changed system to mod/admin permissions, though there's still a bug in show_ticket
--HG-- branch : quitta-gsoc-2013
This commit is contained in:
parent
be65b89d86
commit
b1836e7944
20 changed files with 42 additions and 28 deletions
|
@ -15,6 +15,20 @@ class Ticket_User{
|
||||||
$dbl->execute($query, $values);
|
$dbl->execute($query, $values);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function isMod($user){
|
||||||
|
if(isset($user) && $user->getPermission() > 1){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function isAdmin($user){
|
||||||
|
if(isset($user) && $user->getPermission() == 3){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
//return constructed element based on TUserId
|
//return constructed element based on TUserId
|
||||||
|
|
|
@ -4,7 +4,7 @@ function add_sgroup(){
|
||||||
|
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
|
|
||||||
if( WebUsers::isAdmin()){
|
if( Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||||
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
||||||
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
|
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
|
||||||
$tag = "[" . $inner_tag . "]";
|
$tag = "[" . $inner_tag . "]";
|
||||||
|
|
|
@ -4,7 +4,7 @@ function add_user_to_sgroup(){
|
||||||
|
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
|
|
||||||
if( WebUsers::isAdmin() && isset($_POST['target_id'])){
|
if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){
|
||||||
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
||||||
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
|
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
|
||||||
$user_id = WebUsers::getId($name);
|
$user_id = WebUsers::getId($name);
|
||||||
|
|
|
@ -9,7 +9,7 @@ function change_info(){
|
||||||
if(isset($_POST['target_id'])){
|
if(isset($_POST['target_id'])){
|
||||||
|
|
||||||
|
|
||||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
|
||||||
if($_POST['target_id'] == $_SESSION['id']){
|
if($_POST['target_id'] == $_SESSION['id']){
|
||||||
$target_username = $_SESSION['user'];
|
$target_username = $_SESSION['user'];
|
||||||
}else{
|
}else{
|
||||||
|
|
|
@ -9,7 +9,7 @@ function change_mail(){
|
||||||
if(isset($_POST['target_id'])){
|
if(isset($_POST['target_id'])){
|
||||||
|
|
||||||
|
|
||||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||||
if($_POST['target_id'] == $_SESSION['id']){
|
if($_POST['target_id'] == $_SESSION['id']){
|
||||||
$target_username = $_SESSION['user'];
|
$target_username = $_SESSION['user'];
|
||||||
}else{
|
}else{
|
||||||
|
@ -42,7 +42,7 @@ function change_mail(){
|
||||||
$result['username'] = $_SESSION['user'];
|
$result['username'] = $_SESSION['user'];
|
||||||
$result['target_id'] = $_POST['target_id'];
|
$result['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -56,7 +56,7 @@ function change_mail(){
|
||||||
$result['username'] = $_SESSION['user'];
|
$result['username'] = $_SESSION['user'];
|
||||||
$result['target_id'] = $_POST['target_id'];
|
$result['target_id'] = $_POST['target_id'];
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ function change_password(){
|
||||||
if(isset($_POST['target_id'])){
|
if(isset($_POST['target_id'])){
|
||||||
$adminChangesOther = false;
|
$adminChangesOther = false;
|
||||||
//if target_id is the same as session id or is admin
|
//if target_id is the same as session id or is admin
|
||||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||||
if($_POST['target_id'] == $_SESSION['id']){
|
if($_POST['target_id'] == $_SESSION['id']){
|
||||||
$target_username = $_SESSION['user'];
|
$target_username = $_SESSION['user'];
|
||||||
}else{
|
}else{
|
||||||
|
|
|
@ -7,7 +7,7 @@ function create_ticket(){
|
||||||
if(isset($_POST['target_id'])){
|
if(isset($_POST['target_id'])){
|
||||||
|
|
||||||
//if target_id is the same as session id or is admin
|
//if target_id is the same as session id or is admin
|
||||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||||
|
|
||||||
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
|
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
|
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
|
||||||
|
|
|
@ -9,14 +9,14 @@ function reply_on_ticket(){
|
||||||
$target_ticket = new Ticket();
|
$target_ticket = new Ticket();
|
||||||
$target_ticket->load_With_TId($ticket_id);
|
$target_ticket->load_With_TId($ticket_id);
|
||||||
|
|
||||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||||
|
|
||||||
try{
|
try{
|
||||||
$author = $_SESSION['ticket_user']->getTUserId();
|
$author = $_SESSION['ticket_user']->getTUserId();
|
||||||
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
|
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
|
||||||
Ticket::createReply($content, $author, $ticket_id);
|
Ticket::createReply($content, $author, $ticket_id);
|
||||||
|
|
||||||
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){
|
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
|
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
|
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);
|
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);
|
||||||
|
|
|
@ -7,7 +7,7 @@ function createticket(){
|
||||||
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
|
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
|
||||||
if(isset($_GET['user_id'])){
|
if(isset($_GET['user_id'])){
|
||||||
|
|
||||||
if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
|
if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){
|
||||||
|
|
||||||
//ERROR: No access!
