Merge branch 'bring-back-managers' into '3-2-0'

Bring back managers

See merge request mike-koch/Mods-for-HESK!70

README.md

@@ -33,6 +33,7 @@ Mods for HESK is a set of modifications for [HESK](https://www.hesk.com) v2.7.x,
                 <li>Custom service message icons</li>
                 <li>Permission templates</li>
                 <li>Request users location in tickets</li>
+                <li>Category managers</li>
                 <li>Show number of merged tickets in ticket search view</li>
                 <li>Enable / disable staff members</li>
                 <li>More-restricted settings page access</li>

admin/admin_reply_ticket.php

@@ -39,7 +39,9 @@ hesk_dbConnect();
 hesk_isLoggedIn();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_reply_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_checkPermission('can_reply_tickets');
+}
 
 /* A security check */
 # hesk_token_check('POST');
@@ -279,7 +281,7 @@ if ($time_worked == '00:00:00') {
     $sql .= ",`time_worked` = ADDTIME(`time_worked`,'" . hesk_dbEscape($time_worked) . "') ";
 }
 
-if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0))) {
+if (!empty($_POST['assign_self']) && (hesk_checkPermission('can_assign_self', 0) || (isset($_REQUEST['isManager']) && $_REQUEST['isManager']))) {
     $revision = sprintf($hesklang['thist2'], hesk_date(), $_SESSION['name'] . ' (' . $_SESSION['user'] . ')', $_SESSION['name'] . ' (' . $_SESSION['user'] . ')');
     $sql .= " , `owner`=" . intval($_SESSION['id']) . ", `history`=CONCAT(`history`,'" . hesk_dbEscape($revision) . "') ";
 }

admin/admin_ticket.php

@@ -107,14 +107,33 @@ if ($ticket['lastreplier']) {
 }
 
 /* Get category name and ID */
-$result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
+$result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='" . intval($ticket['category']) . "' LIMIT 1");
 
 /* If this category has been deleted use the default category with ID 1 */
 if (hesk_dbNumRows($result) != 1) {
-    $result = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
+    $result = hesk_dbQuery("SELECT `id`, `name`, `manager` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` WHERE `id`='1' LIMIT 1");
 }
 
 $category = hesk_dbFetchAssoc($result);
+$managerRS = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = ' . intval($_SESSION['id']));
+$managerRow = hesk_dbFetchAssoc($managerRS);
+$isManager = $managerRow['id'] == $category['manager'];
+if ($isManager) {
+    $can_del_notes =
+    $can_reply =
+    $can_delete =
+    $can_edit =
+    $can_archive =
+    $can_assign_self =
+    $can_view_unassigned =
+    $can_change_own_cat =
+    $can_change_cat =
+    $can_ban_emails =
+    $can_unban_emails =
+    $can_ban_ips =
+    $can_unban_ips =
+    $can_resolve = true;
+}
 
 /* Is this user allowed to view tickets inside this category? */
 hesk_okCategory($category['id']);
@@ -971,6 +990,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
                     <input type="submit" style="display: none" value="' . $hesklang['go'] . '" /><input type="hidden" name="track" value="' . $trackingID . '" />
                     <input type="hidden" name="token" value="' . hesk_token_echo(0) . '" />';
+                    if ($isManager) {
+                        echo '<input type="hidden" name="isManager" value="1">';
+                    }
                     echo '</span>
 
                     </form>
@@ -994,12 +1016,15 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 
                             <input type="submit" style="display:none;" value="' . $hesklang['go'] . '" class="btn btn-default" /><input type="hidden" name="track" value="' . $trackingID . '" />
                             <input type="hidden" name="token" value="' . hesk_token_echo(0) . '" />';
+                    if ($isManager) {
+                        echo '<input type="hidden" name="isManager" value="1">';
+                    }
                     echo '</span>
                     </form>
                     </div>';
                     echo '<div class="col-md-3 col-sm-12 ticket-cell-admin"><p class="ticket-property-title">' . $hesklang['owner'] . '</p>';
 
-                    if (hesk_checkPermission('can_assign_others', 0)) {
+                    if (hesk_checkPermission('can_assign_others', 0) || $isManager) {
                         echo '
                             <form style="margin-bottom:0;" id="changeOwnerForm" action="assign_owner.php" method="post">
                             <span style="white-space:nowrap;">
@@ -1242,14 +1267,15 @@ require_once(HESK_PATH . 'inc/footer.inc.php');
 
 function hesk_getAdminButtons($category_id)
 {
-    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve;
+    global $hesk_settings, $hesklang, $modsForHesk_settings, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $can_resolve, $isManager;
 
     $options = '';
 
     /* Edit post */
     if ($can_edit) {
         $tmp = $reply ? '&amp;reply=' . $reply['id'] : '';
-        $options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edit'] . '</a> ';
+        $mgr = $isManager ? '&amp;isManager=true' : '';
+        $options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . $mgr . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edit'] . '</a> ';
     }
 
 
@@ -1295,12 +1321,13 @@ function hesk_getAdminButtons($category_id)
     $isTicketClosed = $isTicketClosedRow['IsClosed'];
     $isClosable = $isTicketClosedRow['Closable'] == 'yes' || $isTicketClosedRow['Closable'] == 'sonly';
 
+    $mgr = $isManager ? '&amp;isManager=1' : '';
     if ($isTicketClosed == 0 && $isClosable && $can_resolve) // Ticket is still open
     {
-        $options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
+        $options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffClosedOptionStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
                     <i class="fa fa-check-circle green"></i> ' . $hesklang['close_action'] . '</a> ';
     } elseif ($isTicketClosed == 1) {
-        $options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . '&amp;s=' . $staffReopenedStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
+        $options .= '<a class="btn btn-default" href="change_status.php?track=' . $trackingID . $mgr . '&amp;s=' . $staffReopenedStatus['ID'] . '&amp;Refresh=' . $random . '&amp;token=' . hesk_token_echo(0) . '">
                     <i class="fa fa-folder-open-o green"></i> ' . $hesklang['open_action'] . '</a> ';
     }
 
