diff --git a/admin/admin_settings.php b/admin/admin_settings.php index 938ed1d2..f215630a 100644 --- a/admin/admin_settings.php +++ b/admin/admin_settings.php @@ -56,7 +56,7 @@ hesk_dbConnect(); hesk_isLoggedIn(); // Check permissions for this feature -hesk_checkPermission('can_manage_settings'); +hesk_checkPermission('can_man_settings'); // Test languages function if (isset($_GET['test_languages'])) diff --git a/admin/manage_permission_templates.php b/admin/manage_permission_templates.php new file mode 100644 index 00000000..a867fe27 --- /dev/null +++ b/admin/manage_permission_templates.php @@ -0,0 +1,452 @@ + + + + + +
+
+

+
+ + + + + + + + + + + + + + + + + + + +
+ + + + + + + + + + + + + + + + +
+
+
+ + + + +'; + $isValid = true; + if ($create && $name == '') { + $errorMarkup .= '
  • '.$hesklang['template_name_required'].'
    • '; + $isValid = false; + } + if (count($features) == 0) { + $errorMarkup .= '
  • '.$hesklang['you_must_select_a_feature'].'
    • '; + $isValid = false; + } + if (count($categories) == 0) { + $errorMarkup .= '
  • '.$hesklang['you_must_select_a_category'].'
    • '; + $isValid = false; + } + $errorMarkup .= ''; + + if (!$isValid) { + $error = sprintf($hesklang['permission_template_error'], $errorMarkup); + hesk_process_messages($error, $_SERVER['PHP_SELF']); + } + return true; +} + +function deleteTemplate() { + global $hesk_settings, $hesklang; + + $id = hesk_GET('id'); + + // Admin/Staff templates cannot be deleted! + if ($id == 1 || $id == 2) { + hesk_process_messages($hesklang['cannot_delete_admin_or_staff'], $_SERVER['PHP_SELF']); + } + + // Otherwise delete the template + hesk_dbQuery("DELETE FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates` WHERE `id` = ".intval($id)); + if (hesk_dbAffectedRows() != 1) { + hesk_process_messages($hesklang['no_templates_were_deleted'], $_SERVER['PHP_SELF']); + } + hesk_process_messages($hesklang['permission_template_deleted'], $_SERVER['PHP_SELF'],'SUCCESS'); +} + +function toggleAdmin($admin) { + global $hesk_settings, $hesklang; + + $id = hesk_GET('id'); + + if ($id == 1 || $id == 2) { + hesk_process_messages($hesklang['cannot_change_admin_staff'], $_SERVER['PHP_SELF']); + } + + if ($admin) { + hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates` SET `heskprivileges` = 'ALL', + `categories` = 'ALL' WHERE `id` = ".intval($id)); + hesk_process_messages($hesklang['permission_template_now_admin'], $_SERVER['PHP_SELF'],'SUCCESS'); + } else { + // Get default privileges + $res = hesk_dbQuery("SELECT `heskprivileges`, `categories` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates` + WHERE `id` = 2"); + $row = hesk_dbFetchAssoc($res); + + hesk_dbQuery("UPDATE `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates` + SET `heskprivileges` = '".hesk_dbEscape($row['heskprivileges'])."', + `categories` = '".hesk_dbEscape($row['categories'])."' WHERE `id` = ".intval($id)); + hesk_process_messages($hesklang['permission_template_no_longer_admin'], $_SERVER['PHP_SELF'],'SUCCESS'); + } +} +?> diff --git a/admin/manage_users.php b/admin/manage_users.php index ed8ec1eb..d19115ce 100644 --- a/admin/manage_users.php +++ b/admin/manage_users.php @@ -50,37 +50,7 @@ hesk_isLoggedIn(); hesk_checkPermission('can_man_users'); /* Possible user features */ -$hesk_settings['features'] = array( -'can_view_tickets', /* User can read tickets */ -'can_reply_tickets', /* User can reply to tickets */ -'can_del_tickets', /* User can delete tickets */ -'can_edit_tickets', /* User can edit tickets */ -'can_merge_tickets', /* User can merge tickets */ -'can_del_notes', /* User can delete ticket notes posted by other staff members */ -'can_change_cat', /* User can move ticke to a new category/department */ -'can_man_kb', /* User can manage knowledgebase articles