Fixed issue #920 - Unable to create users with admin.user permission.

2017-04-03 23:38:55 +02:00 · 2017-04-03 23:38:55 +02:00 · 18711a28bd
parent eb287c6b90
commit 18711a28bd
6 changed files with 830 additions and 48 deletions
--- a/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee
+++ b/app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee
@ -47,14 +47,14 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
    object = params.object
    objects =
      Ticket:
-        Customer:
+        'ticket.customer':
          create_middle:
            shown: true
            required: false
          edit:
            shown: true
            required: false
-        Agent:
+        'ticket.agent':
          create_middle:
            shown: true
            required: false
@ -62,7 +62,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
            shown: true
            required: false
      User:
-        Customer:
+        'ticket.customer':
          create:
            shown: true
            required: false
@ -71,7 +71,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
          signup:
            shown: false
            required: false
-        Agent:
+        'ticket.agent':
          create:
            shown: true
            required: false
@ -83,7 +83,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
          invite_customer:
            show: false
            required: false
-        Admin:
+        'admin.group':
          create:
            shown: true
            required: false
@ -99,10 +99,10 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
            show: false
            required: false
      Organization:
-        Customer:
+        'ticket.customer':
          view:
            shown: true
-        Agent:
+        'ticket.agent':
          create:
            shown: true
            required: false
@ -111,7 +111,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
            required: false
          view:
            shown: true
-        Admin:
+        'admin.group':
          create:
            shown: true
            required: false
@ -121,7 +121,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
          view:
            shown: true
      Group:
-        Admin:
+        'admin.group':
          create:
            shown: true
            required: false
--- a/app/assets/javascripts/app/controllers/logout.coffee
+++ b/app/assets/javascripts/app/controllers/logout.coffee
@ -5,4 +5,4 @@ class Index extends App.ControllerContent
    App.Auth.logout()

 App.Config.set('logout', Index, 'Routes')
-App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout', role: [ 'Agent', 'Customer' ] }, 'NavBarRight')
+App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout' }, 'NavBarRight')
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -196,7 +196,7 @@ class SessionsController < ApplicationController

  # "switch" to user
  def switch_to_user
-    permission_check('admin.session')
+    permission_check(['admin.session', 'admin.user'])

    # check user
    if !params[:id]
--- a/app/models/object_manager/attribute.rb
+++ b/app/models/object_manager/attribute.rb
@ -61,7 +61,7 @@ add a new attribute entry for an object
        },
      },
      edit: {
-        Agent : {
+        'ticket.agent' => {
          required: true,
        },
      },
@ -384,14 +384,25 @@ returns:
        tag: item.data_type,
        #:null     => item.null,
      }
+      if item.data_option[:permission] && item.data_option[:permission].any?
+        next if !user
+        hint = false
+        item.data_option[:permission].each { |permission|
+          next if !user.permissions?(permission)
+          hint = true
+          break
+        }
+        next if !hint
+      end
+
      if item.screens
        data[:screen] = {}
-        item.screens.each { |screen, roles_options|
+        item.screens.each { |screen, permission_options|
          data[:screen][screen] = {}
-          roles_options.each { |role, options|
-            if role == '-all-'
+          permission_options.each { |permission, options|
+            if permission == '-all-'
              data[:screen][screen] = options
-            elsif user && user.role?(role)
+            elsif user && user.permissions?(permission)
              data[:screen][screen] = options
            end
          }
--- a/db/migrate/20170403000001_fixed_admin_user_permission_920.rb
+++ b/db/migrate/20170403000001_fixed_admin_user_permission_920.rb
@ -0,0 +1,767 @@
+class FixedAdminUserPermission920 < ActiveRecord::Migration
+  def up
+
+    # return if it's a new setup
+    return if !Setting.find_by(name: 'system_init_done')
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'customer_id',
+      display: 'Customer',
+      data_type: 'user_autocompletion',
+      data_option: {
+        relation: 'User',
+        autocapitalize: false,
+        multiple: false,
+        guess: true,
+        null: false,
+        limit: 200,
+        placeholder: 'Enter Person or Organization/Company',