@@ -1486,7 +1513,7 @@ function hesk_getAdminButtons($category_id)
 
 function hesk_getAdminButtonsInTicket($reply = 0, $white = 1)
 {
-    global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete;
+    global $hesk_settings, $hesklang, $ticket, $reply, $trackingID, $can_edit, $can_archive, $can_delete, $isManager;
 
     $options = $reply ? '' : '<div class="pull-right">';
 
@@ -1509,7 +1536,8 @@ function hesk_getAdminButtonsInTicket($reply = 0, $white = 1)
     /* Edit post */
     if ($can_edit) {
         $tmp = $reply ? '&amp;reply=' . $reply['id'] : '';
-        $options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edtt'] . '</a> ';
+        $mgr = $isManager ? '&amp;isManager=true' : '';
+        $options .= '<a class="btn btn-default" href="edit_post.php?track=' . $trackingID . $tmp . $mgr . '"><i class="fa fa-pencil orange"></i> ' . $hesklang['edtt'] . '</a> ';
     }
 
 
@@ -1823,7 +1851,7 @@ function hesk_printTicketReplies()
 
 function hesk_printReplyForm()
 {
-    global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $can_resolve, $options, $can_assign_self, $modsForHesk_settings;
+    global $hesklang, $hesk_settings, $ticket, $admins, $can_options, $can_resolve, $options, $can_assign_self, $modsForHesk_settings, $isManager;
 
     // Force assigning a ticket before allowing to reply?
     if ($hesk_settings['require_owner'] && ! $ticket['owner'])
@@ -2045,6 +2073,9 @@ function hesk_printReplyForm()
                         </ul>
                     </div>
                     <input class="btn btn-default" type="submit" name="save_reply" value="<?php echo $hesklang['sacl']; ?>">
+                    <?php if ($isManager): ?>
+                        <input type="hidden" name="isManager" value="1">
+                    <?php endif; ?>
                 </div>
             </div>
         </form>

admin/change_status.php

@@ -26,8 +26,10 @@ hesk_isLoggedIn();
 $modsForHesk_settings = mfh_getSettings();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_view_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
-hesk_checkPermission('can_reply_tickets');
+    hesk_checkPermission('can_view_tickets');
+    hesk_checkPermission('can_reply_tickets');
+}
 
 /* A security check */
 hesk_token_check();

admin/edit_post.php

@@ -32,8 +32,11 @@ hesk_dbConnect();
 hesk_isLoggedIn();
 
 /* Check permissions for this feature */
-hesk_checkPermission('can_view_tickets');
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
-hesk_checkPermission('can_edit_tickets');
+    hesk_checkPermission('can_view_tickets');
+    hesk_checkPermission('can_edit_tickets');
+}
+
 $modsForHesk_settings = mfh_getSettings();
 
 /* Ticket ID */
@@ -59,7 +62,10 @@ if (defined('HESK_DEMO')) {
 }
 
 /* Is this user allowed to view tickets inside this category? */
-hesk_okCategory($ticket['category']);
+if (!isset($_REQUEST['isManager']) || !$_REQUEST['isManager']) {
+    hesk_okCategory($ticket['category']);
+}
+
 
 if (hesk_isREQUEST('reply')) {
     $tmpvar['id'] = intval(hesk_REQUEST('reply')) or die($hesklang['id_not_valid']);
@@ -626,6 +632,9 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     ?>
                     <input type="hidden" name="html" value="<?php echo $html; ?>">
                     <input type="submit" value="<?php echo $hesklang['save_changes']; ?>" class="btn btn-default">
+                    <?php if (isset($_REQUEST['isManager']) && $_REQUEST['isManager']): ?>
+                        <input type="hidden" name="isManager" value="1">
+                    <?php endif; ?>
                     <a class="btn btn-default" href="javascript:history.go(-1)"><?php echo $hesklang['back']; ?></a>
                 </div>
             </form>

admin/manage_categories.php

@@ -128,6 +128,7 @@ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix'])
                                 <th><?php echo $hesklang['priority']; ?></th>
                                 <th><?php echo $hesklang['not']; ?></th>
                                 <th><?php echo $hesklang['graph']; ?></th>
+                                <th><?php echo $hesklang['manager']; ?></th>
                                 <th><?php echo $hesklang['usage']; ?></th>
                                 <th><?php echo $hesklang['opt']; ?></th>
                             </tr>
@@ -144,6 +145,19 @@ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix'])
         </div>
     </section>
 </div>
+<?php
+$usersRs = hesk_dbQuery("SELECT `id`, `name` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `active` = '1' AND `isadmin` = '0'");
+echo '<script>var users = [];';
+$users = array();
+while ($row = hesk_dbFetchAssoc($usersRs)) {
+    $users[] = $row;
+    echo "users[" . $row['id'] . "] = {
+        id: ".$row['id'].",
+        name: '".$row['name']."'
+    }\n";
+}
+echo '</script>';
+?>
 <!-- Category modal -->
 <div class="modal fade" id="category-modal" tabindex="-1" role="dialog" style="overflow: hidden">
     <div class="modal-dialog modal-lg" role="document">
@@ -268,6 +282,19 @@ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix'])
                                     </select>
                                 </div>
                             </div>
+                            <div class="form-group">
+                                <label for="manager" class="col-sm-5 control-label">
+                                    <?php echo $hesklang['manager']; ?>
+                                </label>
+                                <div class="col-sm-7">
+                                    <select name="manager" class="form-control">
+                                        <option value="0"><?php echo $hesklang['no_manager']; ?></option>
+                                        <?php foreach ($users as $user): ?>
+                                            <option value="<?php echo $user['id']; ?>"><?php echo $user['name']; ?></option>
+                                        <?php endforeach; ?>
+                                    </select>
+                                </div>
+                            </div>
                         </div>
                         <div class="col-md-6">
                             <div class="form-group">
@@ -391,6 +418,9 @@ $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix'])
                 </div>
             </div>
         </td>
+        <td>
+            <span data-property="manager"></span>
+        </td>
         <td>
             <i class="fa fa-fw fa-ticket icon-link" data-toggle="tooltip" title="<?php echo $hesklang['tickets']; ?>"></i>
             <i class="fa fa-fw fa-calendar icon-link" data-toggle="tooltip" title="<?php echo $hesklang['events']; ?>"></i>
@@ -446,6 +476,7 @@ echo mfh_get_hidden_fields_for_language(array(
     'disabled_title_case',
     'geco',
     'cpric',
+    'no_manager',
 ));
 
 require_once(HESK_PATH . 'inc/footer.inc.php');

admin/manage_permission_groups.php

@@ -39,10 +39,6 @@ if ($action = hesk_REQUEST('a')) {
         create();
     } elseif ($action == 'delete') {
         deleteTemplate();
-    } elseif ($action == 'addadmin') {
-        toggleAdmin(true);
-    } elseif ($action == 'deladmin') {
-        toggleAdmin(false);
     }
 }
 
