changed system to mod/admin permissions, though there's still a bug in show_ticket
This commit is contained in:
parent
8353b2a99a
commit
b994a8279d
20 changed files with 42 additions and 28 deletions
|
@ -15,6 +15,20 @@ class Ticket_User{
|
|||
$dbl->execute($query, $values);
|
||||
|
||||
}
|
||||
|
||||
public static function isMod($user){
|
||||
if(isset($user) && $user->getPermission() > 1){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public static function isAdmin($user){
|
||||
if(isset($user) && $user->getPermission() == 3){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
//return constructed element based on TUserId
|
||||
|
|
|
@ -4,7 +4,7 @@ function add_sgroup(){
|
|||
|
||||
if(WebUsers::isLoggedIn()){
|
||||
|
||||
if( WebUsers::isAdmin()){
|
||||
if( Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
||||
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
|
||||
$tag = "[" . $inner_tag . "]";
|
||||
|
|
|
@ -4,7 +4,7 @@ function add_user_to_sgroup(){
|
|||
|
||||
if(WebUsers::isLoggedIn()){
|
||||
|
||||
if( WebUsers::isAdmin() && isset($_POST['target_id'])){
|
||||
if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){
|
||||
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
|
||||
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
|
||||
$user_id = WebUsers::getId($name);
|
||||
|
|
|
@ -9,7 +9,7 @@ function change_info(){
|
|||
if(isset($_POST['target_id'])){
|
||||
|
||||
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
|
||||
if($_POST['target_id'] == $_SESSION['id']){
|
||||
$target_username = $_SESSION['user'];
|
||||
}else{
|
||||
|
|
|
@ -9,7 +9,7 @@ function change_mail(){
|
|||
if(isset($_POST['target_id'])){
|
||||
|
||||
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||
if($_POST['target_id'] == $_SESSION['id']){
|
||||
$target_username = $_SESSION['user'];
|
||||
}else{
|
||||
|
@ -42,7 +42,7 @@ function change_mail(){
|
|||
$result['username'] = $_SESSION['user'];
|
||||
$result['target_id'] = $_POST['target_id'];
|
||||
if(isset($_GET['id'])){
|
||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
}
|
||||
|
@ -56,7 +56,7 @@ function change_mail(){
|
|||
$result['username'] = $_SESSION['user'];
|
||||
$result['target_id'] = $_POST['target_id'];
|
||||
if(isset($_GET['id'])){
|
||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,7 +9,7 @@ function change_password(){
|
|||
if(isset($_POST['target_id'])){
|
||||
$adminChangesOther = false;
|
||||
//if target_id is the same as session id or is admin
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||
if($_POST['target_id'] == $_SESSION['id']){
|
||||
$target_username = $_SESSION['user'];
|
||||
}else{
|
||||
|
|
|
@ -7,7 +7,7 @@ function create_ticket(){
|
|||
if(isset($_POST['target_id'])){
|
||||
|
||||
//if target_id is the same as session id or is admin
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||
|
||||
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
|
||||
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);
|
||||
|
|
|
@ -9,14 +9,14 @@ function reply_on_ticket(){
|
|||
$target_ticket = new Ticket();
|
||||
$target_ticket->load_With_TId($ticket_id);
|
||||
|
||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||
|
||||
try{
|
||||
$author = $_SESSION['ticket_user']->getTUserId();
|
||||
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
|
||||
Ticket::createReply($content, $author, $ticket_id);
|
||||
|
||||
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){
|
||||
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
|
||||
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
|
||||
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);
|
||||
|
|
|
@ -7,7 +7,7 @@ function createticket(){
|
|||
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
|
||||
if(isset($_GET['user_id'])){
|
||||
|
||||
if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
|
||||
if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){
|
||||
|
||||
//ERROR: No access!
|
||||
$_SESSION['error_code'] = "403";
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
|
||||
|
||||
function libuserlist(){
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||
//This checks to see if there is a page number. If not, it will set it to page 1
|
||||
if (!(isset($_GET['pagenum']))){
|
||||
$pagenum = 1;
|
||||
|
|
|
@ -4,14 +4,14 @@ function settings(){
|
|||
if(WebUsers::isLoggedIn()){
|
||||
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
|
||||
if(isset($_GET['id'])){
|
||||
if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
|
||||
if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){
|
||||
//ERROR: No access!
