Skip to content
Snippets Groups Projects
Commit 0abfe60c authored by Peter Rotich's avatar Peter Rotich
Browse files

Add logic for staff with "Limited Access"

parent 2224afb0
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
include/class.staff.php
+ 101
98
View file @ 0abfe60c
......@@ -27,12 +27,12 @@ class Staff {
var $teams;
var $stats;
function Staff($var){
function Staff($var) {
$this->id =0;
return ($this->load($var));
}
function load($var=''){
function load($var='') {
if(!$var && !($var=$this->getId()))
return false;
......@@ -59,7 +59,7 @@ class Staff {
return ($this->id);
}
function reload(){
function reload() {
return $this->load();
}
......@@ -67,15 +67,15 @@ class Staff {
return $this->ht;
}
function getInfo(){
function getInfo() {
return $this->getHastable();
}
/*compares user password*/
function check_passwd($password){
function check_passwd($password) {
/*bcrypt based password match*/
if(Passwd::cmp($password,$this->getPasswd()))
if(Passwd::cmp($password, $this->getPasswd()))
return true;
/*Fall back to MD5 && force a password reset if it matches*/
......@@ -93,7 +93,7 @@ class Staff {
}
/* check if passwd reset is due. */
function isPasswdResetDue(){
function isPasswdResetDue() {
global $cfg;
return ($cfg && $cfg->getPasswdResetPeriod() && $this->ht['passwd_change_sec']>($cfg->getPasswdResetPeriod()*30*24*60*60));
}
......@@ -110,7 +110,7 @@ class Staff {
return $this->ht['daylight_saving']?true:false;
}
function getRefreshRate(){
function getRefreshRate() {
return $this->ht['auto_refresh_rate'];
}
......@@ -118,39 +118,39 @@ class Staff {
return $this->ht['max_page_size'];
}
function getId(){
function getId() {
return $this->id;
}
function getEmail(){
function getEmail() {
return $this->ht['email'];
}
function getUserName(){
function getUserName() {
return $this->ht['username'];
}
function getPasswd(){
function getPasswd() {
return $this->ht['passwd'];
}
function getName(){
function getName() {
return ucfirst($this->ht['firstname'].' '.$this->ht['lastname']);
}
function getFirstName(){
function getFirstName() {
return $this->ht['firstname'];
}
function getLastName(){
function getLastName() {
return $this->ht['lastname'];
}
function getGroupId(){
function getGroupId() {
return $this->ht['group_id'];
}
function getSignature(){
function getSignature() {
return $this->ht['signature'];
}
......@@ -158,24 +158,24 @@ class Staff {
return $this->ht['default_signature_type'];
}
function forcePasswdChange(){
function forcePasswdChange() {
return ($this->ht['change_passwd']);
}
function getDepts(){
function getDepts() {
//Departments the user is allowed to access...based on the group they belong to + user's dept.
return array_filter(array_unique(array_merge(explode(',',$this->ht['dept_access']),array($this->dept_id)))); //Neptune help us
return array_filter(array_unique(array_merge(explode(',', $this->ht['dept_access']), array($this->dept_id)))); //Neptune help us
}
function getDepartments() {
return $this->getDepts();
}
function getDeptId(){
function getDeptId() {
return $this->ht['dept_id'];
}
function getDept(){
function getDept() {
if(!$this->dept && $this->getDeptIf())
$this->dept= Dept::lookup($this->getDeptId());
......@@ -184,27 +184,27 @@ class Staff {
}
function isManager(){
function isManager() {
return (($dept=$this->getDept()) && $dept->getManagerId()==$this->getId());
}
function isStaff(){
function isStaff() {
return TRUE;
}
function isGroupActive(){
function isGroupActive() {
return ($this->ht['group_enabled']);
}
function isactive(){
function isactive() {
return ($this->ht['isactive']);
}
function isVisible(){
function isVisible() {
return ($this->ht['isvisible']);
}
function onVacation(){
function onVacation() {
return ($this->ht['onvacation']);
}
......@@ -212,35 +212,39 @@ class Staff {
return ($this->isactive() && $this->isGroupActive() && !$this->onVacation());
}
function isAccessLimited(){
function showAssignedOnly() {
return ($this->ht['assigned_only']);
}
function isAccessLimited() {
return $this->showAssignedOnly();
}
function isadmin(){
function isadmin() {
return ($this->ht['isadmin']);
}
function isTeamMember($teamId) {
return ($teamId && in_array($teamId,$this->getTeams()));
return ($teamId && in_array($teamId, $this->getTeams()));
}
function canAccessDept($deptId) {
return ($deptId && in_array($deptId,$this->getDepts()) && !$this->isAccessLimited());
