#
# RT was configured with:
#
-# $ ./configure --prefix=/www/var/rt/ --with-web-user=httpd --with-web-group=httpd --with-rt-group=uio-rt --with-apachectl=/www/sbin/apachectl --with-db-type=Pg --with-db-dba=postgres --disable-gpg
+# $ ./configure --prefix=/www/var/rt/ --with-web-user=httpd --with-web-group=httpd --with-rt-group=uio-rt --with-db-type=Pg --with-db-dba=postgres --disable-gpg
#
package RT;
Set(@Plugins, ());
+=item C<@StaticRoots>
+
+Set C<@StaticRoots> to serve extra paths with a static handler. The
+contents of each hashref should be the the same arguments as
+L<Plack::Middleware::Static> takes. These paths will be checked before
+any plugin or core static paths.
+
+Example:
+
+ Set( @StaticRoots,
+ {
+ path => qr{^/static/},
+ root => '/local/path/to/static/parent',
+ },
+ );
+
+=cut
+
+Set( @StaticRoots, () );
+
=back
Set($DatabaseRequireSSL, undef);
+=item <$DatabaseAdmin>
+
+The name of the database administrator to connect to the database as
+during upgrades.
+
+=cut
+
+Set($DatabaseAdmin, "postgres");
+
=back
=over 4
-=item C<$LogToSyslog>, C<$LogToScreen>
+=item C<$LogToSyslog>, C<$LogToSTDERR>
The minimum level error that will be logged to the specific device.
From lowest to highest priority, the levels are:
=cut
Set($LogToSyslog, "info");
-Set($LogToScreen, "info");
+Set($LogToSTDERR, "info");
=item C<$LogToFile>, C<$LogDir>, C<$LogToFileNamed>
=item C<@LogToSyslogConf>
-On Solaris or UnixWare, set to ( socket => 'inet' ). Options here
-override any other options RT passes to L<Log::Dispatch::Syslog>.
-Other interesting flags include facility and logopt. (See the
-L<Log::Dispatch::Syslog> documentation for more information.) (Maybe
-ident too, if you have multiple RT installations.)
+Additional options to pass to L<Log::Dispatch::Syslog>; the most
+interesting flags include C<facility>, C<logopt>, and possibly C<ident>.
+See the L<Log::Dispatch::Syslog> documentation for more information.
=cut
never have to change this configuration.
Be B<very careful> with it. Note that it overrides C<$rtname> for
-subject token matching and that you should use only "non-capturing"
-parenthesis grouping. For example:
-
-C<Set($EmailSubjectTagRegex, qr/(?:example.com|example.org)/i );>
-
-and NOT
-
-C<Set($EmailSubjectTagRegex, qr/(example.com|example.org)/i );>
+subject token matching.
The setting below would make RT behave exactly as it does without the
setting enabled.
=item C<$OwnerEmail>
C<$OwnerEmail> is the address of a human who manages RT. RT will send
-errors generated by the mail gateway to this address. This address
-should I<not> be an address that's managed by your RT instance.
+errors generated by the mail gateway to this address; it will also be
+displayed as the contact person on the RT's login page. Because RT
+sends errors to this address, it should I<not> be an address that's
+managed by your RT instance, to avoid mail loops.
=cut
=item C<$MaxAttachmentSize>
C<$MaxAttachmentSize> sets the maximum size (in bytes) of attachments
-stored in the database.
+stored in the database. This setting is irrelevant unless one of
+$TruncateLongAttachments or $DropLongAttachments (below) are set.
=cut
perl etc/upgrade/generate-rtaddressregexp
-If left blank, RT will generate a regexp for you, based on your
-comment and correspond address settings on your queues; this comes at
-a small cost in start-up speed.
+If left blank, RT will compare each address to your configured
+C<$CorrespondAddress> and C<$CommentAddress> before searching for a
+Queue configured with a matching "Reply Address" or "Comment Address"
+on the Queue Admin page.
=cut
=item C<$ValidateUserEmailAddresses>
-If C<$ValidateUserEmailAddresses> is 1, RT will refuse to create
+By default C<$ValidateUserEmailAddresses> is 1, and RT will refuse to create
users with an invalid email address (as specified in RFC 2822) or with
an email address made of multiple email addresses.
+Set this to 0 to skip any email address validation. Doing so may open up
+vulnerabilities.
+
=cut
-Set($ValidateUserEmailAddresses, undef);
+Set($ValidateUserEmailAddresses, 1);
=item C<@MailPlugins>
=cut
-Set($ExtractSubjectTagMatch, qr/\[.+? #\d+\]/);
+Set($ExtractSubjectTagMatch, qr/\[[^\]]+? #\d+\]/);
Set($ExtractSubjectTagNoMatch, ( ${RT::EmailSubjectTagRegex}
? qr/\[(?:${RT::EmailSubjectTagRegex}) #\d+\]/
: qr/\[\Q$RT::rtname\E #\d+\]/));
+=item C<$CheckMoreMSMailHeaders>
+
+Some email clients create a plain text version of HTML-formatted
+email to help other clients that read only plain text.
+Unfortunately, the plain text parts sometimes end up with
+doubled newlines and these can then end up in RT. This
+is most often seen in MS Outlook.
+
+Enable this option to have RT check for additional mail headers
+and attempt to identify email from MS Outlook. When detected,
+RT will then clean up double newlines. Note that it may
+clean up intentional double newlines as well.
