so that Anybody can Test and Know Exactly the Problem).

Other BUG, (but that would be workable if the other Bug weren't Happening) is that if you Set to YES the Permissions to Edit/Delete/Open/Close Tickets, you'll see the Dropdown Menu for those Options in ALL Tickets, and this should only be Displayed in the Tickets you can Perform Actions With. :confused::confused::confused:

My Best Regards.

:)

no ofcourse not, i would never let the user themself allowed to edit the original ticket.

this is a ticket not a thread. been working as a supported for a it company we have a
similar system, except its 100% private but the original post is not editable.
only by mod or admin.

Like i have, i as admin or moderator is the ONLY one to edit/open/close threads.
would be unresponsible to let users do that themself, then its not a ticket system
then its just a forum board.

I was looking for this! thank you so much! :)

Can anyone help with this error during the product import

"A conflict was detected in the bitfields. You cannot continue with the installation of this product until this has been fixed. The conflicts found were:

* Bitfield Collision: canalwayspostmessage = canpostnonmembergroup"