Help figuring out my permissions / department setup

[StupidWeasel]

Hi there,
First of all a big thank you to the developers of SimpleDesk, it's really enhanced the way we deal with user support at the community I moderate for. We've been using it without a hitch, but I recently tasked myself with the job of fixing up the permissions and sorting out a couple of new departments. I'm running into a few problems though.

We have 5 departments (Screenshot here). 3 of the departments, any user can post in and any staff can reply to. The fourth department ("Archive") is simply for the old tickets left over from when we had a single department (using a custom field) users can't create tickets there, it seems to work fine.

The fifth department is the one causing problems. It's used for reports against super admins and should only be handled by root admins (folks in the smf administrator group). The only helpdesk group assigned to it is "Users - Super Reports" should only be able to  create tickets, view their own tickets & view their closed tickets (Screenshot Here). However the department is not visible  under the Departments tab and whilst tickets can be created, only root admins are able to see or reply to them - the user is no longer able to access them.

tl;dr / summary: I need help making a private department that a user can post in it, reply to their ticket & view their own closed ticket but only SMF Administrators may view/moderate.

Any suggestions you may have as to where I am going wrong would be great!

[venguard223]

There aren't any regular users in the Users - Super Reports role. The role exists but either has no groups attached, or the groups attached have no users.

[StupidWeasel]

The role exists (screenshot) with every group but "community owner" (custom title/artwork group with smf admin as the seconday group) attached. The SMF groups have users in them (screenshot) also. Thanks for the suggestion though, keep them coming

[venguard223]

OK, go to the profile of one of the users who is having this trouble (that can't see their tickets). In the Helpdesk area of their profile, you (as admin) will be able to see what permissions they have in what departments. Have a look through there and let me know what permissions they have.

[StupidWeasel]

Thanks for the continued assistance venguard233, I really appreciate it.

A screenshot of the permissions can be found here. For regular users, it's the exact same.

[venguard223]

OK... now I'm confused. Are you saying they have the ability to post a ticket in that department but can't get in it any other way? (And can they go back to the ticket after it's been posted?)

The reason I'm concerned is that this sounds like a major breakdown in the permissions system otherwise.

[StupidWeasel]

That's correct venguard.

View of the departments as a regular user. Creating a ticket with the user. Same user attempting to view the ticket. View of ticket as SMF admin. I can confirm that the permissions of "Disposable Weasel" are the same as above, with the "Users - Super Reports" role listed.

Sorry if all the screenshots are a little annoying, I'm trying to be through - especially as we'll find that I've messed up something that should be really obvious

[venguard223]

OK, now I'm really confused. Like REALLY confused.

The fact they're able to get a ticket into that department means they should have the ability to create tickets in that department. Which means they have a role that ties up their membergroups with that department.

Here's the kicker: there is, physically, 1+ hidden magic permissions in each role. For users, this permission is access_helpdesk (there's also one for staff and one for admin roles, but they're not relevant here)

Now, if the user has the ability to post a ticket, they must have a role giving them that posting permission - and by association they must also have that magic permission. Especially since without raw DB or code changes, it's not possible to revoke it, nor is it displayed anywhere.

But that doesn't seem to give them access to it on the helpdesk department listing, because there's no reason I can see that should cause them to do so.

What I find weirder is that they can post in other departments and have normal access - so what's different between the other departments and that one?