diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index c2cb0bd1067684f7a012aa4f1a44cc73dc8ee904..888ff2c0920d14c3f09a440a5b62c0ec7166b6c9 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -348,7 +348,11 @@ if(!$cfg->showNotesInline()) { ?>
<div id="response_options">
<ul>
+ <?php
+ if($thisstaff->canPostReply()) { ?>
<li><a id="reply_tab" href="#reply">Post Reply</a></li>
+ <?php
+ } ?>
<li><a id="note_tab" href="#note">Post Internal Note</a></li>
<?php
if($thisstaff->canTransferTickets()) { ?>
@@ -361,12 +365,12 @@ if(!$cfg->showNotesInline()) { ?>
<?php
} ?>
</ul>
-
+ <?php
+ if($thisstaff->canPostReply()) { ?>
<form id="reply" action="tickets.php?id=<?php echo $ticket->getId(); ?>#reply" name="reply" method="post" enctype="multipart/form-data">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
<input type="hidden" name="msgId" value="<?php echo $msgId; ?>">
- <input type="hidden" name="locktime" value="<?php echo $cfg->getLockTime(); ?>">
<input type="hidden" name="a" value="reply">
<span class="error"></span>
<table border="0" cellspacing="0" cellpadding="3">
@@ -485,9 +489,12 @@ if(!$cfg->showNotesInline()) { ?>
<input class="btn_sm" type="reset" value="Reset">
</p>
</form>
+ <?php
+ } ?>
<form id="note" action="tickets.php?id=<?php echo $ticket->getId(); ?>#note" name="note" method="post" enctype="multipart/form-data">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
+ <input type="hidden" name="locktime" value="<?php echo $cfg->getLockTime(); ?>">
<input type="hidden" name="a" value="postnote">
<table border="0" cellspacing="0" cellpadding="3">
<?php
diff --git a/scp/js/ticket.js b/scp/js/ticket.js
index 65ee84aad0882649f8aec44daf447b45d38e64d9..8cb792d1c403661063ea564c3bff3b8938bc9d50 100644
--- a/scp/js/ticket.js
+++ b/scp/js/ticket.js
@@ -94,7 +94,7 @@ var autoLock = {
Init: function(config) {
//make sure we are on ticket view page & locking is enabled!
- var fObj=$('form#reply');
+ var fObj=$('form#note');
if(!fObj
|| !$(':input[name=id]',fObj).length
|| !$(':input[name=locktime]',fObj).length
diff --git a/scp/tickets.php b/scp/tickets.php
index 47395d592c2da9cb505daec7d037fb1349711dfa..fd30b899ee8417b63c839942e7cbb00257284a16 100644
--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -42,18 +42,23 @@ if($_POST && !$errors):
$statusKeys=array('open'=>'Open','Reopen'=>'Open','Close'=>'Closed');
switch(strtolower($_POST['a'])):
case 'reply':
+ if(!$thisstaff->canPostReply())
+ $errors['err'] = 'Action denied. Contact admin for access';
+ else {
- if(!$_POST['msgId'])
- $errors['err']='Missing message ID - Internal error';
- if(!$_POST['response'])
- $errors['response']='Response required';
- //Use locks to avoid double replies
- if($lock && $lock->getStaffId()!=$thisstaff->getId())
- $errors['err']='Action Denied. Ticket is locked by someone else!';
+ if(!$_POST['msgId'])
+ $errors['err']='Missing message ID - Internal error';
+ if(!$_POST['response'])
+ $errors['response']='Response required';
+
+ //Use locks to avoid double replies
+ if($lock && $lock->getStaffId()!=$thisstaff->getId())
+ $errors['err']='Action Denied. Ticket is locked by someone else!';
- //Make sure the email is not banned
- if(!$errors['err'] && TicketFilter::isBanned($ticket->getEmail()))
- $errors['err']='Email is in banlist. Must be removed to reply.';
+ //Make sure the email is not banned
+ if(!$errors['err'] && TicketFilter::isBanned($ticket->getEmail()))
+ $errors['err']='Email is in banlist. Must be removed to reply.';
+ }
$wasOpen =($ticket->isOpen());
//If no error...do the do.