Netsyms
/
Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch '3-2-0' into 'master'

Browse Source 
3.2.0 Update

See merge request mike-koch/Mods-for-HESK!75
master
Mike Koch 7 years ago
parent b6ab6a806e 05617a3b56
commit ca728839ac
312 changed files with 9984 additions and 5450 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape Escape View File

@ -8,7 +8,6 @@ admin/archive.php
admin/custom_statuses.php
admin/email_templates.php
admin/generate_spam_question.php
admin/priority.php
admin/test_connection.php
attachments/index.htm
cache/

84
.gitlab-ci.yml
Unescape Escape View File

@ -1,32 +1,82 @@
image: tetraweb/php
stages:
- validate
- test
- deploy
- package
before_script:
- apt-get update
- apt-get install zip unzip
- cd api
- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- php composer-setup.php
- php -r "unlink('composer-setup.php');"
- php composer.phar update
test:
- bash ci/docker_install.sh > /dev/null
validate:7.1:
image: php:7.1
stage: validate
script:
- bash ci/php_lint.sh ./
validate:7.0:
image: php:7.0
stage: validate
script:
- bash ci/php_lint.sh ./
validate:5.6:
image: php:5.6
stage: validate
script:
- bash ci/php_lint.sh ./
validate:5.5:
image: php:5.5
stage: validate
script:
- bash ci/php_lint.sh ./
validate:5.4:
image: php:5.4
stage: validate
script:
- bash ci/php_lint.sh ./
validate:5.3:
image: php:5.3
stage: validate
script:
- bash ci/php_lint.sh ./
test:7.1:
image: php:7.1
stage: test
script:
- cd api
- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- php composer-setup.php
- php -r "unlink('composer-setup.php');"
- php composer.phar update
- php composer.phar install
- cd Tests
- phpunit
test:7.0:
image: php:7.0
stage: test
script:
- composer install
- cd api
- php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
- php composer-setup.php
- php -r "unlink('composer-setup.php');"
- php composer.phar update
- php composer.phar install
- cd Tests
- phpunit
deploy:
package:
image: tetraweb/php
when: manual
stage: deploy
stage: package
script:
- cd api
- composer install --no-dev
- cd ../ci
- bash build_zip.sh
- bash build_release.sh
artifacts:
paths:
- release.zip
- release/

63
admin/admin_reply_ticket.php
Unescape Escape View File

@ -189,15 +189,20 @@ if ($hesk_settings['attachments']['use'] && !empty($attachments)) {
// Add reply
$html = $modsForHesk_settings['rich_text_for_tickets'];
if ($submit_as_customer) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($ticket['name'])) . "','" . hesk_dbEscape($message . "<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>") . "',NOW(),'" . hesk_dbEscape($myattachments) . "', '" . $html . "')");
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($ticket['name'])) . "','" . hesk_dbEscape($message . "<br /><br /><i>{$hesklang['creb']} {$_SESSION['name']}</i>") . "','" . hesk_dbEscape(hesk_date()) . "','" . hesk_dbEscape($myattachments) . "', '" . $html . "')");
} else {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($_SESSION['name'])) . "','" . hesk_dbEscape($message) . "',NOW(),'" . hesk_dbEscape($myattachments) . "','" . intval($_SESSION['id']) . "', '" . $html . "')");
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` (`replyto`,`name`,`message`,`dt`,`attachments`,`staffid`,`html`) VALUES ('" . intval($replyto) . "','" . hesk_dbEscape(addslashes($_SESSION['name'])) . "','" . hesk_dbEscape($message) . "','" . hesk_dbEscape(hesk_date()) . "','" . hesk_dbEscape($myattachments) . "','" . intval($_SESSION['id']) . "', '" . $html . "')");
}
/* Track ticket status changes for history */
$revision = '';
/* Change the status of priority? */
$audit_priority = null;
$audit_closed = null;
$audit_status = null;
$audit_customer_status = null;
$audit_assigned_self = null;
if (!empty($_POST['set_priority'])) {
$priority = intval(hesk_POST('priority'));
if ($priority < 0 || $priority > 3) {
@ -211,9 +216,17 @@ if (!empty($_POST['set_priority'])) {
3 => $hesklang['low']
);
$revision = sprintf($hesklang['thist8'], hesk_date(), $options[$priority], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$plain_options = array(
0 => 'critical',
1 => 'high',
2 => 'medium',
3 => 'low'
);
$priority_sql = ",`priority`='$priority' ";
$priority_sql = ",`priority`='$priority', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
$audit_priority = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $plain_options[$priority]);
} else {
$priority_sql = "";
}
@ -238,8 +251,11 @@ if ($ticket['locked']) {
$newStatus = hesk_dbFetchAssoc($newStatusRs);
if ($newStatus['IsClosed'] && hesk_checkPermission('can_resolve', 0)) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
$audit_closed = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => mfh_getDisplayTextForStatusId($new_status)
);
$sql_status = " , `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " ";
// Lock the ticket if customers are not allowed to reopen tickets
if ($hesk_settings['custopen'] != 1) {
@ -247,8 +263,8 @@ if ($ticket['locked']) {
}
} else {
// Ticket isn't being closed, just add the history to the sql query (or tried to close but doesn't have permission)
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang[$newStatus['Key']], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
$audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => mfh_getDisplayTextForStatusId($new_status));
}
}
} // -> Submit as Customer reply
@ -259,8 +275,8 @@ elseif ($submit_as_customer) {
$new_status = $customerReplyStatus['ID'];
if ($ticket['status'] != $new_status) {
$revision = sprintf($hesklang['thist9'], hesk_date(), $hesklang['wait_reply'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql_status = " , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
$audit_customer_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => mfh_getDisplayTextForStatusId($new_status));
}
} // -> Default: submit as "Replied by staff"
else {
@ -282,8 +298,8 @@ if ($time_worked == '00:00:00') {
}
if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager']))) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql .= " , `owner`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
$audit_assigned_self = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$sql .= " , `owner`=" . intval($_SESSION['id']) . " ";
}
$sql .= " $priority_sql ";
@ -306,6 +322,29 @@ unset($sql);
/* Update number of replies in the users table */
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `replies`=`replies`+1 WHERE `id`='" . intval($_SESSION['id']) . "'");
//-- Insert necessary audit trail records
if ($audit_priority != null) {
mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_priority', hesk_date(), $audit_priority);
}
if ($audit_closed != null) {
mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_closed', hesk_date(), $audit_closed);
}
if ($audit_status != null) {
mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_status', hesk_date(), $audit_status);
}
if ($audit_customer_status != null) {
mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_status', hesk_date(),
$audit_customer_status);
}
if ($audit_assigned_self != null) {
mfh_insert_audit_trail_record($replyto, 'TICKET', 'audit_assigned_self', hesk_date(), $audit_assigned_self);
}
// --> Prepare reply message
// 1. Generate the array with ticket info that can be used in emails

6
admin/admin_settings.php
Unescape Escape View File

@ -426,16 +426,16 @@ $modsForHesk_settings = mfh_getSettings();
</span>
<span class="beta-version orange" style="display: none">
<?php echo $hesklang['beta']; ?>
<a href="https://www.mods-for-hesk.com/versioncheck.php?v=<?php echo $modsForHeskVersion; ?>"
<a href="https://www.mods-for-hesk.com/versioncheck.php?version=<?php echo $modsForHeskVersion; ?>"
target="_blank"><?php echo $hesklang['check4updates']; ?></a>
</span>
<span class="update-available" style="display: none">
<a class="orange" href="https://www.mods-for-hesk.com/versioncheck.php?version=<?php echo $hesk_settings['hesk_version']; ?>"
<a class="orange" href="https://www.mods-for-hesk.com/versioncheck.php?version=<?php echo $modsForHeskVersion; ?>"
target="_blank">
<?php echo $hesklang['hnw']; ?>
</a>
</span>
<a class="response-error" href="https://www.hesk.com/update.php?version=<?php echo $hesk_settings['hesk_version']; ?>"
<a class="response-error" href="https://www.mods-for-hesk.com/versioncheck.php?version=<?php echo $modsForHeskVersion; ?>"
target="_blank" style="display: none"><?php echo $hesklang['check4updates']; ?></a>
<?php else: ?>
- <a

11
admin/admin_submit_ticket.php
Unescape Escape View File

@ -176,11 +176,11 @@ foreach ($hesk_settings['custom_fields'] as $k=>$v) {
$tmpvar['trackid'] = hesk_createID();
// Log who submitted ticket
$tmpvar['history'] = sprintf($hesklang['thist7'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$tmpvar['openedby'] = $_SESSION['id'];
// Owner
$tmpvar['owner'] = 0;
$autoassign_owner = null;
if (hesk_checkPermission('can_assign_others', 0)) {
$tmpvar['owner'] = intval(hesk_POST('owner'));
@ -192,7 +192,6 @@ if (hesk_checkPermission('can_assign_others', 0)) {
$autoassign_owner = hesk_autoAssignTicket($tmpvar['category']);
if ($autoassign_owner) {
$tmpvar['owner'] = intval($autoassign_owner['id']);
$tmpvar['history'] .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
} else {
$tmpvar['owner'] = 0;
}
@ -315,6 +314,14 @@ $tmpvar['screen_resolution_width'] = "NULL";
// Insert ticket to database
$ticket = hesk_newTicket($tmpvar);
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_created', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
if ($autoassign_owner) {
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_autoassigned', hesk_date(),
array(0 => $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'));
}
// Notify the customer about the ticket?
if ($notify && $email_available) {
hesk_notifyCustomer($modsForHesk_settings);

