From ad4fee1eb3e4682fe51335174435b4fe5a6885c3 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Mon, 24 Nov 2014 23:54:57 -0500
Subject: [PATCH] #84 Wired up the UI for changing notification setting
 permissions

Only non-admins can be restricted from changing notifications. Admins still can change freely
---
 admin/manage_users.php    | 38 ++++++++++++++++++++++++++++++++------
 install/updateTo1-6-0.php |  1 +
 language/en/text.php      |  1 +
 3 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/admin/manage_users.php b/admin/manage_users.php
index cdce6e1d..f7cbea07 100644
--- a/admin/manage_users.php
+++ b/admin/manage_users.php
@@ -263,7 +263,10 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                         }
                                         echo ' />' . $hesklang[$k] . '</label></div> ';
                                     }
-                                ?>    
+                                ?>
+                                <div class="checkbox">
+                                    <label><input type="checkbox" name="can_change_notification_settings" checked> <?php echo $hesklang['can_change_notification_settings']; ?> </label>
+                                </div>
                             </div>     
                         </div> 
                     </div>
@@ -551,7 +554,8 @@ function edit_user()
 
     if ( ! isset($_SESSION['save_userdata']))
     {
-		$res = hesk_dbQuery("SELECT `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` AS `features`, `can_manage_settings`, `active` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1");
+		$res = hesk_dbQuery("SELECT `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings`
+                            FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1");
     	$_SESSION['userdata'] = hesk_dbFetchAssoc($res);
 
         /* Store original username for display until changes are saved successfully */
@@ -691,7 +695,21 @@ function edit_user()
 	                                }
 	                                echo ' />' . $hesklang[$k] . '</label></div> ';
 	                            }
-	                        ?>    
+
+                                $manageNotificationCheckboxState = '';
+                                if (
+                                    isset($_SESSION['userdata']['can_change_notification_settings'])
+                                    && $_SESSION['userdata']['can_change_notification_settings'] == 1)
+                                {
+                                    $manageNotificationCheckboxState = 'checked';
+                                }
+
+	                        ?>
+                            <div class="checkbox">
+                                <label><input type="checkbox" name="can_change_notification_settings" <?php echo $manageNotificationCheckboxState; ?>>
+                                        <?php echo $hesklang['can_change_notification_settings']; ?>
+                                </label>
+                            </div>
                         </div>
                     </div>
                 </div>
@@ -791,7 +809,8 @@ function new_user()
 		$myuser['features'] = '';
     }
 
-	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (`user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges`, `can_manage_settings` $sql_where) VALUES (
+	hesk_dbQuery("INSERT INTO `".hesk_dbEscape($hesk_settings['db_pfix'])."users` (
+	    `user`,`pass`,`isadmin`,`name`,`email`,`signature`,`categories`,`autoassign`,`heskprivileges`, `can_manage_settings`, `can_change_notification_settings` $sql_where) VALUES (
 	'".hesk_dbEscape($myuser['user'])."',
 	'".hesk_dbEscape($myuser['pass'])."',
 	'".intval($myuser['isadmin'])."',
@@ -801,7 +820,8 @@ function new_user()
 	'".hesk_dbEscape($myuser['categories'])."',
 	'".intval($myuser['autoassign'])."',
 	'".hesk_dbEscape($myuser['features'])."',
-	'".hesk_dbEscape($myuser['can_manage_settings'])."'
+	'".hesk_dbEscape($myuser['can_manage_settings'])."',
+	'".hesk_dbEscape($myuser['can_change_notification_settings'])."'
 	$sql_what )" );
 
     $_SESSION['seluser'] = hesk_dbInsertID();
@@ -893,7 +913,8 @@ function update_user()
     `active`='".intval($myuser['active'])."',
     `autoassign`='".intval($myuser['autoassign'])."',
     `heskprivileges`='".hesk_dbEscape($myuser['features'])."',
-    `can_manage_settings`='".hesk_dbEscape($myuser['can_manage_settings'])."'
+    `can_manage_settings`='".hesk_dbEscape($myuser['can_manage_settings'])."',
+    `can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."'
     $sql_where
     WHERE `id`='".intval($myuser['id'])."' LIMIT 1");
 
@@ -918,6 +939,11 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user
 	$myuser['signature']  = hesk_input( hesk_POST('signature') );
     $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0;
     $myuser['active'] = empty($_POST['active']) ? 0 : 1;
+    $myuser['can_change_notification_settings'] = empty($_POST['can_change_notification_settings']) ? 0 : 1;
+    if ($myuser['isadmin'])
+    {
+        $myuser['can_change_notification_settings'] = 1;
+    }
 
     /* If it's not admin at least one category and fature is required */
     $myuser['categories']	= array();
diff --git a/install/updateTo1-6-0.php b/install/updateTo1-6-0.php
index 5dbf0543..3e179003 100644
--- a/install/updateTo1-6-0.php
+++ b/install/updateTo1-6-0.php
@@ -5,6 +5,7 @@ require(HESK_PATH . 'install/install_functions.inc.php');
 require(HESK_PATH . 'hesk_settings.inc.php');
 hesk_dbConnect();
 hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ADD COLUMN `notify_note_unassigned` ENUM('0', '1') NOT NULL DEFAULT '0'");
+hesk_dbQuery("ALTER TABLE `".hesk_dbEscape($hesk_settings['db_pfix'])."users` ADD COLUMN `can_change_notification_settings` ENUM('0', '1') NOT NULL DEFAULT '1'");
 ?>
 
 <h1>Installation / Update complete!</h1>
diff --git a/language/en/text.php b/language/en/text.php
index e5fe01a1..1130610e 100644
--- a/language/en/text.php
+++ b/language/en/text.php
@@ -27,6 +27,7 @@ $hesklang['ticket_reopen'] = '[#%%TRACK_ID%%] Ticket reopened';
 $hesklang['ticket_reopen_assigned'] = '[#%%TRACK_ID%%] Assigned ticket reopened';
 $hesklang['create_based_on_contact'] = 'Create Ticket For Same Contact';
 $hesklang['notify_note_unassigned'] = 'Someone adds a note to a ticket not assigned to me';
+$hesklang['can_change_notification_settings'] = 'Can change notification settings';
 
 // ADDED OR MODIFIED IN NuMods 1.5.0
 $hesklang['ticket_auto_refresh'] = 'Ticket Table Auto-Refresh:';