From 5a002fa07234fee5114e67abdfb3181ba5bb4a72 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Mon, 10 Dec 2012 12:16:19 -0500
Subject: [PATCH] Show reply tap IF staff has permission to post replies
---
include/staff/ticket-view.inc.php | 11 +++++++++--
scp/js/ticket.js | 2 +-
scp/tickets.php | 25 +++++++++++++++----------
3 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/include/staff/ticket-view.inc.php b/include/staff/ticket-view.inc.php
index c2cb0bd10..888ff2c09 100644
--- a/include/staff/ticket-view.inc.php
+++ b/include/staff/ticket-view.inc.php
@@ -348,7 +348,11 @@ if(!$cfg->showNotesInline()) { ?>
<div id="response_options">
<ul>
+ <?php
+ if($thisstaff->canPostReply()) { ?>
<li><a id="reply_tab" href="#reply">Post Reply</a></li>
+ <?php
+ } ?>
<li><a id="note_tab" href="#note">Post Internal Note</a></li>
<?php
if($thisstaff->canTransferTickets()) { ?>
@@ -361,12 +365,12 @@ if(!$cfg->showNotesInline()) { ?>
<?php
} ?>
</ul>
-
+ <?php
+ if($thisstaff->canPostReply()) { ?>
<form id="reply" action="tickets.php?id=<?php echo $ticket->getId(); ?>#reply" name="reply" method="post" enctype="multipart/form-data">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
<input type="hidden" name="msgId" value="<?php echo $msgId; ?>">
- <input type="hidden" name="locktime" value="<?php echo $cfg->getLockTime(); ?>">
<input type="hidden" name="a" value="reply">
<span class="error"></span>
<table border="0" cellspacing="0" cellpadding="3">
@@ -485,9 +489,12 @@ if(!$cfg->showNotesInline()) { ?>
<input class="btn_sm" type="reset" value="Reset">
</p>
</form>
+ <?php
+ } ?>
<form id="note" action="tickets.php?id=<?php echo $ticket->getId(); ?>#note" name="note" method="post" enctype="multipart/form-data">
<?php csrf_token(); ?>
<input type="hidden" name="id" value="<?php echo $ticket->getId(); ?>">
+ <input type="hidden" name="locktime" value="<?php echo $cfg->getLockTime(); ?>">
<input type="hidden" name="a" value="postnote">
<table border="0" cellspacing="0" cellpadding="3">
<?php
diff --git a/scp/js/ticket.js b/scp/js/ticket.js
index 65ee84aad..8cb792d1c 100644
--- a/scp/js/ticket.js
+++ b/scp/js/ticket.js
@@ -94,7 +94,7 @@ var autoLock = {
Init: function(config) {
//make sure we are on ticket view page & locking is enabled!
- var fObj=$('form#reply');
+ var fObj=$('form#note');
if(!fObj
|| !$(':input[name=id]',fObj).length
|| !$(':input[name=locktime]',fObj).length
diff --git a/scp/tickets.php b/scp/tickets.php
index 47395d592..fd30b899e 100644
--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -42,18 +42,23 @@ if($_POST && !$errors):
$statusKeys=array('open'=>'Open','Reopen'=>'Open','Close'=>'Closed');
switch(strtolower($_POST['a'])):
case 'reply':
+ if(!$thisstaff->canPostReply())
+ $errors['err'] = 'Action denied. Contact admin for access';
+ else {
- if(!$_POST['msgId'])
- $errors['err']='Missing message ID - Internal error';
- if(!$_POST['response'])
- $errors['response']='Response required';
- //Use locks to avoid double replies
- if($lock && $lock->getStaffId()!=$thisstaff->getId())
- $errors['err']='Action Denied. Ticket is locked by someone else!';
+ if(!$_POST['msgId'])
+ $errors['err']='Missing message ID - Internal error';
+ if(!$_POST['response'])
+ $errors['response']='Response required';
+
+ //Use locks to avoid double replies
+ if($lock && $lock->getStaffId()!=$thisstaff->getId())
+ $errors['err']='Action Denied. Ticket is locked by someone else!';
- //Make sure the email is not banned
- if(!$errors['err'] && TicketFilter::isBanned($ticket->getEmail()))
- $errors['err']='Email is in banlist. Must be removed to reply.';
+ //Make sure the email is not banned
+ if(!$errors['err'] && TicketFilter::isBanned($ticket->getEmail()))
+ $errors['err']='Email is in banlist. Must be removed to reply.';
+ }
$wasOpen =($ticket->isOpen());
//If no error...do the do.
--
GitLab