397
admin/admin_ticket.php
Unescape Escape View File

@ -97,6 +97,37 @@ if (!$ticket['owner'] && !$can_view_unassigned) {
hesk_error($hesklang['ycovtay']);
}
// Get audit information
$audit_sort = $hesk_settings['new_top'] ? "ASC" : "DESC";
$auditRes = hesk_dbQuery("SELECT `audit`.`id`, `audit`.`language_key`, `audit`.`date`,
`values`.`replacement_index`, `values`.`replacement_value`
FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail` AS `audit`
LEFT JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail_to_replacement_values` AS `values`
ON `audit`.`id` = `values`.`audit_trail_id`
WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($ticket['id']) . "
ORDER BY `audit`.`date` {$audit_sort}");
$audit_records = array();
$current_audit_record = null;
while ($row = hesk_dbFetchAssoc($auditRes)) {
if ($current_audit_record == null || $current_audit_record['id'] != $row['id']) {
if ($current_audit_record != null) {
$audit_records[] = $current_audit_record;
}
$current_audit_record['id'] = $row['id'];
$current_audit_record['language_key'] = $row['language_key'];
$current_audit_record['date'] = $row['date'];
$current_audit_record['replacement_values'] = array();
}
if ($row['replacement_index'] != null) {
$current_audit_record['replacement_values'][intval($row['replacement_index'])] = $row['replacement_value'];
}
}
if ($current_audit_record != null) {
$audit_records[] = $current_audit_record;
}
/* Set last replier name */
if ($ticket['lastreplier']) {
if (empty($ticket['repliername'])) {
@ -120,19 +151,19 @@ $managerRow = hesk_dbFetchAssoc($managerRS);
$isManager = $managerRow['id'] == $category['manager'];
if ($isManager) {
$can_del_notes =
$can_reply =
$can_delete =
$can_edit =
$can_archive =
$can_assign_self =
$can_view_unassigned =
$can_change_own_cat =
$can_change_cat =
$can_ban_emails =
$can_unban_emails =
$can_ban_ips =
$can_unban_ips =
$can_resolve = true;
$can_reply =
$can_delete =
$can_edit =
$can_archive =
$can_assign_self =
$can_view_unassigned =
$can_change_own_cat =
$can_change_cat =
$can_ban_emails =
$can_unban_emails =
$can_ban_ips =
$can_unban_ips =
$can_resolve = true;
}
/* Is this user allowed to view tickets inside this category? */
@ -439,8 +470,10 @@ if ($hesk_settings['time_worked'] && ($can_reply || $can_edit) && isset($_POST['
$time_worked = hesk_getTime($h . ':' . $m . ':' . $s);
/* Update database */
$revision = sprintf($hesklang['thist14'], hesk_date(), $time_worked, $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `time_worked`='" . hesk_dbEscape($time_worked) . "' WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_time_worked', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $time_worked));
/* Show ticket */
hesk_process_messages($hesklang['twu'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
@ -476,13 +509,26 @@ if (($can_reply || $can_edit) && isset($_POST['childTrackingId'])) {
}
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = ' . intval($ticket['id']) . ' WHERE `trackid` = \'' . hesk_dbEscape(hesk_POST('childTrackingId')) . '\'');
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_linked_ticket', hesk_date(),
array(
0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => hesk_POST('childTrackingId')
));
hesk_process_messages(sprintf($hesklang['link_added'], $_POST['childTrackingId']), 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
/* Delete child action */
if (($can_reply || $can_edit) && isset($_GET['deleteChild'])) {
//-- Delete the relationship
$innerTrackingRs = hesk_dbQuery("SELECT `trackid` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `id` = " . hesk_dbEscape($_GET['deleteChild']));
$innerTrackingId = hesk_dbFetchAssoc($innerTrackingRs);
hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'tickets` SET `parent` = NULL WHERE `ID` = ' . hesk_dbEscape($_GET['deleteChild']));
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_unlinked_ticket', hesk_date(),
array(
0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $innerTrackingId['trackid']
));
hesk_process_messages($hesklang['ticket_no_longer_linked'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
} elseif (($can_reply || $can_edit) && isset($_GET['deleteParent'])) {
@ -528,7 +574,6 @@ if (isset($_GET['delatt']) && hesk_token_check()) {
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "attachments` WHERE `att_id`='" . intval($att_id) . "'");
/* Update ticket or reply in the database */
$revision = sprintf($hesklang['thist12'], hesk_date(), $att['real_name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
if ($reply) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "replies` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($reply) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
@ -539,6 +584,9 @@ if (isset($_GET['delatt']) && hesk_token_check()) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name'] . '#' . $att['saved_name']) . ",','') WHERE `id`='" . intval($ticket['id']) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `attachments`=REPLACE(`attachments`,'" . hesk_dbEscape($att_id . '#' . $att['real_name']) . ",',''), `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($ticket['id']) . "'");
}
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_attachment_deleted', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $att['real_name']));
hesk_process_messages($hesklang['kb_att_rem'], 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . mt_rand(10000, 99999), 'SUCCESS');
}
@ -948,25 +996,42 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
);
$options = array();
for ($i = 0; $i < 4; $i++) {
if ($ticket['priority'] == $i) {
if ($i === 0) {
$cssClass = 'critical-priority';
} elseif ($i === 1) {
$cssClass = 'high-priority';
} elseif ($i === 2) {
$cssClass = 'medium-priority';
} else {
$cssClass = 'low-priority';
}
}
$selected = $ticket['priority'] == $i ? 'selected' : '';
array_push($options, '<option value="' . $i . '" ' . $selected . '>' . $priorityLanguages[$i] . '</option>');
}
$content = "<i class='fa fa-fw fa-%s %s' style='font-size: 1em'></i> {$priorityLanguages[$i]}";
if ($i === 0) {
$content = sprintf($content, 'long-arrow-up', 'critical');
} elseif ($i === 1) {
$content = sprintf($content, 'angle-double-up', 'orange');
} elseif ($i === 2) {
$content = sprintf($content, 'angle-double-down', 'green');
} else {
$content = sprintf($content, 'long-arrow-down', 'blue');
}
echo '<div class="ticket-cell-admin col-md-3 col-sm-12 ';
if ($ticket['priority'] == 0) {
echo 'critical-priority">';
} elseif ($ticket['priority'] == 1) {
echo 'high-priority">';
} else {
echo 'med-low-priority">';
array_push($options, '<option data-content="' . $content . '" value="' . $i . '" ' . $selected . '>' . $priorityLanguages[$i] . '</option>');
}
echo '<div class="ticket-cell-admin col-md-3 col-sm-12 ' . $cssClass . '">';
echo '<p class="ticket-property-title">' . $hesklang['priority'] . '</p>';
echo '<form style="margin-bottom:0;" id="changePriorityForm" action="priority.php" method="post">
<span style="white-space:nowrap;">
<select class="form-control" name="priority" onchange="document.getElementById(\'changePriorityForm\').submit();">';
<select class="selectpicker form-control" name="priority" onchange="document.getElementById(\'changePriorityForm\').submit();">';
echo implode('', $options);
echo '
</select>
@ -987,13 +1052,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$results = mfh_getAllStatuses();
foreach ($results as $row) {
$selected = $ticket['status'] == $row['ID'] ? 'selected' : '';
$status_options[$row['ID']] = '<option value="' . $row['ID'] . '" ' . $selected . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
$status_options[$row['ID']] = '<option style="color: ' . $row['TextColor'] . '" value="' . $row['ID'] . '" ' . $selected . '>' . mfh_getDisplayTextForStatusId($row['ID']) . '</option>';
}
echo '
<form role="form" id="changeStatusForm" style="margin-bottom:0;" action="change_status.php" method="post">
<span style="white-space:nowrap;">
<select class="form-control" onchange="document.getElementById(\'changeStatusForm\').submit();" name="s">
<select class="selectpicker form-control" onchange="document.getElementById(\'changeStatusForm\').submit();" name="s">
' . implode('', $status_options) . '
</select>
@ -1011,7 +1076,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '
<form style="margin-bottom:0;" id="changeOwnerForm" action="assign_owner.php" method="post">
<span style="white-space:nowrap;">
<select class="form-control" name="owner" onchange="document.getElementById(\'changeOwnerForm\').submit();">';
<select class="selectpicker form-control" name="owner" onchange="document.getElementById(\'changeOwnerForm\').submit();">';
$selectedForUnassign = 'selected';
foreach ($admins as $k => $v) {
$selected = '';
@ -1046,7 +1111,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<form style="margin-bottom:0;" id="changeCategory" action="move_category.php" method="post">
<span style="white-space:nowrap;">
<select name="category" class="form-control" onchange="document.getElementById(\'changeCategory\').submit();">
<select name="category" class="selectpicker form-control" onchange="document.getElementById(\'changeCategory\').submit();">
' . $categories_options . '
</select>
@ -1588,7 +1653,7 @@ function print_form()
} // End print_form()
function mfh_print_message() {
global $ticket, $hesklang, $hesk_settings, $can_ban_emails, $can_ban_ips, $trackingID, $modsForHesk_settings;
global $ticket, $hesklang, $hesk_settings, $can_ban_emails, $can_ban_ips, $can_unban_emails, $can_unban_ips, $trackingID, $modsForHesk_settings;
?>
<li><i class="fa fa-comment bg-red" data-toggle="tooltip" title="<?php echo $hesklang['original_message']; ?>"></i>
<div class="timeline-item">
@ -1749,7 +1814,44 @@ function mfh_print_message() {
function hesk_printTicketReplies()
{
global $hesklang, $hesk_settings, $result, $reply;
global $hesklang, $hesk_settings, $result, $reply, $audit_records;
// Sort replies and audit messages. They'll be in the proper order already
$combined_records = array();
foreach ($audit_records as $audit_record) {
$audit_record['SORT_TYPE'] = 'AUDIT_RECORD';
$combined_records[] = $audit_record;
}
while ($reply = hesk_dbFetchAssoc($result)) {
$reply['SORT_TYPE'] = 'REPLY';
$combined_records[] = $reply;
}
// Re-sort them so they're in order by date
usort($combined_records, function ($a, $b) {
$a_date = null;
$b_date = null;
if ($a['SORT_TYPE'] == 'REPLY') {
$a_date = strtotime($a['dt']);
} else {
$a_date = strtotime($a['date']);
}
if ($b['SORT_TYPE'] == 'REPLY') {
$b_date = strtotime($b['dt']);
} else {
$b_date = strtotime($b['date']);
}
if ($a_date === $b_date && $a['SORT_TYPE'] != $b['SORT_TYPE']) {
if ($a['SORT_TYPE'] != $b['SORT_TYPE']) {
return $a['SORT_TYPE'] == 'REPLY' ? -1 : 1;
}
}
return $a_date - $b_date;
});
echo '<ul class="timeline">';
if (!$hesk_settings['new_top']) {
@ -1758,83 +1860,194 @@ function hesk_printTicketReplies()
echo '<li class="today-top"><i class="fa fa-clock-o bg-gray" data-toggle="tooltip" title="' . $hesklang['timeline_today'] . '"></i></li>';
}
while ($reply = hesk_dbFetchAssoc($result)) {
$reply['dt'] = hesk_date($reply['dt'], true);
?>
<li>
<?php if ($reply['staffid']): ?>
<i class="fa fa-reply bg-orange" data-toggle="tooltip" title="<?php echo $hesklang['reply_by_staff']; ?>"></i>
<?php else: ?>
<i class="fa fa-share bg-blue" data-toggle="tooltip" title="<?php echo $hesklang['reply_by_customer']; ?>"></i>
<?php endif; ?>
<div class="timeline-item">
<span class="time"><i class="fa fa-clock-o"></i> <?php echo $reply['dt']; ?></span>
<h3 class="timeline-header"><?php echo $reply['name']; ?></h3>
<div class="timeline-body">
<div class="row">
<div class="col-md-3 text-right">
<strong><?php echo $hesklang['message_colon']; ?></strong>
</div>
<div class="col-md-9">
<?php
if ($reply['html']) {
echo hesk_html_entity_decode($reply['message']);
} else {
echo $reply['message'];
} ?>
</div>
foreach ($combined_records as $record) {
if ($record['SORT_TYPE'] == 'REPLY') {
mfh_print_reply($record);
} else {
mfh_print_audit_record($record);
}
}
if ($hesk_settings['new_top']) {
mfh_print_message();
} else {
echo '<li><i class="fa fa-clock-o bg-gray" data-toggle="tooltip" title="' . $hesklang['timeline_today'] . '"></i></li>';
}
echo '</ul>';
return;
} // End hesk_printTicketReplies()
function mfh_print_reply($reply) {
global $hesklang, $hesk_settings;
$reply['dt'] = hesk_date($reply['dt'], true);
?>
<li>
<?php if ($reply['staffid']): ?>
<i class="fa fa-reply bg-orange" data-toggle="tooltip" title="<?php echo $hesklang['reply_by_staff']; ?>"></i>
<?php else: ?>
<i class="fa fa-share bg-blue" data-toggle="tooltip" title="<?php echo $hesklang['reply_by_customer']; ?>"></i>
<?php endif; ?>
<div class="timeline-item">
<span class="time"><i class="fa fa-clock-o"></i> <?php echo $reply['dt']; ?></span>
<h3 class="timeline-header"><?php echo $reply['name']; ?></h3>
<div class="timeline-body">
<div class="row">
<div class="col-md-3 text-right">
<strong><?php echo $hesklang['message_colon']; ?></strong>
</div>
<div class="col-md-9">
<?php
if ($reply['html']) {
echo hesk_html_entity_decode($reply['message']);
} else {
echo $reply['message'];
} ?>
</div>
</div>
<?php
if ($hesk_settings['attachments']['use'] && strlen($reply['attachments'])):
</div>
<?php
if ($hesk_settings['attachments']['use'] && strlen($reply['attachments'])):
?>
<div class="timeline-footer">
<?php mfh_listAttachments($reply['attachments'], $reply['id'], true); ?>
</div>
<?php endif; ?>
<div class="timeline-footer">
<div class="row">
<div class="col-md-6">
<?php
/* Staff rating */
if ($hesk_settings['rating'] && $reply['staffid']) {
if ($reply['rating'] == 1) {
echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
} elseif ($reply['rating'] == 5) {
echo '<p class="rate">' . $hesklang['rh'] . '</p>';
}
}
/* Show "unread reply" message? */
if ($reply['staffid'] && !$reply['read']) {
echo '<p class="rate">' . $hesklang['unread'] . '</p>';
<?php endif; ?>
<div class="timeline-footer">
<div class="row">
<div class="col-md-6">
<?php
/* Staff rating */
if ($hesk_settings['rating'] && $reply['staffid']) {
if ($reply['rating'] == 1) {
echo '<p class="rate">' . $hesklang['rnh'] . '</p>';
} elseif ($reply['rating'] == 5) {
echo '<p class="rate">' . $hesklang['rh'] . '</p>';
}
?>
</div>
<div class="col-md-6 text-right">
<?php echo hesk_getAdminButtonsInTicket(); ?>
</div>
}
/* Show "unread reply" message? */
if ($reply['staffid'] && !$reply['read']) {
echo '<p class="rate">' . $hesklang['unread'] . '</p>';
}
?>
</div>
<div class="col-md-6 text-right">
<?php echo hesk_getAdminButtonsInTicket(); ?>
</div>
</div>
</div>
</li>
<?php
}
</div>
</li>
<?php
}
if ($hesk_settings['new_top']) {
mfh_print_message();
} else {
echo '<li><i class="fa fa-clock-o bg-gray" data-toggle="tooltip" title="' . $hesklang['timeline_today'] . '"></i></li>';
}
echo '</ul>';
function mfh_print_audit_record($record) {
global $hesklang;
return;
$record['date'] = hesk_date($record['date'], true);
$font_icon = null;
switch ($record['language_key']) {
case 'audit_moved_category':
$font_icon = 'fa-pie-chart';
break;
case 'audit_assigned':
case 'audit_assigned_self':
$font_icon = 'fa-user-plus';
break;
case 'audit_unassigned':
$font_icon = 'fa-user-times';
break;
case 'audit_autoassigned':
$font_icon = 'fa-bolt';
break;
case 'audit_closed':
case 'audit_automatically_closed':
$font_icon = 'fa-check-circle';
break;
case 'audit_opened':
$font_icon = 'fa-circle-o';
break;
case 'audit_locked':
case 'audit_automatically_locked':
$font_icon = 'fa-lock';
break;
case 'audit_unlocked':
$font_icon = 'fa-unlock-alt';
break;
case 'audit_created':
case 'audit_submitted_by':
$font_icon = 'fa-user';
break;
case 'audit_priority':
// The new priority is in arg[1]
$priority = $record['replacement_values'][1];
if ($priority === 'critical') {
$font_icon = 'fa-long-arrow-up';
} elseif ($priority === 'high') {
$font_icon = 'fa-angle-double-up';
} elseif ($priority === 'medium') {
$font_icon = 'fa-angle-double-down';
} else {
$font_icon = 'fa-long-arrow-down';
}
} // End hesk_printTicketReplies()
// Now localize the text for display
$record['replacement_values'][1] = $hesklang[$priority];
break;
case 'audit_status':
$font_icon = 'fa-exchange';
break;
case 'audit_submitted_via_piping':
case 'audit_submitted_via_pop':
$font_icon = 'fa-envelope-o';
break;
case 'audit_attachment_deleted':
$font_icon = 'fa-paperclip';
break;
case 'audit_merged':
$font_icon = 'fa-code-fork';
break;
case 'audit_time_worked':
$font_icon = 'fa fa-clock-o';
break;
case 'audit_due_date_removed':
$font_icon = 'fa fa-calendar-minus-o';
break;
case 'audit_due_date_changed':
$font_icon = 'fa fa-calendar';
//-- Format the date
$record['replacement_values'][1] = date('Y-m-d', strtotime($record['replacement_values'][1]));
break;
case 'audit_linked_ticket':
$font_icon = 'fa fa-link';
break;
case 'audit_unlinked_ticket':
$font_icon = 'fa fa-chain-broken';
break;
default:
$font_icon = 'fa-question-circle';
break;
}
?>
<li>
<i class="fa <?php echo $font_icon; ?> bg-gray"></i>
<div class="timeline-item">
<span class="time"><i class="fa fa-clock-o"></i> <?php echo $record['date']; ?></span>
<h3 class="timeline-header audit-record">
<?php echo vsprintf($hesklang[$record['language_key']], $record['replacement_values']); ?>
</h3>
</div>
</li>
<?php
}
function hesk_printReplyForm()
{
global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $can_resolve, $options, $can_assign_self, $isManager, $modsForHesk_settings;
global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $can_resolve, $options, $can_assign_self, $modsForHesk_settings, $isManager;
// Force assigning a ticket before allowing to reply?
if ($hesk_settings['require_owner'] && ! $ticket['owner'])

18
admin/assign_owner.php
Unescape Escape View File

@ -52,8 +52,9 @@ $owner = intval(hesk_REQUEST('owner'));
/* If ID is -1 the ticket will be unassigned */
if ($owner == -1) {
$revision = sprintf($hesklang['thist2'], hesk_date(), '<i>' . $hesklang['unas'] . '</i>', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_unassigned', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
hesk_process_messages($hesklang['tunasi2'], $_SERVER['PHP_SELF'], 'SUCCESS');
} elseif ($owner < 1) {
@ -96,8 +97,17 @@ if ($ticket['owner'] && $ticket['owner'] != $owner && hesk_REQUEST('unassigned')
/* Assigning to self? */
if ($can_assign_others || ($owner == $_SESSION['id'] && $can_assign_self)) {
$revision = sprintf($hesklang['thist2'], hesk_date(), $row['name'] . ' (' . $row['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`={$owner} WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($owner == $_SESSION['id'] && $can_assign_self) {
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_assigned_self', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
} else {
// current user -> assigned user
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_assigned', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $row['name'] . ' (' . $row['user'] . ')'));
}
if ($owner != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0)) {
$_SERVER['PHP_SELF'] = 'admin_main.php';

43
admin/change_status.php
Unescape Escape View File

@ -37,6 +37,10 @@ hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
$ticket_id_rs = hesk_dbQuery("SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "'");
$ticket_id_row = hesk_dbFetchAssoc($ticket_id_rs);
$ticket_id = $ticket_id_row['id'];
/* Valid statuses */
$statusSql = "SELECT `ID` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses`";
$status_options = array();
@ -54,6 +58,11 @@ if (!isset($status_options[$status])) {
$locked = 0;
$audit_closed = null;
$audit_locked = null;
$audit_status = null;
$audit_opened = null;
$statusRow = hesk_dbFetchAssoc(hesk_dbQuery("SELECT `ID`, `IsClosed` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE ID = " . $status));
if ($statusRow['IsClosed']) // Closed
{
@ -62,10 +71,14 @@ if ($statusRow['IsClosed']) // Closed
}
$action = $hesklang['ticket_been'] . ' ' . $hesklang['close'];
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_closed = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $status_options[$status]);
if ($hesk_settings['custopen'] != 1) {
$locked = 1;
$audit_locked = array();
}
// Notify customer of closed ticket?
@ -91,21 +104,43 @@ if ($statusRow['IsClosed']) // Closed
} elseif ($statusRow['IsNewTicketStatus'] == 0) //Ticket is still open, but not new
{
$action = sprintf($hesklang['tsst'], $status_options[$status]);
$revision = sprintf($hesklang['thist9'], hesk_date(), $status_options[$status], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_status = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $status_options[$status]);
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else // Ticket is marked as "NEW"
{
$action = $hesklang['ticket_been'] . ' ' . $hesklang['opened'];
$revision = sprintf($hesklang['thist4'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_opened = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
// Ticket is not resolved
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='{$status}', `locked`='{$locked}' $closedby_sql WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($audit_status !== null) {
mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_status', hesk_date(),
$audit_status);
}
if ($audit_closed !== null) {
mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_closed', hesk_date(),
$audit_closed);
}
if ($audit_locked !== null) {
mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_automatically_locked', hesk_date(),
array());
}
if ($audit_opened !== null) {
mfh_insert_audit_trail_record($ticket_id, 'TICKET', 'audit_opened', hesk_date(),
$audit_opened);
}
if (hesk_dbAffectedRows() != 1) {
hesk_error("$hesklang[int_error]: $hesklang[trackID_not_found].");