return ($deptId && in_array($deptId, $this->getDepts()) && !$this->isAccessLimited());
}
function canCreateTickets(){
function canCreateTickets() {
return ($this->ht['can_create_tickets']);
}
function canEditTickets(){
function canEditTickets() {
return ($this->ht['can_edit_tickets']);
}
function canDeleteTickets(){
function canDeleteTickets() {
return ($this->ht['can_delete_tickets']);
}
function canCloseTickets(){
function canCloseTickets() {
return ($this->ht['can_close_tickets']);
}
......@@ -256,13 +260,13 @@ class Staff {
return ($this->ht['can_ban_emails']);
}
function canManageTickets(){
function canManageTickets() {
return ($this->isadmin()
|| $this->canDeleteTickets()
|| $this->canCloseTickets());
}
function canManagePremade(){
function canManagePremade() {
return ($this->ht['can_manage_premade']);
}
......@@ -270,7 +274,7 @@ class Staff {
return $this->canManagePremade();
}
function canManageFAQ(){
function canManageFAQ() {
return ($this->ht['can_manage_faq']);
}
......@@ -278,15 +282,16 @@ class Staff {
return $this->canManageFAQ();
}
function showAssignedTickets(){
function showAssignedTickets() {
return ($this->ht['show_assigned_tickets']
&& ($this->isAdmin() || $this->isManager()));
}
function getTeams(){
function getTeams() {
if(!$this->teams){
$sql='SELECT team_id FROM '.TEAM_MEMBER_TABLE.' WHERE staff_id='.db_input($this->getId());
if(!$this->teams) {
$sql='SELECT team_id FROM '.TEAM_MEMBER_TABLE
.' WHERE staff_id='.db_input($this->getId());
if(($res=db_query($sql)) && db_num_rows($res))
while(list($id)=db_fetch_row($res))
$this->teams[] = $id;
......@@ -310,7 +315,6 @@ class Staff {
}
function getNumAssignedTickets() {
return ($stats=$this->getTicketsStats())?$stats['assigned']:0;
}
......@@ -319,7 +323,7 @@ class Staff {
}
//Staff profile update...unfortunately we have to separate it from admin update to avoid potential issues
function updateProfile($vars,&$errors){
function updateProfile($vars, &$errors) {
$vars['firstname']=Format::striptags($vars['firstname']);
$vars['lastname']=Format::striptags($vars['lastname']);
......@@ -347,13 +351,13 @@ class Staff {
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']='Valid number required';
if($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']){
if($vars['passwd1'] || $vars['passwd2'] || $vars['cpasswd']) {
if(!$vars['passwd1'])
$errors['passwd1']='New password required';
elseif($vars['passwd1'] && strlen($vars['passwd1'])<6)
$errors['passwd1']='Must be at least 6 characters';
elseif($vars['passwd1'] && strcmp($vars['passwd1'],$vars['passwd2']))
elseif($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2']))
$errors['passwd2']='Password(s) do not match';
if(!$vars['cpasswd'])
......@@ -387,7 +391,7 @@ class Staff {
if($vars['passwd1'])
$sql.=',change_passwd=0,passwdreset=NOW(),passwd='.db_input(Passwd::hash($vars['passwd1']));
$sql.=' ,change_passwd=0, passwdreset=NOW(), passwd='.db_input(Passwd::hash($vars['passwd1']));
$sql.=' WHERE staff_id='.db_input($this->getId());
......@@ -397,25 +401,26 @@ class Staff {
}
function updateTeams($teams){
function updateTeams($teams) {
if($teams){
foreach($teams as $k=>$id){
$sql='INSERT IGNORE INTO '.TEAM_MEMBER_TABLE.' SET updated=NOW(),staff_id='.db_input($this->getId()).',team_id='.db_input($id);
if($teams) {
foreach($teams as $k=>$id) {
$sql='INSERT IGNORE INTO '.TEAM_MEMBER_TABLE.' SET updated=NOW() '
.' ,staff_id='.db_input($this->getId()).', team_id='.db_input($id);
db_query($sql);
}
}
$sql='DELETE FROM '.TEAM_MEMBER_TABLE.' WHERE staff_id='.db_input($this->getId());
if($teams)
$sql.=' AND team_id NOT IN('.implode(',',$teams).')';
$sql.=' AND team_id NOT IN('.implode(',', $teams).')';
db_query($sql);
return true;
}
function update($vars,&$errors) {
if(!$this->save($this->getId(),$vars,$errors))
function update($vars, &$errors) {
if(!$this->save($this->getId(), $vars, $errors))
return false;
$this->updateTeams($vars['teams']);
......@@ -424,14 +429,14 @@ class Staff {
return true;
}
function delete(){
function delete() {
global $thisstaff;
if(!$thisstaff || !($id=$this->getId()) || $id==$thisstaff->getId())
return 0;
$sql='DELETE FROM '.STAFF_TABLE.' WHERE staff_id='.db_input($id).' LIMIT 1';
if(db_query($sql) && ($num=db_affected_rows())){
if(db_query($sql) && ($num=db_affected_rows())) {
// DO SOME HOUSE CLEANING
//Move remove any ticket assignments...TODO: send alert to Dept. manager?
