diff --git a/include/class.queue.php b/include/class.queue.php
index 284853a4412dea0b370935835be42cfa5c3a89e0..ed296cd358dd17a7cd3bf3abac966cfba61b7e37 100644
--- a/include/class.queue.php
+++ b/include/class.queue.php
@@ -869,13 +869,13 @@ class CustomQueue extends VerySimpleModel {
|| $this->hasFlag(self::FLAG_PUBLIC);
}
- function ignoreVisibilityConstraints() {
- global $thisstaff;
-
- // For saved searches (not queues), staff can have a permission to
+ function ignoreVisibilityConstraints(Staff $agent) {
+ // For saved searches (not queues), some staff can have a permission to
// see all records
- return !$this->isAQueue()
- && $thisstaff->hasPerm(SearchBackend::PERM_EVERYTHING);
+ return ($this->isPrivate()
+ && $this->checkAccess($agent)
+ && !$this->isASubQueue()
+ && $agent->hasPerm(SearchBackend::PERM_EVERYTHING));
}
function inheritCriteria() {
@@ -914,6 +914,11 @@ class CustomQueue extends VerySimpleModel {
return $base;
}
+ function isASubQueue() {
+ return $this->parent ? $this->parent->isASubQueue() :
+ $this->isAQueue();
+ }
+
function isAQueue() {
return $this->hasFlag(self::FLAG_QUEUE);
}
diff --git a/include/staff/templates/queue-tickets.tmpl.php b/include/staff/templates/queue-tickets.tmpl.php
index c03cfacdb2de879337a7640926d3c5acd7f880fd..fb883ba85178ef417b974949592a7dac737a5783 100644
--- a/include/staff/templates/queue-tickets.tmpl.php
+++ b/include/staff/templates/queue-tickets.tmpl.php
@@ -3,9 +3,10 @@
// $tickets - <QuerySet> with all columns and annotations necessary to
// render the full page
+
// Impose visibility constraints
// ------------------------------------------------------------
-if (!($queue->ignoreVisibilityConstraints()))
+if (!$queue->ignoreVisibilityConstraints($thisstaff))
$tickets->filter($thisstaff->getTicketsVisibility());
// Make sure the cdata materialized view is available