+
+=cut
+
+Set( $CheckMoreMSMailHeaders, 0);
+
=back
C<$MailCommand> defines which method RT will use to try to send mail.
We know that 'sendmailpipe' works fairly well. If 'sendmailpipe'
-doesn't work well for you, try 'sendmail'. Other options are 'smtp'
-or 'qmail'.
-
-Note that you should remove the '-t' from C<$SendmailArguments> if you
-use 'sendmail' rather than 'sendmailpipe'
+doesn't work well for you, try 'sendmail'. 'qmail' is also a supported
+value.
For testing purposes, or to simply disable sending mail out into the
world, you can set C<$MailCommand> to 'testfile' which writes all mail
to a temporary file. RT will log the location of the temporary file
so you can extract mail from it afterward.
+On shutdown, RT will clean up the temporary file created when using
+the 'testfile' option. If testing while the RT server is still running,
+you can find the files in the location noted in the log file. If you run
+a tool like C<rt-crontool> however, or if you look after stopping the server,
+the files will have been deleted when the process completed. If you need to
+keep the files for development or debugging, you can manually set
+C<< UNLINK => 0 >> where the testfile config is processed in
+F<lib/RT/Interface/Email.pm>.
+
=cut
Set($MailCommand, "sendmailpipe");
Warning: If you use this setting, bounced mails will appear to be
incoming mail to the system, thus creating new tickets.
+If the value contains an C<@>, it is assumed to be an email address and used as
+a global envelope sender. Expected usage in this case is to simply set the
+same envelope sender on all mail from RT, without defining
+C<$OverrideOutgoingMailFrom>. If you do define C<$OverrideOutgoingMailFrom>,
+anything specified there overrides the global value (including Default).
+
+This option only works if C<$MailCommand> is set to 'sendmailpipe'.
+
=cut
Set($SetOutgoingMailFrom, 0);
there is no ticket involved, then the value of the C<Default> key will
be used.
-This option is irrelevant unless C<$SetOutgoingMailFrom> is set.
+This option only works if C<$SetOutgoingMailFrom> is enabled and
+C<$MailCommand> is set to 'sendmailpipe'.
=cut
By default, RT records each message it sends out to its own internal
database. To change this behavior, set C<$RecordOutgoingEmail> to 0
+If this is disabled, users' digest mail delivery preferences
+(i.e. EmailFrequency) will also be ignored.
+
=cut
Set($RecordOutgoingEmail, 1);
=item C<$SendmailArguments>
C<$SendmailArguments> defines what flags to pass to C<$SendmailPath>
-If you picked 'sendmailpipe', you MUST add a -t flag to
-C<$SendmailArguments> These options are good for most sendmail
-wrappers and work-a-likes.
+These options are good for most sendmail wrappers and work-a-likes.
These arguments are good for sendmail brand sendmail 8 and newer:
-C<Set($SendmailArguments,"-oi -t -ODeliveryMode=b -OErrorMode=m");>
+C<Set($SendmailArguments,"-oi -ODeliveryMode=b -OErrorMode=m");>
=cut
-Set($SendmailArguments, "-oi -t");
+Set($SendmailArguments, "-oi");
=item C<$SendmailBounceArguments>
Set($SendmailPath, "/usr/sbin/sendmail");
-=back
-
-=head2 SMTP configuration
-
-These options only take effect if C<$MailCommand> is 'smtp'
-
-=over 4
-
-=item C<$SMTPServer>
-
-C<$SMTPServer> should be set to the hostname of the SMTP server to use
-
-=cut
-
-Set($SMTPServer, undef);
-
-=item C<$SMTPFrom>
-
-C<$SMTPFrom> should be set to the 'From' address to use, if not the
-email's 'From'
-
-=cut
-
-Set($SMTPFrom, undef);
-
-=item C<$SMTPDebug>
-
-C<$SMTPDebug> should be set to 1 to debug SMTP mail sending
-
-=cut
-
-Set($SMTPDebug, 0);
-
=back
=head2 Other mailers
=item C<@MailParams>
C<@MailParams> defines a list of options passed to $MailCommand if it
-is not 'sendmailpipe', 'sendmail', or 'smtp'
+is not 'sendmailpipe' or 'sendmail';
=cut
This determines the default stylesheet the RT web interface will use.
RT ships with several themes by default:
- web2 The default layout for RT 3.8
+ rudder The default theme for RT 4.2
aileron The default layout for RT 4.0
+ web2 The default layout for RT 3.8
ballard Theme which doesn't rely on JavaScript for menuing
-This value actually specifies a directory in F<share/html/NoAuth/css/>
+This value actually specifies a directory in F<share/static/css/>
from which RT will try to load the file main.css (which should @import
any other files the stylesheet needs). This allows you to easily and
cleanly create your own stylesheets to apply to RT. This option can
=cut
-Set($WebDefaultStylesheet, "aileron");
+Set($WebDefaultStylesheet, "rudder");
=item C<$DefaultQueue>
Set(@CustomFieldValuesSources, ());
+=item C<%CustomFieldGroupings>
+
+This option affects the display of ticket and user custom fields in the
+web interface. It does not address the sorting of custom fields within
+the groupings; which is controlled by the Ticket Custom Fields tab in
+Queue Configuration in the Admin UI.
+
+A nested datastructure defines how to group together custom fields
+under a mix of built-in and arbitrary headings ("groupings").