@@ -51,34 +47,20 @@ require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
 /* Print main manage users page */
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
-?>
 
-<script language="Javascript" type="text/javascript"><!--
-    function confirm_delete() {
-        if (confirm('<?php echo hesk_makeJsString($hesklang['confirm_del_cat']); ?>')) {
-            return true;
-        }
-        else {
-            return false;
-        }
-    }
-    //-->
-</script>
-
-<?php
 $modsForHesk_settings = mfh_getSettings();
 
 $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` ORDER BY `name` ASC");
 $templates = array();
 while ($row = hesk_dbFetchAssoc($res)) {
-    array_push($templates, $row);
+    $templates[] = $row;
 }
 $featureArray = hesk_getFeatureArray();
 $orderBy = $modsForHesk_settings['category_order_column'];
 $res = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` ORDER BY `" . $orderBy . "` ASC");
 $categories = array();
 while ($row = hesk_dbFetchAssoc($res)) {
-    array_push($categories, $row);
+    $categories[] = $row;
 }
 ?>
 <div class="content-wrapper">
@@ -87,9 +69,9 @@ while ($row = hesk_dbFetchAssoc($res)) {
     <div class="box">
         <div class="box-header with-border">
             <h1 class="box-title">
-                <?php echo $hesklang['manage_permission_templates']; ?>
+                <?php echo $hesklang['manage_permission_groups']; ?>
                 <i class="fa fa-question-circle settingsquestionmark" data-toggle="tooltip" data-placement="right"
-                   title="<?php echo $hesklang['manage_permission_templates_help']; ?>"></i>
+                   title="<?php echo $hesklang['manage_permission_groups_help']; ?>"></i>
             </h1>
             <div class="box-tools pull-right">
                 <button type="button" class="btn btn-box-tool" data-widget="collapse">
@@ -99,7 +81,7 @@ while ($row = hesk_dbFetchAssoc($res)) {
         </div>
         <div class="box-body">
             <a href="#" data-toggle="modal" data-target="#modal-template-new" class="btn btn-success nu-floatRight">
-                <i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_template']; ?>
+                <i class="fa fa-plus-circle"></i> <?php echo $hesklang['create_new_group']; ?>
             </a>
             <table class="table table-striped">
                 <thead>
@@ -115,28 +97,11 @@ while ($row = hesk_dbFetchAssoc($res)) {
                         <td>
                             <a href="#" data-toggle="modal" data-target="#modal-template-<?php echo $row['id'] ?>">
                                 <i class="fa fa-pencil icon-link" data-toggle="tooltip"
-                                   title="<?php echo $hesklang['view_permissions_for_this_template'] ?>"></i></a>
+                                   title="<?php echo $hesklang['view_permissions_for_this_group'] ?>"></i></a>
-                            <?php if ($row['id'] == 1) { ?>
-                                <i class="fa fa-star icon-link orange" data-toggle="tooltip"
-                                   title="<?php echo $hesklang['admin_cannot_be_staff']; ?>"></i></a>
-                            <?php } elseif ($row['heskprivileges'] == 'ALL' && $row['categories'] == 'ALL'){ ?>
-                                <a href="manage_permission_templates.php?a=deladmin&amp;id=<?php echo $row['id']; ?>">
-                                    <i class="fa fa-star icon-link orange" data-toggle="tooltip"
-                                       title="<?php echo $hesklang['template_has_admin_privileges']; ?>"></i></a>
-                            <?php } elseif ($row['id'] != 2) { ?>
-                                <a href="manage_permission_templates.php?a=addadmin&amp;id=<?php echo $row['id']; ?>">
-                                    <i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
-                                       title="<?php echo $hesklang['template_has_no_admin_privileges']; ?>"></i></a>
                             <?php
-                            } else {
-                                ?>
-                                <i class="fa fa-star-o icon-link gray" data-toggle="tooltip"
-                                   title="<?php echo $hesklang['staff_cannot_be_admin']; ?>"></i>
-                                <?php
-                            }
                             if ($row['id'] != 1 && $row['id'] != 2):
                                 ?>
-                                <a href="manage_permission_templates.php?a=delete&amp;id=<?php echo $row['id']; ?>">
+                                <a href="manage_permission_groups.php?a=delete&amp;id=<?php echo $row['id']; ?>">
                                     <i class="fa fa-times icon-link red" data-toggle="tooltip"
                                        title="<?php echo $hesklang['delete']; ?>"></i></a>
                             <?php endif; ?>
@@ -172,12 +137,10 @@ function createEditModal($template, $features, $categories)
 {
     global $hesklang;
 
