Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Re-added all manager-related code

Browse Source
master
Mike Koch 7 years ago
parent a3709c187b
commit 477b780805
No known key found for this signature in database
GPG Key ID: 9BA5D7F8391455ED
15 changed files with 160 additions and 18 deletions
Show Stats Download Patch File Download Diff File

1
README.md
Unescape Escape View File

@ -33,6 +33,7 @@ Mods for HESK is a set of modifications for [HESK](https://www.hesk.com) v2.7.x,
<li>Custom service message icons</li>
<li>Permission templates</li>
<li>Request users location in tickets</li>
<li>Category managers</li>
<li>Show number of merged tickets in ticket search view</li>
<li>Enable / disable staff members</li>
<li>More-restricted settings page access</li>

6
admin/admin_reply_ticket.php
Unescape Escape View File

@ -39,7 +39,9 @@ hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_reply_tickets');
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_checkPermission('can_reply_tickets');
}
/* A security check */
# hesk_token_check('POST');
@ -279,7 +281,7 @@ if ($time_worked == '00:00:00') {
$sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') ";
}
if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0))) {
if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager']))) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql .= " , `owner`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
}

49
admin/admin_ticket.php
Unescape Escape View File

@ -107,14 +107,33 @@ if ($ticket['lastreplier']) {
}
/* Get category name and ID */
$result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
/* If this category has been deleted use the default category with ID 1 */
if (hesk_dbNumRows($result) != 1) {
$result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
}
$category = hesk_dbFetchAssoc($result);
$managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($_SESSION['id']));
$managerRow = hesk_dbFetchAssoc($managerRS);
$isManager = $managerRow['id'] == $category['manager'];
if ($isManager) {
$can_del_notes =
$can_reply =
$can_delete =
$can_edit =
$can_archive =
$can_assign_self =
$can_view_unassigned =
$can_change_own_cat =
$can_change_cat =
$can_ban_emails =
$can_unban_emails =
$can_ban_ips =
$can_unban_ips =
$can_resolve = true;
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($category['id']);
@ -971,6 +990,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<input type="submit" style="display: none" value="' . $hesklang['go'] . '" /><input type="hidden" name="track" value="' . $trackingID . '" />
<input type="hidden" name="token" value="' . hesk_token_echo(0) . '" />';
if ($isManager) {
echo '<input type="hidden" name="isManager" value="1">';
}
echo '</span>
</form>
@ -994,12 +1016,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<input type="submit" style="display:none;" value="' . $hesklang['go'] . '" class="btn btn-default" /><input type="hidden" name="track" value="' . $trackingID . '" />
<input type="hidden" name="token" value="' . hesk_token_echo(0) . '" />';
if ($isManager) {
echo '<input type="hidden" name="isManager" value="1">';
}
echo '</span>
</form>
</div>';
echo '<div class="col-md-3 col-sm-12 ticket-cell-admin"><p class="ticket-property-title">' . $hesklang['owner'] . '</p>';
if (hesk_checkPermission('can_assign_others', 0)) {
if (hesk_checkPermission('can_assign_others', 0) || $isManager) {
echo '
<form style="margin-bottom:0;" id="changeOwnerForm" action="assign_owner.php" method="post">
<span style="white-space:nowrap;">
@ -1242,14 +1267,15 @@ require_once(HESK_PATH . 'inc/footer.inc.php');
function hesk_getAdminButtons($category_id)
{
global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve;
global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $isManager;
$options = '';
/* Edit post */
if ($can_edit) {
$tmp = $reply ? '&amp;reply=' . $reply['id'] : '';
$options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edit'] . '</a> ';
$mgr = $isManager ? '&amp;isManager=true' : '';
$options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . $mgr . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edit'] . '</a> ';
}
@ -1295,12 +1321,13 @@ function hesk_getAdminButtons($category_id)
$isTicketClosed = $isTicketClosedRow['IsClosed'];
$isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';
$mgr = $isManager ? '&amp;isManager=1' : '';
if ($isTicketClosed == 0 && $isClosable && $can_resolve) // Ticket is still open
{
$options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
$options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
<i class="fa fa-check-circle green"></i> ' . $hesklang['close_action'] . '</a> ';
} elseif ($isTicketClosed == 1) {
$options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . '&amp;s=' . $staffReopenedStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
$options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffReopenedStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
<i class="fa fa-folder-open-o green"></i> ' . $hesklang['open_action'] . '</a> ';
}
@ -1486,7 +1513,7 @@ function hesk_getAdminButtons($category_id)
function hesk_getAdminButtonsInTicket($reply = 0, $white = 1)
{
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;
$options = $reply ? '' : '<div class="pull-right">';
@ -1509,7 +1536,8 @@ function hesk_getAdminButtonsInTicket($reply = 0, $white = 1)
/* Edit post */
if ($can_edit) {
$tmp = $reply ? '&amp;reply=' . $reply['id'] : '';
$options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edtt'] . '</a> ';
$mgr = $isManager ? '&amp;isManager=true' : '';
$options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . $mgr . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edtt'] . '</a> ';
}
@ -2045,6 +2073,9 @@ function hesk_printReplyForm()
</ul>
</div>
<input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?>">
<?php if ($isManager): ?>
<input type="hidden" name="isManager" value="1">
<?php endif; ?>
</div>
</div>
</form>

