- Fixed ticket direct actions to check the department group permission before allowing access to the ticket.
- Fixed ticket detail page to close the detail editor if a ticket is manually typed into the URL and the current user doesn’t have permission to see it. There was a security hole where techs could get access to tickets by first visiting one that they have permission to see and then manually changing the URL.
- Fixed some inaccuracies in the logged-in indicators at Setup > Techs > Techs. It was reporting anyone with a session as being logged in, even if they were a concurrent tech that was blocked from logging in.
- Made it so concurrent techs are only allowed one session at a time (they cannot log in with multiple browsers simultaneously anymore).
- Fixed the survey viewer URL to require authentication if the survey has already been filled out.
- Changed the “Status” filter in the My/Group Tickets pages to only include status types that are relevant to those pages (i.e. it excludes statuses that have the “Include in My/Group Tickets Filter” setting turned off).
If you enjoyed this article, please consider sharing it.
Dino Kotenoglou – Director of DSS