+
+Set C<%CustomFieldGroupings> to a nested structure similar to the following:
+
+ Set(%CustomFieldGroupings,
+ 'RT::Ticket' => [
+ 'Grouping Name' => ['CF Name', 'Another CF'],
+ 'Another Grouping' => ['Some CF'],
+ 'Dates' => ['Shipped date'],
+ ],
+ 'RT::User' => [
+ 'Phones' => ['Fax number'],
+ ],
+ );
+
+The first level keys are record types for which CFs may be used, and the
+values are either hashrefs or arrayrefs -- if arrayrefs, then the
+ordering is preserved during display, otherwise groupings are displayed
+alphabetically. The second level keys are the grouping names and the
+values are array refs containing a list of CF names.
+
+There are several special built-in groupings which RT displays in
+specific places (usually the collapsible box of the same title). The
+ordering of these standard groupings cannot be modified. You may also
+only append Custom Fields to the list in these boxes, not reorder or
+remove core fields.
+
+For C<RT::Ticket>, these groupings are: C<Basics>, C<Dates>, C<Links>, C<People>
+
+For C<RT::User>: C<Identity>, C<Access control>, C<Location>, C<Phones>
+
+Extensions may also add their own built-in groupings, refer to the individual
+extension documentation for those.
+
=item C<$CanonicalizeRedirectURLs>
Set C<$CanonicalizeRedirectURLs> to 1 to use C<$WebURL> when
Set($CanonicalizeRedirectURLs, 0);
-=item C<@JSFiles>
+=item C<$CanonicalizeURLsInFeeds>
-A list of JavaScript files to be included in head. Removing any of
-the default entries is not suggested.
+Set C<$CanonicalizeURLsInFeeds> to 1 to use C<$WebURL> in feeds
+rather than the one we get from request.
-If you're a plugin author, refer to RT->AddJavaScript.
+If you use RT behind a reverse proxy, you almost certainly want to
+enable this option.
=cut
-Set(@JSFiles, qw/
- jquery-1.4.2.min.js
- jquery_noconflict.js
- jquery-ui-1.8.4.custom.min.js
- jquery-ui-patch-datepicker.js
- ui.timepickr.js
- titlebox-state.js
- util.js
- userautocomplete.js
- jquery.event.hover-1.0.js
- superfish.js
- supersubs.js
- jquery.supposition.js
- history-folding.js
- late.js
-/);
+Set($CanonicalizeURLsInFeeds, 0);
+
+=item C<@JSFiles>
+
+A list of additional JavaScript files to be included in head.
+
+=cut
+
+Set(@JSFiles, qw//);
=item C<$JSMinPath>
=item C<$UsernameFormat>
-This determines how user info is displayed. 'concise' will show one of
-either NickName, RealName, Name or EmailAddress, depending on what
-exists and whether the user is privileged or not. 'verbose' will show
-RealName and EmailAddress.
+This determines how user info is displayed. 'concise' will show the
+first of RealName, Name or EmailAddress that has a value. 'verbose' will
+show EmailAddress, and the first of RealName or Name which is defined.
=cut
-Set($UsernameFormat, "concise");
+Set($UsernameFormat, "role");
+
+=item C<$UserSearchResultFormat>
+
+This controls the display of lists of users returned from the User
+Summary Search. The display of users in the Admin interface is
+controlled by C<%AdminSearchResultFormat>.
+
+=cut
+
+Set($UserSearchResultFormat,
+ q{ '<a href="__WebPath__/User/Summary.html?id=__id__">__id__</a>/TITLE:#'}
+ .q{,'<a href="__WebPath__/User/Summary.html?id=__id__">__Name__</a>/TITLE:Name'}
+ .q{,__RealName__, __EmailAddress__}
+);
+
+=item C<@UserSummaryPortlets>
+
+A list of portlets to be displayed on the User Summary page.
+By default, we show all of the available portlets.
+Extensions may provide their own portlets for this page.
+
+=cut
+
+Set(@UserSummaryPortlets, (qw/ExtraInfo CreateTicket ActiveTickets InactiveTickets/));
+
+=item C<$UserSummaryExtraInfo>
+
+This controls what information is displayed on the User Summary
+portal. By default the user's Real Name, Email Address and Username
+are displayed. You can remove these or add more as needed. This
+expects a Format string of user attributes. Please note that not all
+the attributes are supported in this display because we're not
+building a table.
+
+=cut
+
+Set($UserSummaryExtraInfo, "RealName, EmailAddress, Name");
+
+=item C<$UserSummaryTicketListFormat>
+
+Control the appearance of the Active and Inactive ticket lists in the
+User Summary.
+
+=cut
+
+Set($UserSummaryTicketListFormat, q{
+ '<B><A HREF="__WebPath__/Ticket/Display.html?id=__id__">__id__</a></B>/TITLE:#',
+ '<B><A HREF="__WebPath__/Ticket/Display.html?id=__id__">__Subject__</a></B>/TITLE:Subject',
+ Status,
+ QueueName,
+ Owner,
+ Priority,
+ '__NEWLINE__',
+ '',
+ '<small>__Requestors__</small>',
+ '<small>__CreatedRelative__</small>',
+ '<small>__ToldRelative__</small>',
+ '<small>__LastUpdatedRelative__</small>',
+ '<small>__TimeLeft__</small>'
+});
=item C<$WebBaseURL>, C<$WebURL>
=cut
-Set($WebImagesURL, RT->Config->Get('WebPath') . "/NoAuth/images/");
+Set($WebImagesURL, RT->Config->Get('WebPath') . "/static/images/");
=item C<$LogoURL>
Set($ChartsTimezonesInDB, 0);
+=item C<@ChartColors>
+
+An array of 6-digit hexadecimal RGB color values used for chart series. By
+default there are 12 distinct colors.