6
admin/change_status.php
Unescape Escape View File

@ -26,8 +26,10 @@ hesk_isLoggedIn();
$modsForHesk_settings = mfh_getSettings();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
}
/* A security check */
hesk_token_check();

15
admin/edit_post.php
Unescape Escape View File

@ -32,8 +32,11 @@ hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_edit_tickets');
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_edit_tickets');
}
$modsForHesk_settings = mfh_getSettings();
/* Ticket ID */
@ -59,7 +62,10 @@ if (defined('HESK_DEMO')) {
}
/* Is this user allowed to view tickets inside this category? */
hesk_okCategory($ticket['category']);
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_okCategory($ticket['category']);
}
if (hesk_isREQUEST('reply')) {
$tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
@ -626,6 +632,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<input type="hidden" name="html" value="<?php echo $html; ?>">
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
<?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
<input type="hidden" name="isManager" value="1">
<?php endif; ?>
<a class="btn btn-default" href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?></a>
</div>
</form>

37
admin/manage_users.php
Unescape Escape View File

@ -621,6 +621,31 @@ function update_user()
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
}
// Find the list of categories they are manager of. If they no longer have access to the category, revoke their manager permission.
if ($myuser['isadmin']) {
// Admins can't be managers
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = 0 WHERE `manager` = ' . intval($myuser['id']));
} else {
$currentCatRs = hesk_dbQuery("SELECT `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($myuser['id']) . "' LIMIT 1");
$rowOfCategories = hesk_dbFetchAssoc($currentCatRs);
$cats = $rowOfCategories['categories'];
$currentCategories = explode(',', $cats);
$newCategories = explode(',', $myuser['categories']);
// If any any elements are in current but not in new, add them to the revoke array
$revokeCats = array();
foreach ($currentCategories as $currentCategory) {
if (!in_array($currentCategory, $newCategories) && $currentCategory != '') {
array_push($revokeCats, $currentCategory);
}
}
if (count($revokeCats) > 0) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")");
}
}
hesk_dbQuery(
"UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
`user`='" . hesk_dbEscape($myuser['user']) . "',
@ -651,6 +676,11 @@ function update_user()
`default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
WHERE `id`='" . intval($myuser['id']) . "'");
// If they are now inactive, remove any manager rights
if (!$myuser['active']) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id']));
}
unset($_SESSION['save_userdata']);
unset($_SESSION['userdata']);
@ -814,6 +844,10 @@ function remove()
hesk_process_messages($hesklang['cant_del_own'], './manage_users.php');
}
// Revoke manager rights
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
/* Un-assign all tickets for this user */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser) . "'");
@ -877,6 +911,9 @@ function toggle_active()
$active = 0;
$tmp = $hesklang['user_deactivated'];
// Revoke any manager rights
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
$notificationSql = ", `autoassign` = '0', `notify_new_unassigned` = '0', `notify_new_my` = '0', `notify_reply_unassigned` = '0',
`notify_reply_my` = '0', `notify_assigned` = '0', `notify_pm` = '0', `notify_note` = '0', `notify_note_unassigned` = '0', `notify_overdue_unassigned` = '0'";
}

