diff --git a/api/DataAccess/Calendar/CalendarGateway.php b/api/DataAccess/Calendar/CalendarGateway.php index dc724a73..558e4113 100644 --- a/api/DataAccess/Calendar/CalendarGateway.php +++ b/api/DataAccess/Calendar/CalendarGateway.php @@ -3,12 +3,11 @@ namespace DataAccess\Calendar; +use BusinessLogic\Calendar\AbstractEvent; use BusinessLogic\Calendar\CalendarEvent; use BusinessLogic\Calendar\ReminderUnit; use BusinessLogic\Calendar\SearchEventsFilter; use BusinessLogic\Calendar\TicketEvent; -use BusinessLogic\Security\UserContext; -use BusinessLogic\Security\UserPrivilege; use Core\Constants\Priority; use DataAccess\CommonDao; @@ -18,6 +17,7 @@ class CalendarGateway extends CommonDao { * @param $endTime int * @param $searchEventsFilter SearchEventsFilter * @param $heskSettings array + * @return AbstractEvent[] */ public function getEventsForStaff($startTime, $endTime, $searchEventsFilter, $heskSettings) { $this->init(); @@ -101,7 +101,7 @@ class CalendarGateway extends CommonDao { if (!empty($searchEventsFilter->categories)) { $categoriesAsString = implode(',', $searchEventsFilter->categories); - $sql .= " AND `events`.`category` IN (" . $categoriesAsString . ")"; + $sql .= " AND `tickets`.`category` IN (" . $categoriesAsString . ")"; } $rs = hesk_dbQuery($sql); @@ -128,111 +128,4 @@ class CalendarGateway extends CommonDao { return $events; } - - /** - * @param $startTime int - * @param $endTime int - * @param $userContext UserContext - * @param $heskSettings array - * @return array - */ - public function getXXEventsForStaff($startTime, $endTime, $userContext, $heskSettings) { - $this->init(); - - $startTimeSql = "CONVERT_TZ(FROM_UNIXTIME(" . hesk_dbEscape($startTime) . " / 1000), @@session.time_zone, '+00:00')"; - $endTimeSql = "CONVERT_TZ(FROM_UNIXTIME(" . hesk_dbEscape($endTime) . " / 1000), @@session.time_zone, '+00:00')"; - - $sql = "SELECT `events`.*, `categories`.`name` AS `category_name`, `categories`.`background_color` AS `background_color`, - `categories`.`foreground_color` AS `foreground_color`, `categories`.`display_border_outline` AS `display_border`, - `reminders`.`amount` AS `reminder_value`, `reminders`.`unit` AS `reminder_unit` - FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "calendar_event` AS `events` - INNER JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories` AS `categories` - ON `events`.`category` = `categories`.`id` - LEFT JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "calendar_event_reminder` AS `reminders` - ON `reminders`.`user_id` = " . intval($userContext->id) . " - AND `reminders`.`event_id` = `events`.`id` - WHERE NOT (`end` < {$startTimeSql} OR `start` > {$endTimeSql}) - AND `categories`.`usage` <> 1 - AND `categories`.`type` = '0'"; - - $rs = hesk_dbQuery($sql); - - $events = array(); - while ($row = hesk_dbFetchAssoc($rs)) { - // Skip the event if the user does not have access to it - // TODO This should be business logic - if (!$userContext->admin && in_array($row['category'], $userContext->categories)) { - continue; - } - - $event = new CalendarEvent(); - $event->id = intval($row['id']); - $event->startTime = $row['start']; - $event->endTime = $row['end']; - $event->allDay = $row['all_day'] ? true : false; - $event->title = $row['name']; - $event->location = $row['location']; - $event->comments = $row['comments']; - $event->categoryId = $row['category']; - $event->categoryName = $row['category_name']; - $event->backgroundColor = $row['background_color']; - $event->foregroundColor = $row['foreground_color']; - $event->displayBorder = $row['display_border']; - $event->reminderValue = $row['reminder_value']; - $event->reminderUnits = $row['reminder_unit']; - - $events[] = $event; - } - - $oldTimeSetting = $heskSettings['timeformat']; - $heskSettings['timeformat'] = 'Y-m-d'; - $currentDate = hesk_date(); - $heskSettings['timeformat'] = $oldTimeSetting; - - $sql = "SELECT `trackid`, `subject`, `due_date`, `category`, `categories`.