and categories */ -'can_man_users', /* User can create and edit staff accounts */ -'can_man_cat', /* User can manage categories/departments */ -'can_man_canned', /* User can manage canned responses */ -'can_man_ticket_tpl', /* User can manage ticket templates */ -'can_add_archive', /* User can mark tickets as "Tagged" */ -'can_assign_self', /* User can assign tickets to himself/herself */ -'can_assign_others', /* User can assign tickets to other staff members */ -'can_view_unassigned', /* User can view unassigned tickets */ -'can_view_ass_others', /* User can view tickets that are assigned to other staff */ -'can_run_reports', /* User can run reports and see statistics (only allowed categories and self) */ -'can_run_reports_full', /* User can run reports and see statistics (unrestricted) */ -'can_export', /* User can export own tickets to Excel */ -'can_view_online', /* User can view what staff members are currently online */ -'can_ban_emails', /* User can ban email addresses */ -'can_unban_emails', /* User can delete email address bans. Also enables "can_ban_emails" */ -'can_ban_ips', /* User can ban IP addresses */ -'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */ -'can_service_msg', /* User can manage service messages shown in customer interface */ -'can_man_email_tpl', /* User can manage email templates */ -'can_man_ticket_statuses', /* User can manage ticket statuses */ -'can_set_manager', /* User can set category managers */ -); +$hesk_settings['features'] = hesk_getFeatureArray(); /* Set default values */ $default_userdata = array( @@ -100,7 +70,6 @@ $default_userdata = array( 'active' => 1, 'categories' => array('1'), 'features' => array('can_view_tickets','can_reply_tickets','can_change_cat','can_assign_self','can_view_unassigned','can_view_online'), - 'can_manage_settings' => 0, // Preferences 'afterreply' => 0, @@ -229,7 +198,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php'); - + $myuser[name] $myuser[email] $myuser[user] -$myuser[isadmin] +$templateName EOC; @@ -463,7 +440,7 @@ function edit_user() if ( ! isset($_SESSION['save_userdata'])) { - $res = hesk_dbQuery("SELECT *,`heskprivileges` AS `features`, `can_manage_settings`, `active`, `can_change_notification_settings` + $res = hesk_dbQuery("SELECT *,`heskprivileges` AS `features`, `active` FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."users` WHERE `id`='".intval($id)."' LIMIT 1"); $_SESSION['userdata'] = hesk_dbFetchAssoc($res); @@ -566,8 +543,6 @@ function new_user() `categories`, `autoassign`, `heskprivileges`, - `can_manage_settings`, - `can_change_notification_settings`, `afterreply`, `autostart`, `notify_customer_new`, @@ -581,7 +556,8 @@ function new_user() `notify_pm`, `notify_note`, `notify_note_unassigned`, - `autorefresh`) VALUES ( + `autorefresh`, + `permission_template`) VALUES ( '".hesk_dbEscape($myuser['user'])."', '".hesk_dbEscape($myuser['pass'])."', '".intval($myuser['isadmin'])."', @@ -591,8 +567,6 @@ function new_user() '".hesk_dbEscape($myuser['categories'])."', '".intval($myuser['autoassign'])."', '".hesk_dbEscape($myuser['features'])."', - '".hesk_dbEscape($myuser['can_manage_settings'])."', - '".hesk_dbEscape($myuser['can_change_notification_settings'])."', '".($myuser['afterreply'])."' , '".($myuser['autostart'])."' , '".($myuser['notify_customer_new'])."' , @@ -606,7 +580,8 @@ function new_user() '".($myuser['notify_pm'])."', '".($myuser['notify_note'])."', '".($myuser['notify_note_unassigned'])."', - ".intval($myuser['autorefresh']).")" ); + ".intval($myuser['autorefresh']).", + ".intval($myuser['template']).")" ); $_SESSION['seluser'] = hesk_dbInsertID(); @@ -722,8 +697,6 @@ function update_user() `active`='".intval($myuser['active'])."', `autoassign`='".intval($myuser['autoassign'])."', `heskprivileges`='".hesk_dbEscape($myuser['features'])."', - `can_manage_settings`='".hesk_dbEscape($myuser['can_manage_settings'])."', - `can_change_notification_settings`='".hesk_dbEscape($myuser['can_change_notification_settings'])."', `afterreply`='".