From 5834fd47205ba46be2ded3bd58b22880122375da Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Thu, 4 Jun 2015 21:52:30 -0400 Subject: [PATCH 01/10] #208 Add manager column to categories table --- install/mods-for-hesk/sql/installSql.php | 1 + 1 file changed, 1 insertion(+) diff --git a/install/mods-for-hesk/sql/installSql.php b/install/mods-for-hesk/sql/installSql.php index 97974648..38427c96 100644 --- a/install/mods-for-hesk/sql/installSql.php +++ b/install/mods-for-hesk/sql/installSql.php @@ -452,6 +452,7 @@ function execute230Scripts() { executeQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` ADD COLUMN `longitude` VARCHAR(100) NOT NULL DEFAULT 'E-0'"); executeQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."stage_tickets` ADD COLUMN `latitude` VARCHAR(100) NOT NULL DEFAULT 'E-0'"); executeQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."stage_tickets` ADD COLUMN `longitude` VARCHAR(100) NOT NULL DEFAULT 'E-0'"); + executeQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ADD COLUMN `manager` INT NOT NULL DEFAULT 0"); executeQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."settings` SET `Value` = '2.3.0' WHERE `Key` = 'modsForHeskVersion'"); } From eaf79776c7e185a976502f07494cc63a0b343de1 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Thu, 4 Jun 2015 22:00:27 -0400 Subject: [PATCH 02/10] Still need to setup security, though --- admin/manage_categories.php | 45 ++++++++++++++++++++++++++++++++++++- language/en/text.php | 2 ++ 2 files changed, 46 insertions(+), 1 deletion(-) diff --git a/admin/manage_categories.php b/admin/manage_categories.php index 70980ba5..e0b267f1 100644 --- a/admin/manage_categories.php +++ b/admin/manage_categories.php @@ -57,6 +57,7 @@ $priorities = array( ); /* What should we do? */ +//TODO if ( $action = hesk_REQUEST('a') ) { if ($action == 'linkcode') {generate_link_code();} @@ -68,6 +69,7 @@ if ( $action = hesk_REQUEST('a') ) elseif ($action == 'autoassign') {toggle_autoassign();} elseif ($action == 'type') {toggle_type();} elseif ($action == 'priority') {change_priority();} + elseif ($action == 'manager') {change_manager();} } /* Print header */ @@ -238,7 +240,6 @@ else {return false;} }) -
+ @@ -275,6 +277,11 @@ else {return false;} /* Get list of categories */ $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC"); + $usersRes = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ORDER BY `name` ASC"); + $users = array(); + while ($userRow = hesk_dbFetchAssoc($usersRes)) { + array_push($users, $userRow); + } $i=1; $j=0; @@ -356,6 +363,7 @@ else {return false;}
+ '.output_user_dropdown($mycat['id'], $mycat['manager'], $users).' ' . $autoassign_code . ' @@ -702,4 +710,39 @@ function toggle_type() hesk_process_messages($tmp,'./manage_categories.php','SUCCESS'); } // End toggle_type() + +function output_user_dropdown($catId, $selectId, $userArray) { + global $hesklang; + + //TODO + $dropdownMarkup = ''; + + + return '
+ + + '.$dropdownMarkup.' +
'; +} + +function change_manager() { + global $hesklang, $hesk_settings; + + $catid = hesk_POST('catid'); + $newManagerId = hesk_POST('managerid'); + + hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` SET `manager` = '.intval($newManagerId).' WHERE `id` = '.intval($catid)); + if (hesk_dbAffectedRows() != 1) + { + hesk_process_messages($hesklang['int_error'].': '.$hesklang['cat_not_found'],'./manage_categories.php'); + } + + hesk_process_messages($hesklang['manager_updated'],'./manage_categories.php','SUCCESS'); +} ?> diff --git a/language/en/text.php b/language/en/text.php index 10a2aee3..d901463f 100644 --- a/language/en/text.php +++ b/language/en/text.php @@ -66,6 +66,8 @@ $hesklang['your_current_location'] = 'Your location'; $hesklang['requesting_location_ellipsis'] = 'Requesting location...'; $hesklang['unable_to_determine_location'] = 'Unable to determine your location, or you declined to share it.'; $hesklang['save_to_see_updated_address'] = 'Save the new location to see the updated address'; +$hesklang['manager'] = 'Manager'; +$hesklang['manager_updated'] = 'Category manager has been updated.'; // ADDED OR MODIFIED IN Mods for HESK 2.2.1 $hesklang['popart_no_colon']='Top Knowledgebase Articles'; // same as $hesklang['popart'] but without a colon (:) From f4fc8ecf43ce6d2130846a4bbbefdf22039744e2 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Fri, 5 Jun 2015 19:03:52 -0400 Subject: [PATCH 03/10] #208 Manager should have all ticket-related privileges --- admin/admin_ticket.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php index 4bf2e0be..c9b89f35 100644 --- a/admin/admin_ticket.php +++ b/admin/admin_ticket.php @@ -123,15 +123,21 @@ else } /* Get category name and ID */ -$result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1"); +$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1"); /* If this category has been deleted use the default category with ID 1 */ if (hesk_dbNumRows($result) != 1) { - $result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1"); + $result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1"); } $category = hesk_dbFetchAssoc($result); +$managerRS = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id` = '.intval($_SESSION['id'])); +$managerRow = hesk_dbFetchAssoc($managerRS); +$isManager = $managerRow['id'] == $category['manager']; +if ($isManager) { + $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true; +} /* Is this user allowed to view tickets inside this category? */ hesk_okCategory($category['id']); From 96fe276ea09878d280eedb3170e0ef771612119c Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Sat, 6 Jun 2015 22:13:44 -0400 Subject: [PATCH 04/10] #208 Update some security stuff for managers. Still have a lot to do --- admin/admin_ticket.php | 22 ++++++++++++---------- admin/edit_post.php | 13 ++++++++++--- 2 files changed, 22 insertions(+), 13 deletions(-) diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php index c9b89f35..9720c1d9 100644 --- a/admin/admin_ticket.php +++ b/admin/admin_ticket.php @@ -859,7 +859,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* Do we need or have any canned responses? */ $can_options = hesk_printCanned(); - echo hesk_getAdminButtons(); + echo hesk_getAdminButtons(0,1,$isManager); ?>
@@ -1273,7 +1273,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
- +


: @@ -1452,7 +1452,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); @@ -1635,7 +1635,7 @@ function hesk_getFontAwesomeIconForFileExtension($fileExtension) } -function hesk_getAdminButtons($reply=0,$white=1) +function hesk_getAdminButtons($reply=0,$white=1,$isManager) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete; @@ -1686,7 +1686,8 @@ function hesk_getAdminButtons($reply=0,$white=1) if ($can_edit) { $tmp = $reply ? '&reply='.$reply['id'] : ''; - $options .= ' '.$hesklang['edtt'].' '; + $mgr = $isManager ? '&isManager=true' : ''; + $options .= ' '.$hesklang['edtt'].' '; } @@ -1716,7 +1717,7 @@ function hesk_getAdminButtons($reply=0,$white=1) } // END hesk_getAdminButtons() -function hesk_getAdminButtonsInTicket($reply=0,$white=1) +function hesk_getAdminButtonsInTicket($reply=0,$white=1,$isManager=false) { global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete; @@ -1730,7 +1731,8 @@ function hesk_getAdminButtonsInTicket($reply=0,$white=1) if ($can_edit) { $tmp = $reply ? '&reply='.$reply['id'] : ''; - $options .= ' '.$hesklang['edtt'].' '; + $mgr = $isManager ? '&isManager=true' : ''; + $options .= ' '.$hesklang['edtt'].' '; } @@ -1841,7 +1843,7 @@ function print_form() } // End print_form() -function hesk_printTicketReplies() { +function hesk_printTicketReplies($isManager) { global $hesklang, $hesk_settings, $result, $reply; $i = $hesk_settings['new_top'] ? 0 : 1; @@ -1863,7 +1865,7 @@ function hesk_printTicketReplies() {

- +

:

diff --git a/admin/edit_post.php b/admin/edit_post.php index 4abcb98e..833f5b24 100644 --- a/admin/edit_post.php +++ b/admin/edit_post.php @@ -46,8 +46,10 @@ hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ -hesk_checkPermission('can_view_tickets'); -hesk_checkPermission('can_edit_tickets'); +if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) { + hesk_checkPermission('can_view_tickets'); + hesk_checkPermission('can_edit_tickets'); +} /* Ticket ID */ $trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']); @@ -70,7 +72,9 @@ if ( defined('HESK_DEMO') ) } /* Is this user allowed to view tickets inside this category? */ -hesk_okCategory($ticket['category']); +if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) { + hesk_okCategory($ticket['category']); +} if ( hesk_isREQUEST('reply') ) { @@ -466,6 +470,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
+ + +
From 69b8aaadfe5548eeef37444214d881c1540c5ee3 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Sun, 7 Jun 2015 01:18:30 -0400 Subject: [PATCH 05/10] #208 Manager can now access all ticket-related functions --- admin/admin_reply_ticket.php | 6 +- admin/admin_ticket.php | 129 +++++++++++++---------------------- admin/change_status.php | 6 +- 3 files changed, 55 insertions(+), 86 deletions(-) diff --git a/admin/admin_reply_ticket.php b/admin/admin_reply_ticket.php index 5a422efe..2b85c6cc 100644 --- a/admin/admin_reply_ticket.php +++ b/admin/admin_reply_ticket.php @@ -62,7 +62,9 @@ hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ -hesk_checkPermission('can_reply_tickets'); +if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) { + hesk_checkPermission('can_reply_tickets'); +} /* A security check */ # hesk_token_check('POST'); @@ -310,7 +312,7 @@ else $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') "; } -if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0)) +if ( ! empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self',0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager']))) { $revision = sprintf($hesklang['thist2'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')'); $sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') "; diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php index 9720c1d9..3b5cfc32 100644 --- a/admin/admin_ticket.php +++ b/admin/admin_ticket.php @@ -859,7 +859,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); /* Do we need or have any canned responses? */ $can_options = hesk_printCanned(); - echo hesk_getAdminButtons(0,1,$isManager); + echo hesk_getAdminButtons(); ?>
@@ -995,16 +995,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly'; echo '
'; + $mgr = $isManager ? '&isManager=1' : ''; if ($isTicketClosed == 0 && $isClosable) // Ticket is still open { echo ' + class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.$mgr.'&s='.$staffClosedOptionStatus['ID'].'&Refresh='.$random.'&token='.hesk_token_echo(0).'"> '.$hesklang['close_action'].''; } elseif ($isTicketClosed == 1) { echo ' + class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.$mgr.'&s='.$staffReopenedStatus['ID'].'&Refresh='.$random.'&token='.hesk_token_echo(0).'"> '.$hesklang['open_action'].''; } @@ -1065,8 +1066,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); - - + '; + if ($isManager) { + echo ''; + } + echo ' @@ -1089,13 +1093,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); - - + '; + if ($isManager) { + echo ''; + } + echo '
'; echo '

'.$hesklang['owner'].'

'; - if (hesk_checkPermission('can_assign_others',0)) + if (hesk_checkPermission('can_assign_others',0) || $isManager) { echo'
@@ -1273,7 +1280,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
- +


: @@ -1452,7 +1459,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); @@ -1635,9 +1642,9 @@ function hesk_getFontAwesomeIconForFileExtension($fileExtension) } -function hesk_getAdminButtons($reply=0,$white=1,$isManager) +function hesk_getAdminButtons($reply=0,$white=1) { - global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete; + global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager; $options = '

'; @@ -1717,9 +1724,9 @@ function hesk_getAdminButtons($reply=0,$white=1,$isManager) } // END hesk_getAdminButtons() -function hesk_getAdminButtonsInTicket($reply=0,$white=1,$isManager=false) +function hesk_getAdminButtonsInTicket($reply=0,$white=1) { - global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete; + global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager; $options = '
'; @@ -1769,82 +1776,38 @@ function print_form() global $trackingID; /* Print header */ - require_once(HESK_PATH . 'inc/header.inc.php'); + require_once(HESK_PATH . 'inc/headerAdmin.inc.php'); /* Print admin navigation */ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); - ?> - - - - - -  
- - - -
- - - - - - - - - - - - - - - - -
  - - - - - - - - - - - - - - - - - - - - -
-

-
  
  - :

  -
 
- - - - 		 
-
- -

 

+
+
+

+
+
+ +
+
+ + +
+
+
+
+
- +

:

@@ -1906,7 +1869,7 @@ function hesk_printTicketReplies($isManager) { function hesk_printReplyForm() { - global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self; + global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager; ?> @@ -2086,9 +2049,11 @@ function hesk_printReplyForm() { ?>
- + + +
-
diff --git a/admin/change_status.php b/admin/change_status.php index 1949719d..84d3761b 100644 --- a/admin/change_status.php +++ b/admin/change_status.php @@ -46,8 +46,10 @@ hesk_dbConnect(); hesk_isLoggedIn(); /* Check permissions for this feature */ -hesk_checkPermission('can_view_tickets'); -hesk_checkPermission('can_reply_tickets'); +if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) { + hesk_checkPermission('can_view_tickets'); + hesk_checkPermission('can_reply_tickets'); +} /* A security check */ hesk_token_check(); From da02eca77053cfd5919f74936a1391ce97b99aeb Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Sun, 7 Jun 2015 01:41:20 -0400 Subject: [PATCH 06/10] \# 208 Add category to user if they can't see it This makes it much easier to tell if the user has access to the category or not, instead of querying for which categories the user is manager of. --- admin/manage_categories.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/admin/manage_categories.php b/admin/manage_categories.php index e0b267f1..7fbf5112 100644 --- a/admin/manage_categories.php +++ b/admin/manage_categories.php @@ -742,6 +742,17 @@ function change_manager() { { hesk_process_messages($hesklang['int_error'].': '.$hesklang['cat_not_found'],'./manage_categories.php'); } + if ($newManagerId == 0) { + // There is no new manager. + return; + } + // Add the category to the user's categories list, if not already present + $currentCatRs = hesk_dbQuery('SELECT `categories` FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id` = '.intval($newManagerId)); + $currentCategories = hesk_dbFetchAssoc($currentCatRs); + $categories = explode(',', $currentCategories['categories']); + if (!in_array($catid, $categories)) { + hesk_dbQuery('UPDATE `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` SET `categories` = \''.$currentCategories['categories'].','.$catid.'\' WHERE `id` = '.intval($newManagerId)); + } hesk_process_messages($hesklang['manager_updated'],'./manage_categories.php','SUCCESS'); } From 4ee1095e9ced90d3af608348176126fb3307f0ff Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Sun, 7 Jun 2015 18:08:57 -0400 Subject: [PATCH 07/10] #208 Remove unecessary TODOs --- admin/manage_categories.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/admin/manage_categories.php b/admin/manage_categories.php index 7fbf5112..79397f33 100644 --- a/admin/manage_categories.php +++ b/admin/manage_categories.php @@ -57,7 +57,6 @@ $priorities = array( ); /* What should we do? */ -//TODO if ( $action = hesk_REQUEST('a') ) { if ($action == 'linkcode') {generate_link_code();} @@ -714,7 +713,6 @@ function toggle_type() function output_user_dropdown($catId, $selectId, $userArray) { global $hesklang; - //TODO $dropdownMarkup = ' - '; - foreach ($userArray as $user) { - $select = $selectId == $user['id'] ? 'selected' : ''; - $dropdownMarkup .= ''; - } - $dropdownMarkup .= ''; + if (!hesk_checkPermission('can_set_manager', 0)) { + foreach ($userArray as $user) { + if ($user['id'] == $selectId) { + return '

'.$user['name'].'

'; + } + } + return '

'.$hesklang['no_manager'].'

'; + } else { + $dropdownMarkup = ''; - return '
+ return ' '.$dropdownMarkup.'
'; + } } function change_manager() { diff --git a/admin/manage_users.php b/admin/manage_users.php index ba0346bc..ed8ec1eb 100644 --- a/admin/manage_users.php +++ b/admin/manage_users.php @@ -79,6 +79,7 @@ $hesk_settings['features'] = array( 'can_service_msg', /* User can manage service messages shown in customer interface */ 'can_man_email_tpl', /* User can manage email templates */ 'can_man_ticket_statuses', /* User can manage ticket statuses */ +'can_set_manager', /* User can set category managers */ ); /* Set default values */ diff --git a/language/en/text.php b/language/en/text.php index d901463f..9614ffd2 100644 --- a/language/en/text.php +++ b/language/en/text.php @@ -68,6 +68,8 @@ $hesklang['unable_to_determine_location'] = 'Unable to determine your location, $hesklang['save_to_see_updated_address'] = 'Save the new location to see the updated address'; $hesklang['manager'] = 'Manager'; $hesklang['manager_updated'] = 'Category manager has been updated.'; +$hesklang['can_set_manager'] = 'Can set category managers'; +$hesklang['no_manager'] = 'No manager'; // ADDED OR MODIFIED IN Mods for HESK 2.2.1 $hesklang['popart_no_colon']='Top Knowledgebase Articles'; // same as $hesklang['popart'] but without a colon (:)