+        minLengt: 2,
+        translate: false,
+        permission: ['ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        edit: {},
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 10,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'type',
+      display: 'Type',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        options: {
+          'Incident' => 'Incident',
+          'Problem'  => 'Problem',
+          'Request for Change' => 'Request for Change',
+        },
+        nulloption: true,
+        multiple: false,
+        null: true,
+        translate: true,
+      },
+      editable: true,
+      active: false,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 20,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'group_id',
+      display: 'Group',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        relation: 'Group',
+        relation_condition: { access: 'rw' },
+        nulloption: true,
+        multiple: false,
+        null: false,
+        translate: false,
+        only_shown_if_selectable: true,
+        permission: ['ticket.agent', 'ticket.customer'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 25,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'owner_id',
+      display: 'Owner',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        relation: 'User',
+        relation_condition: { roles: 'Agent' },
+        nulloption: true,
+        multiple: false,
+        null: true,
+        translate: false,
+        permission: ['ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: true,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 30,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'state_id',
+      display: 'State',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketState',
+        nulloption: true,
+        multiple: false,
+        null: false,
+        default: Ticket::State.find_by(name: 'open').id,
+        translate: true,
+        filter: Ticket::State.by_category(:viewable).pluck(:id),
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          'ticket.agent' => {
+            null: false,
+            item_class: 'column',
+            filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id),
+          },
+          'ticket.customer' => {
+            item_class: 'column',
+            nulloption: false,
+            null: true,
+            filter: Ticket::State.by_category(:viewable_customer_new).pluck(:id),
+            default: Ticket::State.find_by(name: 'new').id,
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            nulloption: false,
+            null: false,
+            filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id),
+          },
+          'ticket.customer' => {
+            nulloption: false,
+            null: true,
+            filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id),
+            default: Ticket::State.find_by(name: 'open').id,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 40,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'pending_time',
+      display: 'Pending till',
+      data_type: 'datetime',
+      data_option: {
+        future: true,
+        past: false,
+        diff: 24,
+        null: true,
+        translate: true,
+        required_if: {
+          state_id: Ticket::State.by_category(:pending).pluck(:id),
+        },
+        shown_if: {
+          state_id: Ticket::State.by_category(:pending).pluck(:id),
+        },
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 41,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'priority_id',
+      display: 'Priority',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketPriority',
+        nulloption: false,
+        multiple: false,
+        null: false,
+        default: Ticket::Priority.find_by(name: '2 normal').id,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          'ticket.agent' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 80,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'tags',
+      display: 'Tags',
+      data_type: 'tag',
+      data_option: {
+        type: 'text',
+        null: true,
+        translate: false,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_bottom: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+        edit: {},
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 900,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'type_id',
+      display: 'Type',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketArticleType',
+        nulloption: false,
+        multiple: false,
+        null: false,
+        default: Ticket::Article::Type.lookup(name: 'note').id,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 100,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'internal',
+      display: 'Visibility',
+      data_type: 'select',
+      data_option: {
+        options: { true: 'internal', false: 'public' },
+        nulloption: false,
+        multiple: false,
+        null: true,