($myuser['afterreply'])."' , `autostart`='".($myuser['autostart'])."' , `notify_customer_new`='".($myuser['notify_customer_new'])."' , @@ -737,7 +710,8 @@ function update_user() `notify_pm`='".($myuser['notify_pm'])."', `notify_note`='".($myuser['notify_note'])."', `notify_note_unassigned`='".($myuser['notify_note_unassigned'])."', - `autorefresh`=".intval($myuser['autorefresh'])." + `autorefresh`=".intval($myuser['autorefresh']).", + `permission_template`=".intval($myuser['template'])." WHERE `id`='".intval($myuser['id'])."' LIMIT 1"); // If they are now inactive, remove any manager rights @@ -763,16 +737,12 @@ function hesk_validateUserInfo($pass_required = 1, $redirect_to = './manage_user $myuser['name'] = hesk_input( hesk_POST('name') ) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_real_name'] . '
    • '; $myuser['email'] = hesk_validateEmail( hesk_POST('email'), 'ERR', 0) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_valid_email'] . '
    • '; $myuser['user'] = hesk_input( hesk_POST('user') ) or $hesk_error_buffer .= '
  • ' . $hesklang['enter_username'] . '
    • '; - $myuser['isadmin'] = empty($_POST['isadmin']) ? 0 : 1; - $myuser['can_manage_settings'] = isset($_POST['manage_settings']) ? 1 : 0; + $myuser['isadmin'] = hesk_POST('template') == '1' ? 1 : 0; + $myuser['template'] = hesk_POST('template'); $myuser['signature'] = hesk_input( hesk_POST('signature') ); $myuser['autoassign'] = hesk_POST('autoassign') == 'Y' ? 1 : 0; $myuser['active'] = empty($_POST['active']) ? 0 : 1; $myuser['can_change_notification_settings'] = empty($_POST['can_change_notification_settings']) ? 0 : 1; - if ($myuser['isadmin']) - { - $myuser['can_change_notification_settings'] = 1; - } /* If it's not admin at least one category and fature is required */ $myuser['categories'] = array(); diff --git a/css/hesk_newStyle.php b/css/hesk_newStyle.php index 236d8b28..f9dd3585 100644 --- a/css/hesk_newStyle.php +++ b/css/hesk_newStyle.php @@ -383,4 +383,20 @@ button.dropdown-submit { .default-row-margins { margin: 0 -15px; +} + +.icon-link { + font-size: 16px !important; +} + +.orange { + color: orange; +} + +.red { + color: #FF0000; +} + +.gray { + color: gray; } \ No newline at end of file diff --git a/css/hesk_newStyleRTL.php b/css/hesk_newStyleRTL.php index 5355d765..82541dc0 100644 --- a/css/hesk_newStyleRTL.php +++ b/css/hesk_newStyleRTL.php @@ -377,4 +377,20 @@ button.dropdown-submit { .default-row-margins { margin: 0 -15px; +} + +.icon-link { + font-size: 16px; +} + +.orange { + color: orange; +} + +.red { + color: #FF0000; +} + +.gray { + color: gray; } \ No newline at end of file diff --git a/inc/admin_functions.inc.php b/inc/admin_functions.inc.php index 3cdac183..6ba71df4 100644 --- a/inc/admin_functions.inc.php +++ b/inc/admin_functions.inc.php @@ -715,38 +715,12 @@ function hesk_okCategory($cat,$error=1,$user_isadmin=false,$user_cat=false) function hesk_checkPermission($feature,$showerror=1) { global $hesklang; - /* Check if this is for managing settings */ - if ($feature == 'can_manage_settings') - { - if ($_SESSION['can_manage_settings']) { - return true; - } else { - if ($showerror) { - hesk_error($hesklang['no_permission'].'

     

    '.$hesklang['click_login'].''); - } else { - return false; - } - } - } - /* Admins have full access to all features */ if ($_SESSION['isadmin']) { return true; } - if ($feature == 'can_manage_email_templates') { - if ($_SESSION['can_manage_email_templates']) { - return true; - } else { - if ($showerror) { - hesk_error($hesklang['no_permission'].'

