From 6c28d460aaca04c8c1f508d3c2282d1c547f708f Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Fri, 7 Aug 2015 10:50:19 -0500
Subject: [PATCH] open: Fix assignment on new ticket by staff
---
include/class.ticket.php | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/include/class.ticket.php b/include/class.ticket.php
index f96414587..80eafde8e 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -3286,7 +3286,8 @@ implements RestrictedAccess, Threadable {
// Assign ticket to staff or team (new ticket by staff)
if ($vars['assignId']) {
- $ticket->assign($vars['assignId'], $vars['note']);
+ $asnform = new AssignmentForm(array('assignee' => $vars['assignId']));
+ $ticket->assign($asnform, $vars['note']);
}
else {
// Auto assign staff or team - auto assignment based on filter
@@ -3363,8 +3364,12 @@ implements RestrictedAccess, Threadable {
static function open($vars, &$errors) {
global $thisstaff, $cfg;
- if ($vars['deptId'] && $thisstaff && !$thisstaff->getRole($vars['deptId'])
- ->hasPerm(TicketModel::PERM_CREATE)
+ if (!$thisstaff)
+ return false;
+
+ if ($vars['deptId']
+ && ($role = $thisstaff->getRole($vars['deptId']))
+ && !$role->hasPerm(TicketModel::PERM_CREATE)
) {
$errors['err'] = __('You do not have permission to create a ticket in this department');
return false;
@@ -3387,8 +3392,14 @@ implements RestrictedAccess, Threadable {
$errors['name'] = __('Name is required');
}
- if (!$thisstaff->hasPerm(TicketModel::PERM_ASSIGN))
- unset($vars['assignId']);
+ // Ensure agent has rights to make assignment in the cited
+ // department
+ if ($role
+ ? !$role->hasPerm(TicketModel::PERM_ASSIGN)
+ : !$thisstaff->hasPerm(TicketModel::PERM_ASSIGN, false)
+ ) {
+ $errors['assignId'] = __('Action Denied. You are not allowed to assign/reassign tickets.');
+ }
// TODO: Deny action based on selected department.
--
GitLab