+
+=cut
+
+Set(@ChartColors, qw(
+ 66cc66 ff6666 ffcc66 663399
+ 3333cc 339933 993333 996633
+ 33cc33 cc3333 cc9933 6633cc
+));
+
=back
=cut
-Set($HomepageComponents, [qw(QuickCreate Quicksearch MyAdminQueues MySupportQueues MyReminders RefreshHomepage Dashboards SavedSearches)]);
+Set(
+ $HomepageComponents,
+ [
+ qw(QuickCreate Quicksearch MyAdminQueues MySupportQueues MyReminders RefreshHomepage Dashboards SavedSearches FindUser) # loc_qw
+ ]
+);
=back
=item C<$UseSQLForACLChecks>
Historically, ACLs were checked on display, which could lead to empty
-search pages and wrong ticket counts. Set C<$UseSQLForACLChecks> to 1
-to limit search results in SQL instead, which eliminates these
-problems.
-
-This option is still relatively new; it may result in performance
-problems in some cases, or significant speedups in others.
+search pages and wrong ticket counts. Set C<$UseSQLForACLChecks> to 0
+to go back to this method; this will reduce the complexity of the
+generated SQL statements, at the cost of the aforementioned bugs.
=cut
-Set($UseSQLForACLChecks, undef);
+Set($UseSQLForACLChecks, 1);
=item C<$TicketsItemMapSize>
'<B><A HREF="__WebPath__/Ticket/Display.html?id=__id__">__Subject__</a></B>/TITLE:Subject',
Status,
QueueName,
- OwnerName,
+ Owner,
Priority,
'__NEWLINE__',
'',
'<B><A HREF="__WebPath__/SelfService/Display.html?id=__id__">__Subject__</a></B>/TITLE:Subject',
Status,
Requestors,
- OwnerName});
+ Owner});
=item C<%FullTextSearch>
Indexed => 0,
);
+=item C<$DontSearchFileAttachments>
+
+If C<$DontSearchFileAttachments> is set to 1, then uploaded files
+(attachments with file names) are not searched during content
+search.
+
+Note that if you use indexed FTS then named attachments are still
+indexed by default regardless of this option.
+
+=cut
+
+Set($DontSearchFileAttachments, undef);
=item C<$OnlySearchActiveTicketsInSimpleSearch>
Set($MoreAboutRequestorTicketList, "Active");
+=item C<$MoreAboutRequestorTicketListFormat>
+
+Control the appearance of the ticket lists in the 'More About Requestors' box.
+
+=cut
+
+Set($MoreAboutRequestorTicketListFormat, q{
+ '<a href="__WebPath__/Ticket/Display.html?id=__id__">__id__</a>',
+ '__Owner__',
+ '<a href="__WebPath__/Ticket/Display.html?id=__id__">__Subject__</a>',
+ '__Status__',
+});
+
+
=item C<$MoreAboutRequestorExtraInfo>
By default, the 'More about requestor' box on Ticket/Display.html
alleviate the sometimes huge owner list for installations where many
users have the OwnTicket right.
+Autocompleter is automatically turned on if list contains more than
+50 users, but penalty of executing potentially slow query is still paid.
+
+Drop down doesn't show unprivileged users. If your setup allows unprivileged
+to own ticket then you have to enable autocompleting.
+
=cut
Set($AutocompleteOwners, 0);
Set($AutocompleteOwnersForSearch, 0);
-=item C<$UserAutocompleteFields>
+=item C<$UserSearchFields>
+
+Used by the User Autocompleter as well as the User Search.
-Specifies which fields of L<RT::User> to match against and how to
-match each field when autocompleting users. Valid match methods are
-LIKE, STARTSWITH, ENDSWITH, =, and !=.
+Specifies which fields of L<RT::User> to match against and how to match
+each field when autocompleting users. Valid match methods are LIKE,
+STARTSWITH, ENDSWITH, =, and !=. Valid search fields are the core User
+fields, as well as custom fields, which are specified as "CF.1234" or
+"CF.Name"
=cut
-Set($UserAutocompleteFields, {
+Set($UserSearchFields, {
EmailAddress => 'STARTSWITH',
Name => 'STARTSWITH',
RealName => 'LIKE',
Set($AllowUserAutocompleteForUnprivileged, 0);
+=item C<$TicketAutocompleteFields>
+
+Specifies which fields of L<RT::Ticket> to match against and how to match each
+field when autocompleting users. Valid match methods are LIKE, STARTSWITH,
+ENDSWITH, C<=>, and C<!=>.
+
+Not all Ticket fields are publically accessible and hence won't work for
+autocomplete unless you override their accessibility using a local overlay or a
+plugin. Out of the box the following fields are public: id, Subject.
+
+=cut
+
+Set( $TicketAutocompleteFields, {
+ id => 'STARTSWITH',
+ Subject => 'LIKE',
+});
+
=item C<$DisplayTicketAfterQuickCreate>
Enable this to redirect to the created ticket display page
Set($MessageBoxWidth, undef);
Set($MessageBoxHeight, 15);
-=item C<$MessageBoxWrap>
-
-Wrapping is disabled when using MessageBoxRichText because of a bad
-interaction between IE and wrapping with the Rich Text Editor.