-    $showNotice = true;
     $disabled = 'checked="checked" disabled';
     $enabledFeatures = array();
     $enabledCategories = array();
     if ($template['heskprivileges'] != 'ALL') {
-        $showNotice = false;
         $disabled = '';
         $enabledFeatures = explode(',', $template['heskprivileges']);
         $enabledCategories = explode(',', $template['categories']);
@@ -187,30 +150,23 @@ function createEditModal($template, $features, $categories)
          aria-labelledby="myLargeModalLabel" aria-hidden="true">
         <div class="modal-dialog modal-lg">
             <div class="modal-content">
-                <form action="manage_permission_templates.php" role="form" method="post" id="form<?php echo $template['id']; ?>">
+                <form action="manage_permission_groups.php" role="form" method="post" id="form<?php echo $template['id']; ?>">
                     <div class="modal-header">
                         <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
                                 aria-hidden="true">&times;</span></button>
-                        <h4 class="modal-title"><?php echo sprintf($hesklang['permissions_for_template'], $template['name']); ?></h4>
+                        <h4 class="modal-title"><?php echo sprintf($hesklang['permissions_for_group'], $template['name']); ?></h4>
                     </div>
                     <div class="modal-body">
                         <div class="row">
-                            <?php if ($showNotice): ?>
-                                <div class="col-sm-12">
-                                    <div class="alert alert-info">
-                                        <i class="fa fa-info-circle"></i> <?php echo $hesklang['template_is_admin_cannot_change']; ?>
-                                    </div>
-                                </div>
-                            <?php endif; ?>
                             <div class="form-group">
                                 <div class="col-sm-2">
                                     <label for="name"
-                                           class="control-label"><?php echo $hesklang['template_name']; ?></label>
+                                           class="control-label"><?php echo $hesklang['group_name']; ?></label>
                                 </div>
                                 <div class="col-sm-10">
                                     <input type="text" class="form-control" name="name"
                                            value="<?php echo htmlspecialchars($template['name']); ?>"
-                                           placeholder="<?php echo htmlspecialchars($hesklang['template_name']); ?>"
+                                           placeholder="<?php echo htmlspecialchars($hesklang['group_name']); ?>"
                                            data-error="<?php echo htmlspecialchars($hesklang['this_field_is_required']); ?>"
                                            required>
                                     <div class="help-block with-errors"></div>
@@ -228,7 +184,7 @@ function createEditModal($template, $features, $categories)
                                             <label>
                                                 <?php
                                                 $checked = '';
-                                                if (in_array($category['id'], $enabledCategories) && !$showNotice) {
+                                                if (in_array($category['id'], $enabledCategories)) {
                                                     $checked = 'checked';
                                                 } ?>
                                                 <input type="checkbox" name="categories[]"
@@ -249,7 +205,7 @@ function createEditModal($template, $features, $categories)
                                         <div class="checkbox">
                                             <label><?php
                                                 $checked = '';
-                                                if (in_array($feature, $enabledFeatures) && !$showNotice) {
+                                                if (in_array($feature, $enabledFeatures)) {
                                                     $checked = 'checked';
                                                 } ?>
                                                 <input type="checkbox" name="features[]"
@@ -266,9 +222,6 @@ function createEditModal($template, $features, $categories)
                     <div class="modal-footer">
                         <input type="hidden" name="a" value="save">
                         <input type="hidden" name="template_id" value="<?php echo $template['id']; ?>">
-                        <?php if ($showNotice): ?>
-                            <input type="hidden" name="name_only" value="1">
-                        <?php endif; ?>
                         <div class="btn-group">
                             <input type="submit" class="btn btn-success"
                                    value="<?php echo $hesklang['save_changes']; ?>">
@@ -291,22 +244,22 @@ function buildCreateModal($features, $categories)
          aria-hidden="true">
         <div class="modal-dialog modal-lg">
             <div class="modal-content">
-                <form action="manage_permission_templates.php" role="form" method="post" id="createForm">
+                <form action="manage_permission_groups.php" role="form" method="post" id="createForm">
                     <div class="modal-header">
                         <button type="button" class="close" data-dismiss="modal" aria-label="Close"><span
                                 aria-hidden="true">&times;</span></button>
-                        <h4 class="modal-title"><?php echo $hesklang['create_new_template_title']; ?></h4>
+                        <h4 class="modal-title"><?php echo $hesklang['create_new_group_title']; ?></h4>
                     </div>
                     <div class="modal-body">
                         <div class="row">
                             <div class="form-group">
                                 <div class="col-sm-2">
                                     <label for="name"
-                                           class="control-label"><?php echo $hesklang['template_name']; ?></label>
+                                           class="control-label"><?php echo $hesklang['group_name']; ?></label>
                                 </div>
                                 <div class="col-sm-10">
                                     <input type="text" class="form-control" name="name"
-                                           placeholder="<?php echo $hesklang['template_name']; ?>" required>
+                                           placeholder="<?php echo $hesklang['group_name']; ?>" required>
                                     <div class="help-block with-errors"></div>
                                 </div>
                             </div>
@@ -381,13 +334,7 @@ function save()
         WHERE `id` = " . intval($templateId));
     $row = hesk_dbFetchAssoc($res);
 
-    if (hesk_POST('name_only', 0)) {
-        // We are only able to update the name
-        $name = hesk_POST('name');
 
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
-        SET `name` = '" . hesk_dbEscape($name) . "' WHERE `id` = " . intval($templateId));
-    } else {
     // Add 'can ban emails' if 'can unban emails' is set (but not added). Same with 'can ban ips'
     $catArray = hesk_POST_array('categories');
     $featArray = hesk_POST_array('features');
@@ -408,13 +355,13 @@ function save()
         WHERE `id` = " . intval($templateId));
 
     if ($row['categories'] != $categories || $row['heskprivileges'] != $features) {
-            // Any users with this template should be switched to "custom"
+        // Any users with this template should have their permissions updated
-            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `heskprivileges` = '" . hesk_dbEscape($features) . "',
+            `categories` = '" . hesk_dbEscape($categories) . "'
             WHERE `permission_template` = " . intval($templateId));
     }
-    }
 
-    hesk_process_messages($hesklang['permission_template_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
+    hesk_process_messages($hesklang['permission_group_updated'], $_SERVER['PHP_SELF'], 'SUCCESS');
 }
 
 function create()
@@ -439,7 +386,7 @@ function create()
     hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` (`name`, `heskprivileges`, `categories`)
         VALUES ('" . hesk_dbEscape($name) . "', '" . hesk_dbEscape($features) . "', '" . hesk_dbEscape($categories) . "')");
 
