From 13509d5b3c04169eb5420914f24d3718fd5ab544 Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 20 Mar 2015 10:19:29 -0500
Subject: [PATCH] role: Add role for thread entry editing

The new role would like be assigned to power users and would all such users
access to edit any post by any user.

Agents can always edit their own posts, and department managers can edit all
posts while the ticket is in the department they manage.
---
 include/class.thread.php          | 16 ++++++++++++++++
 include/class.thread_actions.php  | 10 ++++++----
 include/staff/ticket-view.inc.php |  8 ++++++--
 scp/css/dropdown.css              |  5 +++++
 scp/roles.php                     |  1 +
 5 files changed, 34 insertions(+), 6 deletions(-)

diff --git a/include/class.thread.php b/include/class.thread.php
index e715b6f46..759a03b0c 100644
--- a/include/class.thread.php
+++ b/include/class.thread.php
@@ -16,6 +16,7 @@
 **********************************************************************/
 include_once(INCLUDE_DIR.'class.ticket.php');
 include_once(INCLUDE_DIR.'class.draft.php');
+include_once(INCLUDE_DIR.'class.role.php');
 
 //Ticket thread.
 class Thread extends VerySimpleModel {
@@ -435,11 +436,20 @@ class ThreadEntry extends VerySimpleModel {
     const FLAG_EDITED                   = 0x0002;
     const FLAG_HIDDEN                   = 0x0004;
 
+    const PERM_EDIT     = 'thread.edit';
+
     var $_headers;
     var $_thread;
     var $_actions;
     var $_attachments;
 
+    static protected $perms = array(
+        self::PERM_EDIT => array(
+            'title' => /* @trans */ 'Edit Thread',
+            'desc'  => /* @trans */ 'Ability to edit thread items of other agents',
+        ),
+    );
+
     function postEmail($mailinfo) {
         if (!($thread = $this->getThread()))
             // Kind of hard to continue a discussion without a thread ...
@@ -1252,8 +1262,14 @@ class ThreadEntry extends VerySimpleModel {
 
         self::$action_registry[$group][$action::getId()] = $action;
     }
+
+    static function getPermissions() {
+        return self::$perms;
+    }
 }
 
+RolePermission::register(/* @trans */ 'Tickets', ThreadEntry::getPermissions());
+
 
 class ThreadEntryBody /* extends SplString */ {
 
diff --git a/include/class.thread_actions.php b/include/class.thread_actions.php
index 503578ec4..121ecb8b9 100644
--- a/include/class.thread_actions.php
+++ b/include/class.thread_actions.php
@@ -66,15 +66,17 @@ class TEA_EditThreadEntry extends ThreadEntryAction {
     function isEnabled() {
         global $thisstaff;
 
+        $T = $this->entry->getThread()->getObject();
         // You can edit your own posts or posts by your department members
         // if your a manager, or everyone's if your an admin
         return $thisstaff && (
-            $thisstaff->isAdmin()
-            || (($T = $this->entry->getThread()->getObject())
-                && $T instanceof Ticket
+            $thisstaff->getId() == $this->entry->staff_id
+            || ($T instanceof Ticket
                 && $T->getDept()->getManagerId() == $thisstaff->getId()
             )
-            || ($this->entry->getStaffId() == $thisstaff->getId())
+            || ($T instanceof Ticket
+                && $thisstaff->getRole($T->getDeptId())->hasPerm(ThreadEntry::PERM_EDIT)
+            )
         );
     }
 
diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index 8823977da..8e3c73d86 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -423,8 +423,12 @@ $tcount = $ticket->getThreadEntries($types)->count();
 <?php               foreach ($actions as $group => $list) {
                         foreach ($list as $id => $action) { ?>
                     <li>
-                    <a class="no-pjax" href="#" onclick="javascript:
-                            <?php echo str_replace('"', '\\"', $action->getJsStub()); ?>; return false;">
+                    <a class="no-pjax <?php
+                        if (!$action->isEnabled())
+                            echo 'disabled';
+                    ?>" href="#" onclick="javascript:
+                        if ($(this).hasClass('disabled')) return false;
+                        <?php echo str_replace('"', '\\"', $action->getJsStub()); ?>; return false;">
                         <i class="<?php echo $action->getIcon(); ?>"></i> <?php
                             echo $action->getName();
                 ?></a></li>
diff --git a/scp/css/dropdown.css b/scp/css/dropdown.css
index 6105ea27f..236deb366 100644
--- a/scp/css/dropdown.css
+++ b/scp/css/dropdown.css
@@ -42,6 +42,11 @@
   color: #FFF !important;
   cursor: pointer;
 }
+.action-dropdown ul li > a.disabled {
+  pointer-events: none;
+  color: #999;
+  color: rgba(85,85,85,0.5);
+}
 .action-dropdown hr {
   height: 1px;
   border: none;
diff --git a/scp/roles.php b/scp/roles.php
index 824d13b14..749dee96f 100644
--- a/scp/roles.php
+++ b/scp/roles.php
@@ -21,6 +21,7 @@ include_once INCLUDE_DIR . 'class.canned.php';
 include_once INCLUDE_DIR . 'class.faq.php';
 include_once INCLUDE_DIR . 'class.email.php';
 include_once INCLUDE_DIR . 'class.report.php';
+include_once INCLUDE_DIR . 'class.thread.php';
 
 $errors = array();
 $role=null;
-- 
GitLab