69
admin/custom_fields.php
Unescape Escape View File

@ -166,7 +166,31 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
</div>
<?php
}
?>
$descriptions = hesk_SESSION(array('new_cf','descriptions')); ?>
</div>
<div class="form-group">
<label for="description[]" class="col-sm-3 control-label">
<?php echo $hesklang['description']; ?>
</label>
<?php if ($hesk_settings['can_sel_lang'] && count($hesk_settings['languages']) > 1): ?>
<table border="0">
<?php foreach ($hesk_settings['languages'] as $lang => $info): ?>
<tr>
<td><?php echo $lang; ?></td>
<td>
<textarea class="form-control"
name="description[<?php echo $lang; ?>]"><?php echo (isset($descriptions[$lang]) ? $descriptions[$lang] : ''); ?></textarea>
</td>
</tr>
<?php endforeach; ?>
</table>
<?php else: ?>
<div class="col-sm-9">
<textarea class="form-control"
name="description[<?php echo $hesk_settings['language']; ?>]"><?php echo (isset($descriptions[$hesk_settings['language']]) ? $descriptions[$hesk_settings['language']] : ''); ?></textarea>
</div>
<?php endif; ?>
</div>
<div class="form-group">
<label for="name[]" class="col-sm-3 control-label">
@ -772,7 +796,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<tr>
<td><?php echo $tmp_id; ?></td>
<td><?php echo $cf['name']; ?></td>
<td>
<?php
echo $cf['name'];
if ($cf['mfh_description'] !== null && trim($cf['mfh_description']) !== '') {
echo ' <i class="fa fa-info-circle" data-toggle="popover"
data-title="' . htmlspecialchars($hesklang['description']) . '"
data-content="' . htmlspecialchars($cf['mfh_description']) . '"></i>';
}
?>
</td>
<td><?php echo $cf['type']; ?></td>
<td><?php echo $cf['use']; ?></td>
<td><?php echo $cf['req']; ?></td>
@ -885,6 +918,7 @@ function save_cf()
`req` = '{$cf['req']}',
`category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').",
`name` = '".hesk_dbEscape($cf['names'])."',
`mfh_description` = '".hesk_dbEscape($cf['descriptions'])."',
`value` = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL')."
WHERE `id`={$id}");
@ -916,6 +950,9 @@ function edit_cf()
$cf['names'] = json_decode($cf['name'], true);
unset($cf['name']);
$cf['descriptions'] = json_decode($cf['mfh_description'], true);
unset($cf['mfh_description']);
if (strlen($cf['category']))
{
$cf['categories'] = json_decode($cf['category'], true);
@ -994,7 +1031,7 @@ function remove_cf()
$id = intval( hesk_GET('id') ) or hesk_error($hesklang['cf_e_id']);
// Reset the custom field
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use`='0', `place`='0', `type`='text', `req`='0', `category`=NULL, `name`='', `value`=NULL, `order`=1000 WHERE `id`={$id}");
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."custom_fields` SET `use`='0', `place`='0', `type`='text', `req`='0', `category`=NULL, `name`='', `mfh_description`=NULL, `value`=NULL, `order`=1000 WHERE `id`={$id}");
// Were we successful?
if ( hesk_dbAffectedRows() == 1 )
@ -1057,6 +1094,27 @@ function cf_validate()
$hesk_error_buffer[] = $hesklang['err_custname'];
}
// Descriptions
$cf['descriptions'] = hesk_POST_array('description');
// Make sure only non-empty descriptions pass
foreach ($cf['descriptions'] as $key => $description) {
if (!isset($hesk_settings['languages'][$key])) {
unset($cf['descriptions'][$key]);
} else {
$description = is_array($description) ? '' : hesk_input($description, 0, 0, HESK_SLASH);
if (strlen($description) < 1)
{
unset($cf['descriptions'][$key]);
}
else
{
$cf['descriptions'][$key] = stripslashes($description);
}
}
}
// Get type and values
$cf['type'] = hesk_POST('type');
switch ($cf['type'])
@ -1264,8 +1322,10 @@ function cf_validate()
}
$cf['names'] = addslashes(json_encode($cf['names']));
$cf['descriptions'] = addslashes(json_encode($cf['descriptions']));
$cf['value'] = $cf['type'] == 'date' ? json_encode($cf['value']) : addslashes(json_encode($cf['value']));
return $cf;
} // END cf_validate()
@ -1305,7 +1365,8 @@ function new_cf()
`req` = '{$cf['req']}',
`category` = ".(count($cf['categories']) ? "'".json_encode($cf['categories'])."'" : 'NULL').",
`name` = '".hesk_dbEscape($cf['names'])."',
`value` = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL').",
`mfh_description` = '".hesk_dbEscape($cf['descriptions'])."',
`value` = ".(strlen($cf['value']) ? "'".hesk_dbEscape($cf['value'])."'" : 'NULL').",
`order` = 990
WHERE `id`={$_SESSION['cford']}");

32
admin/delete_tickets.php
Unescape Escape View File

@ -81,10 +81,10 @@ $i = 0;
// Possible priorities
$priorities = array(
'critical' => array('value' => 0, 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
'high' => array('value' => 1, 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
'medium' => array('value' => 2, 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
'low' => array('value' => 3, 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
'critical' => array('value' => 0, 'lang' => 'critical', 'text' => $hesklang['critical'], 'formatted' => '<font class="critical">' . $hesklang['critical'] . '</font>'),
'high' => array('value' => 1, 'lang' => 'high', 'text' => $hesklang['high'], 'formatted' => '<font class="important">' . $hesklang['high'] . '</font>'),
'medium' => array('value' => 2, 'lang' => 'medium', 'text' => $hesklang['medium'], 'formatted' => '<font class="medium">' . $hesklang['medium'] . '</font>'),
'low' => array('value' => 3, 'lang' => 'low', 'text' => $hesklang['low'], 'formatted' => $hesklang['low']),
);
// Change priority
@ -113,8 +113,10 @@ if (array_key_exists($_POST['a'], $priorities)) {
hesk_okCategory($ticket['category']);
$revision = sprintf($hesklang['thist8'], hesk_date(), $priority['formatted'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`={$this_id}");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `priority`='{$priority['value']}' WHERE `id`={$this_id}");
mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_priority', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $priority['lang']));
$i++;
}
@ -133,8 +135,6 @@ elseif ($_POST['a'] == 'delete') {
require(HESK_PATH . 'inc/email_functions.inc.php');
}
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
foreach ($_POST['id'] as $this_id) {
if (is_array($this_id)) {
continue;
@ -222,8 +222,6 @@ else {
hesk_token_check('POST');
require(HESK_PATH . 'inc/email_functions.inc.php');
$revision = sprintf($hesklang['thist3'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
foreach ($_POST['id'] as $this_id) {
if (is_array($this_id)) {
continue;
@ -239,7 +237,11 @@ else {
$closedStatusRS = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsStaffClosedOption` = 1");
$closedStatus = hesk_dbFetchAssoc($closedStatusRS);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `id`='" . intval($this_id) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`='" . $closedStatus['ID'] . "', `closedat`=NOW(), `closedby`=" . intval($_SESSION['id']) . " WHERE `id`='" . intval($this_id) . "'");
mfh_insert_audit_trail_record($this_id, 'TICKET', 'audit_closed', hesk_date(),
array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')'));
$i++;
// Notify customer of closed ticket?
@ -284,6 +286,14 @@ function hesk_fullyDeleteTicket()
/* Delete ticket notes */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "notes` WHERE `ticket`='" . intval($ticket['id']) . "'");
/* Delete audit trail records */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail_to_replacement_values`
WHERE `audit_trail_id` IN (
SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail`
WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($ticket['id']) . ")");
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "audit_trail` WHERE `entity_type`='TICKET'
AND `entity_id` = " . intval($ticket['id']));
/* Delete ticket reply drafts */
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "reply_drafts` WHERE `ticket`=" . intval($ticket['id']));

44
admin/edit_post.php
Unescape Escape View File

@ -36,6 +36,7 @@ if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_edit_tickets');
}
$modsForHesk_settings = mfh_getSettings();
/* Ticket ID */
@ -65,6 +66,7 @@ if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
hesk_okCategory($ticket['category']);
}
if (hesk_isREQUEST('reply')) {
$tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
@ -443,6 +445,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div>
</div>';
@ -473,9 +478,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select>
<div class="help-block with-errors"></div>
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '</select>';
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
@ -496,6 +503,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
echo '<div class="checkbox"><label><input type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
@ -510,8 +520,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
<div class="help-block with-errors"></div>
<textarea name="' . $k . '" class="form-control" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
@ -530,8 +543,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
<input type="text" name="' . $k . '" value="' . $k_value . '" class="datepicker form-control" size="10" ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
@ -546,8 +562,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>
<div class="help-block with-errors"></div>
<input class="form-control" type="text" name="' . $k . '" id="' . $k . '" value="' . $k_value . '" size="40" ' . $suggest . ' ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
<div id="' . $k . '_suggestions"></div>
</div>
@ -568,8 +587,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
<div class="form-group' . $cls . '">
<label for="' . $k . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
<input type="text" class="form-control" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>
';

36
admin/index.php
Unescape Escape View File

@ -202,7 +202,6 @@ function do_login()
/* Close any old tickets here so Cron jobs aren't necessary */
if ($hesk_settings['autoclose']) {
$revision = sprintf($hesklang['thist3'], hesk_date(), $hesklang['auto']);
$dt = date('Y-m-d H:i:s', time() - $hesk_settings['autoclose'] * 86400);
@ -210,22 +209,25 @@ function do_login()
$closedStatus = hesk_dbFetchAssoc($closedStatusRs);
// Are we allowed to close tickets in this status?
if ($closedStatus['Closable'] == 'yes' || $closedStatus['Closable'] == 'sonly') {
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require(HESK_PATH . 'inc/email_functions.inc.php');
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
$result = hesk_dbQuery("SELECT * FROM `" . $hesk_settings['db_pfix'] . "tickets` WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
if (hesk_dbNumRows($result) > 0) {
global $ticket;
// Load required functions?
if (!function_exists('hesk_notifyCustomer')) {
require(HESK_PATH . 'inc/email_functions.inc.php');
}
while ($ticket = hesk_dbFetchAssoc($result)) {
$ticket['dt'] = hesk_date($ticket['dt'], true);
$ticket['lastchange'] = hesk_date($ticket['lastchange'], true);
$ticket = hesk_ticketToPlain($ticket, 1, 0);
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_automatically_closed', hesk_date(), array());
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get list of tickets
hesk_notifyCustomer($modsForHesk_settings, 'ticket_closed');
}
}
@ -234,7 +236,7 @@ function do_login()
// Update ticket statuses and history in database if we're allowed to do so
$defaultCloseRs = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsAutocloseOption` = 1');
$defaultCloseStatus = hesk_dbFetchAssoc($defaultCloseRs);
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1', `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `status` = '" . $closedStatus['ID'] . "' AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
hesk_dbQuery("UPDATE `" . $hesk_settings['db_pfix'] . "tickets` SET `status`=" . intval($defaultCloseStatus['ID']) . ", `closedat`=NOW(), `closedby`='-1' WHERE `status` = " . $closedStatus['ID'] . " AND `lastchange` <= '" . hesk_dbEscape($dt) . "' ");
}
}

34
admin/lock.php
Unescape Escape View File

@ -37,27 +37,31 @@ hesk_token_check();
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'] . ': ' . $hesklang['no_trackID']);
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$audit_unlocked = null;
$audit_locked = null;
/* New locked status */
if (empty($_GET['locked'])) {
$status = 0;
$tmp = $hesklang['tunlock'];
$revision = sprintf($hesklang['thist6'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_unlocked = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$closedby_sql = ' , `closedat`=NULL, `closedby`=NULL ';
} else {
$status = 1;
$tmp = $hesklang['tlock'];
$revision = sprintf($hesklang['thist5'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$audit_locked = array(0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
$closedby_sql = ' , `closedat`=NOW(), `closedby`=' . intval($_SESSION['id']) . ' ';
// Notify customer of closed ticket?
if ($hesk_settings['notify_closed']) {
// Get ticket info
$result = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid`='" . hesk_dbEscape($trackingID) . "' LIMIT 1");
if (hesk_dbNumRows($result) != 1) {
hesk_error($hesklang['ticket_not_found']);
}
$ticket = hesk_dbFetchAssoc($result);
$closedStatusRS = hesk_dbQuery('SELECT `ID` FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'statuses` WHERE `IsClosed` = 1');
$ticketIsOpen = true;
while ($row = hesk_dbFetchAssoc($closedStatusRS)) {
@ -82,7 +86,17 @@ $statusRs = hesk_dbQuery($statusSql);
$statusRow = hesk_dbFetchAssoc($statusRs);
$statusId = $statusRow['ID'];
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql , `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `status`= {$statusId},`locked`='{$status}' $closedby_sql WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
if ($audit_unlocked) {
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_unlocked', hesk_date(),
$audit_unlocked);
}
if ($audit_locked) {
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_locked', hesk_date(),
$audit_locked);
}
/* Back to ticket page and show a success message */
hesk_process_messages($tmp, 'admin_ticket.php?track=' . $trackingID . '&Refresh=' . rand(10000, 99999), 'SUCCESS');

1035
admin/manage_categories.php
View File

File diff suppressed because it is too large Load Diff

179
admin/manage_permission_templates.php → admin/manage_permission_groups.php
Unescape Escape View File