-
-=cut
-
-Set($MessageBoxWrap, "SOFT");
-
=item C<$MessageBoxRichText>
Should "rich text" editing be enabled? This option lets your users
Set($OldestTransactionsFirst, 1);
-=item C<$DeferTransactionLoading>
+=item C<$ShowHistory>
-When set, defers loading ticket history until the user clicks a link.
-This should end up serving pages to users quicker, since generating
-all the HTML for transaction history can be slow for long tickets.
+This option controls how history is shown on the ticket display page. It
+accepts one of three possible modes and is overrideable on a per-user
+preference level. If you regularly deal with long tickets and don't care much
+about the history, you may wish to change this option to C<click>.
+
+=over
+
+=item C<delay> (the default)
+
+When set to C<delay>, history is loaded via javascript after the rest of the
+page has been loaded. This speeds up apparent page load times and generally
+provides a smoother experience. You may notice slight delays before the ticket
+history appears on very long tickets.
+
+=item C<click>
+
+When set to C<click>, history is loaded on demand when a placeholder link is
+clicked. This speeds up ticket display page loads and history is never loaded
+if not requested.
+
+=item C<always>
+
+When set to C<always>, history is loaded before showing the page. This ensures
+history is always available immediately, but at the expense of longer page load
+times. This behaviour was the default in RT 4.0.
+
+=back
=cut
-# Set($DeferTransactionLoading, 1);
+Set($ShowHistory, 'delay');
=item C<$ShowBccHeader>
Set($AlwaysDownloadAttachments, undef);
-=item C<$AttachmentUnits>
-
-Controls the units (kilobytes or bytes) that attachment sizes use for
-display. The default is to display kilobytes if the attachment is
-larger than 1024 bytes, bytes otherwise. If you set
-C<$AttachmentUnits> to C<'k'> then attachment sizes will always be
-displayed in kilobytes. If set to C<'b'>, then sizes will be bytes.
-
-=cut
-
-Set($AttachmentUnits, undef);
-
=item C<$PreferRichText>
-If C<$PreferRichText> is set to 1, RT will show HTML/Rich text messages
-in preference to their plain-text alternatives. RT "scrubs" the HTML to
-show only a minimal subset of HTML to avoid possible contamination by
-cross-site-scripting attacks.
+By default, RT shows rich text (HTML) messages if possible.
+
+If C<$PreferRichText> is set to 0, RT will show plain text messages
+in preference to any rich text alternatives.
=cut
-Set($PreferRichText, undef);
+Set($PreferRichText, 1);
=item C<$MaxInlineBody>
Set($ShowTransactionImages, 1);
-=item C<$PlainTextPre>
+=item C<$ShowRemoteImages>
-Normally plaintext attachments are displayed as HTML with line breaks
-preserved. This causes space- and tab-based formatting not to be
-displayed correctly. By setting $PlainTextPre messages will be
-displayed using <pre>.
+By default, RT doesn't show remote images attached to incoming (and outgoing)
+ticket updates inline. Set this variable to 1 if you'd like to enable remote
+image display. Showing remote images may allow spammers and other senders to
+track when messages are viewed and see referer information.
-=cut
+Note that this setting is independent of L</$ShowTransactionImages> above.
-Set($PlainTextPre, 0);
+=cut
+Set($ShowRemoteImages, 0);
=item C<$PlainTextMono>
-Set C<$PlainTextMono> to 1 to use monospaced font and preserve
-formatting; unlike C<$PlainTextPre>, the text will wrap to fit width
-of the browser window; this option overrides C<$PlainTextPre>.
+Normally plaintext attachments are displayed as HTML with line breaks
+preserved. This causes space- and tab-based formatting not to be
+displayed correctly. Set C<$PlainTextMono> to 1 to use a monospaced
+font and preserve formatting.
=cut
link after the URL.
* 'httpurl_overwrite': also detects URLs as 'httpurl' format, but
- replaces the URL with a link.
+ replaces the URL with a link. Enabled by default.
See F<share/html/Elements/MakeClicky> for documentation on how to add
your own styles of link detection.
=cut
-Set(@Active_MakeClicky, qw());
+Set(@Active_MakeClicky, qw(httpurl_overwrite));
+
+=item C<$QuoteFolding>
+
+Quote folding is the hiding of old replies in transaction history.
+It defaults to on. Set this to 0 to disable it.
+
+=cut
+
+Set($QuoteFolding, 1);
=back
If C<$ParseNewMessageForTicketCcs> is set to 1, RT will attempt to
divine Ticket 'Cc' watchers from the To and Cc lines of incoming
-messages. Be forewarned that if you have I<any> addresses which forward
-mail to RT automatically and you enable this option without modifying
-C<$RTAddressRegexp> below, you will get yourself into a heap of trouble.
+messages that create new Tickets. This option does not apply to replies
+or comments on existing Tickets. Be forewarned that if you have I<any>
+addresses which forward mail to RT automatically and you enable this
+option without modifying C<$RTAddressRegexp> below, you will get
+yourself into a heap of trouble.
=cut
=item C<$ForceApprovalsView>
Should approval tickets only be viewed and modified through the standard
-approval interface? Changing this setting to 1 will redirect any attempt to
-use the normal ticket display and modify page for approval tickets.
+approval interface? With this setting enabled (by default), any attempt to use
+the normal ticket display and modify page for approval tickets will be
+redirected.
For example, with this option set to 1 and an approval ticket #123:
/Approval/Display.html?id=123
+With this option set to 0, the redirect won't happen.
