Fixed issue #920 - Unable to create users with admin.user permission.

app/assets/javascripts/app/controllers/_ui_element/object_manager_attribute.coffee

@@ -47,14 +47,14 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
     object = params.object
     objects =
       Ticket:
-        Customer:
+        'ticket.customer':
           create_middle:
             shown: true
             required: false
           edit:
             shown: true
             required: false
-        Agent:
+        'ticket.agent':
           create_middle:
             shown: true
             required: false
@@ -62,7 +62,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
             shown: true
             required: false
       User:
-        Customer:
+        'ticket.customer':
           create:
             shown: true
             required: false
@@ -71,7 +71,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
           signup:
             shown: false
             required: false
-        Agent:
+        'ticket.agent':
           create:
             shown: true
             required: false
@@ -83,7 +83,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
           invite_customer:
             show: false
             required: false
-        Admin:
+        'admin.group':
           create:
             shown: true
             required: false
@@ -99,10 +99,10 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
             show: false
             required: false
       Organization:
-        Customer:
+        'ticket.customer':
           view:
             shown: true
-        Agent:
+        'ticket.agent':
           create:
             shown: true
             required: false
@@ -111,7 +111,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
             required: false
           view:
             shown: true
-        Admin:
+        'admin.group':
           create:
             shown: true
             required: false
@@ -121,7 +121,7 @@ class App.UiElement.object_manager_attribute extends App.UiElement.ApplicationUi
           view:
             shown: true
       Group:
-        Admin:
+        'admin.group':
           create:
             shown: true
             required: false

app/assets/javascripts/app/controllers/logout.coffee

@@ -5,4 +5,4 @@ class Index extends App.ControllerContent
     App.Auth.logout()
 
 App.Config.set('logout', Index, 'Routes')
-App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout', role: [ 'Agent', 'Customer' ] }, 'NavBarRight')
+App.Config.set('Logout', { prio: 1800, parent: '#current_user', name: 'Sign out', translate: true, target: '#logout', divider: true, iconClass: 'signout' }, 'NavBarRight')

app/controllers/sessions_controller.rb

@@ -196,7 +196,7 @@ class SessionsController < ApplicationController
 
   # "switch" to user
   def switch_to_user
-    permission_check('admin.session')
+    permission_check(['admin.session', 'admin.user'])
 
     # check user
     if !params[:id]

app/models/object_manager/attribute.rb

@@ -61,7 +61,7 @@ add a new attribute entry for an object
         },
       },
       edit: {
-        Agent : {
+        'ticket.agent' => {
           required: true,
         },
       },
@@ -384,14 +384,25 @@ returns:
         tag: item.data_type,
         #:null     => item.null,
       }
+      if item.data_option[:permission] && item.data_option[:permission].any?
+        next if !user
+        hint = false
+        item.data_option[:permission].each { |permission|
+          next if !user.permissions?(permission)
+          hint = true
+          break
+        }
+        next if !hint
+      end
+
       if item.screens
         data[:screen] = {}
-        item.screens.each { |screen, roles_options|
+        item.screens.each { |screen, permission_options|
           data[:screen][screen] = {}
-          roles_options.each { |role, options|
-            if role == '-all-'
+          permission_options.each { |permission, options|
+            if permission == '-all-'
               data[:screen][screen] = options
-            elsif user && user.role?(role)
+            elsif user && user.permissions?(permission)
               data[:screen][screen] = options
             end
           }

db/migrate/20170403000001_fixed_admin_user_permission_920.rb

@@ -0,0 +1,767 @@
+class FixedAdminUserPermission920 < ActiveRecord::Migration
+  def up
+
+    # return if it's a new setup
+    return if !Setting.find_by(name: 'system_init_done')
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'customer_id',
+      display: 'Customer',
+      data_type: 'user_autocompletion',
+      data_option: {
+        relation: 'User',
+        autocapitalize: false,
+        multiple: false,
+        guess: true,
+        null: false,
+        limit: 200,
+        placeholder: 'Enter Person or Organization/Company',
+        minLengt: 2,
+        translate: false,
+        permission: ['ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        edit: {},
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 10,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'type',
+      display: 'Type',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        options: {
+          'Incident' => 'Incident',
+          'Problem'  => 'Problem',
+          'Request for Change' => 'Request for Change',
+        },
+        nulloption: true,
+        multiple: false,
+        null: true,
+        translate: true,
+      },
+      editable: true,
+      active: false,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 20,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'group_id',
+      display: 'Group',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        relation: 'Group',
+        relation_condition: { access: 'rw' },
+        nulloption: true,
+        multiple: false,
+        null: false,
+        translate: false,
+        only_shown_if_selectable: true,
+        permission: ['ticket.agent', 'ticket.customer'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 25,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'owner_id',
+      display: 'Owner',
+      data_type: 'select',
+      data_option: {
+        default: '',
+        relation: 'User',
+        relation_condition: { roles: 'Agent' },
+        nulloption: true,
+        multiple: false,
+        null: true,
+        translate: false,
+        permission: ['ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: true,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 30,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'state_id',
+      display: 'State',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketState',
+        nulloption: true,
+        multiple: false,
+        null: false,
+        default: Ticket::State.find_by(name: 'open').id,
+        translate: true,
+        filter: Ticket::State.by_category(:viewable).pluck(:id),
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          'ticket.agent' => {
+            null: false,
+            item_class: 'column',
+            filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id),
+          },
+          'ticket.customer' => {
+            item_class: 'column',
+            nulloption: false,
+            null: true,
+            filter: Ticket::State.by_category(:viewable_customer_new).pluck(:id),
+            default: Ticket::State.find_by(name: 'new').id,
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            nulloption: false,
+            null: false,
+            filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id),
+          },
+          'ticket.customer' => {
+            nulloption: false,
+            null: true,
+            filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id),
+            default: Ticket::State.find_by(name: 'open').id,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 40,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'pending_time',
+      display: 'Pending till',
+      data_type: 'datetime',
+      data_option: {
+        future: true,
+        past: false,
+        diff: 24,
+        null: true,
+        translate: true,
+        required_if: {
+          state_id: Ticket::State.by_category(:pending).pluck(:id),
+        },
+        shown_if: {
+          state_id: Ticket::State.by_category(:pending).pluck(:id),
+        },
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          '-all-' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 41,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'priority_id',
+      display: 'Priority',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketPriority',
+        nulloption: false,
+        multiple: false,
+        null: false,
+        default: Ticket::Priority.find_by(name: '2 normal').id,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {
+          'ticket.agent' => {
+            null: false,
+            item_class: 'column',
+          },
+        },
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 80,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Ticket',
+      name: 'tags',
+      display: 'Tags',
+      data_type: 'tag',
+      data_option: {
+        type: 'text',
+        null: true,
+        translate: false,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_bottom: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+        edit: {},
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 900,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'type_id',
+      display: 'Type',
+      data_type: 'select',
+      data_option: {
+        relation: 'TicketArticleType',
+        nulloption: false,
+        multiple: false,
+        null: false,
+        default: Ticket::Article::Type.lookup(name: 'note').id,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 100,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'internal',
+      display: 'Visibility',
+      data_type: 'select',
+      data_option: {
+        options: { true: 'internal', false: 'public' },
+        nulloption: false,
+        multiple: false,
+        null: true,
+        default: false,
+        translate: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 200,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'to',
+      display: 'To',
+      data_type: 'input',
+      data_option: {
+        type: 'text',
+        maxlength: 1000,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 300,
+    )
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'cc',
+      display: 'Cc',
+      data_type: 'input',
+      data_option: {
+        type: 'text',
+        maxlength: 1000,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {},
+        create_middle: {},
+        edit: {
+          'ticket.agent' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'TicketArticle',
+      name: 'body',
+      display: 'Text',
+      data_type: 'richtext',
+      data_option: {
+        type: 'richtext',
+        maxlength: 20_000,
+        upload: true,
+        rows: 8,
+        null: true,
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create_top: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 600,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'password',
+      display: 'Password',
+      data_type: 'input',
+      data_option: {
+        type: 'password',
+        maxlength: 100,
+        null: true,
+        autocomplete: 'off',
+        item_class: 'formGroup--halfSize',
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        invite_agent: {},
+        invite_customer: {},
+        edit: {
+          'admin.user' => {
+            null: true,
+          },
+        },
+        view: {}
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'vip',
+      display: 'VIP',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: false,
+        item_class: 'formGroup--halfSize',
+        options: {
+          false: 'no',
+          true: 'yes',
+        },
+        translate: true,
+        permission: ['admin.user', 'ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1490,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'role_ids',
+      display: 'Permissions',
+      data_type: 'user_permission',
+      data_option: {
+        null: false,
+        item_class: 'checkbox',
+        permission: ['admin.user'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {},
+        invite_agent: {
+          '-all-' => {
+            null: false,
+            default: [Role.lookup(name: 'Agent').id],
+          },
+        },
+        invite_customer: {},
+        edit: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1600,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'User',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.user', 'ticket.agent'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        signup: {},
+        invite_agent: {},
+        invite_customer: {},
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'shared',
+      display: 'Shared organization',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: true,
+        note: 'Customers in the organization can view each other items.',
+        item_class: 'formGroup--halfSize',
+        options: {
+          true: 'yes',
+          false: 'no',
+        },
+        translate: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1400,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'domain_assignment',
+      display: 'Domain based assignment',
+      data_type: 'boolean',
+      data_option: {
+        null: true,
+        default: false,
+        note: 'Assign Users based on users domain.',
+        item_class: 'formGroup--halfSize',
+        options: {
+          true: 'yes',
+          false: 'no',
+        },
+        translate: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: true,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1410,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Organization',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.organization'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        edit: {
+          '-all-' => {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    ObjectManager::Attribute.add(
+      force: true,
+      object: 'Group',
+      name: 'active',
+      display: 'Active',
+      data_type: 'active',
+      data_option: {
+        null: true,
+        default: true,
+        permission: ['admin.group'],
+      },
+      editable: false,
+      active: true,
+      screens: {
+        create: {
+          '-all-' => {
+            null: true,
+          },
+        },
+        edit: {
+          '-all-': {
+            null: false,
+          },
+        },
+        view: {
+          '-all-' => {
+            shown: false,
+          },
+        },
+      },
+      to_create: false,
+      to_migrate: false,
+      to_delete: false,
+      position: 1800,
+    )
+
+    map = {
+      Admin: 'admin',
+      Agent: 'ticket.agent',
+      Customer: 'ticket.customer',
+    }
+    ObjectManager::Attribute.all.each { |attribute|
+      next if attribute.screens.blank?
+      screens = {}
+      attribute.screens.each { |screen, role_value|
+        if role_value.blank?
+          screens[screen] = role_value
+        else
+          screens[screen] = {}
+          role_value.each { |role, value|
+            if map[role.to_sym]
+              screens[screen][map[role.to_sym]] = value
+            else
+              screens[screen][role] = value
+            end
+          }
+        end
+      }
+      attribute.screens = screens
+      attribute.save!
+    }
+
+  end
+
+end

db/seeds.rb

@@ -3708,12 +3708,13 @@ ObjectManager::Attribute.add(
     placeholder: 'Enter Person or Organization/Company',
     minLengt: 2,
     translate: false,
+    permission: ['ticket.agent'],
   },
   editable: false,
   active: true,
   screens: {
     create_top: {
-      Agent: {
+      '-all-' => {
         null: false,
       },
     },
@@ -3752,7 +3753,7 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
       },
     },
@@ -3777,6 +3778,7 @@ ObjectManager::Attribute.add(
     null: false,
     translate: false,
     only_shown_if_selectable: true,
+    permission: ['ticket.agent', 'ticket.customer'],
   },
   editable: false,
   active: true,
@@ -3788,7 +3790,7 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
       },
     },
@@ -3812,18 +3814,19 @@ ObjectManager::Attribute.add(
     multiple: false,
     null: true,
     translate: false,
+    permission: ['ticket.agent'],
   },
   editable: false,
   active: true,
   screens: {
     create_middle: {
-      Agent: {
+      '-all-' => {
         null: true,
         item_class: 'column',
       },
     },
     edit: {
-      Agent: {
+      '-all-' => {
         null: true,
       },
     },
@@ -3852,12 +3855,12 @@ ObjectManager::Attribute.add(
   active: true,
   screens: {
     create_middle: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
         item_class: 'column',
         filter: Ticket::State.by_category(:viewable_agent_new).pluck(:id),
       },
-      Customer: {
+      'ticket.customer' => {
         item_class: 'column',
         nulloption: false,
         null: true,
@@ -3866,12 +3869,12 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Agent: {
+      'ticket.agent' => {
         nulloption: false,
         null: false,
         filter: Ticket::State.by_category(:viewable_agent_edit).pluck(:id),
       },
-      Customer: {
+      'ticket.customer' => {
         nulloption: false,
         null: true,
         filter: Ticket::State.by_category(:viewable_customer_edit).pluck(:id),
@@ -3913,7 +3916,7 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Agent: {
+      '-all-' => {
         null: false,
       },
     },
@@ -3941,13 +3944,13 @@ ObjectManager::Attribute.add(
   active: true,
   screens: {
     create_middle: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
         item_class: 'column',
       },
     },
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
       },
     },
@@ -3973,7 +3976,7 @@ ObjectManager::Attribute.add(
   active: true,
   screens: {
     create_bottom: {
-      Agent: {
+      'ticket.agent' => {
         null: true,
       },
     },
@@ -4004,7 +4007,7 @@ ObjectManager::Attribute.add(
   screens: {
     create_middle: {},
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
       },
     },
@@ -4034,7 +4037,7 @@ ObjectManager::Attribute.add(
   screens: {
     create_middle: {},
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: false,
       },
     },
@@ -4061,7 +4064,7 @@ ObjectManager::Attribute.add(
   screens: {
     create_middle: {},
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: true,
       },
     },
@@ -4088,7 +4091,7 @@ ObjectManager::Attribute.add(
     create_top: {},
     create_middle: {},
     edit: {
-      Agent: {
+      'ticket.agent' => {
         null: true,
       },
     },
@@ -4121,12 +4124,9 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Agent: {
+      '-all-' => {
         null: true,
       },
-      Customer: {
-        null: false,
-      },
     },
   },
   to_create: false,
@@ -4686,7 +4686,7 @@ ObjectManager::Attribute.add(
     invite_agent: {},
     invite_customer: {},
     edit: {
-      Admin: {
+      'admin.user' => {
         null: true,
       },
     },
@@ -4713,15 +4713,13 @@ ObjectManager::Attribute.add(
       true: 'yes',
     },
     translate: true,
+    permission: ['admin.user', 'ticket.agent'],
   },
   editable: false,
   active: true,
   screens: {
     edit: {
-      Admin: {
-        null: true,
-      },
-      Agent: {
+      '-all-' => {
         null: true,
       },
     },
@@ -4785,6 +4783,7 @@ ObjectManager::Attribute.add(
   data_option: {
     null: false,
     item_class: 'checkbox',
+    permission: ['admin.user'],
   },
   editable: false,
   active: true,
@@ -4798,7 +4797,7 @@ ObjectManager::Attribute.add(
     },
     invite_customer: {},
     edit: {
-      Admin: {
+      '-all-' => {
         null: true,
       },
     },
@@ -4823,6 +4822,7 @@ ObjectManager::Attribute.add(
   data_option: {
     null: true,
     default: true,
+    permission: ['admin.user', 'ticket.agent'],
   },
   editable: false,
   active: true,
@@ -4831,7 +4831,7 @@ ObjectManager::Attribute.add(
     invite_agent: {},
     invite_customer: {},
     edit: {
-      Admin: {
+      '-all-' => {
         null: false,
       },
     },
@@ -4895,12 +4895,13 @@ ObjectManager::Attribute.add(
       false: 'no',
     },
     translate: true,
+    permission: ['admin.organization'],
   },
   editable: false,
   active: true,
   screens: {
     edit: {
-      Admin: {
+      '-all-' => {
         null: false,
       },
     },
@@ -4932,12 +4933,13 @@ ObjectManager::Attribute.add(
       false: 'no',
     },
     translate: true,
+    permission: ['admin.organization'],
   },
   editable: false,
   active: true,
   screens: {
     edit: {
-      Admin: {
+      '-all-' => {
         null: false,
       },
     },
@@ -5026,12 +5028,13 @@ ObjectManager::Attribute.add(
   data_option: {
     null: true,
     default: true,
+    permission: ['admin.organization'],
   },
   editable: false,
   active: true,
   screens: {
     edit: {
-      Admin: {
+      '-all-' => {
         null: false,
       },
     },
@@ -5302,6 +5305,7 @@ ObjectManager::Attribute.add(
   data_option: {
     null: true,
     default: true,
+    permission: ['admin.group'],
   },
   editable: false,
   active: true,
@@ -5312,7 +5316,7 @@ ObjectManager::Attribute.add(
       },
     },
     edit: {
-      Admin: {
+      '-all-': {
         null: false,
       },
     },