@ -39,10 +39,6 @@ if ($action = hesk_REQUEST('a')) {
create();
} elseif ($action == 'delete') {
deleteTemplate();
} elseif ($action == 'addadmin') {
toggleAdmin(true);
} elseif ($action == 'deladmin') {
toggleAdmin(false);
}
}
@ -51,34 +47,20 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
/* Print main manage users page */
require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
?>
<script language="Javascript" type="text/javascript"><!--
function confirm_delete() {
if (confirm('<?php echo hesk_makeJsString($hesklang['confirm_del_cat']); ?>')) {
return true;
}
else {
return false;
}
}
//-->
</script>
<?php
$modsForHesk_settings = mfh_getSettings();
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` ORDER BY `name` ASC");
$templates = array();
while ($row = hesk_dbFetchAssoc($res)) {
array_push($templates, $row);
$templates[] = $row;
}
$featureArray = hesk_getFeatureArray();
$orderBy = $modsForHesk_settings['category_order_column'];
$res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC");
$categories = array();
while ($row = hesk_dbFetchAssoc($res)) {
array_push($categories, $row);
$categories[] = $row;
}
?>
<div class="content-wrapper">
@ -87,9 +69,9 @@ while ($row = hesk_dbFetchAssoc($res)) {
<div class="box">
<div class="box-header with-border">
<h1 class="box-title">
<?php echo $hesklang['manage_permission_templates']; ?>
<?php echo $hesklang['manage_permission_groups']; ?>
<i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right"
title="<?php echo $hesklang['manage_permission_templates_help']; ?>"></i>
title="<?php echo $hesklang['manage_permission_groups_help']; ?>"></i>
</h1>
<div class="box-tools pull-right">
<button type="button" class="btn btn-box-tool" data-widget="collapse">
@ -99,7 +81,7 @@ while ($row = hesk_dbFetchAssoc($res)) {
</div>
<div class="box-body">
<a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight">
<i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_template']; ?>
<i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_group']; ?>
</a>
<table class="table table-striped">
<thead>
@ -115,28 +97,11 @@ while ($row = hesk_dbFetchAssoc($res)) {
<td>
<a href="#" data-toggle="modal" data-target="#modal-template-<?php echo $row['id'] ?>">
<i class="fa fa-pencil icon-link" data-toggle="tooltip"
title="<?php echo $hesklang['view_permissions_for_this_template'] ?>"></i></a>
<?php if ($row['id'] == 1) { ?>
<i class="fa fa-star icon-link orange" data-toggle="tooltip"
title="<?php echo $hesklang['admin_cannot_be_staff']; ?>"></i></a>
<?php } elseif ($row['heskprivileges'] == 'ALL' && $row['categories'] == 'ALL'){ ?>
<a href="manage_permission_templates.php?a=deladmin&amp;id=<?php echo $row['id']; ?>">
<i class="fa fa-star icon-link orange" data-toggle="tooltip"
title="<?php echo $hesklang['template_has_admin_privileges']; ?>"></i></a>
<?php } elseif ($row['id'] != 2) { ?>
<a href="manage_permission_templates.php?a=addadmin&amp;id=<?php echo $row['id']; ?>">
<i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
title="<?php echo $hesklang['template_has_no_admin_privileges']; ?>"></i></a>
<?php
} else {
?>
<i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
title="<?php echo $hesklang['staff_cannot_be_admin']; ?>"></i>
<?php
}
title="<?php echo $hesklang['view_permissions_for_this_group'] ?>"></i></a>
<?php
if ($row['id'] != 1 && $row['id'] != 2):
?>
<a href="manage_permission_templates.php?a=delete&amp;id=<?php echo $row['id']; ?>">
<a href="manage_permission_groups.php?a=delete&amp;id=<?php echo $row['id']; ?>">
<i class="fa fa-times icon-link red" data-toggle="tooltip"
title="<?php echo $hesklang['delete']; ?>"></i></a>
<?php endif; ?>
@ -172,12 +137,10 @@ function createEditModal($template, $features, $categories)
{
global $hesklang;
$showNotice = true;
$disabled = 'checked="checked" disabled';
$enabledFeatures = array();
$enabledCategories = array();
if ($template['heskprivileges'] != 'ALL') {
$showNotice = false;
$disabled = '';
$enabledFeatures = explode(',', $template['heskprivileges']);
$enabledCategories = explode(',', $template['categories']);
@ -187,30 +150,23 @@ function createEditModal($template, $features, $categories)
aria-labelledby="myLargeModalLabel" aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<form action="manage_permission_templates.php" role="form" method="post" id="form<?php echo $template['id']; ?>">
<form action="manage_permission_groups.php" role="form" method="post" id="form<?php echo $template['id']; ?>">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
aria-hidden="true">&times;</span></button>
<h4 class="modal-title"><?php echo sprintf($hesklang['permissions_for_template'], $template['name']); ?></h4>
<h4 class="modal-title"><?php echo sprintf($hesklang['permissions_for_group'], $template['name']); ?></h4>
</div>
<div class="modal-body">
<div class="row">
<?php if ($showNotice): ?>
<div class="col-sm-12">
<div class="alert alert-info">
<i class="fa fa-info-circle"></i> <?php echo $hesklang['template_is_admin_cannot_change']; ?>
</div>
</div>
<?php endif; ?>
<div class="form-group">
<div class="col-sm-2">
<label for="name"
class="control-label"><?php echo $hesklang['template_name']; ?></label>
class="control-label"><?php echo $hesklang['group_name']; ?></label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" name="name"
value="<?php echo htmlspecialchars($template['name']); ?>"
placeholder="<?php echo htmlspecialchars($hesklang['template_name']); ?>"
placeholder="<?php echo htmlspecialchars($hesklang['group_name']); ?>"
data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
required>
<div class="help-block with-errors"></div>
@ -228,7 +184,7 @@ function createEditModal($template, $features, $categories)
<label>
<?php
$checked = '';
if (in_array($category['id'], $enabledCategories) && !$showNotice) {
if (in_array($category['id'], $enabledCategories)) {
$checked = 'checked';
} ?>
<input type="checkbox" name="categories[]"
@ -249,7 +205,7 @@ function createEditModal($template, $features, $categories)
<div class="checkbox">
<label><?php
$checked = '';
if (in_array($feature, $enabledFeatures) && !$showNotice) {
if (in_array($feature, $enabledFeatures)) {
$checked = 'checked';
} ?>
<input type="checkbox" name="features[]"
@ -266,9 +222,6 @@ function createEditModal($template, $features, $categories)
<div class="modal-footer">
<input type="hidden" name="a" value="save">
<input type="hidden" name="template_id" value="<?php echo $template['id']; ?>">
<?php if ($showNotice): ?>
<input type="hidden" name="name_only" value="1">
<?php endif; ?>
<div class="btn-group">
<input type="submit" class="btn btn-success"
value="<?php echo $hesklang['save_changes']; ?>">
@ -291,22 +244,22 @@ function buildCreateModal($features, $categories)
aria-hidden="true">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<form action="manage_permission_templates.php" role="form" method="post" id="createForm">
<form action="manage_permission_groups.php" role="form" method="post" id="createForm">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
aria-hidden="true">&times;</span></button>
<h4 class="modal-title"><?php echo $hesklang['create_new_template_title']; ?></h4>
<h4 class="modal-title"><?php echo $hesklang['create_new_group_title']; ?></h4>
</div>
<div class="modal-body">
<div class="row">
<div class="form-group">
<div class="col-sm-2">
<label for="name"
class="control-label"><?php echo $hesklang['template_name']; ?></label>
class="control-label"><?php echo $hesklang['group_name']; ?></label>
</div>
<div class="col-sm-10">
<input type="text" class="form-control" name="name"
placeholder="<?php echo $hesklang['template_name']; ?>" required>
placeholder="<?php echo $hesklang['group_name']; ?>" required>
<div class="help-block with-errors"></div>
</div>
</div>
@ -381,40 +334,34 @@ function save()
WHERE `id` = " . intval($templateId));
$row = hesk_dbFetchAssoc($res);
if (hesk_POST('name_only', 0)) {
// We are only able to update the name
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `name` = '" . hesk_dbEscape($name) . "' WHERE `id` = " . intval($templateId));
} else {
// Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
$catArray = hesk_POST_array('categories');
$featArray = hesk_POST_array('features');
validate($featArray, $catArray);
if (in_array('can_unban_emails', $featArray) && !in_array('can_ban_emails', $featArray)) {
array_push($catArray, 'can_ban_emails');
}
if (in_array('can_unban_ips', $featArray) && !in_array('can_ban_ips', $featArray)) {
array_push($featArray, 'can_ban_ips');
}
$categories = implode(',', $catArray);
$features = implode(',', $featArray);
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `categories` = '" . hesk_dbEscape($categories) . "', `heskprivileges` = '" . hesk_dbEscape($features) . "',
`name` = '" . hesk_dbEscape($name) . "'
WHERE `id` = " . intval($templateId));
if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
// Any users with this template should be switched to "custom"
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
WHERE `permission_template` = " . intval($templateId));
}
// Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
$catArray = hesk_POST_array('categories');
$featArray = hesk_POST_array('features');
validate($featArray, $catArray);
if (in_array('can_unban_emails', $featArray) && !in_array('can_ban_emails', $featArray)) {
array_push($catArray, 'can_ban_emails');
}
if (in_array('can_unban_ips', $featArray) && !in_array('can_ban_ips', $featArray)) {
array_push($featArray, 'can_ban_ips');
}
$categories = implode(',', $catArray);
$features = implode(',', $featArray);
$name = hesk_POST('name');
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `categories` = '" . hesk_dbEscape($categories) . "', `heskprivileges` = '" . hesk_dbEscape($features) . "',
`name` = '" . hesk_dbEscape($name) . "'
WHERE `id` = " . intval($templateId));
if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
// Any users with this template should have their permissions updated
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = '" . hesk_dbEscape($features) . "',
`categories` = '" . hesk_dbEscape($categories) . "'
WHERE `permission_template` = " . intval($templateId));
}
hesk_process_messages($hesklang['permission_template_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
hesk_process_messages($hesklang['permission_group_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function create()
@ -439,7 +386,7 @@ function create()
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` (`name`, `heskprivileges`, `categories`)
VALUES ('" . hesk_dbEscape($name) . "', '" . hesk_dbEscape($features) . "', '" . hesk_dbEscape($categories) . "')");
hesk_process_messages($hesklang['template_created'], $_SERVER['PHP_SELF'], 'SUCCESS');
hesk_process_messages($hesklang['group_created'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function validate($features, $categories, $create = false, $name = '')
@ -449,7 +396,7 @@ function validate($features, $categories, $create = false, $name = '')
$errorMarkup = '<ul>';
$isValid = true;
if ($create && $name == '') {
$errorMarkup .= '<li>' . $hesklang['template_name_required'] . '</li>';
$errorMarkup .= '<li>' . $hesklang['group_name_required'] . '</li>';
$isValid = false;
}
if (count($features) == 0) {
@ -463,7 +410,7 @@ function validate($features, $categories, $create = false, $name = '')
$errorMarkup .= '</ul>';
if (!$isValid) {
$error = sprintf($hesklang['permission_template_error'], $errorMarkup);
$error = sprintf($hesklang['permission_group_error'], $errorMarkup);
hesk_process_messages($error, $_SERVER['PHP_SELF']);
}
return true;
@ -483,36 +430,14 @@ function deleteTemplate()
// Otherwise delete the template
hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($id));
if (hesk_dbAffectedRows() != 1) {
hesk_process_messages($hesklang['no_templates_were_deleted'], $_SERVER['PHP_SELF']);
hesk_process_messages($hesklang['no_group_were_deleted'], $_SERVER['PHP_SELF']);
}
hesk_process_messages($hesklang['permission_template_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
function toggleAdmin($admin)
{
global $hesk_settings, $hesklang;
$id = hesk_GET('id');
// Move all users who used to be in this group to "custom"
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
WHERE `permission_template` = " . intval($id));
if ($id == 1 || $id == 2) {
hesk_process_messages($hesklang['cannot_change_admin_staff'], $_SERVER['PHP_SELF']);
}
if ($admin) {
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` SET `heskprivileges` = 'ALL',
`categories` = 'ALL' WHERE `id` = " . intval($id));
hesk_process_messages($hesklang['permission_template_now_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
} else {
// Get default privileges
$res = hesk_dbQuery("SELECT `heskprivileges`, `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
WHERE `id` = 2");
$row = hesk_dbFetchAssoc($res);
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
SET `heskprivileges` = '" . hesk_dbEscape($row['heskprivileges']) . "',
`categories` = '" . hesk_dbEscape($row['categories']) . "' WHERE `id` = " . intval($id));
hesk_process_messages($hesklang['permission_template_no_longer_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
hesk_process_messages($hesklang['permission_group_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
}
?>

4
admin/manage_users.php
Unescape Escape View File

@ -214,7 +214,7 @@ if ($action = hesk_REQUEST('a')) {
<th><b><i><?php echo $hesklang['name']; ?></i></b></th>
<th><b><i><?php echo $hesklang['email']; ?></i></b></th>
<th><b><i><?php echo $hesklang['username']; ?></i></b></th>
<th><b><i><?php echo $hesklang['permission_template']; ?></i></b></th>
<th><b><i><?php echo $hesklang['permission_group']; ?></i></b></th>
<?php
/* Is user rating enabled? */
if ($hesk_settings['rating']) {
@ -591,6 +591,7 @@ function update_user()
$myuser['notify_overdue_unassigned'] = 0;
}
/* Check for duplicate usernames */
$res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
if (hesk_dbNumRows($res) == 1) {
@ -847,6 +848,7 @@ function remove()
// Revoke manager rights
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
/* Un-assign all tickets for this user */
$res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser) . "'");

18
admin/move_category.php
Unescape Escape View File

@ -70,8 +70,6 @@ if (hesk_dbNumRows($res) != 1) {
}
$ticket = hesk_dbFetchAssoc($res);
/* Log that ticket is being moved */
$history = sprintf($hesklang['thist1'], hesk_date(), $row['name'], $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
/* Is the ticket assigned to someone? If yes, check that the user has access to category or change to unassigned */
$need_to_reassign = 0;
@ -92,18 +90,30 @@ if ($ticket['owner']) {
}
/* Reassign automatically if possible */
$autoassign_owner = null;
if ($need_to_reassign || !$ticket['owner']) {
$need_to_reassign = 1;
$autoassign_owner = hesk_autoAssignTicket($category);
if ($autoassign_owner) {
$ticket['owner'] = $autoassign_owner['id'];
$history .= sprintf($hesklang['thist10'], hesk_date(), $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')');
} else {
$ticket['owner'] = 0;
}
}
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' , `history`=CONCAT(`history`,'" . hesk_dbEscape($history) . "') WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `category`='" . intval($category) . "', `owner`='" . intval($ticket['owner']) . "' WHERE `trackid`='" . hesk_dbEscape($trackingID) . "'");
/* Log that ticket is being moved */
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_moved_category', hesk_date(), array(
0 => $_SESSION['name'] . ' (' . $_SESSION['user'] . ')',
1 => $row['name']
));
if ($autoassign_owner) {
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_autoassigned', hesk_date(), array(
0 => $autoassign_owner['name'] . ' (' . $autoassign_owner['user'] . ')'
));
}
$ticket['category'] = $category;

146
admin/new_ticket.php
Unescape Escape View File

@ -113,13 +113,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
$hesk_settings['categories'] = array();
if (hesk_checkPermission('can_submit_any_cat', 0)) {
$res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
$res = hesk_dbQuery("SELECT `id`, `name`, `mfh_description` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` ORDER BY `cat_order` ASC");
} else {
$res = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
$res = hesk_dbQuery("SELECT `id`, `name`, `mfh_description` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE ".hesk_myCategories('id')." ORDER BY `cat_order` ASC");
}
while ($row = hesk_dbFetchAssoc($res)) {
$hesk_settings['categories'][$row['id']] = $row['name'];
$hesk_settings['categories'][$row['id']] = $row;
}
$number_of_categories = count($hesk_settings['categories']);
@ -147,7 +147,7 @@ $show_quick_help = $show['show'];
<li><a href="admin_main.php"><?php echo $hesk_settings['hesk_title']; ?></a></li>
<?php if ($number_of_categories > 1): ?>
<li><a href="new_ticket.php"><?php echo $hesklang['nti2']; ?></a></li>
<li class="active"><?php echo $hesk_settings['categories'][$category]; ?></li>
<li class="active"><?php echo $hesk_settings['categories'][$category]['name']; ?></li>
<?php else: ?>
<li class="active"><?php echo $hesklang['nti2']; ?></li>
<?php endif; ?>
@ -381,6 +381,10 @@ $show_quick_help = $show['show'];
</div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '
<div class="help-block with-errors"></div>
</div>
@ -410,8 +414,14 @@ $show_quick_help = $show['show'];
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select>
<div class="help-block with-errors"></div></div></div>';
echo '</select>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div></div>';
break;
/* Checkbox */
@ -432,6 +442,11 @@ $show_quick_help = $show['show'];
echo '<div class="checkbox"><label><input ' . $validator . ' type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . $required_attribute . '> ' . $option . '</label></div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '
<div class="help-block with-errors"></div></div></div>';
break;
@ -442,8 +457,13 @@ $show_quick_help = $show['show'];
echo '<div class="form-group' . $cls . '">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'] . ' ' . $v['req'] . '</label>
<div class="col-sm-9"><textarea class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
<div class="help-block with-errors"></div></div></div>';
<div class="col-sm-9"><textarea class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div></div>';
break;
case 'date':
@ -458,8 +478,13 @@ $show_quick_help = $show['show'];
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="datepicker form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40"
value="' . $k_value . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
value="' . $k_value . '" ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
@ -471,8 +496,13 @@ $show_quick_help = $show['show'];
echo '<div class="form-group' . $cls . '">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.$required_attribute.'>
<div class="help-block with-errors"></div>
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.$required_attribute.'>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div><div id="'.$k.'_suggestions"></div>';
@ -491,8 +521,13 @@ $show_quick_help = $show['show'];
echo '<div class="form-group' . $cls . '">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $cls . $required_attribute . '>
<div class="help-block with-errors"></div>
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $cls . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
}
@ -753,7 +788,9 @@ $show_quick_help = $show['show'];
echo '<div class="radio"><label><input type="radio" name="' . $k . '" value="' . $option . '" ' . $checked . ' ' . $required_attribute . '> ' . $option . '</label></div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div></div>';
break;
@ -780,7 +817,11 @@ $show_quick_help = $show['show'];
echo '<option ' . $selected . '>' . $option . '</option>';
}
echo '</select><div class="help-block with-errors"></div></div></div>';
echo '</select>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div></div>';
break;
/* Checkbox */
@ -801,6 +842,9 @@ $show_quick_help = $show['show'];
echo '<div class="checkbox"><label><input ' . $validator . ' type="checkbox" name="' . $k . '[]" value="' . $option . '" ' . $checked . $required_attribute .'> ' . $option . '</label></div>';
}
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div></div>';
break;
@ -810,8 +854,11 @@ $show_quick_help = $show['show'];
echo '<div class="form-group' . $cls . '">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9"><textarea class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>
<div class="help-block with-errors"></div></div>
<div class="col-sm-9"><textarea class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" rows="' . intval($v['value']['rows']) . '" cols="' . intval($v['value']['cols']) . '" ' . $required_attribute . '>' . $k_value . '</textarea>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div></div>
</div>';
break;
@ -827,8 +874,11 @@ $show_quick_help = $show['show'];
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="datepicker form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40"
value="' . $k_value . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
value="' . $k_value . '" ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
break;
@ -840,8 +890,11 @@ $show_quick_help = $show['show'];
echo '<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.' ' . $required_attribute . '>
<div class="help-block with-errors"></div>
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" value="' . $k_value . '" '.$suggest.' ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div><div id="'.$k.'_suggestions"></div>';
@ -859,8 +912,11 @@ $show_quick_help = $show['show'];
echo '<div class="form-group">
<label for="' . $v['name'] . '" class="col-sm-3 control-label">' . $v['name'].' '.$v['req'] . '</label>
<div class="col-sm-9">
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>
<div class="help-block with-errors"></div>
<input type="text" class="form-control" placeholder="' . $v['name'] . '" name="' . $k . '" size="40" maxlength="' . intval($v['value']['max_length']) . '" value="' . $v['value']['default_value'] . '" ' . $required_attribute . '>';
if (!empty($v['mfh_description'])) {
echo '<div class="help-block">' . $v['mfh_description'] . '</div>';
}
echo '<div class="help-block with-errors"></div>
</div>
</div>';
}
@ -1038,9 +1094,10 @@ function print_select_category($number_of_categories) {
// Print a select box if number of categories is large
if ($number_of_categories > $hesk_settings['cat_show_select'])
{
$firstDescription = null;
?>
<form action="new_ticket.php" method="get">
<select name="category" id="select_category" class="form-control">
<select name="category" id="select_category" class="form-control" onchange="showDescription()">
<?php
if ($hesk_settings['select_cat'])
{
@ -1048,23 +1105,45 @@ function print_select_category($number_of_categories) {
}
foreach ($hesk_settings['categories'] as $k=>$v)
{
echo '<option value="'.$k.'">'.$v.'</option>';
if ($firstDescription === null) {
$firstDescription = $v['mfh_description'];
}
echo '<option value="'.$k.'" data-description="'.$v['mfh_description'].'">'.$v['name'].'</option>';
}
?>
</select>
<?php
$display = ' style="display: none"';
&nbsp;<br />
if (!$hesk_settings['select_cat'] && $firstDescription !== null && trim($firstDescription) !== '') {
$display = '';
}
?>
<span id="category-description"<?php echo $display; ?>>
<b><?php echo $hesklang['description_colon']; ?></b>
<span><?php echo $firstDescription; ?></span>
</span>
<br>
<div style="text-align:center">
<input type="submit" value="<?php echo $hesklang['c2c']; ?>" class="btn btn-default">
</div>
</form>
<script>
function showDescription() {
var $value = $('#select_category').find(':selected');
if ($value.data('description') !== '') {
$('#category-description').show().find('span').text($value.data('description'));
} else {
$('#category-description').hide();
}
}
</script>
<?php
}
// Otherwise print quick links
else
{
// echo '<li><a href="new_ticket.php?a=add&amp;category='.$k.'">&raquo; '.$v.'</a></li>';
$new_row = 1;
foreach ($hesk_settings['categories'] as $k=>$v):
@ -1079,7 +1158,14 @@ function print_select_category($number_of_categories) {
<div class="panel-body">
<div class="row">
<div class="col-xs-12">
<?php echo $v; ?>
<?php
echo $v['name'];
if ($v['mfh_description'] !== null && trim($v['mfh_description']) !== '') {
echo '&nbsp;<i class="fa fa-info-circle" data-toggle="popover"
title="'. $hesklang['description'] .'" data-content="' . $v['mfh_description'] . '"></i>';
}
?>
</div>
</div>
</div>

