#208 Manager can now access all ticket-related functions

2015-06-07 01:18:30 -04:00 · 2015-06-07 01:18:30 -04:00 · 69b8aaadfe
commit 69b8aaadfe
parent 96fe276ea0
3 changed files with 55 additions and 86 deletions
--- a/admin/admin_reply_ticket.php
+++ b/admin/admin_reply_ticket.php
@ -62,7 +62,9 @@ hesk_dbConnect();
 hesk_isLoggedIn();

 /* Check permissions for this feature */
-hesk_checkPermission('can_reply_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_checkPermission('can_reply_tickets');
+}

 /* A security check */
 # hesk_token_check('POST');
@ -310,7 +312,7 @@ else
 	$sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') ";
 }

-if ( ! empty($_POST['assign_self']) && hesk_checkPermission('can_assign_self',0))
+if ( ! empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self',0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager'])))
 {
 	$revision = sprintf($hesklang['thist2'],hesk_date(),$_SESSION['name'].' ('.$_SESSION['user'].')',$_SESSION['name'].' ('.$_SESSION['user'].')');
    $sql .= " , `owner`=".intval($_SESSION['id']).", `history`=CONCAT(`history`,'".hesk_dbEscape($revision)."') ";
--- a/admin/admin_ticket.php
+++ b/admin/admin_ticket.php
@ -859,7 +859,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
        /* Do we need or have any canned responses? */
        $can_options = hesk_printCanned();
        
-        echo hesk_getAdminButtons(0,1,$isManager);
+        echo hesk_getAdminButtons();
        ?>   
        <div class="blankSpace"></div>
        <!-- BEGIN TICKET HEAD -->
@ -995,16 +995,17 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';

                            echo '<div class="btn-group" role="group">';
+                            $mgr = $isManager ? '&amp;isManager=1' : '';
                            if ($isTicketClosed == 0 && $isClosable) // Ticket is still open
                            {
                                echo '<a
-		                        class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.'&amp;s='.$staffClosedOptionStatus['ID'].'&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'">
+		                        class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.$mgr.'&amp;s='.$staffClosedOptionStatus['ID'].'&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'">
 		                            <i class="fa fa-check-circle"></i> '.$hesklang['close_action'].'</a>';
                            }
                            elseif ($isTicketClosed == 1)
                            {
                                echo '<a
-		                        class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.'&amp;s='.$staffReopenedStatus['ID'].'&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'">
+		                        class="btn btn-default btn-sm" href="change_status.php?track='.$trackingID.$mgr.'&amp;s='.$staffReopenedStatus['ID'].'&amp;Refresh='.$random.'&amp;token='.hesk_token_echo(0).'">
 		                            <i class="fa fa-check-circle"></i> '.$hesklang['open_action'].'</a>';
                            }

@ -1065,8 +1066,11 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                    </select>

                    <input type="submit" style="display: none" value="'.$hesklang['go'].'" /><input type="hidden" name="track" value="'.$trackingID.'" />
-                    <input type="hidden" name="token" value="'.hesk_token_echo(0).'" />
-                    </span>
+                    <input type="hidden" name="token" value="'.hesk_token_echo(0).'" />';
+                    if ($isManager) {
+                        echo '<input type="hidden" name="isManager" value="1">';
+                    }
+                    echo '</span>

                    </form>

@ -1089,13 +1093,16 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                            </select>

                            <input type="submit" style="display:none;" value="'.$hesklang['go'].'" class="btn btn-default" /><input type="hidden" name="track" value="'.$trackingID.'" />
-                            <input type="hidden" name="token" value="'.hesk_token_echo(0).'" />
-                        </span>
+                            <input type="hidden" name="token" value="'.hesk_token_echo(0).'" />';
+                            if ($isManager) {
+                                echo '<input type="hidden" name="isManager" value="1">';
+                            }
+                        echo '</span>
                    </form>
                    </div>';
                echo '<div class="col-md-3 col-sm-12 ticket-cell-admin"><p class="ticketPropertyTitle">'.$hesklang['owner'].'</p>';