-    hesk_process_messages($hesklang['template_created'], $_SERVER['PHP_SELF'], 'SUCCESS');
+    hesk_process_messages($hesklang['group_created'], $_SERVER['PHP_SELF'], 'SUCCESS');
 }
 
 function validate($features, $categories, $create = false, $name = '')
@@ -449,7 +396,7 @@ function validate($features, $categories, $create = false, $name = '')
     $errorMarkup = '<ul>';
     $isValid = true;
     if ($create && $name == '') {
-        $errorMarkup .= '<li>' . $hesklang['template_name_required'] . '</li>';
+        $errorMarkup .= '<li>' . $hesklang['group_name_required'] . '</li>';
         $isValid = false;
     }
     if (count($features) == 0) {
@@ -463,7 +410,7 @@ function validate($features, $categories, $create = false, $name = '')
     $errorMarkup .= '</ul>';
 
     if (!$isValid) {
-        $error = sprintf($hesklang['permission_template_error'], $errorMarkup);
+        $error = sprintf($hesklang['permission_group_error'], $errorMarkup);
         hesk_process_messages($error, $_SERVER['PHP_SELF']);
     }
     return true;
@@ -483,36 +430,14 @@ function deleteTemplate()
     // Otherwise delete the template
     hesk_dbQuery("DELETE FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` WHERE `id` = " . intval($id));
     if (hesk_dbAffectedRows() != 1) {
-        hesk_process_messages($hesklang['no_templates_were_deleted'], $_SERVER['PHP_SELF']);
+        hesk_process_messages($hesklang['no_group_were_deleted'], $_SERVER['PHP_SELF']);
-    }
-    hesk_process_messages($hesklang['permission_template_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
-}
-
-function toggleAdmin($admin)
-{
-    global $hesk_settings, $hesklang;
-
-    $id = hesk_GET('id');
-
-    if ($id == 1 || $id == 2) {
-        hesk_process_messages($hesklang['cannot_change_admin_staff'], $_SERVER['PHP_SELF']);
     }
 
-    if ($admin) {
+    // Move all users who used to be in this group to "custom"
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates` SET `heskprivileges` = 'ALL',
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET `permission_template` = NULL
-            `categories` = 'ALL' WHERE `id` = " . intval($id));
+        WHERE `permission_template` = " . intval($id));
-        hesk_process_messages($hesklang['permission_template_now_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
-    } else {
-        // Get default privileges
-        $res = hesk_dbQuery("SELECT `heskprivileges`, `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
-            WHERE `id` = 2");
-        $row = hesk_dbFetchAssoc($res);
 
-        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "permission_templates`
+    hesk_process_messages($hesklang['permission_group_deleted'], $_SERVER['PHP_SELF'], 'SUCCESS');
-            SET `heskprivileges` = '" . hesk_dbEscape($row['heskprivileges']) . "',
-             `categories` = '" . hesk_dbEscape($row['categories']) . "' WHERE `id` = " . intval($id));
-        hesk_process_messages($hesklang['permission_template_no_longer_admin'], $_SERVER['PHP_SELF'], 'SUCCESS');
-    }
 }
 
 ?>

admin/manage_users.php

@@ -214,7 +214,7 @@ if ($action = hesk_REQUEST('a')) {
                     <th><b><i><?php echo $hesklang['name']; ?></i></b></th>
                     <th><b><i><?php echo $hesklang['email']; ?></i></b></th>
                     <th><b><i><?php echo $hesklang['username']; ?></i></b></th>
-                    <th><b><i><?php echo $hesklang['permission_template']; ?></i></b></th>
+                    <th><b><i><?php echo $hesklang['permission_group']; ?></i></b></th>
                     <?php
                     /* Is user rating enabled? */
                     if ($hesk_settings['rating']) {
@@ -591,6 +591,7 @@ function update_user()
         $myuser['notify_overdue_unassigned'] = 0;
     }
 
+
     /* Check for duplicate usernames */
     $res = hesk_dbQuery("SELECT `id`,`isadmin`,`categories`,`heskprivileges` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `user` = '" . hesk_dbEscape($myuser['user']) . "' LIMIT 1");
     if (hesk_dbNumRows($res) == 1) {
@@ -621,6 +622,31 @@ function update_user()
         hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser['id']) . "' AND `category` NOT IN (" . $myuser['categories'] . ")");
     }
 
+    // Find the list of categories they are manager of. If they no longer have access to the category, revoke their manager permission.
+    if ($myuser['isadmin']) {
+        // Admins can't be managers
+        hesk_dbQuery('UPDATE `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'categories` SET `manager` = 0 WHERE `manager` = ' . intval($myuser['id']));
+    } else {
+        $currentCatRs = hesk_dbQuery("SELECT `categories` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = '" . intval($myuser['id']) . "' LIMIT 1");
+        $rowOfCategories = hesk_dbFetchAssoc($currentCatRs);
+        $cats = $rowOfCategories['categories'];
+        $currentCategories = explode(',', $cats);
+        $newCategories = explode(',', $myuser['categories']);
+
+        // If any any elements are in current but not in new, add them to the revoke array
+        $revokeCats = array();
+        foreach ($currentCategories as $currentCategory) {
+            if (!in_array($currentCategory, $newCategories) && $currentCategory != '') {
+                array_push($revokeCats, $currentCategory);
+            }
+        }
+
+        if (count($revokeCats) > 0) {
+            hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `id` IN (" . implode(',', $revokeCats) . ")");
+        }
+    }
+
+
     hesk_dbQuery(
         "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` SET
     `user`='" . hesk_dbEscape($myuser['user']) . "',
@@ -651,6 +677,11 @@ function update_user()
 	`default_calendar_view`=" . intval($myuser['default_calendar_view']) . "
     WHERE `id`='" . intval($myuser['id']) . "'");
 
+    // If they are now inactive, remove any manager rights
+    if (!$myuser['active']) {
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser['id']));
+    }
+
 
     unset($_SESSION['save_userdata']);
     unset($_SESSION['userdata']);
@@ -814,6 +845,10 @@ function remove()
         hesk_process_messages($hesklang['cant_del_own'], './manage_users.php');
     }
 
+    // Revoke manager rights
+    hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
+
+
     /* Un-assign all tickets for this user */
     $res = hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "tickets` SET `owner`=0 WHERE `owner`='" . intval($myuser) . "'");
 