|
||||
$_SESSION['error_code'] = "403";
|
||||
header("Location: index.php?page=error");
|
||||
exit;
|
||||
}else{
|
||||
$result = WebUsers::getInfo($_GET['id']);
|
||||
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
$result['target_id'] = $_GET['id'];
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
function sgroup_list(){
|
||||
//if logged in
|
||||
if(WebUsers::isLoggedIn()){
|
||||
if( WebUsers::isAdmin()){
|
||||
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||
|
||||
if(isset($_GET['delete'])){
|
||||
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
|
@ -4,7 +4,7 @@ function show_queue(){
|
|||
|
||||
//if logged in & queue id is given
|
||||
if(WebUsers::isLoggedIn() && isset($_GET['get'])){
|
||||
if( WebUsers::isAdmin()){
|
||||
if( Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
|
||||
|
||||
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
|
||||
|
@ -16,7 +16,7 @@ function show_queue(){
|
|||
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
|
||||
$i++;
|
||||
}
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
return $result;
|
||||
|
|
|
@ -11,7 +11,7 @@ function show_reply(){
|
|||
$ticket = new Ticket();
|
||||
$ticket->load_With_TId($reply->getTicket());
|
||||
|
||||
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
||||
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
|
||||
$content = new Ticket_Content();
|
||||
$content->load_With_TContentId($reply->getContent());
|
||||
|
||||
|
@ -25,7 +25,7 @@ function show_reply(){
|
|||
$result['reply_content'] = $content->getContent();
|
||||
$result['author'] = $author->getExternId();
|
||||
$result['authorName'] = WebUsers::getUsername($author->getExternId());
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
return $result;
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
function show_sgroup(){
|
||||
//if logged in
|
||||
if(WebUsers::isLoggedIn()){
|
||||
if( WebUsers::isAdmin()){
|
||||
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
|
||||
if( isset($_GET['id'])){
|
||||
|
||||
//['target_id'] holds the id of the group!
|
||||
|
|
|
@ -8,7 +8,7 @@ function show_ticket(){
|
|||
$target_ticket = new Ticket();
|
||||
$target_ticket->load_With_TId($result['ticket_id']);
|
||||
|
||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
|
||||
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
|
||||
|
||||
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
|
||||
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
|
||||
|
@ -28,7 +28,7 @@ function show_ticket(){
|
|||
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
|
||||
$i++;
|
||||
}
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
//$result['statusList'] = Ticket::getStatusArray();
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@ function show_ticket_log(){
|
|||
//if logged in
|
||||
if(WebUsers::isLoggedIn() && isset($_GET['id'])){
|
||||
//only allow admins to browse the log!
|
||||
if(WebUsers::isAdmin() ){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user']) ){
|
||||
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||
$target_ticket = new Ticket();
|
||||
$target_ticket->load_With_TId($result['ticket_id']);
|
||||
|
@ -33,7 +33,7 @@ function show_ticket_log(){
|
|||
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
|
||||
$i++;
|
||||
}
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
return $result;
|
||||
|
|
|
@ -4,7 +4,7 @@ function show_user(){
|
|||
//if logged in
|
||||
if(WebUsers::isLoggedIn()){
|
||||
|
||||
if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){
|
||||
if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){
|
||||
|
||||
if(isset($_GET['id'])){
|
||||
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?php
|
||||
|
||||
function userlist(){
|
||||
if(WebUsers::isAdmin()){
|
||||
if(Ticket_User::isMod($_SESSION['ticket_user'])){
|
||||
$users = WebUsers::getUsers();
|
||||
$i = 0;
|
||||
$pageResult['userlist'] = Array();
|
||||
|
|
|
@ -36,12 +36,12 @@
|
|||
<p><span class="label label-info"> {$reply.timestamp}</span>
|
||||
{if $reply.permission eq '1'}
|
||||
<!-- <span class="label label-important"><strong></i>[User]:</strong></span>-->
|
||||
{else if $reply.permission eq '2'}
|
||||
{else if $reply.permission gt '1'}
|
||||
<span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span>
|
||||
{/if}
|
||||
<span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p>
|
||||
|
||||
<p><pre{if $reply.permission eq '2'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
|
||||
<p><pre{if $reply.permission gt '1'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
|
||||
</td>
|
||||
</tr>
|
||||
{/foreach}
|
||||
|
|
Loading…
Reference in a new issue