+        default: false,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 200,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'to',
+      display: 'To',
+      data_type: 'input',
+      data_option: {
+        type: 'text',
+        maxlength: 1000,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 300,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'cc',
+      display: 'Cc',
+      data_type: 'input',
+      data_option: {
+        type: 'text',
+        maxlength: 1000,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {},
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'body',
+      display: 'Text',
+      data_type: 'richtext',
+      data_option: {
+        type: 'richtext',
+        maxlength: 20_000,
+        upload: true,
+        rows: 8,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 600,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'password',
+      display: 'Password',
+      data_type: 'input',
+      data_option: {
+        type: 'password',
+        maxlength: 100,
+        null: true,
+        autocomplete: 'off',
+        item_class: 'formGroup--halfSize',
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        invite_agent: {},
+        invite_customer: {},
+        edit: {
+          'admin.user' => {
+            null: true,
+          },
+        },
+        view: {}
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'vip',
+      display: 'VIP',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: false,
+        item_class: 'formGroup--halfSize',
+        options: {
+          false: 'no',
+          true: 'yes',
+        },
+        translate: true,
+        permission: ['admin.user', 'ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1490,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'role_ids',
+      display: 'Permissions',
+      data_type: 'user_permission',
+      data_option: {
+        null: false,
+        item_class: 'checkbox',
+        permission: ['admin.user'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {},
+        invite_agent: {
+          '-all-' => {
+            null: false,
+            default: [Role.lookup(name: 'Agent').id],
+          },
+        },
+        invite_customer: {},
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1600,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.user', 'ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {},
+        invite_agent: {},
+        invite_customer: {},
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'shared',
+      display: 'Shared organization',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: true,
+        note: 'Customers in the organization can view each other items.',
+        item_class: 'formGroup--halfSize',
+        options: {
+          true: 'yes',
+          false: 'no',
+        },
+        translate: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'domain_assignment',
+      display: 'Domain based assignment',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: false,
+        note: 'Assign Users based on users domain.',
+        item_class: 'formGroup--halfSize',
+        options: {
+          true: 'yes',
+          false: 'no',
+        },
+        translate: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1410,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Group',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.group'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        edit: {
+          '-all-': {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    map = {
+      Admin: 'admin',
+      Agent: 'ticket.agent',
+      Customer: 'ticket.customer',
+    }
+    ObjectManager::Attribute.all.each { |attribute|
+      next if attribute.screens.blank?
+      screens = {}
+      attribute.screens.each { |screen, role_value|
+        if role_value.blank?
+          screens[screen] = role_value
+        else
+          screens[screen] = {}
+          role_value.each { |role, value|
+            if map[role.to_sym]
+              screens[screen][map[role.to_sym]] = value
+            else
+              screens[screen][role] = value
+            end
+          }
+        end
+      }
+      attribute.screens = screens
+      attribute.save!
+    }
+
+  end
+
+end
--- a/db/seeds.rb
+++ b/db/seeds.rb
@ -3708,12 +3708,13 @@ ObjectManager::Attribute.add(
    placeholder: 'Enter Person or Organization/Company',
    minLengt: 2,
    translate: false,
+    permission: ['ticket.agent'],
  },
  editable: false,
  active: true,
  screens: {
    create_top: {
-      Agent: {
+      '-all-' => {
        null: false,
      },
    },
@ -3752,7 +3753,7 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
      },
    },
@ -3777,6 +3778,7 @@ ObjectManager::Attribute.add(
    null: false,
    translate: false,
    only_shown_if_selectable: true,
+    permission: ['ticket.agent', 'ticket.customer'],
  },
  editable: false,
  active: true,
@ -3788,7 +3790,7 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
      },
    },
@ -3812,18 +3814,19 @@ ObjectManager::Attribute.add(
