From f4fc8ecf43ce6d2130846a4bbbefdf22039744e2 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Fri, 5 Jun 2015 19:03:52 -0400
Subject: [PATCH] #208 Manager should have all ticket-related privileges

---
 admin/admin_ticket.php | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/admin/admin_ticket.php b/admin/admin_ticket.php
index 4bf2e0be..c9b89f35 100644
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@@ -123,15 +123,21 @@ else
 }
 
 /* Get category name and ID */
-$result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
+$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='".intval($ticket['category'])."' LIMIT 1");
 
 /* If this category has been deleted use the default category with ID 1 */
 if (hesk_dbNumRows($result) != 1)
 {
-    $result = hesk_dbQuery("SELECT `id`, `name` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
+    $result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."categories` WHERE `id`='1' LIMIT 1");
 }
 
 $category = hesk_dbFetchAssoc($result);
+$managerRS = hesk_dbQuery('SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'users` WHERE `id` = '.intval($_SESSION['id']));
+$managerRow = hesk_dbFetchAssoc($managerRS);
+$isManager = $managerRow['id'] == $category['manager'];
+if ($isManager) {
+    $can_del_notes = $can_reply = $can_delete = $can_edit = $can_archive = $can_assign_self = $can_view_unassigned = $can_change_cat = true;
+}
 
 /* Is this user allowed to view tickets inside this category? */
 hesk_okCategory($category['id']);