@@ -877,6 +912,9 @@ function toggle_active()
         $active = 0;
         $tmp = $hesklang['user_deactivated'];
 
+        // Revoke any manager rights
+        hesk_dbQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "categories` SET `manager` = 0 WHERE `manager` = " . intval($myuser));
+
         $notificationSql = ", `autoassign` = '0', `notify_new_unassigned` = '0', `notify_new_my` = '0', `notify_reply_unassigned` = '0',
         `notify_reply_my` = '0', `notify_assigned` = '0', `notify_pm` = '0', `notify_note` = '0', `notify_note_unassigned` = '0', `notify_overdue_unassigned` = '0'";
     }

api/BusinessLogic/Categories/Category.php

@@ -51,6 +51,11 @@ class Category extends \BaseClass {
      */
     public $priority;
 
+    /**
+     * @var int|null The manager for the Categories, if applicable
+     */
+    public $manager;
+
     /**
      * @var bool Indication if the user has access to the Categories
      */

api/BusinessLogic/Security/UserToTicketChecker.php

@@ -31,6 +31,12 @@ class UserToTicketChecker extends \BaseClass {
             return false;
         }
 
+        $categoryManagerId = $this->userGateway->getManagerForCategory($ticket->categoryId, $heskSettings);
+
+        if ($user->id === $categoryManagerId) {
+            return true;
+        }
+
         $extraPermissions[] = UserPrivilege::CAN_VIEW_TICKETS;
 
         foreach ($extraPermissions as $permission) {

api/Controllers/Categories/CategoryController.php

@@ -63,6 +63,7 @@ class CategoryController extends \BaseClass {
         $category->description = Helpers::safeArrayGet($json, 'description');
         $category->displayBorder = Helpers::safeArrayGet($json, 'displayBorder');
         $category->foregroundColor = Helpers::safeArrayGet($json, 'foregroundColor');
+        $category->manager = Helpers::safeArrayGet($json, 'manager');
         $category->name = Helpers::safeArrayGet($json, 'name');
         $category->priority = Helpers::safeArrayGet($json, 'priority');
         $category->type = Helpers::safeArrayGet($json, 'type');

api/DataAccess/Categories/CategoryGateway.php

@@ -41,6 +41,7 @@ class CategoryGateway extends CommonDao {
             $category->foregroundColor = $row['foreground_color'];
             $category->displayBorder = $row['display_border_outline'] === '1';
             $category->priority = intval($row['priority']);
+            $category->manager = intval($row['manager']) == 0 ? NULL : intval($row['manager']);
             $category->description = $row['mfh_description'];
             $category->numberOfTickets = intval($row['number_of_tickets']);
             $results[] = $category;
@@ -63,11 +64,11 @@ class CategoryGateway extends CommonDao {
         $newOrder = hesk_dbFetchAssoc($newOrderRs);
 
         $sql = "INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories` 
-            (`name`, `cat_order`, `autoassign`, `type`, `priority`, `background_color`, `usage`, 
+            (`name`, `cat_order`, `autoassign`, `type`, `priority`, `manager`, `background_color`, `usage`, 
                 `foreground_color`, `display_border_outline`, `mfh_description`)
             VALUES ('" . hesk_dbEscape($category->name) . "', " . intval($newOrder['cat_order']) . ",
                 '" . ($category->autoAssign ? 1 : 0) . "', '" . intval($category->type) . "',
-                '" . intval($category->priority) . "',
+                '" . intval($category->priority) . "', " . ($category->manager === null ? 0 : intval($category->manager)) . ",
                 '" . hesk_dbEscape($category->backgroundColor)  . "', " . intval($category->usage) . ",
                 '" . hesk_dbEscape($category->foregroundColor) . "', '" . ($category->displayBorder ? 1 : 0) . "',
                 '" . hesk_dbEscape($category->description) . "')";
@@ -94,6 +95,7 @@ class CategoryGateway extends CommonDao {
             `autoassign` = '" . ($category->autoAssign ? 1 : 0) . "',
             `type` = '" . intval($category->type) . "', 
             `priority` = '" . intval($category->priority) . "', 
+            `manager` = " . ($category->manager === null ? 0 : intval($category->manager)) . ", 
             `background_color` = '" . hesk_dbEscape($category->backgroundColor)  . "', 
             `usage` = " . intval($category->usage) . ", 
             `foreground_color` = '" . hesk_dbEscape($category->foregroundColor) . "', 

api/DataAccess/Security/UserGateway.php

@@ -99,4 +99,25 @@ class UserGateway extends CommonDao {
 
         return $users;
     }
+
+    function getManagerForCategory($categoryId, $heskSettings) {
+        $this->init();
+
+        $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "users` 
+            WHERE `id` = (
+                SELECT `manager` 
+                FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "categories`
+                WHERE `id` = " . intval($categoryId) . ")");
+
+        if (hesk_dbNumRows($rs) === 0) {
+            $this->close();
+            return null;
+        }
+
+        $user = UserContext::fromDataRow(hesk_dbFetchAssoc($rs));
+
+        $this->close();
+
+        return $user;
+    }
 }

api/Tests/BusinessLogic/Security/UserToTicketCheckerTest.php

@@ -92,4 +92,23 @@ class UserToTicketCheckerTest extends TestCase {
         //-- Assert
         self::assertThat($result, self::isFalse());
     }
+
+    function testItReturnsTrueWhenTheUserDoesNotHaveEditPermissionsButIsTheCategoryManager() {
+        //-- Arrange
+        $user = new UserContext();
+        $user->admin = false;
+        $user->categories = array(1);
+        $user->permissions = array(UserPrivilege::CAN_VIEW_TICKETS, 'something else');
+        $user->id = 1;
+        $this->userGateway->method('getManagerForCategory')->willReturn(1);
+
+        $ticket = new Ticket();
+        $ticket->categoryId = 1;
+
+        //-- Act
+        $result = $this->userToTicketChecker->isTicketAccessibleToUser($user, $ticket, $this->heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS));
+
+        //-- Assert
+        self::assertThat($result, self::isTrue());
+    }
 }