    multiple: false,
    null: true,
    translate: false,
+    permission: ['ticket.agent'],
  },
  editable: false,
  active: true,
  screens: {
    create_middle: {
-      Agent: {
+      '-all-' => {
        null: true,
        item_class: 'column',
      },
    },
    edit: {
-      Agent: {
+      '-all-' => {
        null: true,
      },
    },
@ -3852,12 +3855,12 @@ ObjectManager::Attribute.add(
  active: true,
  screens: {
    create_middle: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
        item_class: 'column',
        filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id),
      },
-      Customer: {
+      'ticket.customer' => {
        item_class: 'column',
        nulloption: false,
        null: true,
@ -3866,12 +3869,12 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Agent: {
+      'ticket.agent' => {
        nulloption: false,
        null: false,
        filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id),
      },
-      Customer: {
+      'ticket.customer' => {
        nulloption: false,
        null: true,
        filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id),
@ -3913,7 +3916,7 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Agent: {
+      '-all-' => {
        null: false,
      },
    },
@ -3941,13 +3944,13 @@ ObjectManager::Attribute.add(
  active: true,
  screens: {
    create_middle: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
        item_class: 'column',
      },
    },
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
      },
    },
@ -3973,7 +3976,7 @@ ObjectManager::Attribute.add(
  active: true,
  screens: {
    create_bottom: {
-      Agent: {
+      'ticket.agent' => {
        null: true,
      },
    },
@ -4004,7 +4007,7 @@ ObjectManager::Attribute.add(
  screens: {
    create_middle: {},
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
      },
    },
@ -4034,7 +4037,7 @@ ObjectManager::Attribute.add(
  screens: {
    create_middle: {},
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: false,
      },
    },
@ -4061,7 +4064,7 @@ ObjectManager::Attribute.add(
  screens: {
    create_middle: {},
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: true,
      },
    },
@ -4088,7 +4091,7 @@ ObjectManager::Attribute.add(
    create_top: {},
    create_middle: {},
    edit: {
-      Agent: {
+      'ticket.agent' => {
        null: true,
      },
    },
@ -4121,12 +4124,9 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Agent: {
+      '-all-' => {
        null: true,
      },
-      Customer: {
-        null: false,
-      },
    },
  },
  to_create: false,
@ -4686,7 +4686,7 @@ ObjectManager::Attribute.add(
    invite_agent: {},
    invite_customer: {},
    edit: {
-      Admin: {
+      'admin.user' => {
        null: true,
      },
    },
@ -4713,15 +4713,13 @@ ObjectManager::Attribute.add(
      true: 'yes',
    },
    translate: true,
+    permission: ['admin.user', 'ticket.agent'],
  },
  editable: false,
  active: true,
  screens: {
    edit: {
-      Admin: {
-        null: true,
-      },
-      Agent: {
+      '-all-' => {
        null: true,
      },
    },
@ -4785,6 +4783,7 @@ ObjectManager::Attribute.add(
  data_option: {
    null: false,
    item_class: 'checkbox',
+    permission: ['admin.user'],
  },
  editable: false,
  active: true,
@ -4798,7 +4797,7 @@ ObjectManager::Attribute.add(
    },
    invite_customer: {},
    edit: {
-      Admin: {
+      '-all-' => {
        null: true,
      },
    },
@ -4823,6 +4822,7 @@ ObjectManager::Attribute.add(
  data_option: {
    null: true,
    default: true,
+    permission: ['admin.user', 'ticket.agent'],
  },
  editable: false,
  active: true,
@ -4831,7 +4831,7 @@ ObjectManager::Attribute.add(
    invite_agent: {},
    invite_customer: {},
    edit: {
-      Admin: {
+      '-all-' => {
        null: false,
      },
    },
@ -4895,12 +4895,13 @@ ObjectManager::Attribute.add(
      false: 'no',
    },
    translate: true,
+    permission: ['admin.organization'],
  },
  editable: false,
  active: true,
  screens: {
    edit: {
-      Admin: {
+      '-all-' => {
        null: false,
      },
    },
@ -4932,12 +4933,13 @@ ObjectManager::Attribute.add(
      false: 'no',
    },
    translate: true,
+    permission: ['admin.organization'],
  },
  editable: false,
  active: true,
  screens: {
    edit: {
-      Admin: {
+      '-all-' => {
        null: false,
      },
    },
@ -5026,12 +5028,13 @@ ObjectManager::Attribute.add(
  data_option: {
    null: true,
    default: true,
+    permission: ['admin.organization'],
  },
  editable: false,
  active: true,
  screens: {
    edit: {
-      Admin: {
+      '-all-' => {
        null: false,
      },
    },
@ -5302,6 +5305,7 @@ ObjectManager::Attribute.add(
  data_option: {
    null: true,
    default: true,
+    permission: ['admin.group'],
  },
  editable: false,
  active: true,
@ -5312,7 +5316,7 @@ ObjectManager::Attribute.add(
      },
    },
    edit: {
-      Admin: {
+      '-all-': {
        null: false,
      },
    },