-                        if (hesk_checkPermission('can_assign_others',0))
+                        if (hesk_checkPermission('can_assign_others',0) || $isManager)
                        {
                            echo'
                            <form style="margin-bottom:0;" id="changeOwnerForm" action="assign_owner.php" method="post">
@ -1273,7 +1280,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
        <?php
 		    if ($hesk_settings['new_top'])
            {
-        	    $i = hesk_printTicketReplies($isManager) ? 0 : 1;
+        	    $i = hesk_printTicketReplies() ? 0 : 1;
            }
            else
            {
@ -1353,7 +1360,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
            <div class="col-md-9 col-xs-12 pushMarginLeft">
                <div class="ticketMessageTop withBorder">
                    <!-- Action Buttons -->
-                    <?php echo hesk_getAdminButtonsInTicket(0, $i, $isManager); ?>
+                    <?php echo hesk_getAdminButtonsInTicket(0, $i); ?>
                    
                    <!-- Date -->
                    <p><br/><?php echo $hesklang['date']; ?>: <?php echo hesk_date($ticket['dt'], true); ?>
@ -1452,7 +1459,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
        <?php
 		if ( ! $hesk_settings['new_top'])
        {
-        	hesk_printTicketReplies($isManager);
+        	hesk_printTicketReplies();
        }
 		?>

@ -1635,9 +1642,9 @@ function hesk_getFontAwesomeIconForFileExtension($fileExtension)
 }


-function hesk_getAdminButtons($reply=0,$white=1,$isManager)
+function hesk_getAdminButtons($reply=0,$white=1)
 {
-	global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
+	global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;

 	$options = '<div class="btn-group" style="width: 100%">';

@ -1717,9 +1724,9 @@ function hesk_getAdminButtons($reply=0,$white=1,$isManager)

 } // END hesk_getAdminButtons()

-function hesk_getAdminButtonsInTicket($reply=0,$white=1,$isManager=false)
+function hesk_getAdminButtonsInTicket($reply=0,$white=1)
 {
-	global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
+	global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;

 	$options = '<div class="btn-group text-right" style="width: 70%; margin-left: auto; margin-right: auto">';

@ -1769,82 +1776,38 @@ function print_form()
    global $trackingID;

 	/* Print header */
-	require_once(HESK_PATH . 'inc/header.inc.php');
+	require_once(HESK_PATH . 'inc/headerAdmin.inc.php');

 	/* Print admin navigation */
 	require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
-	?>