inc/common.inc.php

@@ -2026,6 +2026,7 @@ function hesk_getFeatureArray()
         'can_service_msg',        /* User can manage service messages shown in customer interface */
         'can_email_tpl',    /* User can manage email templates */
         'can_man_ticket_statuses', /* User can manage ticket statuses */
+        'can_set_manager', /* User can set category managers */
         'can_man_permission_tpl', /* User can manage permission templates */
         'can_man_settings', /* User can manage helpdesk settings */
         'can_change_notification_settings', /* User can change notification settings */

inc/profile_functions.inc.php

@@ -162,9 +162,10 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
             if (!$is_profile_page) {
                 ?>
                 <div role="tabpanel" class="tab-pane fade" id="permissions">
+                    <?php if ($_SESSION['isadmin']): ?>
                     <div class="form-group">
                         <label for="administrator"
-                               class="col-md-3 control-label"><?php echo $hesklang['permission_template_colon']; ?></label>
+                               class="col-md-3 control-label"><?php echo $hesklang['permission_group']; ?></label>
 
                         <div class="col-md-9">
                             <?php
@@ -181,10 +182,19 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
                             $selected = $_SESSION[$session_array]['permission_template'] == '-1' ? 'selected' : '';
                             echo '<option value="-1" ' . $selected . '>' . htmlspecialchars($hesklang['custom']) . '</option>';
                             echo '</select>';
-                            outputCheckboxJavascript();
                             ?>
                         </div>
                     </div>
+                    <?php elseif ($action == 'edit_user'): ?>
+                        <input type="hidden" name="template"
+                               value="<?php echo $_SESSION[$session_array]['permission_template']; ?>" />
+                        <div id="changed-group-warning" class="alert alert-warning" style="display: none">
+                            <i class="fa fa-exclamation-triangle"></i> <?php echo $hesklang['changing_permissions_will_reset_permission_group']; ?>
+                        </div>
+                    <?php
+                    endif;
+                    outputCheckboxJavascript($action);
+                    ?>
                     <div id="options">
                         <div class="form-group">
                             <label for="categories[]"
@@ -535,7 +545,7 @@ function hesk_profile_tab($session_array = 'new', $is_profile_page = true, $acti
     <?php
 } // END hesk_profile_tab()
 
-function outputCheckboxJavascript()
+function outputCheckboxJavascript($action)
 {
     global $hesk_settings, $hesklang;
 
@@ -594,7 +604,9 @@ function outputCheckboxJavascript()
         });
     }
     function setTemplateToCustom() {
-        $('#permission-tpl').val('-1');
+        $('input[name=\"template\"]').val('-1');
+        
+        " . ($action == 'edit_user' ? ($_SESSION['isadmin']  ? '' : "$('#changed-group-warning').show();") : '') . "
     }
     </script>";
 }

inc/show_admin_nav.inc.php

@@ -297,9 +297,9 @@ $mails = mfh_get_mail_headers_for_dropdown($_SESSION['id'], $hesk_settings, $hes
 
                         $markup .= '
                         <li class="' . $active . '">
-                            <a href="manage_permission_templates.php">
+                            <a href="manage_permission_groups.php">
                                 <i class="fa fa-fw fa-users" ' . $iconDisplay . '></i>
-                                <span>' . $hesklang['permission_templates'] . '</span>
+                                <span>' . $hesklang['manange_permission_groups_menu'] . '</span>
                             </a>
                         </li>';
                     }

install/mods-for-hesk/database-validation.php

@@ -93,6 +93,7 @@ hesk_dbConnect();
             $all_good = $all_good & run_column_check('tickets', 'longitude');
             $all_good = $all_good & run_column_check('stage_tickets', 'latitude');
             $all_good = $all_good & run_column_check('stage_tickets', 'longitude');
+            $all_good = $all_good & run_column_check('categories', 'manager');
             $all_good = $all_good & run_column_check('users', 'permission_template');
             $all_good = $all_good & run_table_check('permission_templates');
             $all_good = $all_good & run_column_check('permission_templates', 'id');

internal-api/js/manage-categories.js

@@ -119,6 +119,12 @@ function loadTable() {
                         .attr('title', mfhLang.text('geco'));
                 }
 
+                if (this.manager === null) {
+                    $template.find('[data-property="manager"]').text(mfhLang.text('no_manager'));
+                } else {
+                    $template.find('[data-property="manager"]').text(users[this.manager].name);
+                }
+
                 if (this.id === 1) {
                     $template.find('[data-action="delete"]').hide();
                 }
@@ -166,6 +172,7 @@ function bindEditModal() {
 
         $modal.find('input[name="name"]').val(element.name).end()
             .find('select[name="priority"]').val(element.priority).end()
+            .find('select[name="manager"]').val(element.manager === null ? 0 : element.manager).end()
             .find('input[name="id"]').val(element.id).end()
             .find('select[name="usage"]').val(element.usage).end()
             .find('input[name="display-border"][value="' + (element.displayBorder ? 1 : 0) + '"]')
@@ -258,14 +265,17 @@ function bindFormSubmit() {
 
         var $modal = $('#category-modal');
 
+        var foregroundColor = $modal.find('input[name="foreground-color"]').val();
+        var manager = parseInt($modal.find('select[name="manager"]').val());
         var data = {
             autoassign: $modal.find('input[name="autoassign"]').val() === 'true',
             backgroundColor: $modal.find('input[name="background-color"]').val(),
             description: $modal.find('textarea[name="description"]').val(),
             displayBorder: $modal.find('input[name="display-border"]:checked').val() === '1',
-            foregroundColor: $modal.find('input[name="foreground-color"]').val() === '' ? 'AUTO' : $modal.find('input[name="foreground-color"]').val(),
+            foregroundColor: foregroundColor === '' ? 'AUTO' : foregroundColor,
             name: $modal.find('input[name="name"]').val(),
             priority: parseInt($modal.find('select[name="priority"]').val()),
+            manager: manager === 0 ? null : manager,
             type: parseInt($modal.find('input[name="type"]:checked').val()),
             usage: parseInt($modal.find('select[name="usage"]').val()),
             catOrder: parseInt($modal.find('input[name="cat-order"]').val())