73
admin/priority.php
Unescape Escape View File

@ -0,0 +1,73 @@
<?php
/**
*
* This file is part of HESK - PHP Help Desk Software.
*
* (c) Copyright Klemen Stirn. All rights reserved.
* https://www.hesk.com
*
* For the full copyright and license agreement information visit
* https://www.hesk.com/eula.php
*
*/
define('IN_SCRIPT',1);
define('HESK_PATH','../');
/* Get all the required files and functions */
require(HESK_PATH . 'hesk_settings.inc.php');
require(HESK_PATH . 'inc/common.inc.php');
require(HESK_PATH . 'inc/admin_functions.inc.php');
hesk_load_database_functions();
hesk_session_start();
hesk_dbConnect();
hesk_isLoggedIn();
/* Check permissions for this feature */
hesk_checkPermission('can_view_tickets');
hesk_checkPermission('can_reply_tickets');
/* A security check */
hesk_token_check('POST');
/* Ticket ID */
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
$priority = intval( hesk_POST('priority') );
if ($priority < 0 || $priority > 3)
{
hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
}
$options = array(
0 => '<font class="critical">'.$hesklang['critical'].'</font>',
1 => '<font class="important">'.$hesklang['high'].'</font>',
2 => '<font class="medium">'.$hesklang['medium'].'</font>',
3 => $hesklang['low']
);
$plain_options = array(
0 => 'critical',
1 => 'high',
2 => 'medium',
3 => 'low'
);
$ticketRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingID) . "'");
$ticket = hesk_dbFetchAssoc($ticketRs);
hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."tickets` SET `priority`='{$priority}' WHERE `trackid`='".hesk_dbEscape($trackingID)."'");
mfh_insert_audit_trail_record($ticket['id'], 'TICKET', 'audit_priority', hesk_date(), array(
0 => $_SESSION['name'].' ('.$_SESSION['user'].')',
1 => $plain_options[$priority]
));
if (hesk_dbAffectedRows() != 1)
{
hesk_process_messages($hesklang['inpr'],'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'NOTICE');
}
hesk_process_messages(sprintf($hesklang['chpri2'],$options[$priority]),'admin_ticket.php?track='.$trackingID.'&Refresh='.mt_rand(10000,99999),'SUCCESS');
?>

142
api/ApplicationContext.php
Unescape Escape View File

@ -1,142 +0,0 @@
<?php
// Responsible for loading in all necessary classes. AKA a poor man's DI solution.
use BusinessLogic\Attachments\AttachmentHandler;
use BusinessLogic\Attachments\AttachmentRetriever;
use BusinessLogic\Categories\CategoryRetriever;
use BusinessLogic\Emails\BasicEmailSender;
use BusinessLogic\Emails\EmailSenderHelper;
use BusinessLogic\Emails\EmailTemplateParser;
use BusinessLogic\Emails\EmailTemplateRetriever;
use BusinessLogic\Emails\MailgunEmailSender;
use BusinessLogic\Navigation\CustomNavElementHandler;
use BusinessLogic\Security\BanRetriever;
use BusinessLogic\Security\UserContextBuilder;
use BusinessLogic\Security\UserToTicketChecker;
use BusinessLogic\Settings\ApiChecker;
use BusinessLogic\Settings\SettingsRetriever;
use BusinessLogic\Statuses\StatusRetriever;
use BusinessLogic\Tickets\Autoassigner;
use BusinessLogic\Tickets\TicketDeleter;
use BusinessLogic\Tickets\TicketEditor;
use BusinessLogic\Tickets\TicketRetriever;
use BusinessLogic\Tickets\TicketCreator;
use BusinessLogic\Tickets\NewTicketValidator;
use BusinessLogic\Tickets\TicketValidators;
use BusinessLogic\Tickets\TrackingIdGenerator;
use BusinessLogic\Tickets\VerifiedEmailChecker;
use DataAccess\Attachments\AttachmentGateway;
use DataAccess\Categories\CategoryGateway;
use DataAccess\Files\FileDeleter;
use DataAccess\Files\FileReader;
use DataAccess\Files\FileWriter;
use DataAccess\Logging\LoggingGateway;
use DataAccess\Navigation\CustomNavElementGateway;
use DataAccess\Security\BanGateway;
use DataAccess\Security\UserGateway;
use DataAccess\Settings\ModsForHeskSettingsGateway;
use DataAccess\Statuses\StatusGateway;
use DataAccess\Tickets\TicketGateway;
use DataAccess\Tickets\VerifiedEmailGateway;
class ApplicationContext {
public $get;
/**
* ApplicationContext constructor.
*/
function __construct() {
$this->get = array();
// Settings
$this->get[ModsForHeskSettingsGateway::class] = new ModsForHeskSettingsGateway();
// API Checker
$this->get[ApiChecker::class] = new ApiChecker($this->get[ModsForHeskSettingsGateway::class]);
// Custom Navigation
$this->get[CustomNavElementGateway::class] = new CustomNavElementGateway();
$this->get[CustomNavElementHandler::class] = new CustomNavElementHandler($this->get[CustomNavElementGateway::class]);
// Logging
$this->get[LoggingGateway::class] = new LoggingGateway();
// Verified Email Checker
$this->get[VerifiedEmailGateway::class] = new VerifiedEmailGateway();
$this->get[VerifiedEmailChecker::class] = new VerifiedEmailChecker($this->get[VerifiedEmailGateway::class]);
// Users
$this->get[UserGateway::class] = new UserGateway();
$this->get[UserContextBuilder::class] = new UserContextBuilder($this->get[UserGateway::class]);
// Categories
$this->get[CategoryGateway::class] = new CategoryGateway();
$this->get[CategoryRetriever::class] = new CategoryRetriever($this->get[CategoryGateway::class]);
// Bans
$this->get[BanGateway::class] = new BanGateway();
$this->get[BanRetriever::class] = new BanRetriever($this->get[BanGateway::class]);
// Statuses
$this->get[StatusGateway::class] = new StatusGateway();
// Email Sender
$this->get[EmailTemplateRetriever::class] = new EmailTemplateRetriever();
$this->get[EmailTemplateParser::class] = new EmailTemplateParser($this->get[StatusGateway::class],
$this->get[CategoryGateway::class],
$this->get[UserGateway::class],
$this->get[EmailTemplateRetriever::class]);
$this->get[BasicEmailSender::class] = new BasicEmailSender();
$this->get[MailgunEmailSender::class] = new MailgunEmailSender();
$this->get[EmailSenderHelper::class] = new EmailSenderHelper($this->get[EmailTemplateParser::class],
$this->get[BasicEmailSender::class],
$this->get[MailgunEmailSender::class]);
// Tickets
$this->get[UserToTicketChecker::class] = new UserToTicketChecker($this->get[UserGateway::class]);
$this->get[TicketGateway::class] = new TicketGateway();
$this->get[TicketRetriever::class] = new TicketRetriever($this->get[TicketGateway::class],
$this->get[UserToTicketChecker::class]);
$this->get[TicketValidators::class] = new TicketValidators($this->get[TicketGateway::class]);
$this->get[TrackingIdGenerator::class] = new TrackingIdGenerator($this->get[TicketGateway::class]);
$this->get[Autoassigner::class] = new Autoassigner($this->get[CategoryGateway::class], $this->get[UserGateway::class]);
$this->get[NewTicketValidator::class] = new NewTicketValidator($this->get[CategoryRetriever::class],
$this->get[BanRetriever::class],
$this->get[TicketValidators::class]);
$this->get[TicketCreator::class] = new TicketCreator($this->get[NewTicketValidator::class],
$this->get[TrackingIdGenerator::class],
$this->get[Autoassigner::class],
$this->get[StatusGateway::class],
$this->get[TicketGateway::class],
$this->get[VerifiedEmailChecker::class],
$this->get[EmailSenderHelper::class],
$this->get[UserGateway::class],
$this->get[ModsForHeskSettingsGateway::class]);
$this->get[FileWriter::class] = new FileWriter();
$this->get[FileReader::class] = new FileReader();
$this->get[FileDeleter::class] = new FileDeleter();
$this->get[AttachmentGateway::class] = new AttachmentGateway();
$this->get[AttachmentHandler::class] = new AttachmentHandler($this->get[TicketGateway::class],
$this->get[AttachmentGateway::class],
$this->get[FileWriter::class],
$this->get[UserToTicketChecker::class],
$this->get[FileDeleter::class]);
$this->get[AttachmentRetriever::class] = new AttachmentRetriever($this->get[AttachmentGateway::class],
$this->get[FileReader::class],
$this->get[TicketGateway::class],
$this->get[UserToTicketChecker::class]);
$this->get[TicketDeleter::class] =
new TicketDeleter($this->get[TicketGateway::class],
$this->get[UserToTicketChecker::class],
$this->get[AttachmentHandler::class]);
$this->get[TicketEditor::class] =
new TicketEditor($this->get[TicketGateway::class], $this->get[UserToTicketChecker::class]);
// Statuses
$this->get[StatusRetriever::class] = new StatusRetriever($this->get[StatusGateway::class]);
// Settings
$this->get[SettingsRetriever::class] = new SettingsRetriever($this->get[ModsForHeskSettingsGateway::class]);
}
}

7
api/BaseClass.php
Unescape Escape View File

@ -0,0 +1,7 @@
<?php
class BaseClass {
static function clazz() {
return get_called_class();
}
}

7
api/BaseException.php
Unescape Escape View File

@ -0,0 +1,7 @@
<?php
class BaseException extends Exception {
static function clazz() {
return get_called_class();
}
}

2
api/BusinessLogic/Attachments/Attachment.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Attachments;
class Attachment {
class Attachment extends \BaseClass {
/* @var $id int */
public $id;

8
api/BusinessLogic/Attachments/AttachmentHandler.php
Unescape Escape View File

@ -17,7 +17,7 @@ use DataAccess\Files\FileDeleter;
use DataAccess\Files\FileWriter;
use DataAccess\Tickets\TicketGateway;
class AttachmentHandler {
class AttachmentHandler extends \BaseClass {
/* @var $ticketGateway TicketGateway */
private $ticketGateway;
@ -33,7 +33,11 @@ class AttachmentHandler {
/* @var $userToTicketChecker UserToTicketChecker */
private $userToTicketChecker;
function __construct($ticketGateway, $attachmentGateway, $fileWriter, $userToTicketChecker, $fileDeleter) {
function __construct(TicketGateway $ticketGateway,
AttachmentGateway $attachmentGateway,
FileWriter $fileWriter,
UserToTicketChecker $userToTicketChecker,
FileDeleter $fileDeleter) {
$this->ticketGateway = $ticketGateway;
$this->attachmentGateway = $attachmentGateway;
$this->fileWriter = $fileWriter;

2
api/BusinessLogic/Attachments/AttachmentRetriever.php
Unescape Escape View File

@ -10,7 +10,7 @@ use DataAccess\Attachments\AttachmentGateway;
use DataAccess\Files\FileReader;
use DataAccess\Tickets\TicketGateway;
class AttachmentRetriever {
class AttachmentRetriever extends \BaseClass {
/* @var $attachmentGateway AttachmentGateway */
private $attachmentGateway;

2
api/BusinessLogic/Attachments/AttachmentType.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Attachments;
class AttachmentType {
class AttachmentType extends \BaseClass {
const MESSAGE = 0;
const REPLY = 1;
}

2
api/BusinessLogic/Attachments/CreateAttachmentModel.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Attachments;
class CreateAttachmentModel {
class CreateAttachmentModel extends \BaseClass {
/* @var $savedName string */
public $savedName;

12
api/BusinessLogic/Categories/Category.php
Unescape Escape View File

@ -2,7 +2,7 @@
namespace BusinessLogic\Categories;
class Category {
class Category extends \BaseClass {
/**
* @var int The Categories ID
*/
@ -60,4 +60,14 @@ class Category {
* @var bool Indication if the user has access to the Categories
*/
public $accessible;
/**
* @var string
*/
public $description;
/**
* @var int
*/
public $numberOfTickets;
}

190
api/BusinessLogic/Categories/CategoryHandler.php
Unescape Escape View File

@ -0,0 +1,190 @@
<?php
namespace BusinessLogic\Categories;
use BusinessLogic\Exceptions\AccessViolationException;
use BusinessLogic\Exceptions\ValidationException;
use BusinessLogic\Navigation\Direction;
use BusinessLogic\Security\PermissionChecker;
use BusinessLogic\Security\UserPrivilege;
use BusinessLogic\ValidationModel;
use DataAccess\Categories\CategoryGateway;
use DataAccess\Settings\ModsForHeskSettingsGateway;
use DataAccess\Tickets\TicketGateway;
class CategoryHandler extends \BaseClass {
/* @var $categoryGateway CategoryGateway */
private $categoryGateway;
/* @var $ticketGateway TicketGateway */
private $ticketGateway;
/* @var $permissionChecker PermissionChecker */
private $permissionChecker;
/* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
private $modsForHeskSettingsGateway;
function __construct(CategoryGateway $categoryGateway,
TicketGateway $ticketGateway,
PermissionChecker $permissionChecker,
ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
$this->categoryGateway = $categoryGateway;
$this->ticketGateway = $ticketGateway;
$this->permissionChecker = $permissionChecker;
$this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
}
/**
* @param $category Category
* @param $userContext
* @param $heskSettings array
* @return Category The newly created category with ID
* @throws ValidationException When validation fails
* @throws \Exception When the newly created category was not retrieved
*/
//TODO Test
function createCategory($category, $userContext, $heskSettings) {
$modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
$validationModel = $this->validate($category, $userContext);
if (count($validationModel->errorKeys) > 0) {
throw new ValidationException($validationModel);
}
$id = $this->categoryGateway->createCategory($category, $heskSettings);
$allCategories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
foreach ($allCategories as $innerCategory) {
if ($innerCategory->id === $id) {
return $innerCategory;
}
}
throw new \BaseException("Newly created category {$id} lost! :O");
}
/**
* @param $category Category
* @param $userContext
* @param $creating bool
* @return ValidationModel
* @throws AccessViolationException
*/
//TODO Test
private function validate($category, $userContext, $creating = true) {
$validationModel = new ValidationModel();
if (!$this->permissionChecker->doesUserHavePermission($userContext, UserPrivilege::CAN_MANAGE_CATEGORIES)) {
throw new AccessViolationException('User cannot manage categories!');
}
if (!$creating && $category->id < 1) {
$validationModel->errorKeys[] = 'ID_MISSING';
}
if ($category->backgroundColor === null || trim($category->backgroundColor) === '') {
$validationModel->errorKeys[] = 'BACKGROUND_COLOR_MISSING';
}
if ($category->foregroundColor === null || trim($category->foregroundColor) === '') {
$validationModel->errorKeys[] = 'FOREGROUND_COLOR_MISSING';
}
if ($category->name === null || trim($category->name) === '') {
$validationModel->errorKeys[] = 'NAME_MISSING';
}
if ($category->priority === null || intval($category->priority) < 0 || intval($category->priority) > 3) {
$validationModel->errorKeys[] = 'INVALID_PRIORITY';
}
if ($category->autoAssign === null || !is_bool($category->autoAssign)) {
$validationModel->errorKeys[] = 'INVALID_AUTOASSIGN';
}
if ($category->displayBorder === null || !is_bool($category->displayBorder)) {
$validationModel->errorKeys[] = 'INVALID_DISPLAY_BORDER';
}
if ($category->type === null || (intval($category->type) !== 0 && intval($category->type) !== 1)) {
$validationModel->errorKeys[] = 'INVALID_TYPE';
}
return $validationModel;
}
/**
* @param $category Category
* @param $userContext
* @param $heskSettings array
* @return Category
* @throws ValidationException
* @throws \Exception When the category is missing
*/
function editCategory($category, $userContext, $heskSettings) {
$modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
$validationModel = $this->validate($category, $userContext, false);
if (count($validationModel->errorKeys) > 0) {
throw new ValidationException($validationModel);
}
$this->categoryGateway->updateCategory($category, $heskSettings);
$this->categoryGateway->resortAllCategories($heskSettings);
$allCategories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
foreach ($allCategories as $innerCategory) {
if ($innerCategory->id === $category->id) {
return $innerCategory;
}
}
throw new \BaseException("Category {$category->id} vanished! :O");
}
function deleteCategory($id, $userContext, $heskSettings) {
if (!$this->permissionChecker->doesUserHavePermission($userContext, UserPrivilege::CAN_MANAGE_CATEGORIES)) {
throw new AccessViolationException('User cannot manage categories!');
}
if ($id === 1) {
throw new \BaseException("Category 1 cannot be deleted!");
}
$this->ticketGateway->moveTicketsToDefaultCategory($id, $heskSettings);
$this->categoryGateway->deleteCategory($id, $heskSettings);
$this->categoryGateway->resortAllCategories($heskSettings);
}
function sortCategory($id, $direction, $heskSettings) {
$modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
$categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
$category = null;
foreach ($categories as $innerCategory) {
if ($innerCategory->id === intval($id)) {
$category = $innerCategory;
break;
}
}
if ($category === null) {
throw new \BaseException("Could not find category with ID {$id}!");
}
if ($direction === Direction::UP) {
$category->catOrder -= 15;
} else {
$category->catOrder += 15;
}
$this->categoryGateway->updateCategory($category, $heskSettings);
$this->categoryGateway->resortAllCategories($heskSettings);
}
}

