From 601da6de92696e12c2c1f6f1ce350e02d17c19a7 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Sun, 7 Aug 2016 22:02:23 -0400
Subject: [PATCH] More work on the get_tickets function

---
 admin/admin_new_main.php       | 18 +++++----
 inc/ticket/get_tickets.inc.php | 73 +++++++++++++++++++++++++++++++++-
 2 files changed, 81 insertions(+), 10 deletions(-)

diff --git a/admin/admin_new_main.php b/admin/admin_new_main.php
index f3fd45c5..4cf5c53c 100644
--- a/admin/admin_new_main.php
+++ b/admin/admin_new_main.php
@@ -58,8 +58,6 @@ require_once(HESK_PATH . 'inc/header_new_admin.inc.php');
 require_once(HESK_PATH . 'inc/new_admin_header_and_sidebar.inc.php');
 
 hesk_handle_messages();
-
-if (hesk_checkPermission('can_view_tickets', 0)) {
 ?>
     <section class="content">
         <div class="box">
@@ -74,9 +72,16 @@ if (hesk_checkPermission('can_view_tickets', 0)) {
                 </div>
             </div>
             <div class="box-body">
-                <table class="table table-hover">
-                    
-                </table>
+                <?php if (!hesk_checkPermission('can_view_tickets', 0)): ?>
+                    <p><i><?php echo $hesklang['na_view_tickets']; ?></i></p>
+                <?php
+                    else:
+
+                ?>
+                    <table class="table table-hover">
+
+                    </table>
+                <?php endif; ?>
             </div>
             <div class="box-footer clearfix">
                 <a href="new_ticket.php" class="btn btn-success"><span class="glyphicon glyphicon-plus-sign"></span> <?php echo $hesklang['nti']; ?></a>
@@ -85,9 +90,6 @@ if (hesk_checkPermission('can_view_tickets', 0)) {
     </section>
 
 <?php
-} else {
-    echo '<p><i>' . $hesklang['na_view_tickets'] . '</i></p>';
-}
 
 require_once(HESK_PATH . 'inc/new_footer.inc.php');
 exit();
diff --git a/inc/ticket/get_tickets.inc.php b/inc/ticket/get_tickets.inc.php
index 0a78d3b3..0a651747 100644
--- a/inc/ticket/get_tickets.inc.php
+++ b/inc/ticket/get_tickets.inc.php
@@ -12,9 +12,78 @@ function get_tickets($search_filter, $hesk_settings) {
 
     foreach ($hesk_settings['custom_fields'] as $k => $v) {
         if ($v['use']) {
-            $sql_final .= ", `" . $k . "`";
+            $sql .= ", `" . $k . "`";
         }
     }
 
-    $sql_final .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
+    $sql .= " FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE ";
+
+    // --> CATEGORY
+    $category = $search_filter['category'];
+    if ($category > 0 && hesk_okCategory($category, 0)) {
+        $sql .= " `category`='{$category}' ";
+    } else {
+        $sql .= hesk_myCategories();
+    }
+
+    // --> TAGGED
+    $tagged = $search_filter['tagged'];
+    if ($tagged) {
+        $sql .= " AND `archive`='1' ";
+    }
+
+    // --> TICKET ASSIGNMENT
+    $sql = handle_ticket_assignments($search_filter, $sql);
+}
+
+function handle_ticket_assignments($search_filter, $sql) {
+    $assigned_to_self = $search_filter['assignment']['self'];
+    $assigned_to_others = $search_filter['assignment']['others'];
+    $assigned_to_no_one = $search_filter['assignment']['no_one'];
+
+    if (!$assigned_to_self && !$assigned_to_others && !$assigned_to_no_one) {
+        $assigned_to_self = true;
+        $assigned_to_others = true;
+        $assigned_to_no_one = true;
+
+        if (!defined('MAIN_PAGE')) {
+            hesk_show_notice($hesklang['e_nose']);
+        }
+    }
+
+    /* If the user doesn't have permission to view assigned to others block those */
+    if (!hesk_checkPermission('can_view_ass_others',0)) {
+        $assigned_to_others = 0;
+    }
+
+    /* If the user doesn't have permission to view unassigned tickets block those */
+    if (!hesk_checkPermission('can_view_unassigned',0)) {
+        $assigned_to_no_one = 0;
+    }
+
+    /* Process assignments */
+    if (!$assigned_to_self || !$assigned_to_others || !$assigned_to_no_one) {
+        if ($assigned_to_self && $assigned_to_others) {
+            // All but unassigned
+            $sql .= " AND `owner` > 0 ";
+        } elseif ($assigned_to_self && $assigned_to_no_one) {
+            // My tickets + unassigned
+            $sql .= " AND `owner` IN ('0', '" . intval($_SESSION['id']) . "') ";
+        } elseif ($assigned_to_others && $assigned_to_no_one) {
+            // Assigned to others + unassigned
+            $sql .= " AND `owner` != '" . intval($_SESSION['id']) . "' ";
+        }
+        elseif ($assigned_to_self) {
+            // Assigned to me only
+            $sql .= " AND `owner` = '" . intval($_SESSION['id']) . "' ";
+        } elseif ($assigned_to_others) {
+            // Assigned to others
+            $sql .= " AND `owner` NOT IN ('0', '" . intval($_SESSION['id']) . "') ";
+        } elseif ($assigned_to_no_one) {
+            // Only unassigned
+            $sql .= " AND `owner` = 0 ";
+        }
+    }
+
+    return $sql;
 }
\ No newline at end of file