From d2096f366eb927770018c346ab89468330009bd0 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Thu, 17 May 2018 00:08:34 -0400
Subject: [PATCH] Changes and fixes'

---
 admin/admin_ticket.php                             |  2 +-
 admin/delete_tickets.php                           |  4 ----
 api/BusinessLogic/Security/UserPrivilege.php       |  1 +
 api/BusinessLogic/Security/UserToTicketChecker.php |  5 +++++
 api/BusinessLogic/Tickets/TicketCreator.php        |  1 +
 api/DataAccess/Tickets/TicketGateway.php           | 11 +++++++++++
 css/mods-for-hesk-new.css                          |  9 +++++++++
 7 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index 008a0c71..c05f1c50 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -1568,7 +1568,7 @@ function hesk_getAdminButtons($category_id)
                     onclick="return hesk_confirmExecute(\''.hesk_makeJsString($hesklang['confirm_anony']).'?\\n\\n'.hesk_makeJsString($hesklang['privacy_anon_info']).'\');"
                     title="'.$hesklang['confirm_anony'].'" class="button-link">
                 <div class="panel panel-default">
-                        <div class="panel-body">
+                        <div class="panel-body warning">
                             <h4>
                                 <i class="fa fa-shield fa-fw"></i> '.$hesklang['btn_anony'].'
                             </h4>
diff --git a/admin/delete_tickets.php b/admin/delete_tickets.php
index 09f1ef30..b2ab8c33 100644
--- a/admin/delete_tickets.php
+++ b/admin/delete_tickets.php
@@ -362,7 +362,6 @@ elseif ($_POST['a']=='export') {
     $sql .= " AND " . hesk_myOwnership();
 
     require_once(HESK_PATH . 'inc/custom_fields.inc.php');
-    require_once(HESK_PATH . 'inc/statuses.inc.php');
     require(HESK_PATH . 'inc/export_functions.inc.php');
 
     list($success_msg, $tickets_exported) = hesk_export_to_XML($sql, true);
@@ -414,9 +413,6 @@ elseif ($_POST['a']=='print') {
     // Load custom fields
     require_once(HESK_PATH . 'inc/custom_fields.inc.php');
 
-    // Load statuses
-    require_once(HESK_PATH . 'inc/statuses.inc.php');
-
 	// List of staff
 	if (!isset($admins)) {
         $admins = array();
diff --git a/api/BusinessLogic/Security/UserPrivilege.php b/api/BusinessLogic/Security/UserPrivilege.php
index 801e1937..5834fabf 100644
--- a/api/BusinessLogic/Security/UserPrivilege.php
+++ b/api/BusinessLogic/Security/UserPrivilege.php
@@ -17,5 +17,6 @@ class UserPrivilege extends \BaseClass {
     const CAN_MANAGE_CATEGORIES = 'can_man_cat';
     const CAN_VIEW_ASSIGNED_TO_OTHER = 'can_view_ass_others';
     const CAN_VIEW_UNASSIGNED = 'can_view_unassigned';
+    const CAN_VIEW_ASSIGNED_BY_ME = 'can_view_ass_by';
     const CAN_MANAGE_SERVICE_MESSAGES = 'can_service_msg';
 }
\ No newline at end of file
diff --git a/api/BusinessLogic/Security/UserToTicketChecker.php b/api/BusinessLogic/Security/UserToTicketChecker.php
index a49ecc55..be688fdb 100644
--- a/api/BusinessLogic/Security/UserToTicketChecker.php
+++ b/api/BusinessLogic/Security/UserToTicketChecker.php
@@ -27,6 +27,11 @@ class UserToTicketChecker extends \BaseClass {
             return true;
         }
 
+        if (in_array(UserPrivilege::CAN_VIEW_ASSIGNED_BY_ME, $user->permissions) &&
+            $ticket->assignedBy === $user->id) {
+            return true;
+        }
+
         if (!in_array($ticket->categoryId, $user->categories)) {
             return false;
         }
diff --git a/api/BusinessLogic/Tickets/TicketCreator.php b/api/BusinessLogic/Tickets/TicketCreator.php
index 871e9fbb..0524f391 100644
--- a/api/BusinessLogic/Tickets/TicketCreator.php
+++ b/api/BusinessLogic/Tickets/TicketCreator.php
@@ -136,6 +136,7 @@ class TicketCreator extends \BaseClass {
         if ($heskSettings['autoassign'] && $category->autoAssign) {
             $autoassignOwner = $this->autoassigner->getNextUserForTicket($ticketRequest->category, $heskSettings);
             $ticket->ownerId = $autoassignOwner === null ? null : $autoassignOwner->id;
+            $ticket->assignedBy = -1;
         }
 
         // Transform one-to-one properties
diff --git a/api/DataAccess/Tickets/TicketGateway.php b/api/DataAccess/Tickets/TicketGateway.php
index 892afebc..e395b708 100644
--- a/api/DataAccess/Tickets/TicketGateway.php
+++ b/api/DataAccess/Tickets/TicketGateway.php
@@ -212,6 +212,15 @@ class TicketGateway extends CommonDao {
         $customWhere = '';
         $customWhat  = '';
 
+        // Need to insert "addigned by" value?
+        if ($ticket->assignedBy !== null) {
+            $abWhere = ', `assignedby` ';
+            $abWhat  = ', ' . intval($ticket->assignedBy);
+        } else {
+            $abWhere = '';
+            $abWhat  = '';
+        }
+
         for ($i=1; $i<=50; $i++)
         {
             $customWhere .= ", `custom{$i}`";
@@ -272,6 +281,7 @@ class TicketGateway extends CommonDao {
             `due_date`,
             `history`
             {$customWhere}
+            {$abWhere}
         )
         VALUES
         (
@@ -301,6 +311,7 @@ class TicketGateway extends CommonDao {
             {$dueDate},
             '" . hesk_dbEscape($ticket->auditTrailHtml) . "'
             {$customWhat}
+            {$abWhat}
         )
         ";
 
diff --git a/css/mods-for-hesk-new.css b/css/mods-for-hesk-new.css
index ed40746d..a62369c5 100644
--- a/css/mods-for-hesk-new.css
+++ b/css/mods-for-hesk-new.css
@@ -242,6 +242,15 @@ button.dropdown-submit {
     background-color: #ffcccc;
 }
 
+.button-link .warning {
+    background-color: #fcf8e3;
+    color: #8a6d3b;
+ }
+
+ .button-link .warning:hover {
+    background-color: #faf2cc;
+ }
+
 .timeline-header {
     background: #ddd;
     border-left: solid 1px #ddd;