language/en/text.php

@@ -1831,39 +1831,17 @@ $hesklang['your_current_location'] = 'Your location';
 $hesklang['requesting_location_ellipsis'] = 'Requesting location...';
 $hesklang['unable_to_determine_location'] = 'Unable to determine your location, or you declined to share it.';
 $hesklang['save_to_see_updated_address'] = 'Save the new location to see the updated address';
-$hesklang['manage_permission_templates'] = 'Manage Permission Templates';
+$hesklang['manager'] = 'Manager';
-$hesklang['manage_permission_templates_help'] = 'Here you can create and edit permission templates. These templates will appear when creating/editing a user.
+$hesklang['manager_updated'] = 'Category manager has been updated.';
-Please note that if you change the permission template\'s settings, it will NOT change the permissions of any users that are set to this permission template.';
+$hesklang['can_set_manager'] = 'Can set category managers';
+$hesklang['no_manager'] = 'No manager';
 $hesklang['number_of_users'] = 'Number of Users';
 $hesklang['actions'] = 'Actions';
-$hesklang['view_permissions_for_this_template'] = 'View/edit permissions for this template';
-$hesklang['permission'] = 'Permission';
-$hesklang['permissions_for_template'] = 'Permissions for template <code>%s</code>'; // %s template name
-$hesklang['template_has_admin_privileges'] = 'Permission template has admin privileges. Click to set as non-admin';
-$hesklang['template_has_no_admin_privileges'] = 'Permission template does not have admin privileges. Click to set as admin';
 $hesklang['staff_cannot_be_admin'] = 'Staff permission group does not have admin access, and cannot be set as an admin';
 $hesklang['admin_cannot_be_staff'] = 'Administrator permission group has admin access, and cannot be set as non-admin';
 $hesklang['template_is_admin_cannot_change'] = 'The permission group currently has admin privileges, so you cannot set specific permissions here.';
-$hesklang['permission_template_updated'] = 'Permission template has been updated!';
-$hesklang['create_new_template'] = 'Create new permission template';
-$hesklang['create_new_template_title'] = 'Create New Permission Template'; // same as create_new_template, but in Title Case
-$hesklang['template_name'] = 'Template name';
-$hesklang['template_name_required'] = 'Template name required.';
 $hesklang['you_must_select_a_category'] = 'You must select at least one category.';
 $hesklang['you_must_select_a_feature'] = 'You must select at least one feature.';
-$hesklang['permission_template_error'] = 'The permission template could not be completed due to the following error(s): %s'; // %s: error list
-$hesklang['template_created'] = 'Permission template successfully created!';
-$hesklang['cannot_delete_admin_or_staff'] = 'The <b>Administrator</b> and <b>Staff</b> permission groups cannot be deleted!';
-$hesklang['no_templates_were_deleted'] = 'No templates were deleted!';
-$hesklang['permission_template_deleted'] = 'Permission template deleted!';
-$hesklang['permission_template_now_admin'] = 'Permission template is now designed as an admin template';
-$hesklang['permission_template_no_longer_admin'] = 'Permission template is no longer designated as an admin template';
-$hesklang['cannot_change_admin_staff'] = 'You cannot change admin/non-admin status for the <b>Administrator</b> and <b>Staff</b> templates!';
-$hesklang['permission_tpl_man'] = 'Manage permission templates'; // Menu link
-$hesklang['permission_templates'] = 'Permission Templates';
-$hesklang['can_man_permission_tpl'] = 'Can manage permission templates';
-$hesklang['permission_template_colon'] = 'Permission Template';
-$hesklang['permission_template'] = 'Permission Template';
 $hesklang['custom'] = 'Custom';
 
 // ADDED OR MODIFIED IN Mods for HESK 2.4.0
@@ -2186,5 +2164,29 @@ $hesklang['copied_to_clipboard'] = 'Copied to clipboard';
 // If your language is NOT in the supported langauges, leave 'en'
 $hesklang['CALENDAR_LANGUAGE']='en';
 
+
+$hesklang['manage_permission_groups'] = 'Manage Permission Groups';
+$hesklang['manage_permission_groups_help'] = 'Here you can create and edit permission groups. These groups will appear when creating/editing a user. 
+When editing a permission group, all users assigned to this group will also have their permissions updated accordingly.';
+$hesklang['view_permissions_for_this_group'] = 'View/edit permissions for this group';
+$hesklang['permission'] = 'Permission';
+$hesklang['permissions_for_group'] = 'Permissions for group <code>%s</code>'; // %s template name
+$hesklang['permission_group_updated'] = 'Permission group has been updated!';
+$hesklang['create_new_group'] = 'Create new permission group';
+$hesklang['create_new_group_title'] = 'Create New Permission Group'; // same as create_new_template, but in Title Case
+$hesklang['group_name'] = 'Group name';
+$hesklang['group_name_required'] = 'Group name required.';
+$hesklang['permission_group_error'] = 'The permission group could not be saved due to the following error(s): %s'; // %s: error list
+$hesklang['group_created'] = 'Permission group successfully created!';
+$hesklang['cannot_delete_admin_or_staff'] = 'The <b>Administrator</b> and <b>Staff</b> permission groups cannot be deleted!';
+$hesklang['no_groups_were_deleted'] = 'No groups were deleted!';
+$hesklang['permission_group_deleted'] = 'Permission group deleted!';
+$hesklang['manange_permission_groups_menu'] = 'Permission groups'; // Menu link
+$hesklang['permission_groups'] = 'Permission Groups';
+$hesklang['can_man_permission_tpl'] = 'Can manage permission groups';
+$hesklang['permission_group_colon'] = 'Permission Group:';
+$hesklang['permission_group'] = 'Permission Group';
+$hesklang['changing_permissions_will_reset_permission_group'] = 'Changing a user\'s categories / features will reset their permission group! Click "Discard Changes" to reset the user\'s categories / features.';
+
 // DO NOT CHANGE BELOW
 if (!defined('IN_SCRIPT')) die('PHP syntax OK!');