db_query('UPDATE '.TICKET_TABLE.' SET staff_id=0 WHERE status=\'open\' AND staff_id='.db_input($id));
......@@ -468,7 +473,7 @@ class Staff {
return self::getStaffMembers(true);
}
function getIdByUsername($username){
function getIdByUsername($username) {
$sql='SELECT staff_id FROM '.STAFF_TABLE.' WHERE username='.db_input($username);
if(($res=db_query($sql)) && db_num_rows($res))
......@@ -476,7 +481,7 @@ class Staff {
return $id;
}
function getIdByEmail($email){
function getIdByEmail($email) {
$sql='SELECT staff_id FROM '.STAFF_TABLE.' WHERE email='.db_input($email);
if(($res=db_query($sql)) && db_num_rows($res))
......@@ -485,25 +490,25 @@ class Staff {
return $id;
}
function lookup($id){
function lookup($id) {
return ($id && is_numeric($id) && ($staff= new Staff($id)) && $staff->getId()==$id)?$staff:null;
}
function login($username,$passwd,&$errors,$strike=true){
function login($username, $passwd, &$errors, $strike=true) {
global $cfg;
if($_SESSION['_staff']['laststrike']) {
if((time()-$_SESSION['_staff']['laststrike'])<$cfg->getStaffLoginTimeout()) {
$errors['err']='You\'ve reached maximum failed login attempts allowed.';
}else{ //Timeout is over.
} else { //Timeout is over.
//Reset the counter for next round of attempts after the timeout.
$_SESSION['_staff']['laststrike']=null;
$_SESSION['_staff']['strikes']=0;
}
}
if(!$errors && ($user=new StaffSession($username)) && $user->getId() && $user->check_passwd($passwd)){
if(!$errors && ($user=new StaffSession($username)) && $user->getId() && $user->check_passwd($passwd)) {
//update last login && password reset stuff.
$sql='UPDATE '.STAFF_TABLE.' SET lastlogin=NOW() ';
if($user->isPasswdResetDue() && !$user->isAdmin())
......@@ -516,7 +521,7 @@ class Staff {
$user->refreshSession(); //set the hash.
$_SESSION['TZ_OFFSET']=$user->getTZoffset();
$_SESSION['daylight']=$user->observeDaylight();
Sys::log(LOG_DEBUG,'Staff login',sprintf("%s logged in [%s]",$user->getUserName(),$_SERVER['REMOTE_ADDR'])); //Debug.
Sys::log(LOG_DEBUG,'Staff login',sprintf("%s logged in [%s]", $user->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.
$sid=session_id(); //Current ID
session_regenerate_id(TRUE);
//Destroy old session ID - needed for PHP version < 5.1.0 TODO: remove when we move to php 5.3 as min. requirement.
......@@ -535,25 +540,25 @@ class Staff {
$alert='Excessive login attempts by a staff member?'."\n".
'Username: '.$_POST['username']."\n".'IP: '.$_SERVER['REMOTE_ADDR']."\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".
'Attempts #'.$_SESSION['_staff']['strikes']."\n".'Timeout: '.($cfg->getStaffLoginTimeout()/60)." minutes \n\n";
Sys::log(LOG_ALERT,'Excessive login attempts ('.$_POST['username'].')',$alert,($cfg->alertONLoginError()));
Sys::log(LOG_ALERT,'Excessive login attempts ('.$_POST['username'].')', $alert,($cfg->alertONLoginError()));
}elseif($_SESSION['_staff']['strikes']%2==0){ //Log every other failed login attempt as a warning.
