changed system to mod/admin permissions, though there's still a bug in show_ticket

--HG--
branch : quitta-gsoc-2013
This commit is contained in:
Quitta 2013-07-18 12:43:33 +02:00
parent be65b89d86
commit b1836e7944
20 changed files with 42 additions and 28 deletions

View file

@ -15,6 +15,20 @@ class Ticket_User{
$dbl->execute($query, $values); $dbl->execute($query, $values);
} }
public static function isMod($user){
if(isset($user) && $user->getPermission() > 1){
return true;
}
return false;
}
public static function isAdmin($user){
if(isset($user) && $user->getPermission() == 3){
return true;
}
return false;
}
//return constructed element based on TUserId //return constructed element based on TUserId

View file

@ -4,7 +4,7 @@ function add_sgroup(){
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){ if( Ticket_User::isAdmin($_SESSION['ticket_user'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING); $name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING); $inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$tag = "[" . $inner_tag . "]"; $tag = "[" . $inner_tag . "]";

View file

@ -4,7 +4,7 @@ function add_user_to_sgroup(){
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin() && isset($_POST['target_id'])){ if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING); $name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT); $id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
$user_id = WebUsers::getId($name); $user_id = WebUsers::getId($name);

View file

@ -9,7 +9,7 @@ function change_info(){
if(isset($_POST['target_id'])){ if(isset($_POST['target_id'])){
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
if($_POST['target_id'] == $_SESSION['id']){ if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user']; $target_username = $_SESSION['user'];
}else{ }else{

View file

@ -9,7 +9,7 @@ function change_mail(){
if(isset($_POST['target_id'])){ if(isset($_POST['target_id'])){
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){ if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user']; $target_username = $_SESSION['user'];
}else{ }else{
@ -42,7 +42,7 @@ function change_mail(){
$result['username'] = $_SESSION['user']; $result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
} }
@ -56,7 +56,7 @@ function change_mail(){
$result['username'] = $_SESSION['user']; $result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
} }

View file

@ -9,7 +9,7 @@ function change_password(){
if(isset($_POST['target_id'])){ if(isset($_POST['target_id'])){
$adminChangesOther = false; $adminChangesOther = false;
//if target_id is the same as session id or is admin //if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){ if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user']; $target_username = $_SESSION['user'];
}else{ }else{

View file

@ -7,7 +7,7 @@ function create_ticket(){
if(isset($_POST['target_id'])){ if(isset($_POST['target_id'])){
//if target_id is the same as session id or is admin //if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT); $category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING); $title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);

View file

@ -9,14 +9,14 @@ function reply_on_ticket(){
$target_ticket = new Ticket(); $target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id); $target_ticket->load_With_TId($ticket_id);
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){
try{ try{
$author = $_SESSION['ticket_user']->getTUserId(); $author = $_SESSION['ticket_user']->getTUserId();
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING); $content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
Ticket::createReply($content, $author, $ticket_id); Ticket::createReply($content, $author, $ticket_id);
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){ if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT); $newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT); $newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author); Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);

View file

@ -7,7 +7,7 @@ function createticket(){
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id. //in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if(isset($_GET['user_id'])){ if(isset($_GET['user_id'])){
if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){ if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access! //ERROR: No access!
$_SESSION['error_code'] = "403"; $_SESSION['error_code'] = "403";

View file

@ -2,7 +2,7 @@
function libuserlist(){ function libuserlist(){
if(WebUsers::isAdmin()){ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
//This checks to see if there is a page number. If not, it will set it to page 1 //This checks to see if there is a page number. If not, it will set it to page 1
if (!(isset($_GET['pagenum']))){ if (!(isset($_GET['pagenum']))){
$pagenum = 1; $pagenum = 1;

View file

@ -4,14 +4,14 @@ function settings(){
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id. //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){ if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access! //ERROR: No access!
$_SESSION['error_code'] = "403"; $_SESSION['error_code'] = "403";
header("Location: index.php?page=error"); header("Location: index.php?page=error");
exit; exit;
}else{ }else{
$result = WebUsers::getInfo($_GET['id']); $result = WebUsers::getInfo($_GET['id']);
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
$result['target_id'] = $_GET['id']; $result['target_id'] = $_GET['id'];

View file

@ -3,7 +3,7 @@
function sgroup_list(){ function sgroup_list(){
//if logged in //if logged in
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if(isset($_GET['delete'])){ if(isset($_GET['delete'])){
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT); $delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);

