diff --git a/include/class.config.php b/include/class.config.php
index 54928de8f28a5e49934d516df8cda0bd5b52e2a2..69e60dcf75f43ce18884157c6152e7df8d604af8 100644
--- a/include/class.config.php
+++ b/include/class.config.php
@@ -150,6 +150,7 @@ class OsticketConfig extends Config {
'auto_claim_tickets'=> true,
'system_language' => 'en_US',
'default_storage_bk' => 'D',
+ 'allow_client_updates' => false,
);
function OsticketConfig($section=null) {
@@ -295,6 +296,10 @@ class OsticketConfig extends Config {
return $this->get('enable_html_thread');
}
+ function allowClientUpdates() {
+ return $this->get('allow_client_updates');
+ }
+
function getClientTimeout() {
return $this->getClientSessionTimeout();
}
@@ -877,6 +882,7 @@ class OsticketConfig extends Config {
'show_related_tickets'=>isset($vars['show_related_tickets'])?1:0,
'hide_staff_name'=>isset($vars['hide_staff_name'])?1:0,
'enable_html_thread'=>isset($vars['enable_html_thread'])?1:0,
+ 'allow_client_updates'=>isset($vars['allow_client_updates'])?1:0,
'allow_attachments'=>isset($vars['allow_attachments'])?1:0,
'allowed_filetypes'=>strtolower(preg_replace("/\n\r|\r\n|\n|\r/", '',trim($vars['allowed_filetypes']))),
'max_file_size'=>$vars['max_file_size'],
diff --git a/include/client/view.inc.php b/include/client/view.inc.php
index 55caf9b6e073ea11d23fe916c8a1c2c986117160..a369ee75db623f3583934048db3902f4bb538b82 100644
--- a/include/client/view.inc.php
+++ b/include/client/view.inc.php
@@ -15,8 +15,10 @@ if(!$dept || !$dept->isPublic())
<h1>
Ticket #<?php echo $ticket->getNumber(); ?>
<a href="view.php?id=<?php echo $ticket->getId(); ?>" title="Reload"><span class="Icon refresh"> </span></a>
+<?php if ($cfg->allowClientUpdates()) { ?>
<a class="action-button" href="tickets.php?a=edit&id=<?php
echo $ticket->getId(); ?>"><i class="icon-edit"></i> Edit</a>
+<?php } ?>
</h1>
</td>
</tr>
diff --git a/include/staff/settings-tickets.inc.php b/include/staff/settings-tickets.inc.php
index b25ad9d597c4daed162e69aa0df78a5f3ef7e32a..a1e5936e9859e1192835fa3c6b4130e5f99a436a 100644
--- a/include/staff/settings-tickets.inc.php
+++ b/include/staff/settings-tickets.inc.php
@@ -135,6 +135,14 @@ if(!($maxfileuploads=ini_get('max_file_uploads')))
Enable rich text in ticket thread and autoresponse emails
</td>
</tr>
+ <tr>
+ <td>Allow Client Updates:</td>
+ <td>
+ <input type="checkbox" name="allow_client_updates" <?php
+ echo $config['allow_client_updates']?'checked="checked"':''; ?>>
+ Allow clients to update ticket details via the web portal
+ </td>
+ </tr>
<tr>
<th colspan="2">
<em><b>Attachments</b>: Size and max. uploads setting mainly apply to web tickets.</em>
diff --git a/tickets.php b/tickets.php
index a98401ed38416c65eff4b48a299009605f2589e3..01d8b799c4220aa9ffc66ad7ce3e238ef2984925 100644
--- a/tickets.php
+++ b/tickets.php
@@ -35,6 +35,8 @@ if($_POST && is_object($ticket) && $ticket->getId()):
case 'edit':
if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
$errors['err']='Access Denied. Possibly invalid ticket ID';
+ elseif (!$cfg || !$cfg->allowClientUpdates())
+ $errors['err']='Access Denied. Client updates are currently disabled';
else {
$forms=DynamicFormEntry::forTicket($ticket->getId());
foreach ($forms as $form)
@@ -87,7 +89,8 @@ if($_POST && is_object($ticket) && $ticket->getId()):
endif;
$nav->setActiveNav('tickets');
if($ticket && $ticket->checkUserAccess($thisclient)) {
- if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'edit') {
+ if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'edit'
+ && $cfg->allowClientUpdates()) {
$inc = 'edit.inc.php';
if (!$forms) $forms=DynamicFormEntry::forTicket($ticket->getId());
// Auto add new fields to the entries