5
api/BusinessLogic/Categories/Category.php
Unescape Escape View File

@ -51,6 +51,11 @@ class Category extends \BaseClass {
*/
public $priority;
/**
* @var int|null The manager for the Categories, if applicable
*/
public $manager;
/**
* @var bool Indication if the user has access to the Categories
*/

6
api/BusinessLogic/Security/UserToTicketChecker.php
Unescape Escape View File

@ -31,6 +31,12 @@ class UserToTicketChecker extends \BaseClass {
return false;
}
$categoryManagerId = $this->userGateway->getManagerForCategory($ticket->categoryId, $heskSettings);
if ($user->id === $categoryManagerId) {
return true;
}
$extraPermissions[] = UserPrivilege::CAN_VIEW_TICKETS;
foreach ($extraPermissions as $permission) {

1
api/Controllers/Categories/CategoryController.php
Unescape Escape View File

@ -63,6 +63,7 @@ class CategoryController extends \BaseClass {
$category->description = Helpers::safeArrayGet($json, 'description');
$category->displayBorder = Helpers::safeArrayGet($json, 'displayBorder');
$category->foregroundColor = Helpers::safeArrayGet($json, 'foregroundColor');
$category->manager = Helpers::safeArrayGet($json, 'manager');
$category->name = Helpers::safeArrayGet($json, 'name');
$category->priority = Helpers::safeArrayGet($json, 'priority');
$category->type = Helpers::safeArrayGet($json, 'type');

6
api/DataAccess/Categories/CategoryGateway.php
Unescape Escape View File

@ -41,6 +41,7 @@ class CategoryGateway extends CommonDao {
$category->foregroundColor = $row['foreground_color'];
$category->displayBorder = $row['display_border_outline'] === '1';
$category->priority = intval($row['priority']);
$category->manager = intval($row['manager']) == 0 ? NULL : intval($row['manager']);
$category->description = $row['mfh_description'];
$category->numberOfTickets = intval($row['number_of_tickets']);
$results[] = $category;
@ -63,11 +64,11 @@ class CategoryGateway extends CommonDao {
$newOrder = hesk_dbFetchAssoc($newOrderRs);
$sql = "INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories`
(`name`, `cat_order`, `autoassign`, `type`, `priority`, `background_color`, `usage`,
(`name`, `cat_order`, `autoassign`, `type`, `priority`, `manager`, `background_color`, `usage`,
`foreground_color`, `display_border_outline`, `mfh_description`)
VALUES ('" . hesk_dbEscape($category->name) . "', " . intval($newOrder['cat_order']) . ",
'" . ($category->autoAssign ? 1 : 0) . "', '" . intval($category->type) . "',
'" . intval($category->priority) . "',
'" . intval($category->priority) . "', " . ($category->manager === null ? 0 : intval($category->manager)) . ",
'" . hesk_dbEscape($category->backgroundColor) . "', " . intval($category->usage) . ",
'" . hesk_dbEscape($category->foregroundColor) . "', '" . ($category->displayBorder ? 1 : 0) . "',
'" . hesk_dbEscape($category->description) . "')";
@ -94,6 +95,7 @@ class CategoryGateway extends CommonDao {
`autoassign` = '" . ($category->autoAssign ? 1 : 0) . "',
`type` = '" . intval($category->type) . "',
`priority` = '" . intval($category->priority) . "',
`manager` = " . ($category->manager === null ? 0 : intval($category->manager)) . ",
`background_color` = '" . hesk_dbEscape($category->backgroundColor) . "',
`usage` = " . intval($category->usage) . ",
`foreground_color` = '" . hesk_dbEscape($category->foregroundColor) . "',