View file

@ -4,7 +4,7 @@ function show_queue(){
//if logged in & queue id is given //if logged in & queue id is given
if(WebUsers::isLoggedIn() && isset($_GET['get'])){ if(WebUsers::isLoggedIn() && isset($_GET['get'])){
if( WebUsers::isAdmin()){ if( Ticket_User::isMod($_SESSION['ticket_user'])){
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING); $result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2); $queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
@ -16,7 +16,7 @@ function show_queue(){
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']); $result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
$i++; $i++;
} }
if(WebUsers::isAdmin()){ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
return $result; return $result;

View file

@ -11,7 +11,7 @@ function show_reply(){
$ticket = new Ticket(); $ticket = new Ticket();
$ticket->load_With_TId($reply->getTicket()); $ticket->load_With_TId($reply->getTicket());
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$content = new Ticket_Content(); $content = new Ticket_Content();
$content->load_With_TContentId($reply->getContent()); $content->load_With_TContentId($reply->getContent());
@ -25,7 +25,7 @@ function show_reply(){
$result['reply_content'] = $content->getContent(); $result['reply_content'] = $content->getContent();
$result['author'] = $author->getExternId(); $result['author'] = $author->getExternId();
$result['authorName'] = WebUsers::getUsername($author->getExternId()); $result['authorName'] = WebUsers::getUsername($author->getExternId());
if(WebUsers::isAdmin()){ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
return $result; return $result;

View file

@ -3,7 +3,7 @@
function show_sgroup(){ function show_sgroup(){
//if logged in //if logged in
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){ if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if( isset($_GET['id'])){ if( isset($_GET['id'])){
//['target_id'] holds the id of the group! //['target_id'] holds the id of the group!

View file

@ -8,7 +8,7 @@ function show_ticket(){
$target_ticket = new Ticket(); $target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']); $target_ticket->load_With_TId($result['ticket_id']);
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){ if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']); $entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3); Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
@ -28,7 +28,7 @@ function show_ticket(){
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']); $result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
$i++; $i++;
} }
if(WebUsers::isAdmin()){ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
//$result['statusList'] = Ticket::getStatusArray(); //$result['statusList'] = Ticket::getStatusArray();
} }

View file

@ -5,7 +5,7 @@ function show_ticket_log(){
//if logged in //if logged in
if(WebUsers::isLoggedIn() && isset($_GET['id'])){ if(WebUsers::isLoggedIn() && isset($_GET['id'])){
//only allow admins to browse the log! //only allow admins to browse the log!
if(WebUsers::isAdmin() ){ if(Ticket_User::isMod($_SESSION['ticket_user']) ){
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); $result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket(); $target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']); $target_ticket->load_With_TId($result['ticket_id']);
@ -33,7 +33,7 @@ function show_ticket_log(){
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']); $result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
$i++; $i++;
} }
if(WebUsers::isAdmin()){ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
return $result; return $result;

View file

@ -4,7 +4,7 @@ function show_user(){
//if logged in //if logged in
if(WebUsers::isLoggedIn()){ if(WebUsers::isLoggedIn()){
if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){ if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){
if(isset($_GET['id'])){ if(isset($_GET['id'])){
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT); $result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,7 +1,7 @@
<?php <?php
function userlist(){ function userlist(){
if(WebUsers::isAdmin()){ if(Ticket_User::isMod($_SESSION['ticket_user'])){
$users = WebUsers::getUsers(); $users = WebUsers::getUsers();
$i = 0; $i = 0;
$pageResult['userlist'] = Array(); $pageResult['userlist'] = Array();

View file

@ -36,12 +36,12 @@
<p><span class="label label-info"> {$reply.timestamp}</span> <p><span class="label label-info"> {$reply.timestamp}</span>
{if $reply.permission eq '1'} {if $reply.permission eq '1'}
<!-- <span class="label label-important"><strong></i>[User]:</strong></span>--> <!-- <span class="label label-important"><strong></i>[User]:</strong></span>-->
{else if $reply.permission eq '2'} {else if $reply.permission gt '1'}
<span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span> <span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span>
{/if} {/if}
<span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p> <span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p>
<p><pre{if $reply.permission eq '2'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p> <p><pre{if $reply.permission gt '1'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
</td> </td>
</tr> </tr>
{/foreach} {/foreach}