From 5bfabd28357ee3b7ec4c8b74b240ba924058d7a0 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@enhancesoft.com>
Date: Tue, 20 Mar 2018 22:32:20 +0000
Subject: [PATCH] Tickets Visibility
Unify ticket visibility as a routine to make sure it's applied uniformly.
---
include/ajax.search.php | 17 +-------------
include/ajax.thread.php | 10 +--------
include/ajax.tickets.php | 10 +--------
include/class.export.php | 6 +++++
.../staff/templates/queue-tickets.tmpl.php | 22 ++-----------------
include/staff/templates/tickets.tmpl.php | 17 ++------------
6 files changed, 13 insertions(+), 69 deletions(-)
diff --git a/include/ajax.search.php b/include/ajax.search.php
index 70c0a71ac..80ebd621c 100644
--- a/include/ajax.search.php
+++ b/include/ajax.search.php
@@ -369,23 +369,8 @@ class SearchAjaxAPI extends AjaxController {
// Visibility contraints ------------------
// TODO: Consider SavedSearch::ignoreVisibilityConstraints()
-
- // -- Open and assigned to me
- $assigned = Q::any(array(
- 'staff_id' => $thisstaff->getId(),
- ));
- // -- Open and assigned to a team of mine
- if ($teams = array_filter($thisstaff->getTeams()))
- $assigned->add(array('team_id__in' => $teams));
-
- $visibility = Q::any(new Q(array('status__state'=>'open', $assigned)));
-
- // -- Routed to a department of mine
- if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $visibility->add(array('dept_id__in' => $depts));
-
+ $visibility = $thisstaff->getTicketsVisibility();
$query->filter($visibility);
-
foreach ($queues as $queue) {
$Q = $queue->getBasicQuery();
if (count($Q->extra) || $Q->isWindowed()) {
diff --git a/include/ajax.thread.php b/include/ajax.thread.php
index 3a0c92e39..a66062e0b 100644
--- a/include/ajax.thread.php
+++ b/include/ajax.thread.php
@@ -33,15 +33,7 @@ class ThreadAjaxAPI extends AjaxController {
$limit = isset($_REQUEST['limit']) ? (int) $_REQUEST['limit']:25;
$tickets=array();
- $visibility = Q::any(array(
- 'staff_id' => $thisstaff->getId(),
- 'team_id__in' => $thisstaff->teams->values_flat('team_id'),
- ));
- if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts())) {
- $visibility->add(array('dept_id__in' => $depts));
- }
-
-
+ $visibility = $thisstaff->getTicketsVisibility();
$hits = Ticket::objects()
->filter(Q::any(array(
'number__startswith' => $_REQUEST['q'],
diff --git a/include/ajax.tickets.php b/include/ajax.tickets.php
index 1cf501d73..3f53acd18 100644
--- a/include/ajax.tickets.php
+++ b/include/ajax.tickets.php
@@ -32,15 +32,7 @@ class TicketsAjaxAPI extends AjaxController {
if (!$_REQUEST['q'])
return $this->json_encode($tickets);
- $visibility = Q::any(array(
- 'staff_id' => $thisstaff->getId(),
- 'team_id__in' => $thisstaff->teams->values_flat('team_id'),
- ));
-
- if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts())) {
- $visibility->add(array('dept_id__in' => $depts));
- }
-
+ $visibility = $thisstaff->getTicketsVisibility();
$hits = Ticket::objects()
->filter($visibility)
->values('user__default_email__address')
diff --git a/include/class.export.php b/include/class.export.php
index 4dcc851b3..6a25afc4f 100644
--- a/include/class.export.php
+++ b/include/class.export.php
@@ -98,6 +98,12 @@ class Export {
static function saveTickets($sql, $fields, $filename, $how='csv',
$options=array()) {
+ global $thisstaff;
+
+ if (!$thisstaff)
+ return null;
+
+ $sql->filter($thisstaff->getTicketsVisibility());
Http::download($filename, "text/$how");
self::dumpTickets($sql, $fields, $how, $options);
exit;
diff --git a/include/staff/templates/queue-tickets.tmpl.php b/include/staff/templates/queue-tickets.tmpl.php
index 9c45da937..c03cfacdb 100644
--- a/include/staff/templates/queue-tickets.tmpl.php
+++ b/include/staff/templates/queue-tickets.tmpl.php
@@ -3,28 +3,10 @@
// $tickets - <QuerySet> with all columns and annotations necessary to
// render the full page
-// For searches, some staff members may be able to see everything
-$view_all_tickets = $queue->ignoreVisibilityConstraints();
-
// Impose visibility constraints
// ------------------------------------------------------------
-if (!$view_all_tickets) {
- // -- Open and assigned to me
- $assigned = Q::any(array(
- 'staff_id' => $thisstaff->getId(),
- ));
- // -- Open and assigned to a team of mine
- if ($teams = array_filter($thisstaff->getTeams()))
- $assigned->add(array('team_id__in' => $teams));
-
- $visibility = Q::any(new Q(array('status__state'=>'open', $assigned)));
-
- // -- Routed to a department of mine
- if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $visibility->add(array('dept_id__in' => $depts));
-
- $tickets->filter($visibility);
-}
+if (!($queue->ignoreVisibilityConstraints()))
+ $tickets->filter($thisstaff->getTicketsVisibility());
// Make sure the cdata materialized view is available
TicketForm::ensureDynamicDataView();
diff --git a/include/staff/templates/tickets.tmpl.php b/include/staff/templates/tickets.tmpl.php
index 160bfa6de..32406f98a 100644
--- a/include/staff/templates/tickets.tmpl.php
+++ b/include/staff/templates/tickets.tmpl.php
@@ -24,21 +24,8 @@ if ($user) {
$tickets->filter(array('ticket_id__in' => $filter));
// Apply staff visibility
-if (!$thisstaff->hasPerm(SearchBackend::PERM_EVERYTHING)) {
- // -- Open and assigned to me
- $visibility = array(
- new Q(array('status__state'=>'open', 'staff_id' => $thisstaff->getId()))
- );
- // -- Routed to a department of mine
- if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
- $visibility[] = new Q(array('dept_id__in' => $depts));
- // -- Open and assigned to a team of mine
- if (($teams = $thisstaff->getTeams()) && count(array_filter($teams)))
- $visibility[] = new Q(array(
- 'team_id__in' => array_filter($teams), 'status__state'=>'open'
- ));
- $tickets->filter(Q::any($visibility));
-}
+if (!$thisstaff->hasPerm(SearchBackend::PERM_EVERYTHING))
+ $tickets->filter($thisstaff->getTicketsVisibility());
$tickets->constrain(array('lock' => array(
'lock__expire__gt' => SqlFunction::NOW())));
--
GitLab