#208 Update some security stuff for managers. Still have a lot to do
This commit is contained in:
Mike Koch
parent
f4fc8ecf43
commit
96fe276ea0
@ -859,7 +859,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|||||||
/* Do we need or have any canned responses? */
|
/* Do we need or have any canned responses? */
|
||||||
$can_options = hesk_printCanned();
|
$can_options = hesk_printCanned();
|
||||||
|
|
||||||
echo hesk_getAdminButtons();
|
echo hesk_getAdminButtons(0,1,$isManager);
|
||||||
?>
|
?>
|
||||||
<div class="blankSpace"></div>
|
<div class="blankSpace"></div>
|
||||||
<!-- BEGIN TICKET HEAD -->
|
<!-- BEGIN TICKET HEAD -->
|
||||||
@ -1273,7 +1273,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|||||||
<?php
|
<?php
|
||||||
if ($hesk_settings['new_top'])
|
if ($hesk_settings['new_top'])
|
||||||
{
|
{
|
||||||
$i = hesk_printTicketReplies() ? 0 : 1;
|
$i = hesk_printTicketReplies($isManager) ? 0 : 1;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -1353,7 +1353,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|||||||
<div class="col-md-9 col-xs-12 pushMarginLeft">
|
<div class="col-md-9 col-xs-12 pushMarginLeft">
|
||||||
<div class="ticketMessageTop withBorder">
|
<div class="ticketMessageTop withBorder">
|
||||||
<!-- Action Buttons -->
|
<!-- Action Buttons -->
|
||||||
<?php echo hesk_getAdminButtonsInTicket(0, $i); ?>
|
<?php echo hesk_getAdminButtonsInTicket(0, $i, $isManager); ?>
|
||||||
|
|
||||||
<!-- Date -->
|
<!-- Date -->
|
||||||
<p><br/><?php echo $hesklang['date']; ?>: <?php echo hesk_date($ticket['dt'], true); ?>
|
<p><br/><?php echo $hesklang['date']; ?>: <?php echo hesk_date($ticket['dt'], true); ?>
|
||||||
@ -1452,7 +1452,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|||||||
<?php
|
<?php
|
||||||
if ( ! $hesk_settings['new_top'])
|
if ( ! $hesk_settings['new_top'])
|
||||||
{
|
{
|
||||||
hesk_printTicketReplies();
|
hesk_printTicketReplies($isManager);
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
||||||
@ -1635,7 +1635,7 @@ function hesk_getFontAwesomeIconForFileExtension($fileExtension)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
function hesk_getAdminButtons($reply=0,$white=1)
|
function hesk_getAdminButtons($reply=0,$white=1,$isManager)
|
||||||
{
|
{
|
||||||
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
|
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
|
||||||
|
|
||||||
@ -1686,7 +1686,8 @@ function hesk_getAdminButtons($reply=0,$white=1)
|
|||||||
if ($can_edit)
|
if ($can_edit)
|
||||||
{
|
{
|
||||||
$tmp = $reply ? '&reply='.$reply['id'] : '';
|
$tmp = $reply ? '&reply='.$reply['id'] : '';
|
||||||
$options .= '<a class="btn btn-default" href="edit_post.php?track='.$trackingID.$tmp.'"><i class="fa fa-pencil"></i> '.$hesklang['edtt'].'</a> ';
|
$mgr = $isManager ? '&isManager=true' : '';
|
||||||
|
$options .= '<a class="btn btn-default" href="edit_post.php?track='.$trackingID.$tmp.$mgr.'"><i class="fa fa-pencil"></i> '.$hesklang['edtt'].'</a> ';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1716,7 +1717,7 @@ function hesk_getAdminButtons($reply=0,$white=1)
|
|||||||
|
|
||||||
} // END hesk_getAdminButtons()
|
} // END hesk_getAdminButtons()
|
||||||
|
|
||||||
function hesk_getAdminButtonsInTicket($reply=0,$white=1)
|
function hesk_getAdminButtonsInTicket($reply=0,$white=1,$isManager=false)
|
||||||
{
|
{
|
||||||
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
|
global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
|
||||||
|
|
||||||
@ -1730,7 +1731,8 @@ function hesk_getAdminButtonsInTicket($reply=0,$white=1)
|
|||||||
