From cc11a481f5fd9dae851b47ea74256c9ca740cdbf Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Mon, 30 May 2016 15:45:45 -0400
Subject: [PATCH] More calendar fixes

---
 internal-api/dao/calendar_dao.php             | 10 ++--
 .../mods-for-hesk-calendar-admin-readonly.js  | 46 +++++++++++--------
 2 files changed, 34 insertions(+), 22 deletions(-)

diff --git a/internal-api/dao/calendar_dao.php b/internal-api/dao/calendar_dao.php
index 8bf7fda2..c3a14769 100644
--- a/internal-api/dao/calendar_dao.php
+++ b/internal-api/dao/calendar_dao.php
@@ -29,7 +29,7 @@ function get_events($start, $end, $hesk_settings, $staff = true) {
     $events = [];
     while ($row = hesk_dbFetchAssoc($rs)) {
         // Skip the event if the user does not have access to it
-        if (!$_SESSION['isadmin'] && !in_array($row['category'], $_SESSION['categories'])) {
+        if ($staff && !$_SESSION['isadmin'] && !in_array($row['category'], $_SESSION['categories'])) {
             continue;
         }
 
@@ -62,7 +62,8 @@ function get_events($start, $end, $hesk_settings, $staff = true) {
         $hesk_settings['timeformat'] = $old_time_setting;
 
         $sql = "SELECT `trackid`, `subject`, `due_date`, `category`, `categories`.`name` AS `category_name`, `categories`.`color` AS `category_color`,
-          CASE WHEN `due_date` < '{$current_date}' THEN 1 ELSE 0 END AS `overdue`, `owner`.`name` AS `owner_name`, `tickets`.`priority` AS `priority`
+          CASE WHEN `due_date` < '{$current_date}' THEN 1 ELSE 0 END AS `overdue`, `owner`.`name` AS `owner_name`, `tickets`.`owner` AS `owner_id`,
+           `tickets`.`priority` AS `priority`
         FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` AS `tickets`
         INNER JOIN `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` AS `categories`
             ON `categories`.`id` = `tickets`.`category`
@@ -72,12 +73,13 @@ function get_events($start, $end, $hesk_settings, $staff = true) {
         WHERE `due_date` >= FROM_UNIXTIME(" . hesk_dbEscape($start) . " / 1000)
         AND `due_date` <= FROM_UNIXTIME(" . hesk_dbEscape($end) . " / 1000)
         AND `status` IN (SELECT `id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "statuses` WHERE `IsClosed` = 0) ";
-        mfh_log_debug('Calendar', $sql, '');
 
         $rs = hesk_dbQuery($sql);
         while ($row = hesk_dbFetchAssoc($rs)) {
             // Skip the ticket if the user does not have access to it
-            if (!$_SESSION['isadmin'] && !in_array($row['category'], $_SESSION['categories'])) {
+            if (!hesk_checkPermission('can_view_tickets', 0)
+                || ($row['owner_id'] && $row['owner_id'] != $_SESSION['id'] && !hesk_checkPermission('can_view_ass_others', 0))
+                || (!$row['owner_id'] && !hesk_checkPermission('can_view_unassigned', 0))) {
                 continue;
             }
 
diff --git a/js/calendar/mods-for-hesk-calendar-admin-readonly.js b/js/calendar/mods-for-hesk-calendar-admin-readonly.js
index 6d6b3444..7768ee79 100644
--- a/js/calendar/mods-for-hesk-calendar-admin-readonly.js
+++ b/js/calendar/mods-for-hesk-calendar-admin-readonly.js
@@ -30,29 +30,40 @@ $(document).ready(function() {
             });
         },
         eventMouseover: function(event) {
-            if (event.type === 'TICKET') {
-                // Don't build a popover for tickets
-                return;
-            }
-
             var contents = $('.popover-template').html();
             var $contents = $(contents);
 
             var format = 'dddd, MMMM Do YYYY';
             var endDate = event.end == null ? event.start : event.end;
 
-            if (!event.allDay) {
+            if (!event.allDay && event.type !== 'TICKET') {
                 format += ', HH:mm';
             }
 
-            if (event.location === '') {
-                $contents.find('.popover-location').hide();
+            if (event.type === 'TICKET') {
+                contents = $('.ticket-popover-template').html();
+                $contents = $(contents);
+
+                if (event.owner === null) {
+                    $contents.find('.popover-owner').hide();
+                }
+
+                $contents.find('.popover-tracking-id span').text(event.trackingId).end()
+                    .find('.popover-owner span').text(event.owner).end()
+                    .find('.popover-subject span').text(event.subject).end()
+                    .find('.popover-category span').text(event.categoryName).end()
+                    .find('.popover-priority span').text(event.priority);
+            } else {
+                if (event.location === '') {
+                    $contents.find('.popover-location').hide();
+                }
+
+                $contents.find('.popover-category span').text(event.categoryName).end()
+                    .find('.popover-location span').text(event.location).end()
+                    .find('.popover-from span').text(event.start.format(format)).end()
+                    .find('.popover-to span').text(endDate.format(format));
             }
 
-            $contents.find('.popover-category span').text(event.categoryName).end()
-                .find('.popover-location span').text(event.location).end()
-                .find('.popover-from span').text(event.start.format(format)).end()
-                .find('.popover-to span').text(endDate.format(format));
             var $eventMarkup = $(this);
             $eventMarkup.popover({
                 title: event.title,
@@ -63,12 +74,7 @@ $(document).ready(function() {
                 placement: 'auto'
             }).popover('show');
         },
-        eventMouseout: function(event) {
-            if (event.type === 'TICKET') {
-                // There's no popover to destroy
-                return;
-            }
-
+        eventMouseout: function() {
             $(this).popover('destroy');
         }
     });
@@ -80,6 +86,7 @@ function buildEvent(id, dbObject) {
     if (dbObject.type == 'TICKET') {
         return {
             title: dbObject.title,
+            subject: dbObject.subject,
             trackingId: dbObject.trackingId,
             start: moment(dbObject.startTime),
             url: dbObject.url,
@@ -87,7 +94,10 @@ function buildEvent(id, dbObject) {
             allDay: true,
             type: dbObject.type,
             categoryId: dbObject.categoryId,
+            categoryName: dbObject.categoryName,
             className: 'category-' + dbObject.categoryId,
+            owner: dbObject.owner,
+            priority: dbObject.priority,
             textColor: calculateTextColor(dbObject.categoryColor)
         };
     }