diff --git a/admin/admin_main.php b/admin/admin_main.php
index b5d53cdd..0800c0f6 100644
--- a/admin/admin_main.php
+++ b/admin/admin_main.php
@@ -51,6 +51,7 @@ hesk_isLoggedIn();
define('CALENDAR', 1);
define('MAIN_PAGE', 1);
define('PAGE_TITLE', 'ADMIN_HOME');
+define('AUTO_RELOAD', 1);
/* Print header */
require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
@@ -58,7 +59,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
/* Reset default settings? */
if (isset($_GET['reset']) && hesk_token_check()) {
- $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "' LIMIT 1");
+ $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `default_list`='' WHERE `id` = '" . intval($_SESSION['id']) . "'");
$_SESSION['default_list'] = '';
} /* Get default settings */
else {
@@ -81,6 +82,12 @@ else {
+
+
If locked, keep it resolved
if ($ticket['locked']) {
$new_status = $lockedTicketStatus['ID'];
@@ -248,7 +254,7 @@ if ($ticket['locked']) {
$newStatusRs = hesk_dbQuery('SELECT `IsClosed`, `Key` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `ID` = ' . hesk_dbEscape($new_status));
$newStatus = hesk_dbFetchAssoc($newStatusRs);
- if ($newStatus['IsClosed']) {
+ if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
@@ -257,7 +263,7 @@ if ($ticket['locked']) {
$sql_status .= " , `locked`='1' ";
}
} else {
- // Ticket isn't being closed, just add the history to the sql query
+ // Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
}
@@ -310,12 +316,12 @@ $sql .= " , `replies`=`replies`+1 ";
$sql .= $submit_as_customer ? '' : " , `staffreplies`=`staffreplies`+1 ";
// End and execute the query
-$sql .= " WHERE `id`='{$replyto}' LIMIT 1";
+$sql .= " WHERE `id`='{$replyto}'";
hesk_dbQuery($sql);
unset($sql);
/* Update number of replies in the users table */
-hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "' LIMIT 1");
+hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
// --> Prepare reply message
@@ -357,7 +363,7 @@ elseif (!isset($_POST['no_notify']) || intval(hesk_POST('no_notify')) != 1) {
}
// Delete any existing drafts from this owner for this ticket
-hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']) . " LIMIT 1");
+hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `owner`=" . intval($_SESSION['id']) . " AND `ticket`=" . intval($ticket['id']));
/* Set reply submitted message */
$_SESSION['HESK_SUCCESS'] = TRUE;