From 0b4c259ba021d30807ccc38d2edebd37bcc6b7fa Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Mon, 27 Jul 2015 13:38:34 +0000
Subject: [PATCH] tasks: Ticket tasks access
Restrict view access depending on agent's perm.
---
include/staff/templates/task-preview.tmpl.php | 4 +-
include/staff/ticket-tasks.inc.php | 45 ++++++++++++-------
2 files changed, 32 insertions(+), 17 deletions(-)
diff --git a/include/staff/templates/task-preview.tmpl.php b/include/staff/templates/task-preview.tmpl.php
index f23258ea0..e44883210 100644
--- a/include/staff/templates/task-preview.tmpl.php
+++ b/include/staff/templates/task-preview.tmpl.php
@@ -1,7 +1,9 @@
<?php
$error=$msg=$warn=null;
-if($task->isOverdue())
+if (!$task->checkStaffPerm($thisstaff))
+ $warn.= __('You do not have access to this task');
+elseif ($task->isOverdue())
$warn.=' <span class="Icon overdueTicket">'.__('Marked overdue!').'</span>';
echo sprintf(
diff --git a/include/staff/ticket-tasks.inc.php b/include/staff/ticket-tasks.inc.php
index a7a6d12ab..cf6c7a0c7 100644
--- a/include/staff/ticket-tasks.inc.php
+++ b/include/staff/ticket-tasks.inc.php
@@ -73,6 +73,7 @@ if ($count) { ?>
<?php
foreach($tasks as $task) {
$id = $task->getId();
+ $access = $task->checkStaffPerm($thisstaff);
$assigned='';
if ($task->staff)
$assigned=sprintf('<span class="Icon staffAssigned">%s</span>',
@@ -84,8 +85,10 @@ if ($count) { ?>
$threadcount = $task->getThread() ?
$task->getThread()->getNumEntries() : 0;
- $viewhref = sprintf('#tickets/%d/tasks/%d/view',
- $ticket->getId(), $id);
+ if ($access)
+ $viewhref = sprintf('#tickets/%d/tasks/%d/view', $ticket->getId(), $id);
+ else
+ $viewhref = '#';
?>
<tr id="<?php echo $id; ?>">
@@ -102,11 +105,17 @@ if ($count) { ?>
<td align="center" nowrap><?php echo
Format::datetime($task->created); ?></td>
<td><?php echo $status; ?></td>
- <td><a <?php if ($flag) { ?> class="no-pjax"
- title="<?php echo ucfirst($flag); ?> Task" <?php } ?>
- href="<?php echo $viewhref; ?>"><?php
- echo $title; ?></a>
+ <td>
+ <?php
+ if ($access) { ?>
+ <a <?php if ($flag) { ?> class="no-pjax"
+ title="<?php echo ucfirst($flag); ?> Task" <?php } ?>
+ href="<?php echo $viewhref; ?>"><?php
+ echo $title; ?></a>
<?php
+ } else {
+ echo $title;
+ }
if ($threadcount>1)
echo "<small>($threadcount)</small> ".'<i
class="icon-fixed-width icon-comments-alt"></i> ';
@@ -138,16 +147,20 @@ $(function() {
$(document).on('click.taskv', 'tbody.tasks a, a#reload-task', function(e) {
e.preventDefault();
e.stopImmediatePropagation();
- var url = 'ajax.php/'+$(this).attr('href').substr(1);
- var $container = $('div#task_content');
- var $stop = $('ul#ticket_tabs').offset().top;
- $.pjax({url: url, container: $container, push: false, scrollTo: $stop})
- .done(
- function() {
- $container.show();
- $('.tip_box').remove();
- $('div#tasks_content').hide();
- });
+ if ($(this).attr('href').length > 1) {
+ var url = 'ajax.php/'+$(this).attr('href').substr(1);
+ var $container = $('div#task_content');
+ var $stop = $('ul#ticket_tabs').offset().top;
+ $.pjax({url: url, container: $container, push: false, scrollTo: $stop})
+ .done(
+ function() {
+ $container.show();
+ $('.tip_box').remove();
+ $('div#tasks_content').hide();
+ });
+ } else {
+ $(this).trigger('mouseenter');
+ }
return false;
});
--
GitLab