16
api/BusinessLogic/Categories/CategoryRetriever.php
Unescape Escape View File

@ -4,15 +4,23 @@ namespace BusinessLogic\Categories;
use BusinessLogic\Security\UserContext;
use DataAccess\Categories\CategoryGateway;
use DataAccess\Settings\ModsForHeskSettingsGateway;
class CategoryRetriever {
class CategoryRetriever extends \BaseClass {
/**
* @var CategoryGateway
*/
private $categoryGateway;
function __construct($categoryGateway) {
/**
* @var ModsForHeskSettingsGateway
*/
private $modsForHeskSettingsGateway;
function __construct(CategoryGateway $categoryGateway,
ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
$this->categoryGateway = $categoryGateway;
$this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
}
/**
@ -21,7 +29,9 @@ class CategoryRetriever {
* @return array
*/
function getAllCategories($heskSettings, $userContext) {
$categories = $this->categoryGateway->getAllCategories($heskSettings);
$modsForHeskSettings = $this->modsForHeskSettingsGateway->getAllSettings($heskSettings);
$categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
foreach ($categories as $category) {
$category->accessible = $userContext->admin ||

19
api/BusinessLogic/DateTimeHelpers.php
Unescape Escape View File

@ -0,0 +1,19 @@
<?php
namespace BusinessLogic;
class DateTimeHelpers {
static function heskDate($heskSettings, $dt = '', $isStr = true, $return_str = true) {
if (!$dt) {
$dt = time();
} elseif ($isStr) {
$dt = strtotime($dt);
}
// Return formatted date
return $return_str ? date($heskSettings['timeformat'], $dt) : $dt;
}
}

2
api/BusinessLogic/Emails/Addressees.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Emails;
class Addressees {
class Addressees extends \BaseClass {
/**
* @var $to string[]
*/

2
api/BusinessLogic/Emails/BasicEmailSender.php
Unescape Escape View File

@ -7,7 +7,7 @@ use BusinessLogic\Tickets\Attachment;
use BusinessLogic\Tickets\Ticket;
use PHPMailer;
class BasicEmailSender implements EmailSender {
class BasicEmailSender extends \BaseClass implements EmailSender {
function sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $sendAsHtml) {
$mailer = new PHPMailer();

2
api/BusinessLogic/Emails/EmailBuilder.php
Unescape Escape View File

@ -5,7 +5,7 @@ namespace BusinessLogic\Emails;
use BusinessLogic\Tickets\Attachment;
class EmailBuilder {
class EmailBuilder extends \BaseClass {
/**
* @var $to string[]
*/

6
api/BusinessLogic/Emails/EmailSenderHelper.php
Unescape Escape View File

@ -5,7 +5,7 @@ namespace BusinessLogic\Emails;
use BusinessLogic\Tickets\Ticket;
class EmailSenderHelper {
class EmailSenderHelper extends \BaseClass {
/**
* @var $emailTemplateParser EmailTemplateParser
*/
@ -21,7 +21,9 @@ class EmailSenderHelper {
*/
private $mailgunEmailSender;
function __construct($emailTemplateParser, $basicEmailSender, $mailgunEmailSender) {
function __construct(EmailTemplateParser $emailTemplateParser,
BasicEmailSender $basicEmailSender,
MailgunEmailSender $mailgunEmailSender) {
$this->emailTemplateParser = $emailTemplateParser;
$this->basicEmailSender = $basicEmailSender;
$this->mailgunEmailSender = $mailgunEmailSender;

2
api/BusinessLogic/Emails/EmailTemplate.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Emails;
class EmailTemplate {
class EmailTemplate extends \BaseClass {
/**
* @var $languageKey string
*/

42
api/BusinessLogic/Emails/EmailTemplateParser.php
Unescape Escape View File

@ -3,7 +3,6 @@
namespace BusinessLogic\Emails;
use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Exceptions\EmailTemplateNotFoundException;
use BusinessLogic\Exceptions\InvalidEmailTemplateException;
use BusinessLogic\Statuses\DefaultStatusForAction;
@ -13,7 +12,7 @@ use DataAccess\Categories\CategoryGateway;
use DataAccess\Security\UserGateway;
use DataAccess\Statuses\StatusGateway;
class EmailTemplateParser {
class EmailTemplateParser extends \BaseClass {
/**
* @var $statusGateway StatusGateway
@ -35,7 +34,10 @@ class EmailTemplateParser {
*/
private $emailTemplateRetriever;
function __construct($statusGateway, $categoryGateway, $userGateway, $emailTemplateRetriever) {
function __construct(StatusGateway $statusGateway,
CategoryGateway $categoryGateway,
UserGateway $userGateway,
EmailTemplateRetriever $emailTemplateRetriever) {
$this->statusGateway = $statusGateway;
$this->categoryGateway = $categoryGateway;
$this->userGateway = $userGateway;
@ -50,6 +52,7 @@ class EmailTemplateParser {
* @param $modsForHeskSettings array
* @return ParsedEmailProperties
* @throws InvalidEmailTemplateException
* @throws \Exception
*/
function getFormattedEmailForLanguage($templateId, $languageCode, $ticket, $heskSettings, $modsForHeskSettings) {
global $hesklang;
@ -73,10 +76,10 @@ class EmailTemplateParser {
}
if ($fullLanguageName === null) {
throw new \Exception("Language code {$languageCode} did not return any valid HESK languages!");
throw new \BaseException("Language code {$languageCode} did not return any valid HESK languages!");
}
$subject = $this->parseSubject($subject, $ticket, $fullLanguageName, $heskSettings);
$subject = $this->parseSubject($subject, $ticket, $fullLanguageName, $heskSettings, $modsForHeskSettings);
$message = $this->parseMessage($template, $ticket, $fullLanguageName, $emailTemplate->forStaff, $heskSettings, $modsForHeskSettings, false);
$htmlMessage = $this->parseMessage($htmlTemplate, $ticket, $fullLanguageName, $emailTemplate->forStaff, $heskSettings, $modsForHeskSettings, true);
@ -113,11 +116,11 @@ class EmailTemplateParser {
* @return string
* @throws \Exception if common.inc.php isn't loaded
*/
private function parseSubject($subjectTemplate, $ticket, $language, $heskSettings) {
private function parseSubject($subjectTemplate, $ticket, $language, $heskSettings, $modsForHeskSettings) {
global $hesklang;
if (!function_exists('hesk_msgToPlain')) {
throw new \Exception("common.inc.php not loaded!");
throw new \BaseException("common.inc.php not loaded!");
}
if ($ticket === null) {
@ -127,7 +130,14 @@ class EmailTemplateParser {
// Status name and category name
$defaultStatus = $this->statusGateway->getStatusForDefaultAction(DefaultStatusForAction::NEW_TICKET, $heskSettings);
$statusName = $defaultStatus->localizedNames[$language];
$category = $this->categoryGateway->getAllCategories($heskSettings)[$ticket->categoryId];
$categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
$category = null;
foreach ($categories as $innerCategory) {
if ($innerCategory->id === $ticket->categoryId) {
$category = $innerCategory;
break;
}
}
switch ($ticket->priorityId) {
case Priority::CRITICAL:
@ -169,7 +179,7 @@ class EmailTemplateParser {
global $hesklang;
if (!function_exists('hesk_msgToPlain')) {
throw new \Exception("common.inc.php not loaded!");
throw new \BaseException("common.inc.php not loaded!");
}
if ($ticket === null) {
@ -189,7 +199,17 @@ class EmailTemplateParser {
// Status name and category name
$defaultStatus = $this->statusGateway->getStatusForDefaultAction(DefaultStatusForAction::NEW_TICKET, $heskSettings);
$statusName = hesk_msgToPlain($defaultStatus->localizedNames[$language]);
$category = hesk_msgToPlain($this->categoryGateway->getAllCategories($heskSettings)[$ticket->categoryId]->name);
$categories = $this->categoryGateway->getAllCategories($heskSettings, $modsForHeskSettings);
$category = null;
foreach ($categories as $innerCategory) {
if ($innerCategory->id === $ticket->categoryId) {
$category = $innerCategory;
break;
}
}
$category = hesk_msgToPlain($category->name);
$owner = $this->userGateway->getUserById($ticket->ownerId, $heskSettings);
$ownerName = $owner === null ? $hesklang['unas'] : hesk_msgToPlain($owner->name);
@ -223,7 +243,7 @@ class EmailTemplateParser {
$msg = str_replace('%%PRIORITY%%', $priority, $msg);
$msg = str_replace('%%OWNER%%', $ownerName, $msg);
$msg = str_replace('%%STATUS%%', $statusName, $msg);
$msg = str_replace('%%EMAIL%%', implode(';',$ticket->email), $msg);
$msg = str_replace('%%EMAIL%%', implode(';', $ticket->email), $msg);
$msg = str_replace('%%CREATED%%', $ticket->dateCreated, $msg);
$msg = str_replace('%%UPDATED%%', $ticket->lastChanged, $msg);
$msg = str_replace('%%ID%%', $ticket->id, $msg);

2
api/BusinessLogic/Emails/EmailTemplateRetriever.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Emails;
class EmailTemplateRetriever {
class EmailTemplateRetriever extends \BaseClass {
/**
* @var $validTemplates EmailTemplate[]
*/

2
api/BusinessLogic/Emails/MailgunEmailSender.php
Unescape Escape View File

@ -7,7 +7,7 @@ use BusinessLogic\Tickets\Attachment;
use BusinessLogic\Tickets\Ticket;
use Mailgun\Mailgun;
class MailgunEmailSender implements EmailSender {
class MailgunEmailSender extends \BaseClass implements EmailSender {
function sendEmail($emailBuilder, $heskSettings, $modsForHeskSettings, $sendAsHtml) {
$mailgunArray = array();

8
api/BusinessLogic/Emails/ParsedEmailProperties.php
Unescape Escape View File

@ -1,15 +1,9 @@
<?php
/**
* Created by PhpStorm.
* User: mkoch
* Date: 2/28/2017
* Time: 9:36 PM
*/
namespace BusinessLogic\Emails;
class ParsedEmailProperties {
class ParsedEmailProperties extends \BaseClass {
function __construct($subject, $message, $htmlMessage) {
$this->subject = $subject;
$this->message = $message;

2
api/BusinessLogic/Exceptions/ApiFriendlyException.php
Unescape Escape View File

@ -5,7 +5,7 @@ namespace BusinessLogic\Exceptions;
use Exception;
class ApiFriendlyException extends Exception {
class ApiFriendlyException extends \BaseException {
public $title;
public $httpResponseCode;

2
api/BusinessLogic/Helpers.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic;
class Helpers {
class Helpers extends \BaseClass {
static function getHeader($key) {
$headers = getallheaders();

2
api/BusinessLogic/Navigation/CustomNavElement.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Navigation;
class CustomNavElement {
class CustomNavElement extends \BaseClass {
/* @var $id int*/
public $id;

4
api/BusinessLogic/Navigation/CustomNavElementHandler.php
Unescape Escape View File

@ -6,11 +6,11 @@ namespace BusinessLogic\Navigation;
use BusinessLogic\Exceptions\ApiFriendlyException;
use DataAccess\Navigation\CustomNavElementGateway;
class CustomNavElementHandler {
class CustomNavElementHandler extends \BaseClass {
/* @var $customNavElementGateway CustomNavElementGateway */
private $customNavElementGateway;
function __construct($customNavElementGateway) {
function __construct(CustomNavElementGateway $customNavElementGateway) {
$this->customNavElementGateway = $customNavElementGateway;
}

2
api/BusinessLogic/Navigation/CustomNavElementPlace.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Navigation;
class CustomNavElementPlace {
class CustomNavElementPlace extends \BaseClass {
const HOMEPAGE_BLOCK = 1;
const CUSTOMER_NAVIGATION = 2;
const ADMIN_NAVIGATION = 3;

2
api/BusinessLogic/Navigation/Direction.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Navigation;
class Direction {
class Direction extends \BaseClass {
const UP = 'up';
const DOWN = 'down';
}

4
api/BusinessLogic/Security/BanRetriever.php
Unescape Escape View File

@ -5,13 +5,13 @@ namespace BusinessLogic\Security;
use DataAccess\Security\BanGateway;
class BanRetriever {
class BanRetriever extends \BaseClass {
/**
* @var BanGateway
*/
private $banGateway;
function __construct($banGateway) {
function __construct(BanGateway $banGateway) {
$this->banGateway = $banGateway;
}

2
api/BusinessLogic/Security/BannedEmail.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Security;
class BannedEmail {
class BannedEmail extends \BaseClass {
/**
* @var int
*/

2
api/BusinessLogic/Security/BannedIp.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Security;
class BannedIp {
class BannedIp extends \BaseClass {
/**
* @var int
*/

23
api/BusinessLogic/Security/PermissionChecker.php
Unescape Escape View File

@ -0,0 +1,23 @@
<?php
namespace BusinessLogic\Security;
class PermissionChecker extends \BaseClass {
/**
* @param $userContext UserContext
* @param $permission string
* @return bool
*/
function doesUserHavePermission($userContext, $permission) {
if ($userContext->admin) {
return true;
}
if (in_array($permission, $userContext->permissions)) {
return true;
}
return false;
}
}

17
api/BusinessLogic/Security/UserContext.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Security;
class UserContext {
class UserContext extends \BaseClass {
/* @var $id int */
public $id;
@ -55,6 +55,21 @@ class UserContext {
/* @var $active bool */
public $active;
static function buildAnonymousUser() {
$userContext = new UserContext();
$userContext->id = -1;
$userContext->username = "API - ANONYMOUS USER"; // Usernames can't have spaces, so no one will take this username
$userContext->admin = false;
$userContext->name = "ANONYMOUS USER";
$userContext->email = "anonymous-user@example.com";
$userContext->categories = array();
$userContext->permissions = array();
$userContext->autoAssign = false;
$userContext->active = true;
return $userContext;
}
/**
* Builds a user context based on the current session. **The session must be active!**
* @param $dataRow array the $_SESSION superglobal or the hesk_users result set