     

    '.$hesklang['click_login'].''); - } else { - return false; - } - } - } - /* Check other staff for permissions */ if (strpos($_SESSION['heskprivileges'], $feature) === false) { diff --git a/inc/common.inc.php b/inc/common.inc.php index 7f2c5ce3..0ecbccd5 100644 --- a/inc/common.inc.php +++ b/inc/common.inc.php @@ -1911,3 +1911,40 @@ function hesk_dateToString($dt, $returnName=1, $returnTime=0, $returnMonth=0, $f return "$m $n, $y"; } // End hesk_dateToString() + +function hesk_getFeatureArray() { + return array( + 'can_view_tickets', /* User can read tickets */ + 'can_reply_tickets', /* User can reply to tickets */ + 'can_del_tickets', /* User can delete tickets */ + 'can_edit_tickets', /* User can edit tickets */ + 'can_merge_tickets', /* User can merge tickets */ + 'can_del_notes', /* User can delete ticket notes posted by other staff members */ + 'can_change_cat', /* User can move ticke to a new category/department */ + 'can_man_kb', /* User can manage knowledgebase articles and categories */ + 'can_man_users', /* User can create and edit staff accounts */ + 'can_man_cat', /* User can manage categories/departments */ + 'can_man_canned', /* User can manage canned responses */ + 'can_man_ticket_tpl', /* User can manage ticket templates */ + 'can_add_archive', /* User can mark tickets as "Tagged" */ + 'can_assign_self', /* User can assign tickets to himself/herself */ + 'can_assign_others', /* User can assign tickets to other staff members */ + 'can_view_unassigned', /* User can view unassigned tickets */ + 'can_view_ass_others', /* User can view tickets that are assigned to other staff */ + 'can_run_reports', /* User can run reports and see statistics (only allowed categories and self) */ + 'can_run_reports_full', /* User can run reports and see statistics (unrestricted) */ + 'can_export', /* User can export own tickets to Excel */ + 'can_view_online', /* User can view what staff members are currently online */ + 'can_ban_emails', /* User can ban email addresses */ + 'can_unban_emails', /* User can delete email address bans. Also enables "can_ban_emails" */ + 'can_ban_ips', /* User can ban IP addresses */ + 'can_unban_ips', /* User can delete IP bans. Also enables "can_ban_ips" */ + 'can_service_msg', /* User can manage service messages shown in customer interface */ + 'can_man_email_tpl', /* User can manage email templates */ + 'can_man_ticket_statuses', /* User can manage ticket statuses */ + 'can_set_manager', /* User can set category managers */ + 'can_man_permission_tpl', /* User can manage permission templates */ + 'can_man_settings', /* User can manage helpdesk settings */ + 'can_change_notification_settings', /* User can change notification settings */ + ); +} \ No newline at end of file diff --git a/inc/profile_functions.inc.php b/inc/profile_functions.inc.php index 2c582ebe..8f5e6062 100644 --- a/inc/profile_functions.inc.php +++ b/inc/profile_functions.inc.php @@ -125,15 +125,6 @@ function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='pr echo 'checked="checked"'; } ?> /> - -

    - -
    @@ -146,32 +137,35 @@ function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='pr ?>
    - +
    -
    -
    - '.$hesklang['astaff'].' '.$hesklang['staff_can']; + // Get list of permission templates. If current user is not admin, exclude permission tpl 1 + $excludeSql = $_SESSION['isadmin'] ? '' : " WHERE `heskprivileges` <> 'ALL'"; + $res = hesk_dbQuery("SELECT * FROM `".hesk_dbEscape($hesk_settings['db_pfix'])."permission_templates`".$excludeSql); + $templates = array(); + echo ''; + outputCheckboxJavascript(); ?>
    -
    +
    - +
    $catname) { - echo '
    - +
    '; } ?> -
    - -
    @@ -268,7 +260,9 @@ function hesk_profile_tab($session_array='new',$is_profile_page=true,$action='pr
    - + ".$finalCatMarkup." + ".$finalFeatMarkup." + function updateCheckboxes() { + // Get the value from the dropdown + var dropdownValue = $('#permission-tpl').val(); + updateCategoriesAndFeatures(dropdownValue); + } + function updateCategoriesAndFeatures(dropdownValue) { + // Get the category array + var newCats = categories[dropdownValue]; + var newFeats = features[dropdownValue]; + // Uncheck everything + $('.cat-checkbox').prop('checked', false); + $('.feat-checkbox').prop('checked', false); + newCats.forEach(function(entry) { + if (entry == 'ALL') { + $('.cat-checkbox').prop('checked', true); + } else { + $('#cat-'+entry).prop('checked', true); + } + }); + newFeats.forEach(function(entry) { + if (entry == 'ALL') { + $('.feat-checkbox').prop('checked', true); + } else { + $('#feat-'+entry).prop('checked', true); + } + }); + } + function setTemplateToCustom() { + $('#permission-tpl').val('-1'); + } + "; +} \ No newline at end of file diff --git a/inc/show_admin_nav.inc.php b/inc/show_admin_nav.inc.php index 2780abd3..b52b4bf1 100644 --- a/inc/show_admin_nav.inc.php +++ b/inc/show_admin_nav.inc.php @@ -68,8 +68,21 @@ if ( hesk_check_kb_only(false) )