+
=back
=cut
-Set($ForceApprovalsView, 0);
+Set($ForceApprovalsView, 1);
=head1 Extra security
-=over 4
-
This is a list of extra security measures to enable that help keep your RT
safe. If you don't know what these mean, you should almost certainly leave the
defaults alone.
+=over 4
+
=item C<$DisallowExecuteCode>
If set to a true value, the C<ExecuteCode> right will be removed from
Set($RestrictLoginReferrer, 0);
-=item C<$ReferrerWhitelist>
+=item C<@ReferrerWhitelist>
This is a list of hostname:port combinations that RT will treat as being
part of RT's domain. This is particularly useful if you access RT as
by a host:port sent by your browser that you believe should be valid, you can copy
the host:port from the error message into this list.
+Simple wildcards, similar to SSL certificates, are allowed. For example:
+
+ *.example.com:80 # matches foo.example.com
+ # but not example.com
+ # or foo.bar.example.com
+
+ www*.example.com:80 # matches www3.example.com
+ # and www-test.example.com
+ # and www.example.com
+
=cut
Set(@ReferrerWhitelist, qw());
+
+=item C<$BcryptCost>
+
+This sets the default cost parameter used for the C<bcrypt> key
+derivation function. Valid values range from 4 to 31, inclusive, with
+higher numbers denoting greater effort.
+
+=cut
+
+Set($BcryptCost, 10);
+
=back
=over 4
-=item C<$WebExternalAuth>
+=item C<$WebRemoteUserAuth>
-If C<$WebExternalAuth> is defined, RT will defer to the environment's
-REMOTE_USER variable.
+If C<$WebRemoteUserAuth> is defined, RT will defer to the environment's
+REMOTE_USER variable, which should be set by the webserver's
+authentication layer.
=cut
-Set($WebExternalAuth, undef);
+Set($WebRemoteUserAuth, undef);
-=item C<$WebExternalAuthContinuous>
+=item C<$WebRemoteUserContinuous>
-If C<$WebExternalAuthContinuous> is defined, RT will check for the
+If C<$WebRemoteUserContinuous> is defined, RT will check for the
REMOTE_USER on each access. If you would prefer this to only happen
once (at initial login) set this to a false value. The default
-setting will help ensure that if your external authentication system
+setting will help ensure that if your webserver's authentication layer
deauthenticates a user, RT notices as soon as possible.
=cut
-Set($WebExternalAuthContinuous, 1);
+Set($WebRemoteUserContinuous, 1);
-=item C<$WebFallbackToInternalAuth>
+=item C<$WebFallbackToRTLogin>
-If C<$WebFallbackToInternalAuth> is defined, the user is allowed a
+If C<$WebFallbackToRTLogin> is defined, the user is allowed a
chance of fallback to the login screen, even if REMOTE_USER failed.
=cut
-Set($WebFallbackToInternalAuth, undef);
+Set($WebFallbackToRTLogin, undef);
-=item C<$WebExternalGecos>
+=item C<$WebRemoteUserGecos>
-C<$WebExternalGecos> means to match 'gecos' field as the user
-identity); useful with mod_auth_pwcheck and IIS Integrated Windows
+C<$WebRemoteUserGecos> means to match 'gecos' field as the user
+identity; useful with C<mod_auth_pwcheck> and IIS Integrated Windows
logon.
=cut
-Set($WebExternalGecos, undef);
+Set($WebRemoteUserGecos, undef);
-=item C<$WebExternalAuto>
+=item C<$WebRemoteUserAutocreate>
-C<$WebExternalAuto> will create users under the same name as
-REMOTE_USER upon login, if it's missing in the Users table.
+C<$WebRemoteUserAutocreate> will create users under the same name as
+REMOTE_USER upon login, if they are missing from the Users table.
=cut
-Set($WebExternalAuto, undef);
+Set($WebRemoteUserAutocreate, undef);
-=item C<$AutoCreate>
+=item C<$UserAutocreateDefaultsOnLogin>
-If C<$WebExternalAuto> is set to 1, C<$AutoCreate> will be passed to
-User's Create method. Use it to set defaults, such as creating
-Unprivileged users with C<{ Privileged => 0 }> This must be a hashref.
+If C<$WebRemoteUserAutocreate> is set to 1, C<$UserAutocreateDefaultsOnLogin>
+will be passed to L<RT::User/Create>. Use it to set defaults, such as
+creating unprivileged users with C<<{ Privileged => 0 }>>. This must be
+a hashref.
=cut
-Set($AutoCreate, undef);
+Set($UserAutocreateDefaultsOnLogin, undef);
=item C<$WebSessionClass>
-C<$WebSessionClass> is the class you wish to use for managing sessions.
-It defaults to use your SQL database, except on Oracle, where it
-defaults to files on disk.
+C<$WebSessionClass> is the class you wish to use for storing sessions. On
+MySQL, Pg, and Oracle it defaults to using your database, in other cases
+sessions are stored in files using L<Apache::Session::File>. Other installed
+Apache:Session::* modules can be used to store sessions.
+
+ Set($WebSessionClass, "Apache::Session::File");
=cut
-# Set($WebSessionClass, "Apache::Session::File");
+Set($WebSessionClass, undef);
+
+=item C<%WebSessionProperties>
+
+C<%WebSessionProperties> is the hash to configure class L</$WebSessionClass>
+in case custom class is used. By default it's empty and values are picked
+depending on the class. Make sure that it's empty if you're using DB as session
+backend.