} elseif($_SESSION['_staff']['strikes']%2==0) { //Log every other failed login attempt as a warning.
$alert='Username: '.$_POST['username']."\n".'IP: '.$_SERVER['REMOTE_ADDR'].
"\n".'TIME: '.date('M j, Y, g:i a T')."\n\n".'Attempts #'.$_SESSION['_staff']['strikes'];
Sys::log(LOG_WARNING,'Failed staff login attempt ('.$_POST['username'].')',$alert);
Sys::log(LOG_WARNING,'Failed staff login attempt ('.$_POST['username'].')', $alert);
}
return false;
}
function create($vars,&$errors) {
if(($id=self::save(0,$vars,$errors)) && $vars['teams'] && ($self=Staff::lookup($id)))
function create($vars, &$errors) {
if(($id=self::save(0, $vars, $errors)) && $vars['teams'] && ($self=Staff::lookup($id)))
$staff->updateTeams($vars['teams']);
return $id;
}
function save($id,$vars,&$errors) {
function save($id, $vars, &$errors) {
$vars['username']=Format::striptags($vars['username']);
$vars['firstname']=Format::striptags($vars['firstname']);
......@@ -586,13 +591,13 @@ class Staff {
if($vars['mobile'] && !Validator::is_phone($vars['mobile']))
$errors['mobile']='Valid number required';
if($vars['passwd1'] || $vars['passwd2'] || !$id){
if(!$vars['passwd1'] && !$id){
if($vars['passwd1'] || $vars['passwd2'] || !$id) {
if(!$vars['passwd1'] && !$id) {
$errors['passwd1']='Temp. password required';
$errors['temppasswd']='Required';
}elseif($vars['passwd1'] && strlen($vars['passwd1'])<6){
} elseif($vars['passwd1'] && strlen($vars['passwd1'])<6) {
$errors['passwd1']='Must be at least 6 characters';
}elseif($vars['passwd1'] && strcmp($vars['passwd1'],$vars['passwd2'])){
} elseif($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2']='Password(s) do not match';
}
}
......@@ -609,30 +614,30 @@ class Staff {
if($errors) return false;
$sql=' SET updated=NOW() '.
',isadmin='.db_input($vars['isadmin']).
',isactive='.db_input($vars['isactive']).
',isvisible='.db_input(isset($vars['isvisible'])?1:0).
',onvacation='.db_input(isset($vars['onvacation'])?1:0).
',assigned_only='.db_input(isset($vars['assigned_only'])?1:0).
',dept_id='.db_input($vars['dept_id']).
',group_id='.db_input($vars['group_id']).
',timezone_id='.db_input($vars['timezone_id']).
',username='.db_input($vars['username']).
',firstname='.db_input($vars['firstname']).
',lastname='.db_input($vars['lastname']).
',email='.db_input($vars['email']).
',phone="'.db_input(Format::phone($vars['phone']),false).'"'.
',phone_ext='.db_input($vars['phone_ext']).
',mobile="'.db_input(Format::phone($vars['mobile']),false).'"'.
',signature='.db_input($vars['signature']).
',notes='.db_input($vars['notes']);
$sql='SET updated=NOW() '
.' ,isadmin='.db_input($vars['isadmin'])
.' ,isactive='.db_input($vars['isactive'])
.' ,isvisible='.db_input(isset($vars['isvisible'])?1:0)
.' ,onvacation='.db_input(isset($vars['onvacation'])?1:0)
.' ,assigned_only='.db_input(isset($vars['assigned_only'])?1:0)
.' ,dept_id='.db_input($vars['dept_id'])
.' ,group_id='.db_input($vars['group_id'])
.' ,timezone_id='.db_input($vars['timezone_id'])
.' ,username='.db_input($vars['username'])
.' ,firstname='.db_input($vars['firstname'])
.' ,lastname='.db_input($vars['lastname'])
.' ,email='.db_input($vars['email'])
.' ,phone="'.db_input(Format::phone($vars['phone']),false).'"'
.' ,phone_ext='.db_input($vars['phone_ext'])
.' ,mobile="'.db_input(Format::phone($vars['mobile']),false).'"'