21
api/DataAccess/Security/UserGateway.php
Unescape Escape View File

@ -99,4 +99,25 @@ class UserGateway extends CommonDao {
return $users;
}
function getManagerForCategory($categoryId, $heskSettings) {
$this->init();
$rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "users`
WHERE `id` = (
SELECT `manager`
FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories`
WHERE `id` = " . intval($categoryId) . ")");
if (hesk_dbNumRows($rs) === 0) {
$this->close();
return null;
}
$user = UserContext::fromDataRow(hesk_dbFetchAssoc($rs));
$this->close();
return $user;
}
}

19
api/Tests/BusinessLogic/Security/UserToTicketCheckerTest.php
Unescape Escape View File

@ -92,4 +92,23 @@ class UserToTicketCheckerTest extends TestCase {
//-- Assert
self::assertThat($result, self::isFalse());
}
function testItReturnsTrueWhenTheUserDoesNotHaveEditPermissionsButIsTheCategoryManager() {
//-- Arrange
$user = new UserContext();
$user->admin = false;
$user->categories = array(1);
$user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS, 'something else');
$user->id = 1;
$this->userGateway->method('getManagerForCategory')->willReturn(1);
$ticket = new Ticket();
$ticket->categoryId = 1;
//-- Act
$result = $this->userToTicketChecker->isTicketAccessibleToUser($user, $ticket, $this->heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS));
//-- Assert
self::assertThat($result, self::isTrue());
}
}

1
inc/common.inc.php
Unescape Escape View File

@ -2026,6 +2026,7 @@ function hesk_getFeatureArray()
'can_service_msg', /* User can manage service messages shown in customer interface */
'can_email_tpl', /* User can manage email templates */
'can_man_ticket_statuses', /* User can manage ticket statuses */
'can_set_manager', /* User can set category managers */
'can_man_permission_tpl', /* User can manage permission templates */
'can_man_settings', /* User can manage helpdesk settings */
'can_change_notification_settings', /* User can change notification settings */

1
install/mods-for-hesk/database-validation.php
Unescape Escape View File

@ -93,6 +93,7 @@ hesk_dbConnect();
$all_good = $all_good & run_column_check('tickets', 'longitude');
$all_good = $all_good & run_column_check('stage_tickets', 'latitude');
$all_good = $all_good & run_column_check('stage_tickets', 'longitude');
$all_good = $all_good & run_column_check('categories', 'manager');
$all_good = $all_good & run_column_check('users', 'permission_template');
$all_good = $all_good & run_table_check('permission_templates');
$all_good = $all_good & run_column_check('permission_templates', 'id');

4
language/en/text.php
Unescape Escape View File

@ -1831,6 +1831,10 @@ $hesklang['your_current_location'] = 'Your location';
$hesklang['requesting_location_ellipsis'] = 'Requesting location...';
$hesklang['unable_to_determine_location'] = 'Unable to determine your location, or you declined to share it.';
$hesklang['save_to_see_updated_address'] = 'Save the new location to see the updated address';
$hesklang['manager'] = 'Manager';
$hesklang['manager_updated'] = 'Category manager has been updated.';
$hesklang['can_set_manager'] = 'Can set category managers';
$hesklang['no_manager'] = 'No manager';
$hesklang['manage_permission_templates'] = 'Manage Permission Templates';
$hesklang['manage_permission_templates_help'] = 'Here you can create and edit permission templates. These templates will appear when creating/editing a user.
Please note that if you change the permission template\'s settings, it will NOT change the permissions of any users that are set to this permission template.';

Write Preview
Loading…
Cancel
Save