4
api/BusinessLogic/Security/UserContextBuilder.php
Unescape Escape View File

@ -8,13 +8,13 @@ use BusinessLogic\Exceptions\MissingAuthenticationTokenException;
use BusinessLogic\Helpers;
use DataAccess\Security\UserGateway;
class UserContextBuilder {
class UserContextBuilder extends \BaseClass {
/**
* @var UserGateway
*/
private $userGateway;
function __construct($userGateway) {
function __construct(UserGateway $userGateway) {
$this->userGateway = $userGateway;
}

2
api/BusinessLogic/Security/UserContextNotifications.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Security;
class UserContextNotifications {
class UserContextNotifications extends \BaseClass {
public $newUnassigned;
public $newAssignedToMe;
public $replyUnassigned;

2
api/BusinessLogic/Security/UserContextPreferences.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Security;
class UserContextPreferences {
class UserContextPreferences extends \BaseClass {
public $afterReply;
public $autoStartTimeWorked;
public $autoreload;

3
api/BusinessLogic/Security/UserPrivilege.php
Unescape Escape View File

@ -9,9 +9,10 @@
namespace BusinessLogic\Security;
class UserPrivilege {
class UserPrivilege extends \BaseClass {
const CAN_VIEW_TICKETS = 'can_view_tickets';
const CAN_REPLY_TO_TICKETS = 'can_reply_tickets';
const CAN_EDIT_TICKETS = 'can_edit_tickets';
const CAN_DELETE_TICKETS = 'can_del_tickets';
const CAN_MANAGE_CATEGORIES = 'can_man_cat';
}

6
api/BusinessLogic/Security/UserToTicketChecker.php
Unescape Escape View File

@ -6,11 +6,11 @@ namespace BusinessLogic\Security;
use BusinessLogic\Tickets\Ticket;
use DataAccess\Security\UserGateway;
class UserToTicketChecker {
class UserToTicketChecker extends \BaseClass {
/* @var $userGateway UserGateway */
private $userGateway;
function __construct($userGateway) {
function __construct(UserGateway $userGateway) {
$this->userGateway = $userGateway;
}
@ -32,7 +32,7 @@ class UserToTicketChecker {
}
$categoryManagerId = $this->userGateway->getManagerForCategory($ticket->categoryId, $heskSettings);
if ($user->id === $categoryManagerId) {
return true;
}

4
api/BusinessLogic/Settings/ApiChecker.php
Unescape Escape View File

@ -5,11 +5,11 @@ namespace BusinessLogic\Settings;
use DataAccess\Settings\ModsForHeskSettingsGateway;
class ApiChecker {
class ApiChecker extends \BaseClass {
/* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
private $modsForHeskSettingsGateway;
function __construct($modsForHeskSettingsGateway) {
function __construct(ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
$this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
}

4
api/BusinessLogic/Settings/SettingsRetriever.php
Unescape Escape View File

@ -5,11 +5,11 @@ namespace BusinessLogic\Settings;
// TODO Test!
use DataAccess\Settings\ModsForHeskSettingsGateway;
class SettingsRetriever {
class SettingsRetriever extends \BaseClass {
/* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
private $modsForHeskSettingsGateway;
function __construct($modsForHeskSettingsGateway) {
function __construct(ModsForHeskSettingsGateway $modsForHeskSettingsGateway) {
$this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
}

2
api/BusinessLogic/Statuses/Closable.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Statuses;
class Closable {
class Closable extends \BaseClass {
const YES = "yes";
const STAFF_ONLY = "sonly";
const CUSTOMERS_ONLY = "conly";

2
api/BusinessLogic/Statuses/DefaultStatusForAction.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Statuses;
class DefaultStatusForAction {
class DefaultStatusForAction extends \BaseClass {
const NEW_TICKET = "IsNewTicketStatus";
const CLOSED_STATUS = "IsClosed";
const CLOSED_BY_CLIENT = "IsClosedByClient";

2
api/BusinessLogic/Statuses/Status.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Statuses;
class Status {
class Status extends \BaseClass {
static function fromDatabase($row, $languageRs) {
$status = new Status();
$status->id = intval($row['ID']);

4
api/BusinessLogic/Statuses/StatusRetriever.php
Unescape Escape View File

@ -6,11 +6,11 @@ namespace BusinessLogic\Statuses;
use DataAccess\Statuses\StatusGateway;
// TODO Test!
class StatusRetriever {
class StatusRetriever extends \BaseClass {
/* @var $statusGateway StatusGateway */
private $statusGateway;
function __construct($statusGateway) {
function __construct(StatusGateway $statusGateway) {
$this->statusGateway = $statusGateway;
}

2
api/BusinessLogic/Tickets/Attachment.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Tickets;
class Attachment {
class Attachment extends \BaseClass {
/**
* @var int
*/

24
api/BusinessLogic/Tickets/AuditTrail.php
Unescape Escape View File

@ -0,0 +1,24 @@
<?php
namespace BusinessLogic\Tickets;
class AuditTrail extends \BaseClass {
/* @var $id int */
public $id;
/* @var $entityId int */
public $entityId;
/* @var $entityType string */
public $entityType;
/* @var $languageKey string */
public $languageKey;
/* @var $date string */
public $date;
/* @var $replacementValues string[] */
public $replacementValues;
}

8
api/BusinessLogic/Tickets/AuditTrailEntityType.php
Unescape Escape View File

@ -0,0 +1,8 @@
<?php
namespace BusinessLogic\Tickets;
class AuditTrailEntityType extends \BaseClass {
const TICKET = 'TICKET';
}

5
api/BusinessLogic/Tickets/Autoassigner.php
Unescape Escape View File

@ -8,14 +8,15 @@ use BusinessLogic\Security\UserPrivilege;
use DataAccess\Categories\CategoryGateway;
use DataAccess\Security\UserGateway;
class Autoassigner {
class Autoassigner extends \BaseClass {
/* @var $categoryGateway CategoryGateway */
private $categoryGateway;
/* @var $userGateway UserGateway */
private $userGateway;
function __construct($categoryGateway, $userGateway) {
function __construct(CategoryGateway $categoryGateway,
UserGateway $userGateway) {
$this->categoryGateway = $categoryGateway;
$this->userGateway = $userGateway;
}

2
api/BusinessLogic/Tickets/CreateTicketByCustomerModel.php
Unescape Escape View File

@ -2,7 +2,7 @@
namespace BusinessLogic\Tickets;
class CreateTicketByCustomerModel {
class CreateTicketByCustomerModel extends \BaseClass {
/**
* @var string
*/

2
api/BusinessLogic/Tickets/CreatedTicketModel.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Tickets;
class CreatedTicketModel {
class CreatedTicketModel extends \BaseClass {
/* @var $ticket Ticket */
public $ticket;

2
api/BusinessLogic/Tickets/CustomFields/CustomFieldValidator.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Tickets\CustomFields;
class CustomFieldValidator {
class CustomFieldValidator extends \BaseClass {
static function isCustomFieldInCategory($customFieldId, $categoryId, $staff, $heskSettings) {
$customField = $heskSettings['custom_fields']["custom{$customFieldId}"];

2
api/BusinessLogic/Tickets/EditTicketModel.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Tickets;
class EditTicketModel {
class EditTicketModel extends \BaseClass {
/* @var $id int */
public $id;

4
api/BusinessLogic/Tickets/Exceptions/UnableToGenerateTrackingIdException.php
Unescape Escape View File

@ -3,9 +3,7 @@
namespace BusinessLogic\Tickets\Exceptions;
use Exception;
class UnableToGenerateTrackingIdException extends Exception {
class UnableToGenerateTrackingIdException extends \BaseException {
public function __construct() {
parent::__construct("Error generating a unique ticket ID.");
}

6
api/BusinessLogic/Tickets/NewTicketValidator.php
Unescape Escape View File

@ -10,7 +10,7 @@ use BusinessLogic\ValidationModel;
use BusinessLogic\Validators;
use Core\Constants\CustomField;
class NewTicketValidator {
class NewTicketValidator extends \BaseClass {
/**
* @var $categoryRetriever CategoryRetriever
*/
@ -24,7 +24,9 @@ class NewTicketValidator {
*/
private $ticketValidators;
function __construct($categoryRetriever, $banRetriever, $ticketValidators) {
function __construct(CategoryRetriever $categoryRetriever,
BanRetriever $banRetriever,
TicketValidators $ticketValidators) {
$this->categoryRetriever = $categoryRetriever;
$this->banRetriever = $banRetriever;
$this->ticketValidators = $ticketValidators;

2
api/BusinessLogic/Tickets/Reply.php
Unescape Escape View File

@ -9,7 +9,7 @@
namespace BusinessLogic\Tickets;
class Reply {
class Reply extends \BaseClass {
/**
* @var $id int
*/

12
api/BusinessLogic/Tickets/Ticket.php
Unescape Escape View File

@ -3,8 +3,8 @@
namespace BusinessLogic\Tickets;
class Ticket {
static function fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $heskSettings) {
class Ticket extends \BaseClass {
static function fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $auditRecords, $heskSettings) {
$ticket = new Ticket();
$ticket->id = intval($row['id']);
$ticket->trackingId = $row['trackid'];
@ -143,6 +143,7 @@ class Ticket {
$replies[$reply->id] = $reply;
}
$ticket->replies = $replies;
$ticket->auditTrail = $auditRecords;
return $ticket;
}
@ -163,7 +164,7 @@ class Ticket {
public $name;
/**
* @var array|null
* @var string[]|null
*/
public $email;
@ -309,6 +310,11 @@ class Ticket {
*/
public $auditTrailHtml;
/**
* @var AuditTrail
*/
public $auditTrail;
/**
* @var string[]
*/

31
api/BusinessLogic/Tickets/TicketCreator.php
Unescape Escape View File

@ -2,17 +2,19 @@
namespace BusinessLogic\Tickets;
use BusinessLogic\DateTimeHelpers;
use BusinessLogic\Emails\Addressees;
use BusinessLogic\Emails\EmailSenderHelper;
use BusinessLogic\Emails\EmailTemplateRetriever;
use BusinessLogic\Exceptions\ValidationException;
use BusinessLogic\Statuses\DefaultStatusForAction;
use DataAccess\AuditTrail\AuditTrailGateway;
use DataAccess\Security\UserGateway;
use DataAccess\Settings\ModsForHeskSettingsGateway;
use DataAccess\Statuses\StatusGateway;
use DataAccess\Tickets\TicketGateway;
class TicketCreator {
class TicketCreator extends \BaseClass {
/**
* @var $newTicketValidator NewTicketValidator
*/
@ -56,8 +58,19 @@ class TicketCreator {
/* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
private $modsForHeskSettingsGateway;
function __construct($newTicketValidator, $trackingIdGenerator, $autoassigner, $statusGateway, $ticketGateway,
$verifiedEmailChecker, $emailSenderHelper, $userGateway, $modsForHeskSettingsGateway) {
/* @var $auditTrailGateway AuditTrailGateway */
private $auditTrailGateway;
function __construct(NewTicketValidator $newTicketValidator,
TrackingIdGenerator $trackingIdGenerator,
Autoassigner $autoassigner,
StatusGateway $statusGateway,
TicketGateway $ticketGateway,
VerifiedEmailChecker $verifiedEmailChecker,
EmailSenderHelper $emailSenderHelper,
UserGateway $userGateway,
ModsForHeskSettingsGateway $modsForHeskSettingsGateway,
AuditTrailGateway $auditTrailGateway) {
$this->newTicketValidator = $newTicketValidator;
$this->trackingIdGenerator = $trackingIdGenerator;
$this->autoassigner = $autoassigner;
@ -67,6 +80,7 @@ class TicketCreator {
$this->emailSenderHelper = $emailSenderHelper;
$this->userGateway = $userGateway;
$this->modsForHeskSettingsGateway = $modsForHeskSettingsGateway;
$this->auditTrailGateway = $auditTrailGateway;
}
/**
@ -106,7 +120,7 @@ class TicketCreator {
// Transform one-to-one properties
$ticket->name = $ticketRequest->name;
$ticket->email = $ticketRequest->email;
$ticket->email = $this->getAddressees($ticketRequest->email);
$ticket->priorityId = $ticketRequest->priority;
$ticket->categoryId = $ticketRequest->category;
$ticket->subject = $ticketRequest->subject;
@ -123,7 +137,7 @@ class TicketCreator {
$status = $this->statusGateway->getStatusForDefaultAction(DefaultStatusForAction::NEW_TICKET, $heskSettings);
if ($status === null) {
throw new \Exception("Could not find the default status for a new ticket!");
throw new \BaseException("Could not find the default status for a new ticket!");
}
$ticket->statusId = $status->id;
@ -140,8 +154,13 @@ class TicketCreator {
$ticket->timeWorked = '00:00:00';
$ticket->lastReplier = 0;
$this->auditTrailGateway->insertAuditTrailRecord($ticket->id, AuditTrailEntityType::TICKET,
'audit_created', DateTimeHelpers::heskDate($heskSettings), array(
0 => $ticket->name
), $heskSettings);
$addressees = new Addressees();
$addressees->to = $this->getAddressees($ticket->email);
$addressees->to = $ticket->email;
if ($ticketRequest->sendEmailToCustomer && $emailVerified) {
$this->emailSenderHelper->sendEmailForTicket(EmailTemplateRetriever::NEW_TICKET, $ticketRequest->language, $addressees, $ticket, $heskSettings, $modsForHeskSettings);

6
api/BusinessLogic/Tickets/TicketDeleter.php
Unescape Escape View File

@ -10,7 +10,7 @@ use BusinessLogic\Security\UserPrivilege;
use BusinessLogic\Security\UserToTicketChecker;
use DataAccess\Tickets\TicketGateway;
class TicketDeleter {
class TicketDeleter extends \BaseClass {
/* @var $ticketGateway TicketGateway */
private $ticketGateway;
@ -20,7 +20,9 @@ class TicketDeleter {
/* @var $attachmentHandler AttachmentHandler */
private $attachmentHandler;
function __construct($ticketGateway, $userToTicketChecker, $attachmentHandler) {
function __construct(TicketGateway $ticketGateway,
UserToTicketChecker $userToTicketChecker,
AttachmentHandler $attachmentHandler) {
$this->ticketGateway = $ticketGateway;
$this->userToTicketChecker = $userToTicketChecker;
$this->attachmentHandler = $attachmentHandler;

5
api/BusinessLogic/Tickets/TicketEditor.php
Unescape Escape View File

@ -15,14 +15,15 @@ use BusinessLogic\Validators;
use Core\Constants\CustomField;
use DataAccess\Tickets\TicketGateway;
class TicketEditor {
class TicketEditor extends \BaseClass {
/* @var $ticketGateway TicketGateway */
private $ticketGateway;
/* @var $userToTicketChecker UserToTicketChecker */
private $userToTicketChecker;
function __construct($ticketGateway, $userToTicketChecker) {
function __construct(TicketGateway $ticketGateway,
UserToTicketChecker $userToTicketChecker) {
$this->ticketGateway = $ticketGateway;
$this->userToTicketChecker = $userToTicketChecker;
}

2
api/BusinessLogic/Tickets/TicketGatewayGeneratedFields.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic\Tickets;
class TicketGatewayGeneratedFields {
class TicketGatewayGeneratedFields extends \BaseClass {
public $id;
public $dateCreated;
public $dateModified;

5
api/BusinessLogic/Tickets/TicketRetriever.php
Unescape Escape View File

@ -10,7 +10,7 @@ use BusinessLogic\Security\UserToTicketChecker;
use BusinessLogic\ValidationModel;
use DataAccess\Tickets\TicketGateway;
class TicketRetriever {
class TicketRetriever extends \BaseClass {
/**
* @var $ticketGateway TicketGateway
*/
@ -19,7 +19,8 @@ class TicketRetriever {
/* @var $userToTicketChecker UserToTicketChecker */
private $userToTicketChecker;
function __construct($ticketGateway, $userToTicketChecker) {
function __construct(TicketGateway $ticketGateway,
UserToTicketChecker $userToTicketChecker) {
$this->ticketGateway = $ticketGateway;
$this->userToTicketChecker = $userToTicketChecker;
}

4
api/BusinessLogic/Tickets/TicketValidators.php
Unescape Escape View File

@ -4,13 +4,13 @@ namespace BusinessLogic\Tickets;
use DataAccess\Tickets\TicketGateway;
class TicketValidators {
class TicketValidators extends \BaseClass {
/**
* @var $ticketGateway TicketGateway
*/
private $ticketGateway;
function __construct($ticketGateway) {
function __construct(TicketGateway $ticketGateway) {
$this->ticketGateway = $ticketGateway;
}