.' ,signature='.db_input($vars['signature'])
.' ,notes='.db_input($vars['notes']);
if($vars['passwd1'])
$sql.=',passwd='.db_input(Passwd::hash($vars['passwd1']));
$sql.=' ,passwd='.db_input(Passwd::hash($vars['passwd1']));
if(isset($vars['change_passwd']))
$sql.=',change_passwd=1';
$sql.=' ,change_passwd=1';
if($id) {
$sql='UPDATE '.STAFF_TABLE.' '.$sql.' WHERE staff_id='.db_input($id);
......@@ -640,8 +645,8 @@ class Staff {
return true;
$errors['err']='Unable to update the user. Internal error occurred';
}else{
$sql='INSERT INTO '.STAFF_TABLE.' '.$sql.',created=NOW()';
} else {
$sql='INSERT INTO '.STAFF_TABLE.' '.$sql.', created=NOW()';
if(db_query($sql) && ($uid=db_insert_id()))
return $uid;
......@@ -650,7 +655,5 @@ class Staff {
return false;
}
}
?>
include/class.ticket.php
+ 6
5
View file @ 0abfe60c
......@@ -174,7 +174,7 @@ class Ticket{
if(!is_object($staff) && !($staff=Staff::lookup($staff)))
return false;
return ($staff->canAccessDept($this->getDeptId())
return ((!$staff->showAssignedOnly() && $staff->canAccessDept($this->getDeptId()))
|| ($this->getTeamId() && $staff->isTeamMember($this->getTeamId()))
|| $staff->getId()==$this->getStaffId());
}
......@@ -1716,13 +1716,14 @@ class Ticket{
ON (assigned.ticket_id=ticket.ticket_id AND assigned.status=\'open\' AND assigned.staff_id='.db_input($staff->getId()).')'
.' LEFT JOIN '.TICKET_TABLE.' closed
ON (closed.ticket_id=ticket.ticket_id AND closed.status=\'closed\' AND closed.staff_id='.db_input($staff->getId()).')'
.' WHERE (ticket.dept_id IN('.implode(',',$staff->getDepts()).') OR ticket.staff_id='.db_input($staff->getId());
.' WHERE (ticket.staff_id='.db_input($staff->getId());
if(($teams=$staff->getTeams()))
$sql.=' OR ticket.team_id IN('.implode(',', array_filter($teams)).')';
if(!$staff->showAssignedOnly()) //Staff with limited access just see Assigned tickets.
$sql.=' OR ticket.dept_id IN('.implode(',',$staff->getDepts()).') ';
$sql.=')';
......
include/staff/tickets.inc.php
+ 5
1
View file @ 0abfe60c
......@@ -61,9 +61,13 @@ $qwhere ='';
$depts=$thisstaff->getDepts();
$qwhere =' WHERE ( '
.' ticket.dept_id IN ('.($depts?implode(',',$depts):0).') OR ticket.staff_id='.$thisstaff->getId();
.' ticket.staff_id='.db_input($thisstaff->getId());
if(!$thisstaff->showAssignedOnly())
$qwhere.=' OR ticket.dept_id IN ('.($depts?implode(',',$depts):0).')';
if(($teams=$thisstaff->getTeams()) && count(array_filter($teams)))
$qwhere.=' OR ticket.team_id IN('.implode(',',array_filter($teams)).') ';
$qwhere .= ' )';
//STATUS
......
scp/tickets.php
+ 13
5
View file @ 0abfe60c
......@@ -435,12 +435,20 @@ if($stats['overdue']) {
$sysnotice=$stats['overdue'] .' overdue tickets!';
}
$nav->addSubMenu(array('desc'=>'Closed Tickets',
'title'=>'Closed Tickets',
'href'=>'tickets.php?status=closed',
'iconclass'=>'closedTickets'),
($_REQUEST['status']=='closed'));
if($thisstaff->showAssignedOnly() && $stats['closed']) {
$nav->addSubMenu(array('desc'=>'My Closed Tickets ('.$stats['closed'].')',
'title'=>'My Closed Tickets',
'href'=>'tickets.php?status=closed',
'iconclass'=>'closedTickets'),
($_REQUEST['status']=='closed'));
} else {
$nav->addSubMenu(array('desc'=>'Closed Tickets',
'title'=>'Closed Tickets',
'href'=>'tickets.php?status=closed',
'iconclass'=>'closedTickets'),
($_REQUEST['status']=='closed'));
}
if($thisstaff->canCreateTickets()) {
$nav->addSubMenu(array('desc'=>'New Ticket',
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment