From 50e4861d39b31d1b49ce903051c82aa2543941e6 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Tue, 26 Apr 2016 08:59:54 -0400 Subject: [PATCH] Some calendar fixes --- admin/calendar.php | 4 +++ inc/common.inc.php | 6 +++- internal-api/dao/calendar_dao.php | 28 +++++++++++++++++++ .../mods-for-hesk-calendar-admin-readonly.js | 2 +- js/calendar/mods-for-hesk-calendar.js | 8 ++++-- 5 files changed, 44 insertions(+), 4 deletions(-) diff --git a/admin/calendar.php b/admin/calendar.php index 04b5f047..3b92217c 100644 --- a/admin/calendar.php +++ b/admin/calendar.php @@ -60,6 +60,10 @@ if ($modsForHesk_settings['enable_calendar'] == '0') { $rs = hesk_dbQuery("SELECT `id`, `name`, `color` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `usage` <> 1 ORDER BY `cat_order`"); $categories = []; while ($row = hesk_dbFetchAssoc($rs)) { + if (!$_SESSION['isadmin'] && !in_array($row['id'], $_SESSION['categories'])) { + continue; + } + $row['css_style'] = $row['color'] == null ? 'color: black; border: solid 1px #000' : 'background: ' . $row['color']; $categories[] = $row; } diff --git a/inc/common.inc.php b/inc/common.inc.php index 719a1f72..cbb0f230 100644 --- a/inc/common.inc.php +++ b/inc/common.inc.php @@ -1836,7 +1836,11 @@ function mfh_log($location, $message, $severity, $user) { } function mfh_log_debug($location, $message, $user) { - mfh_log($location, $message, 0, $user); + global $hesk_settings; + + if ($hesk_settings['debug_mode']) { + mfh_log($location, $message, 0, $user); + } } function mfh_log_info($location, $message, $user) { diff --git a/internal-api/dao/calendar_dao.php b/internal-api/dao/calendar_dao.php index 72897f01..549073df 100644 --- a/internal-api/dao/calendar_dao.php +++ b/internal-api/dao/calendar_dao.php @@ -26,6 +26,13 @@ function get_events($start, $end, $hesk_settings, $staff = true) { $events = []; while ($row = hesk_dbFetchAssoc($rs)) { + // Skip the event if the user does not have access to it + if (!$_SESSION['isadmin'] && !in_array($row['category'], $_SESSION['categories'])) { + continue; + } + + mfh_log_debug('Calendar', "Creating event with id: {$row['id']}", ''); + $event['type'] = 'CALENDAR'; $event['id'] = intval($row['id']); $event['startTime'] = $row['start']; @@ -59,6 +66,11 @@ function get_events($start, $end, $hesk_settings, $staff = true) { $rs = hesk_dbQuery($sql); while ($row = hesk_dbFetchAssoc($rs)) { + // Skip the ticket if the user does not have access to it + if (!$_SESSION['isadmin'] && !in_array($row['category'], $_SESSION['categories'])) { + continue; + } + $event['type'] = 'TICKET'; $event['trackingId'] = $row['trackid']; $event['title'] = '[' . $row['trackid'] . '] ' . $row['subject']; @@ -75,6 +87,10 @@ function get_events($start, $end, $hesk_settings, $staff = true) { } function create_event($event, $hesk_settings) { + // Make sure the user can create events in this category + if (!$_SESSION['isadmin'] && !in_array($event['category'], $_SESSION['categories'])) { + print_error('Access Denied', 'You cannot create an event in this category'); + } $event['start'] = date('Y-m-d H:i:s', strtotime($event['start'])); $event['end'] = date('Y-m-d H:i:s', strtotime($event['end'])); @@ -101,6 +117,11 @@ function create_event($event, $hesk_settings) { } function update_event($event, $hesk_settings) { + // Make sure the user can edit events in this category + if (!$_SESSION['isadmin'] && !in_array($event['category'], $_SESSION['categories'])) { + print_error('Access Denied', 'You cannot edit an event in this category'); + } + $event['start'] = date('Y-m-d H:i:s', strtotime($event['start'])); $event['end'] = date('Y-m-d H:i:s', strtotime($event['end'])); if ($event['create_ticket_date'] != null) { @@ -128,6 +149,13 @@ function update_event($event, $hesk_settings) { } function delete_event($id, $hesk_settings) { + // Make sure the user can delete events in this category + $categoryRs = hesk_dbQuery('SELECT `category` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'calendar_event` WHERE `id` = ' . intval($id)); + $category = hesk_dbFetchAssoc($categoryRs); + if (!$_SESSION['isadmin'] && !in_array($category['category'], $_SESSION['categories'])) { + print_error('Access Denied', 'You cannot delete events in this category'); + } + $sql = "DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "calendar_event` WHERE `id` = " . intval($id); hesk_dbQuery($sql); diff --git a/js/calendar/mods-for-hesk-calendar-admin-readonly.js b/js/calendar/mods-for-hesk-calendar-admin-readonly.js index 0ca95b0a..6d6b3444 100644 --- a/js/calendar/mods-for-hesk-calendar-admin-readonly.js +++ b/js/calendar/mods-for-hesk-calendar-admin-readonly.js @@ -13,7 +13,7 @@ $(document).ready(function() { defaultView: $('#setting_default_view').text().trim(), events: function(start, end, timezone, callback) { $.ajax({ - url: getHelpdeskUrl() + '/internal-api/calendar/?start=' + start + '&end=' + end, + url: getHelpdeskUrl() + '/internal-api/admin/calendar/?start=' + start + '&end=' + end, method: 'GET', dataType: 'json', success: function(data) { diff --git a/js/calendar/mods-for-hesk-calendar.js b/js/calendar/mods-for-hesk-calendar.js index a5b262dd..483e372e 100644 --- a/js/calendar/mods-for-hesk-calendar.js +++ b/js/calendar/mods-for-hesk-calendar.js @@ -351,8 +351,12 @@ function displayEditModal(date) { .find('input[name="start-date"]').val(date.start.format('YYYY-MM-DD')).end() .find('input[name="end-date"]').val(date.end.format('YYYY-MM-DD')).end() .find('input[name="id"]').val(date.id).end() - .find('input[name="reminder-value"]').val(date.reminderValue).end() - .find('select[name="reminder-unit"]').val(date.reminderUnits).end(); + .find('input[name="reminder-value"]').val(date.reminderValue).end(); + + if (date.reminderUnits != null) { + $form.find('select[name="reminder-unit"]').val(date.reminderUnits).end(); + } + var createTicketLink = getHelpdeskUrl() + '/' + getAdminDirectory() + '/new_ticket.php?subject='; createTicketLink += encodeURI('[' + date.start.format('YYYY-MM-DD') + '] ' + date.title);