if ($can_edit)
|
if ($can_edit)
|
||||||
{
|
{
|
||||||
$tmp = $reply ? '&reply='.$reply['id'] : '';
|
$tmp = $reply ? '&reply='.$reply['id'] : '';
|
||||||
$options .= '<a class="btn btn-default" href="edit_post.php?track='.$trackingID.$tmp.'"><i class="fa fa-pencil"></i> '.$hesklang['edtt'].'</a> ';
|
$mgr = $isManager ? '&isManager=true' : '';
|
||||||
|
$options .= '<a class="btn btn-default" href="edit_post.php?track='.$trackingID.$tmp.$mgr.'"><i class="fa fa-pencil"></i> '.$hesklang['edtt'].'</a> ';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -1841,7 +1843,7 @@ function print_form()
|
|||||||
} // End print_form()
|
} // End print_form()
|
||||||
|
|
||||||
|
|
||||||
function hesk_printTicketReplies() {
|
function hesk_printTicketReplies($isManager) {
|
||||||
global $hesklang, $hesk_settings, $result, $reply;
|
global $hesklang, $hesk_settings, $result, $reply;
|
||||||
|
|
||||||
$i = $hesk_settings['new_top'] ? 0 : 1;
|
$i = $hesk_settings['new_top'] ? 0 : 1;
|
||||||
@ -1863,7 +1865,7 @@ function hesk_printTicketReplies() {
|
|||||||
</div>
|
</div>
|
||||||
<div class="col-md-9 col-xs-12 pushMarginLeft">
|
<div class="col-md-9 col-xs-12 pushMarginLeft">
|
||||||
<div class="ticketMessageTop withBorder">
|
<div class="ticketMessageTop withBorder">
|
||||||
<?php echo hesk_getAdminButtonsInTicket(); ?>
|
<?php echo hesk_getAdminButtonsInTicket(0,1,$isManager); ?>
|
||||||
<div class="blankSpace"></div>
|
<div class="blankSpace"></div>
|
||||||
<p><?php echo $hesklang['date']; ?>: <?php echo $reply['dt']; ?></p>
|
<p><?php echo $hesklang['date']; ?>: <?php echo $reply['dt']; ?></p>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@ -46,8 +46,10 @@ hesk_dbConnect();
|
|||||||
hesk_isLoggedIn();
|
hesk_isLoggedIn();
|
||||||
|
|
||||||
/* Check permissions for this feature */
|
/* Check permissions for this feature */
|
||||||
hesk_checkPermission('can_view_tickets');
|
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
|
||||||
hesk_checkPermission('can_edit_tickets');
|
hesk_checkPermission('can_view_tickets');
|
||||||
|
hesk_checkPermission('can_edit_tickets');
|
||||||
|
}
|
||||||
|
|
||||||
/* Ticket ID */
|
/* Ticket ID */
|
||||||
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
|
$trackingID = hesk_cleanID() or die($hesklang['int_error'].': '.$hesklang['no_trackID']);
|
||||||
@ -70,7 +72,9 @@ if ( defined('HESK_DEMO') )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Is this user allowed to view tickets inside this category? */
|
/* Is this user allowed to view tickets inside this category? */
|
||||||
hesk_okCategory($ticket['category']);
|
if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
|
||||||
|
hesk_okCategory($ticket['category']);
|
||||||
|
}
|
||||||
|
|
||||||
if ( hesk_isREQUEST('reply') )
|
if ( hesk_isREQUEST('reply') )
|
||||||
{
|
{
|
||||||
@ -466,6 +470,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
|
|||||||
</div>
|
</div>
|
||||||
<div class="form-group" style="text-align: center">
|
<div class="form-group" style="text-align: center">
|
||||||
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default" />
|
<input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default" />
|
||||||
|
<?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
|
||||||
|
<input type="hidden" name="isManager" value="1">
|
||||||
|
<?php endif; ?>
|
||||||
<a class="btn btn-default" href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?></a>
|
<a class="btn btn-default" href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?></a>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user