4
api/BusinessLogic/Tickets/TrackingIdGenerator.php
Unescape Escape View File

@ -6,13 +6,13 @@ namespace BusinessLogic\Tickets;
use BusinessLogic\Tickets\Exceptions\UnableToGenerateTrackingIdException;
use DataAccess\Tickets\TicketGateway;
class TrackingIdGenerator {
class TrackingIdGenerator extends \BaseClass {
/**
* @var $ticketGateway TicketGateway
*/
private $ticketGateway;
function __construct($ticketGateway) {
function __construct(TicketGateway $ticketGateway) {
$this->ticketGateway = $ticketGateway;
}

4
api/BusinessLogic/Tickets/VerifiedEmailChecker.php
Unescape Escape View File

@ -11,13 +11,13 @@ namespace BusinessLogic\Tickets;
use DataAccess\Tickets\VerifiedEmailGateway;
class VerifiedEmailChecker {
class VerifiedEmailChecker extends \BaseClass {
/**
* @var $verifiedEmailGateway VerifiedEmailGateway
*/
private $verifiedEmailGateway;
function __construct($verifiedEmailGateway) {
function __construct(VerifiedEmailGateway $verifiedEmailGateway) {
$this->verifiedEmailGateway = $verifiedEmailGateway;
}

4
api/BusinessLogic/ValidationModel.php
Unescape Escape View File

@ -2,13 +2,13 @@
namespace BusinessLogic;
class ValidationModel {
class ValidationModel extends \BaseClass {
/**
* @var array
*/
public $errorKeys;
function __construct() {
$this->errorKeys = [];
$this->errorKeys = array();
}
}

2
api/BusinessLogic/Validators.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace BusinessLogic;
class Validators {
class Validators extends \BaseClass {
/**
* @param string $address - the email address
* @param array $multiple_emails - true if HESK (or custom field) supports multiple emails

4
api/Controllers/Attachments/PublicAttachmentController.php
Unescape Escape View File

@ -7,14 +7,14 @@ use BusinessLogic\Attachments\Attachment;
use BusinessLogic\Attachments\AttachmentRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;
class PublicAttachmentController {
class PublicAttachmentController extends \BaseClass {
static function getRaw($trackingId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;
self::verifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
$attachmentRetriever = $applicationContext->get(AttachmentRetriever::clazz());
$attachment = $attachmentRetriever->getAttachmentContentsForTrackingId($trackingId, $attachmentId, $userContext, $hesk_settings);

8
api/Controllers/Attachments/StaffTicketAttachmentsController.php
Unescape Escape View File

@ -11,14 +11,14 @@ use BusinessLogic\Helpers;
use BusinessLogic\Security\UserToTicketChecker;
use Controllers\JsonRetriever;
class StaffTicketAttachmentsController {
class StaffTicketAttachmentsController extends \BaseClass {
function get($ticketId, $attachmentId) {
global $hesk_settings, $applicationContext, $userContext;
$this->verifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentRetriever AttachmentRetriever */
$attachmentRetriever = $applicationContext->get[AttachmentRetriever::class];
$attachmentRetriever = $applicationContext->get(AttachmentRetriever::clazz());
$contents = $attachmentRetriever->getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $hesk_settings);
@ -37,7 +37,7 @@ class StaffTicketAttachmentsController {
$this->verifyAttachmentsAreEnabled($hesk_settings);
/* @var $attachmentHandler AttachmentHandler */
$attachmentHandler = $applicationContext->get[AttachmentHandler::class];
$attachmentHandler = $applicationContext->get(AttachmentHandler::clazz());
$createAttachmentForTicketModel = $this->createModel(JsonRetriever::getJsonData(), $ticketId);
@ -61,7 +61,7 @@ class StaffTicketAttachmentsController {
global $applicationContext, $hesk_settings, $userContext;
/* @var $attachmentHandler AttachmentHandler */
$attachmentHandler = $applicationContext->get[AttachmentHandler::class];
$attachmentHandler = $applicationContext->get(AttachmentHandler::clazz());
$attachmentHandler->deleteAttachmentFromTicket($ticketId, $attachmentId, $userContext, $hesk_settings);

89
api/Controllers/Categories/CategoryController.php
Unescape Escape View File

@ -2,18 +2,24 @@
namespace Controllers\Categories;
use BusinessLogic\Categories\Category;
use BusinessLogic\Categories\CategoryHandler;
use BusinessLogic\Categories\CategoryRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Helpers;
use Controllers\JsonRetriever;
class CategoryController {
class CategoryController extends \BaseClass {
function get($id) {
$categories = self::getAllCategories();
if (!isset($categories[$id])) {
throw new ApiFriendlyException("Category {$id} not found!", "Category Not Found", 404);
foreach ($categories as $category) {
if ($category->id === $id) {
return output($category);
}
}
output($categories[$id]);
throw new ApiFriendlyException("Category {$id} not found!", "Category Not Found", 404);
}
static function printAllCategories() {
@ -24,8 +30,81 @@ class CategoryController {
global $hesk_settings, $applicationContext, $userContext;
/* @var $categoryRetriever CategoryRetriever */
$categoryRetriever = $applicationContext->get[CategoryRetriever::class];
$categoryRetriever = $applicationContext->get(CategoryRetriever::clazz());
return $categoryRetriever->getAllCategories($hesk_settings, $userContext);
}
function post() {
global $hesk_settings, $userContext, $applicationContext;
$data = JsonRetriever::getJsonData();
$category = $this->buildCategoryFromJson($data);
/* @var $categoryHandler CategoryHandler */
$categoryHandler = $applicationContext->get(CategoryHandler::clazz());
$category = $categoryHandler->createCategory($category, $userContext, $hesk_settings);
return output($category, 201);
}
/**
* @param $json
* @return Category
*/
private function buildCategoryFromJson($json) {
$category = new Category();
$category->autoAssign = Helpers::safeArrayGet($json, 'autoassign');
$category->backgroundColor = Helpers::safeArrayGet($json, 'backgroundColor');
$category->catOrder = Helpers::safeArrayGet($json, 'catOrder');
$category->description = Helpers::safeArrayGet($json, 'description');
$category->displayBorder = Helpers::safeArrayGet($json, 'displayBorder');
$category->foregroundColor = Helpers::safeArrayGet($json, 'foregroundColor');
$category->manager = Helpers::safeArrayGet($json, 'manager');
$category->name = Helpers::safeArrayGet($json, 'name');
$category->priority = Helpers::safeArrayGet($json, 'priority');
$category->type = Helpers::safeArrayGet($json, 'type');
$category->usage = Helpers::safeArrayGet($json, 'usage');
return $category;
}
function put($id) {
global $hesk_settings, $userContext, $applicationContext;
$data = JsonRetriever::getJsonData();
$category = $this->buildCategoryFromJson($data);
$category->id = intval($id);
/* @var $categoryHandler CategoryHandler */
$categoryHandler = $applicationContext->get(CategoryHandler::clazz());
$category = $categoryHandler->editCategory($category, $userContext, $hesk_settings);
return output($category);
}
function delete($id) {
global $hesk_settings, $userContext, $applicationContext;
/* @var $categoryHandler CategoryHandler */
$categoryHandler = $applicationContext->get(CategoryHandler::clazz());
$categoryHandler->deleteCategory($id, $userContext, $hesk_settings);
return http_response_code(204);
}
static function sort($id, $direction) {
global $applicationContext, $hesk_settings;
/* @var $handler CategoryHandler */
$handler = $applicationContext->get(CategoryHandler::clazz());
$handler->sortCategory(intval($id), $direction, $hesk_settings);
}
}

2
api/Controllers/InternalApiController.php
Unescape Escape View File

@ -6,7 +6,7 @@ namespace Controllers;
use BusinessLogic\Exceptions\InternalUseOnlyException;
use BusinessLogic\Helpers;
abstract class InternalApiController {
abstract class InternalApiController extends \BaseClass {
static function staticCheckForInternalUseOnly() {
$tokenHeader = Helpers::getHeader('X-AUTH-TOKEN');
if ($tokenHeader !== null && trim($tokenHeader) !== '') {

2
api/Controllers/JsonRetriever.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace Controllers;
class JsonRetriever {
class JsonRetriever extends \BaseClass {
/**
* Support POST, PUT, and PATCH request (and possibly more)
*

13
api/Controllers/Navigation/CustomNavElementController.php
Unescape Escape View File

@ -3,7 +3,6 @@
namespace Controllers\Navigation;
use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Helpers;
use BusinessLogic\Navigation\CustomNavElement;
use BusinessLogic\Navigation\CustomNavElementHandler;
@ -17,7 +16,7 @@ class CustomNavElementController extends InternalApiController {
self::staticCheckForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
output($handler->getAllCustomNavElements($hesk_settings));
}
@ -28,7 +27,7 @@ class CustomNavElementController extends InternalApiController {
self::staticCheckForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
$handler->sortCustomNavElement(intval($id), $direction, $hesk_settings);
}
@ -39,7 +38,7 @@ class CustomNavElementController extends InternalApiController {
$this->checkForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
output($handler->getCustomNavElement($id, $hesk_settings));
}
@ -50,7 +49,7 @@ class CustomNavElementController extends InternalApiController {
$this->checkForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
$data = JsonRetriever::getJsonData();
$element = $handler->createCustomNavElement($this->buildElementModel($data), $hesk_settings);
@ -64,7 +63,7 @@ class CustomNavElementController extends InternalApiController {
$this->checkForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
$data = JsonRetriever::getJsonData();
$handler->saveCustomNavElement($this->buildElementModel($data, $id), $hesk_settings);
@ -78,7 +77,7 @@ class CustomNavElementController extends InternalApiController {
$this->checkForInternalUseOnly();
/* @var $handler CustomNavElementHandler */
$handler = $applicationContext->get[CustomNavElementHandler::class];
$handler = $applicationContext->get(CustomNavElementHandler::clazz());
$handler->deleteCustomNavElement($id, $hesk_settings);

8
api/Controllers/Settings/SettingsController.php
Unescape Escape View File

@ -5,13 +5,13 @@ namespace Controllers\Settings;
use BusinessLogic\Settings\SettingsRetriever;
class SettingsController {
class SettingsController extends \BaseClass {
function get() {
global $applicationContext, $hesk_settings, $modsForHesk_settings;
global $applicationContext, $hesk_settings;
/* @var $settingsRetriever SettingsRetriever */
$settingsRetriever = $applicationContext->get[SettingsRetriever::class];
$settingsRetriever = $applicationContext->get(SettingsRetriever::clazz());
output($settingsRetriever->getAllSettings($hesk_settings, $modsForHesk_settings));
output($settingsRetriever->getAllSettings($hesk_settings));
}
}

4
api/Controllers/Statuses/StatusController.php
Unescape Escape View File

@ -5,12 +5,12 @@ namespace Controllers\Statuses;
use BusinessLogic\Statuses\StatusRetriever;
class StatusController {
class StatusController extends \BaseClass {
function get() {
global $applicationContext, $hesk_settings;
/* @var $statusRetriever StatusRetriever */
$statusRetriever = $applicationContext->get[StatusRetriever::class];
$statusRetriever = $applicationContext->get(StatusRetriever::clazz());
output($statusRetriever->getAllStatuses($hesk_settings));
}

2
api/Controllers/System/HeskVersionController.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace Controllers\System;
class HeskVersionController {
class HeskVersionController extends \BaseClass {
static function getHeskVersion() {
global $hesk_settings;

6
api/Controllers/Tickets/CustomerTicketController.php
Unescape Escape View File

@ -10,7 +10,7 @@ use BusinessLogic\ValidationModel;
use Controllers\JsonRetriever;
class CustomerTicketController {
class CustomerTicketController extends \BaseClass {
function get() {
global $applicationContext, $hesk_settings;
@ -18,7 +18,7 @@ class CustomerTicketController {
$emailAddress = isset($_GET['email']) ? $_GET['email'] : null;
/* @var $ticketRetriever TicketRetriever */
$ticketRetriever = $applicationContext->get[TicketRetriever::class];
$ticketRetriever = $applicationContext->get(TicketRetriever::clazz());
output($ticketRetriever->getTicketByTrackingIdAndEmail($trackingId, $emailAddress, $hesk_settings));
}
@ -27,7 +27,7 @@ class CustomerTicketController {
global $applicationContext, $hesk_settings, $userContext;
/* @var $ticketCreator TicketCreator */
$ticketCreator = $applicationContext->get[TicketCreator::class];
$ticketCreator = $applicationContext->get(TicketCreator::clazz());
$jsonRequest = JsonRetriever::getJsonData();

6
api/Controllers/Tickets/ResendTicketEmailToCustomerController.php
Unescape Escape View File

@ -19,15 +19,15 @@ class ResendTicketEmailToCustomerController extends InternalApiController {
$this->checkForInternalUseOnly();
/* @var $ticketRetriever TicketRetriever */
$ticketRetriever = $applicationContext->get[TicketRetriever::class];
$ticketRetriever = $applicationContext->get(TicketRetriever::clazz());
$ticket = $ticketRetriever->getTicketById($ticketId, $hesk_settings, $userContext);
/* @var $modsForHeskSettingsGateway ModsForHeskSettingsGateway */
$modsForHeskSettingsGateway = $applicationContext->get[ModsForHeskSettingsGateway::class];
$modsForHeskSettingsGateway = $applicationContext->get(ModsForHeskSettingsGateway::clazz());
$modsForHeskSettings = $modsForHeskSettingsGateway->getAllSettings($hesk_settings);
/* @var $emailSender EmailSenderHelper */
$emailSender = $applicationContext->get[EmailSenderHelper::class];
$emailSender = $applicationContext->get(EmailSenderHelper::clazz());
$language = $ticket->language;

8
api/Controllers/Tickets/StaffTicketController.php
Unescape Escape View File

@ -10,12 +10,12 @@ use BusinessLogic\Tickets\TicketEditor;
use BusinessLogic\Tickets\TicketRetriever;
use Controllers\JsonRetriever;
class StaffTicketController {
class StaffTicketController extends \BaseClass {
function get($id) {
global $applicationContext, $userContext, $hesk_settings;
/* @var $ticketRetriever TicketRetriever */
$ticketRetriever = $applicationContext->get[TicketRetriever::class];
$ticketRetriever = $applicationContext->get(TicketRetriever::clazz());
output($ticketRetriever->getTicketById($id, $hesk_settings, $userContext));
}
@ -24,7 +24,7 @@ class StaffTicketController {
global $applicationContext, $userContext, $hesk_settings;
/* @var $ticketDeleter TicketDeleter */
$ticketDeleter = $applicationContext->get[TicketDeleter::class];
$ticketDeleter = $applicationContext->get(TicketDeleter::clazz());
$ticketDeleter->deleteTicket($id, $userContext, $hesk_settings);
@ -35,7 +35,7 @@ class StaffTicketController {
global $applicationContext, $userContext, $hesk_settings;
/* @var $ticketEditor TicketEditor */
$ticketEditor = $applicationContext->get[TicketEditor::class];
$ticketEditor = $applicationContext->get(TicketEditor::clazz());
$jsonRequest = JsonRetriever::getJsonData();

2
api/Core/Constants/CustomField.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace Core\Constants;
class CustomField {
class CustomField extends \BaseClass {
const RADIO = 'radio';
const SELECT = 'select';
const CHECKBOX = 'checkbox';

2
api/Core/Constants/Priority.php
Unescape Escape View File

@ -3,7 +3,7 @@
namespace Core\Constants;
class Priority {
class Priority extends \BaseClass {
const CRITICAL = 0;
const HIGH = 1;
const MEDIUM = 2;

4
api/Core/Exceptions/SQLException.php
Unescape Escape View File

@ -2,9 +2,7 @@
namespace Core\Exceptions;
use Exception;
class SQLException extends Exception {
class SQLException extends \BaseException {
/**
* @var $failingQuery string
*/

28
api/DataAccess/AuditTrail/AuditTrailGateway.php
Unescape Escape View File

@ -0,0 +1,28 @@
<?php
namespace DataAccess\AuditTrail;
use DataAccess\CommonDao;
class AuditTrailGateway extends CommonDao {
function insertAuditTrailRecord($entityId, $entityType, $languageKey, $date, $replacementValues, $heskSettings) {
$this->init();
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail` (`entity_id`, `entity_type`,
`language_key`, `date`) VALUES (" . intval($entityId) . ", '" . hesk_dbEscape($entityType) . "',
'" . hesk_dbEscape($languageKey) . "', '" . hesk_dbEscape($date) . "')");
$auditId = hesk_dbInsertID();
foreach ($replacementValues as $replacementIndex => $replacementValue) {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail_to_replacement_values`
(`audit_trail_id`, `replacement_index`, `replacement_value`) VALUES (" . intval($auditId) . ",
" . intval($replacementIndex) . ", '" . hesk_dbEscape($replacementValue) . "')");
}
$this->close();
return $auditId;
}
}

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save