|
//ERROR: No access!
|
||||||
$_SESSION['error_code'] = "403";
|
$_SESSION['error_code'] = "403";
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
|
|
||||||
function libuserlist(){
|
function libuserlist(){
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||||
//This checks to see if there is a page number. If not, it will set it to page 1
|
//This checks to see if there is a page number. If not, it will set it to page 1
|
||||||
if (!(isset($_GET['pagenum']))){
|
if (!(isset($_GET['pagenum']))){
|
||||||
$pagenum = 1;
|
$pagenum = 1;
|
||||||
|
|
|
@ -4,14 +4,14 @@ function settings(){
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
|
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
|
if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){
|
||||||
//ERROR: No access!
|
//ERROR: No access!
|
||||||
$_SESSION['error_code'] = "403";
|
$_SESSION['error_code'] = "403";
|
||||||
header("Location: index.php?page=error");
|
header("Location: index.php?page=error");
|
||||||
exit;
|
exit;
|
||||||
}else{
|
}else{
|
||||||
$result = WebUsers::getInfo($_GET['id']);
|
$result = WebUsers::getInfo($_GET['id']);
|
||||||
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
|
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
$result['target_id'] = $_GET['id'];
|
$result['target_id'] = $_GET['id'];
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
function sgroup_list(){
|
function sgroup_list(){
|
||||||
//if logged in
|
//if logged in
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
if( WebUsers::isAdmin()){
|
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||||
|
|
||||||
if(isset($_GET['delete'])){
|
if(isset($_GET['delete'])){
|
||||||
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
|
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
|
|
|
@ -4,7 +4,7 @@ function show_queue(){
|
||||||
|
|
||||||
//if logged in & queue id is given
|
//if logged in & queue id is given
|
||||||
if(WebUsers::isLoggedIn() && isset($_GET['get'])){
|
if(WebUsers::isLoggedIn() && isset($_GET['get'])){
|
||||||
if( WebUsers::isAdmin()){
|
if( Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
|
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
|
||||||
|
|
||||||
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
|
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
|
||||||
|
@ -16,7 +16,7 @@ function show_queue(){
|
||||||
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
|
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
@ -11,7 +11,7 @@ function show_reply(){
|
||||||
$ticket = new Ticket();
|
$ticket = new Ticket();
|
||||||
$ticket->load_With_TId($reply->getTicket());
|
$ticket->load_With_TId($reply->getTicket());
|
||||||
|
|
||||||
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
|
||||||
$content = new Ticket_Content();
|
$content = new Ticket_Content();
|
||||||
$content->load_With_TContentId($reply->getContent());
|
$content->load_With_TContentId($reply->getContent());
|
||||||
|
|
||||||
|
@ -25,7 +25,7 @@ function show_reply(){
|
||||||
$result['reply_content'] = $content->getContent();
|
$result['reply_content'] = $content->getContent();
|
||||||
$result['author'] = $author->getExternId();
|
$result['author'] = $author->getExternId();
|
||||||
$result['authorName'] = WebUsers::getUsername($author->getExternId());
|
$result['authorName'] = WebUsers::getUsername($author->getExternId());
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
function show_sgroup(){
|
function show_sgroup(){
|
||||||
//if logged in
|
//if logged in
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
if( WebUsers::isAdmin()){
|
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||||
if( isset($_GET['id'])){
|
if( isset($_GET['id'])){
|
||||||
|
|
||||||
//['target_id'] holds the id of the group!