+
+=cut
+
+Set( %WebSessionProperties );
=item C<$AutoLogoff>
Set($DefaultTimeUnitsToHours, 0);
+=item C<$TimeInICal>
+
+By default, events in the iCal feed on the ticket search page
+contain only dates, making them all day calendar events. Set
+C<$TimeInICal> if you have start or due dates on tickets that
+have significant time values and you want those times to be
+included in the events in the iCal feed.
+
+This option can also be set as an individual user preference.
+
+=cut
+
+Set($TimeInICal, 0);
+
=back
+=head1 Cryptography
+
+A complete description of RT's cryptography capabilities can be found in
+L<RT::Crypt>. At this moment, GnuPG (PGP) and SMIME security protocols are
+supported.
+
+=over 4
+
+=item C<%Crypt>
+
+The following options apply to all cryptography protocols.
+
+By default, all enabled security protocols will analyze each incoming
+email. You may set C<Incoming> to a subset of this list, if some enabled
+protocols do not apply to incoming mail; however, this is usually
+unnecessary. Note that for any verification or decryption to occur for
+incoming mail, the C<Auth::Crypt> mail plugin must be added to
+L</@MailPlugins> as specified in L<RT::Crypt/Handling incoming messages>.
+
+For outgoing emails, the first security protocol from the above list is
+used. Use the C<Outgoing> option to set a security protocol that should
+be used in outgoing emails. At this moment, only one protocol can be
+used to protect outgoing emails.
+
+Set C<RejectOnUnencrypted> to true if all incoming email must be
+properly encrypted. All unencrypted emails will be rejected by RT.
+
+Set C<RejectOnMissingPrivateKey> to false if you don't want to reject
+emails encrypted for key RT doesn't have and can not decrypt.
-=head1 GnuPG integration
+Set C<RejectOnBadData> to false if you don't want to reject letters
+with incorrect data.
+
+If you want to allow people to encrypt attachments inside the DB then
+set C<AllowEncryptDataInDB> to 1.
+
+Set C<Dashboards> to a hash with Encrypt and Sign keys to control
+whether dashboards should be encrypted and/or signed correspondingly.
+By default they are not encrypted or signed.
+
+=back
+
+=cut
+
+Set( %Crypt,
+ Incoming => undef, # ['GnuPG', 'SMIME']
+ Outgoing => undef, # 'SMIME'
+
+ RejectOnUnencrypted => 0,
+ RejectOnMissingPrivateKey => 1,
+ RejectOnBadData => 1,
+
+ AllowEncryptDataInDB => 0,
+
+ Dashboards => {
+ Encrypt => 0,
+ Sign => 0,
+ },
+);
+
+=head2 SMIME configuration
+
+A full description of the SMIME integration can be found in
+L<RT::Crypt::SMIME>.
+
+=over 4
+
+=item C<%SMIME>
+
+Set C<Enable> to false or true value to disable or enable SMIME for
+encrypting and signing messages.
+
+Set C<OpenSSL> to path to F<openssl> executable.
+
+Set C<Keyring> to directory with key files. Key and certificates should
+be stored in a PEM file in this directory named named, e.g.,
+F<email.address@example.com.pem>.
+
+Set C<CAPath> to either a PEM-formatted certificate of a single signing
+certificate authority, or a directory of such (including hash symlinks
+as created by the openssl tool C<c_rehash>). Only SMIME certificates
+signed by these certificate authorities will be treated as valid
+signatures. If left unset (and C<AcceptUntrustedCAs> is unset, as it is
+by default), no signatures will be marked as valid!
+
+Set C<AcceptUntrustedCAs> to allow arbitrary SMIME certificates, no
+matter their signing entities. Such mails will be marked as untrusted,
+but signed; C<CAPath> will be used to mark which mails are signed by
+trusted certificate authorities. This configuration is generally
+insecure, as it allows the possibility of accepting forged mail signed
+by an untrusted certificate authority.
+
+Setting C<AcceptUntrustedCAs> also allows encryption to users with
+certificates created by untrusted CAs.
+
+Set C<Passphrase> to a scalar (to use for all keys), an anonymous
+function, or a hash (to look up by address). If the hash is used, the
+'' key is used as a default.
+
+See L<RT::Crypt::SMIME> for details.
+
+=back
+
+=cut
+
+Set( %SMIME,
+ Enable => 0,
+ OpenSSL => 'openssl',
+ Keyring => q{var/data/smime},
+ CAPath => undef,
+ AcceptUntrustedCAs => undef,
+ Passphrase => undef,
+);
+
+=head2 GnuPG configuration
A full description of the (somewhat extensive) GnuPG integration can
be found by running the command `perldoc L<RT::Crypt::GnuPG>` (or
=item C<%GnuPG>
-Set C<OutgoingMessagesFormat> to 'inline' to use inline encryption and
-signatures instead of 'RFC' (GPG/MIME: RFC3156 and RFC1847) format.
+Set C<Enable> to false or true value to disable or enable GnuPG interfaces
+for encrypting and signing outgoing messages.
-If you want to allow people to encrypt attachments inside the DB then
-set C<AllowEncryptDataInDB> to 1.
+Set C<GnuPG> to the name or path of the gpg binary to use.
-Set C<RejectOnMissingPrivateKey> to false if you don't want to reject
-emails encrypted for key RT doesn't have and can not decrypt.
+Set C<Passphrase> to a scalar (to use for all keys), an anonymous
+function, or a hash (to look up by address). If the hash is used, the
+'' key is used as a default.