-	</td>
-	</tr>
-	<tr>
-	<td>
-
-    &nbsp;<br />
-
-	<?php
 	/* This will handle error, success and notice messages */
 	hesk_handle_messages();
 	?>
-
-	<div align="center">
-	<table border="0" cellspacing="0" cellpadding="0" width="50%">
-	<tr>
-		<td width="7" height="7"><img src="../img/roundcornerslt.jpg" width="7" height="7" alt="" /></td>
-		<td class="roundcornerstop"></td>
-		<td><img src="../img/roundcornersrt.jpg" width="7" height="7" alt="" /></td>
-	</tr>
-	<tr>
-		<td class="roundcornersleft">&nbsp;</td>
-		<td>
-
-	        <form action="admin_ticket.php" method="get">
-
-	        <table width="100%" border="0" cellspacing="0" cellpadding="0">
-	        <tr>
-	                <td width="1"><img src="../img/existingticket.png" alt="" width="60" height="60" /></td>
-	                <td>
-	                <p><b><?php echo $hesklang['view_existing']; ?></a></b></p>
-	                </td>
-	        </tr>
-	        <tr>
-	                <td width="1">&nbsp;</td>
-	                <td>&nbsp;</td>
-	        </tr>
-	        <tr>
-	                <td width="1">&nbsp;</td>
-	                <td>
-	                <?php echo $hesklang['ticket_trackID']; ?>: <br /><input type="text" name="track" maxlength="20" size="35" value="<?php echo $trackingID; ?>" /><br />&nbsp;
-	                </td>
-	        </tr>
-	        <tr>
-	                <td width="1">&nbsp;</td>
-	                <td><input type="submit" value="<?php echo $hesklang['view_ticket']; ?>" class="orangebutton" onmouseover="hesk_btn(this,'orangebuttonover');" onmouseout="hesk_btn(this,'orangebutton');" /><input type="hidden" name="Refresh" value="<?php echo rand(10000,99999); ?>"></td>
-	        </tr>
-	        </table>
-
-	        </form>
-
-		</td>
-		<td class="roundcornersright">&nbsp;</td>
-	</tr>
-	<tr>
-		<td><img src="../img/roundcornerslb.jpg" width="7" height="7" alt="" /></td>
-		<td class="roundcornersbottom"></td>
-		<td width="7" height="7"><img src="../img/roundcornersrb.jpg" width="7" height="7" alt="" /></td>
-	</tr>
-	</table>
+    <div class="row">
+        <div class="col-sm-10 col-sm-offset-1">
+            <h3 align="left"><?php echo $hesklang['view_existing']; ?></a></h3>
+            <form action="admin_ticket.php" method="get" class="form-horizontal">
+                <div class="form-group">
+                    <label for="track" class="control-label col-sm-3"><?php echo $hesklang['ticket_trackID']; ?></label>
+                    <div class="col-sm-9">
+                        <input type="text" name="track" maxlength="20" size="35" value="<?php echo $trackingID; ?>"
+                               placeholder="<?php echo $hesklang['ticket_trackID']; ?>" class="form-control"><br>
+                        <input type="submit" value="<?php echo $hesklang['view_ticket']; ?>" class="btn btn-default">
+                        <input type="hidden" name="Refresh" value="<?php echo rand(10000,99999); ?>">
+                    </div>
+                </div>
+            </form>
+        </div>
    </div>
-
-	<p>&nbsp;</p>
 	<?php
 	require_once(HESK_PATH . 'inc/footer.inc.php');
 	exit();
 } // End print_form()


-function hesk_printTicketReplies($isManager) {
-	global $hesklang, $hesk_settings, $result, $reply;
+function hesk_printTicketReplies() {
+	global $hesklang, $hesk_settings, $result, $reply, $isManager;

 	$i = $hesk_settings['new_top'] ? 0 : 1;

@ -1865,7 +1828,7 @@ function hesk_printTicketReplies($isManager) {
            </div>
            <div class="col-md-9 col-xs-12 pushMarginLeft">
                <div class="ticketMessageTop withBorder">
-                    <?php echo hesk_getAdminButtonsInTicket(0,1,$isManager); ?>
+                    <?php echo hesk_getAdminButtonsInTicket(); ?>
                    <div class="blankSpace"></div>
                    <p><?php echo $hesklang['date']; ?>: <?php echo $reply['dt']; ?></p> 
                </div>
@ -1906,7 +1869,7 @@ function hesk_printTicketReplies($isManager) {


 function hesk_printReplyForm() {
-	global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self;
+	global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $options, $can_assign_self, $isManager;
 ?>
 <!-- START REPLY FORM -->

@ -2086,9 +2049,11 @@ function hesk_printReplyForm() {
                            ?>
                        </ul>
                    </div>
-                    <input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?>"
+                    <input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?>">
+                    <?php if ($isManager): ?>
+                        <input type="hidden" name="isManager" value="1">
+                    <?php endif; ?>
                </div>
-            </div></div>
        </form>

 <!-- END REPLY FORM -->
--- a/admin/change_status.php
+++ b/admin/change_status.php
@ -46,8 +46,10 @@ hesk_dbConnect();
 hesk_isLoggedIn();

 /* Check permissions for this feature */
-hesk_checkPermission('can_view_tickets');
-hesk_checkPermission('can_reply_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_checkPermission('can_view_tickets');
+    hesk_checkPermission('can_reply_tickets');
+}

 /* A security check */
 hesk_token_check();