|
//['target_id'] holds the id of the group!
|
||||||
|
|
|
@ -8,7 +8,7 @@ function show_ticket(){
|
||||||
$target_ticket = new Ticket();
|
$target_ticket = new Ticket();
|
||||||
$target_ticket->load_With_TId($result['ticket_id']);
|
$target_ticket->load_With_TId($result['ticket_id']);
|
||||||
|
|
||||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
|
||||||
|
|
||||||
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
|
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
|
||||||
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
|
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
|
||||||
|
@ -28,7 +28,7 @@ function show_ticket(){
|
||||||
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
|
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
//$result['statusList'] = Ticket::getStatusArray();
|
//$result['statusList'] = Ticket::getStatusArray();
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,7 +5,7 @@ function show_ticket_log(){
|
||||||
//if logged in
|
//if logged in
|
||||||
if(WebUsers::isLoggedIn() && isset($_GET['id'])){
|
if(WebUsers::isLoggedIn() && isset($_GET['id'])){
|
||||||
//only allow admins to browse the log!
|
//only allow admins to browse the log!
|
||||||
if(WebUsers::isAdmin() ){
|
if(Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||||
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
$target_ticket = new Ticket();
|
$target_ticket = new Ticket();
|
||||||
$target_ticket->load_With_TId($result['ticket_id']);
|
$target_ticket->load_With_TId($result['ticket_id']);
|
||||||
|
@ -33,7 +33,7 @@ function show_ticket_log(){
|
||||||
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
|
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
|
||||||
$i++;
|
$i++;
|
||||||
}
|
}
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$result['isAdmin'] = "TRUE";
|
$result['isAdmin'] = "TRUE";
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
|
|
|
@ -4,7 +4,7 @@ function show_user(){
|
||||||
//if logged in
|
//if logged in
|
||||||
if(WebUsers::isLoggedIn()){
|
if(WebUsers::isLoggedIn()){
|
||||||
|
|
||||||
if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){
|
if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){
|
||||||
|
|
||||||
if(isset($_GET['id'])){
|
if(isset($_GET['id'])){
|
||||||
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
function userlist(){
|
function userlist(){
|
||||||
if(WebUsers::isAdmin()){
|
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||||
$users = WebUsers::getUsers();
|
$users = WebUsers::getUsers();
|
||||||
$i = 0;
|
$i = 0;
|
||||||
$pageResult['userlist'] = Array();
|
$pageResult['userlist'] = Array();
|
||||||
|
|
|
@ -36,12 +36,12 @@
|
||||||
<p><span class="label label-info"> {$reply.timestamp}</span>
|
<p><span class="label label-info"> {$reply.timestamp}</span>
|
||||||
{if $reply.permission eq '1'}
|
{if $reply.permission eq '1'}
|
||||||
<!-- <span class="label label-important"><strong></i>[User]:</strong></span>-->
|
<!-- <span class="label label-important"><strong></i>[User]:</strong></span>-->
|
||||||
{else if $reply.permission eq '2'}
|
{else if $reply.permission gt '1'}
|
||||||
<span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span>
|
<span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span>
|
||||||
{/if}
|
{/if}
|
||||||
<span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p>
|
<span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p>
|
||||||
|
|
||||||
<p><pre{if $reply.permission eq '2'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
|
<p><pre{if $reply.permission gt '1'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
{/foreach}
|
{/foreach}
|
||||||
|
|
Loading…
Reference in a new issue