-Set C<RejectOnBadData> to false if you don't want to reject letters
-with incorrect GnuPG data.
+Set C<OutgoingMessagesFormat> to 'inline' to use inline encryption and
+signatures instead of 'RFC' (GPG/MIME: RFC3156 and RFC1847) format.
=cut
Set(%GnuPG,
- Enable => 0,
+ Enable => 0,
+ GnuPG => 'gpg',
+ Passphrase => undef,
OutgoingMessagesFormat => "RFC", # Inline
- AllowEncryptDataInDB => 0,
-
- RejectOnMissingPrivateKey => 1,
- RejectOnBadData => 1,
);
=item C<%GnuPGOptions>
=head3 Statuses available during ticket creation
-By default users can create tickets with any status, except
-deleted. If you want to restrict statuses available during creation
-then describe transition from '' (empty string), like in the example
-above.
+By default users can create tickets with a status of new,
+open, or resolved, but cannot create tickets with a status of
+rejected, stalled, or deleted. If you want to change the statuses
+available during creation, update the transition from '' (empty
+string), like in the example above.
=head3 Protecting status changes with rights
RT can show administrators a feed of recent RT releases and other
related announcements and information from Best Practical on the top
-level Configuration page. This feature helps you stay up to date on
+level Admin page. This feature helps you stay up to date on
RT security announcements and version updates.
RT provides this feature using an "iframe" on C</Admin/index.html>
Queues =>
q{'<a href="__WebPath__/Admin/Queues/Modify.html?id=__id__">__id__</a>/TITLE:#'}
.q{,'<a href="__WebPath__/Admin/Queues/Modify.html?id=__id__">__Name__</a>/TITLE:Name'}
- .q{,__Description__,__Address__,__Priority__,__DefaultDueIn__,'__Disabled__,__Lifecycle__},
+ .q{,__Description__,__Address__,__Priority__,__DefaultDueIn__,__Disabled__,__Lifecycle__},
Groups =>
q{'<a href="__WebPath__/Admin/Groups/Modify.html?id=__id__">__id__</a>/TITLE:#'}
CustomFields =>
q{'<a href="__WebPath__/Admin/CustomFields/Modify.html?id=__id__">__id__</a>/TITLE:#'}
.q{,'<a href="__WebPath__/Admin/CustomFields/Modify.html?id=__id__">__Name__</a>/TITLE:Name'}
- .q{,__AppliedTo__, __FriendlyType__, __FriendlyPattern__},
+ .q{,__AddedTo__, __FriendlyType__, __FriendlyPattern__},
Scrips =>
- q{'<a href="__WebPath__/Admin/Queues/Scrip.html?id=__id__&Queue=__QueueId__">__id__</a>/TITLE:#'}
- .q{,'<a href="__WebPath__/Admin/Queues/Scrip.html?id=__id__&Queue=__QueueId__">__Description__</a>/TITLE:Description'}
- .q{,__Stage__, __Condition__, __Action__, __Template__},
-
- GlobalScrips =>
- q{'<a href="__WebPath__/Admin/Global/Scrip.html?id=__id__">__id__</a>/TITLE:#'}
- .q{,'<a href="__WebPath__/Admin/Global/Scrip.html?id=__id__">__Description__</a>/TITLE:Description'}
- .q{,__Stage__, __Condition__, __Action__, __Template__},
+ q{'<a href="__WebPath__/Admin/Scrips/Modify.html?id=__id__">__id__</a>/TITLE:#'}
+ .q{,'<a href="__WebPath__/Admin/Scrips/Modify.html?id=__id__">__Description__</a>/TITLE:Description'}
+ .q{,__Condition__, __Action__, __Template__, __Disabled__},
Templates =>
q{'<a href="__WebPath__/__WebRequestPathDir__/Template.html?Queue=__QueueId__&Template=__id__">__id__</a>/TITLE:#'}
.q{,'<a href="__WebPath__/__WebRequestPathDir__/Template.html?Queue=__QueueId__&Template=__id__">__Name__</a>/TITLE:Name'}
- .q{,'__Description__'},
+ .q{,'__Description__','__UsedBy__','__IsEmpty__'},
Classes =>
q{ '<a href="__WebPath__/Admin/Articles/Classes/Modify.html?id=__id__">__id__</a>/TITLE:#'}
.q{,'<a href="__WebPath__/Admin/Articles/Classes/Modify.html?id=__id__">__Name__</a>/TITLE:Name'}
=cut
-Set($DevelMode, "0");
+Set($DevelMode, 0);
=item C<$RecordBaseClass>
logged at.
Enabling this option will also expose the SQL Queries page in the
-Configuration -> Tools menu for SuperUsers.
+Admin -> Tools menu for SuperUsers.
=cut
=back
-
-
-
-=head1 Deprecated options
-
-=over 4
-
-=item C<$LinkTransactionsRun1Scrip>
-
-RT-3.4 backward compatibility setting. Add/Delete Link used to record
-one transaction and run one scrip. Set this value to 1 if you want
-only one of the link transactions to have scrips run.
-
-=cut
-
-Set($LinkTransactionsRun1Scrip, 0);
-
-=item C<$ResolveDefaultUpdateType>
-
-This option has been deprecated. You can configure this site-wide
-with L</Lifecycles> (see L</Labeling and defining actions>).
-
=cut
1;
git://git.uio.no / usit-rt.git / blobdiff