From 4868ea486c1003541bb068ecc18da21f07f6c65b Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Fri, 10 Aug 2012 00:57:57 -0400
Subject: [PATCH] Check access post-update - make sure staff still has access
 to ticket

---
 scp/tickets.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scp/tickets.php b/scp/tickets.php
index 66af215ea..8c799a2a6 100644
--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -163,7 +163,10 @@ if($_POST && !$errors):
                 $errors['err']='Perm. Denied. You are not allowed to edit tickets';
             elseif($ticket->update($_POST,$errors)) {
                 $msg='Ticket updated successfully';
-                $_REQUEST['a'] = null;
+                $_REQUEST['a'] = null; //Clear edit action - going back to view.
+                //Check to make sure the staff STILL has access post-update (e.g dept change).
+                if(!$ticket->checkStaffAccess($thisstaff))
+                    $ticket=null;
             } elseif(!$errors['err']) {
                 $errors['err']='Unable to update the ticket. Correct the errors below and try again!';
             }
-- 
GitLab