Cannot open ticket, zammad says insufficient rights

  • Used Zammad version: 5.0
  • Used Zammad installation type: package
  • Operating system: Debian 10
  • Browser + version: Chrome 99

I have created a ticket, where an agent has wrote an article, now the ticket is not accessable. For me (with agent and admin role) there is written:

Oops.. I'm sorry, but you have insufficient rights to open this Ticket.

In the production log, there is the following output, when i try to access the ticket via the REST API:

I, [2022-03-29T17:24:43.635609 #27127-17665860]  INFO -- : Started GET "/api/v1/tickets/729" for at 2022-03-29 17:24:43 +0200
I, [2022-03-29T17:24:43.651644 #27127-17665860]  INFO -- : Processing by TicketsController#show as */*
I, [2022-03-29T17:24:43.651798 #27127-17665860]  INFO -- :   Parameters: {"id"=>"729"}
I, [2022-03-29T17:24:43.715019 #27127-17665860]  INFO -- : not allowed to show? this Ticket (Pundit::NotAuthorizedError)
app/controllers/application_controller/authorizes.rb:10:in `authorize!'
app/controllers/tickets_controller.rb:51:in `show'
app/controllers/application_controller/has_download.rb:21:in `block (4 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:20:in `block (3 levels) in <module:HasDownload>'
app/controllers/application_controller/has_download.rb:19:in `block (2 levels) in <module:HasDownload>'
app/controllers/application_controller/handles_transitions.rb:16:in `handle_transaction'
I, [2022-03-29T17:24:43.715865 #27127-17665860]  INFO -- : Not authorized (Exceptions::Forbidden)

I, [2022-03-29T17:24:43.716515 #27127-17665860]  INFO -- : Completed 403 Forbidden in 65ms (Views: 0.2ms | ActiveRecord: 22.4ms | Allocations: 14638)

I can access the ticket with the id 728 and the following ticket with the id 730. What went wrong?

If you have multiple groups I would check your roles and your user if there maybe is a group that you don’t have access to?

I was asking the agent, to find out what was happening.

I have a ticket type, which fires a trigger when set to an ticket. The trigger moves the ticket to an inactive group, so no one has access to this ticket, if it is in this group. The agent has set the ticket type to this one, which fires the trigger.

Maybe, this is somewhat misbehaving, if a trigger throws no error, when the trigger action leads to inactive parts of the ticket system.