`name` AS `category_name`, `categories`.`background_color` AS `background_color`, - `categories`.`foreground_color` AS `foreground_color`, `categories`.`display_border_outline` AS `display_border`, - CASE WHEN `due_date` < '{$currentDate}' THEN 1 ELSE 0 END AS `overdue`, `owner`.`name` AS `owner_name`, `tickets`.`owner` AS `owner_id`, - `tickets`.`priority` AS `priority` - FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` AS `tickets` - INNER JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories` AS `categories` - ON `categories`.`id` = `tickets`.`category` - AND `categories`.`usage` <> 2 - LEFT JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "users` AS `owner` - ON `tickets`.`owner` = `owner`.`id` - WHERE `due_date` >= CONVERT_TZ(FROM_UNIXTIME(" . hesk_dbEscape($startTime) - . " / 1000), @@session.time_zone, '+00:00') - AND `due_date` <= CONVERT_TZ(FROM_UNIXTIME(" . hesk_dbEscape($endTime) . " / 1000), @@session.time_zone, '+00:00') - AND `status` IN (SELECT `id` FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) "; - - $rs = hesk_dbQuery($sql); - while ($row = hesk_dbFetchAssoc($rs)) { - // Skip the ticket if the user does not have access to it - // TODO Move to Business logic - if (!in_array(UserPrivilege::CAN_VIEW_TICKETS, $userContext->permissions) - || ($row['owner_id'] && $row['owner_id'] != $userContext->id && !in_array(UserPrivilege::CAN_VIEW_ASSIGNED_TO_OTHER, $userContext->permissions)) - || (!$row['owner_id']) && !in_array(UserPrivilege::CAN_VIEW_UNASSIGNED, $userContext->permissions)) { - continue; - } - - $event = new TicketEvent(); - $event->trackingId = $row['trackid']; - $event->subject = $row['subject']; - $event->title = $row['subject']; - $event->startTime = $row['due_date']; - $event->url = $heskSettings['hesk_url'] . '/' . $heskSettings['admin_dir'] . '/admin_ticket.php?track=' . $event['trackingId']; - $event->categoryId = $row['category']; - $event->categoryName = $row['category_name']; - $event->backgroundColor = $row['background_color']; - $event->foregroundColor = $row['foreground_color']; - $event->displayBorder = $row['display_border']; - $event->owner = $row['owner_name']; - $event->priority = $row['priority']; - - $events[] = $event; - } - - $this->close(); - - return $events; - } } \ No newline at end of file diff --git a/api/index.php b/api/index.php index 9e617185..d833c236 100644 --- a/api/index.php +++ b/api/index.php @@ -204,6 +204,7 @@ Link::all(array( '/v1/settings' => action(\Controllers\Settings\SettingsController::clazz(), RequestMethod::all()), // Calendar '/v1/calendar/events/staff' => action(\Controllers\Calendar\CalendarController::clazz(), array(RequestMethod::GET), SecurityHandler::INTERNAL_OR_AUTH_TOKEN), + '/v1/calendar/events/staff/{i}' => action(\Controllers\Calendar\CalendarController::clazz(), array(RequestMethod::PUT), SecurityHandler::INTERNAL_OR_AUTH_TOKEN), /* Internal use only routes */ // Resend email response diff --git a/js/calendar/mods-for-hesk-calendar.js b/js/calendar/mods-for-hesk-calendar.js index 97c4fc7b..88197f4f 100644 --- a/js/calendar/mods-for-hesk-calendar.js +++ b/js/calendar/mods-for-hesk-calendar.js @@ -16,9 +16,10 @@ $(document).ready(function() { defaultView: $('#setting_default_view').text().trim(), events: function(start, end, timezone, callback) { $.ajax({ - url: heskPath + 'internal-api/admin/calendar/?start=' + start + '&end=' + end, + url: heskPath + 'api/v1/calendar/events/staff?start=' + start + '&end=' + end, method: 'GET', dataType: 'json', + headers: { 'X-Internal-Call': true }, success: function(data) { var events = []; $(data).each(function() { @@ -90,7 +91,7 @@ $(document).ready(function() { var $eventMarkup = $(this); var eventTitle = event.title; - if (event.fontIconMarkup != undefined) { + if (event.fontIconMarkup !== undefined) { eventTitle = event.fontIconMarkup + ' ' + eventTitle; }