From 79a63cc560c73182ae6c2fcc51d0aa531a80471c Mon Sep 17 00:00:00 2001
From: Jared Hancock <jared@osticket.com>
Date: Mon, 13 Jul 2015 15:01:50 -0500
Subject: [PATCH] Limit department selection on new ticket page

---
 include/class.staff.php           | 3 +++
 include/class.ticket.php          | 6 +++++-
 include/staff/ticket-open.inc.php | 8 +++++++-
 scp/css/scp.css                   | 3 +++
 4 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/include/class.staff.php b/include/class.staff.php
index 6725a9c85..f386f1051 100644
--- a/include/class.staff.php
+++ b/include/class.staff.php
@@ -410,6 +410,9 @@ implements AuthenticatedUser, EmailContact, TemplateVariable {
 
             if ($access = $this->dept_access->findFirst(array('dept_id' => $deptId)))
                 return $this->_roles[$deptId] = $access->role;
+
+            // View only access
+            return new Role(array());
         }
         // For the primary department, use the primary role
         return $this->role;
diff --git a/include/class.ticket.php b/include/class.ticket.php
index f0e793655..8cc9546b8 100644
--- a/include/class.ticket.php
+++ b/include/class.ticket.php
@@ -3248,8 +3248,12 @@ implements RestrictedAccess, Threadable {
     static function open($vars, &$errors) {
         global $thisstaff, $cfg;
 
-        if (!$thisstaff || !$thisstaff->hasPerm(TicketModel::PERM_CREATE))
+        if ($vars['deptId'] && $thisstaff && !$thisstaff->getRole($vars['deptId'])
+            ->hasPerm(TicketModel::PERM_CREATE)
+        ) {
+            $errors['err'] = __('You do not have permission to create a ticket in this department');
             return false;
+        }
 
         if ($vars['source'] && !in_array(
             strtolower($vars['source']), array('email','phone','other'))
diff --git a/include/staff/ticket-open.inc.php b/include/staff/ticket-open.inc.php
index 6e2f9bae1..0220009eb 100644
--- a/include/staff/ticket-open.inc.php
+++ b/include/staff/ticket-open.inc.php
@@ -181,8 +181,14 @@ if ($_POST)
                 <select name="deptId">
                     <option value="" selected >&mdash; <?php echo __('Select Department'); ?>&mdash;</option>
                     <?php
-                    if($depts=Dept::getDepartments()) {
+                    if($depts=Dept::getDepartments(array('dept_id' => $thisstaff->getDepts()))) {
                         foreach($depts as $id =>$name) {
+                            if (!($role = $thisstaff->getRole($id))
+                                || !$role->hasPerm(Ticket::PERM_CREATE)
+                            ) {
+                                // No access to create tickets in this dept
+                                continue;
+                            }
                             echo sprintf('<option value="%d" %s>%s</option>',
                                     $id, ($info['deptId']==$id)?'selected="selected"':'',$name);
                         }
diff --git a/scp/css/scp.css b/scp/css/scp.css
index 89e880e0d..73cb08bfa 100644
--- a/scp/css/scp.css
+++ b/scp/css/scp.css
@@ -1817,6 +1817,9 @@ select + .button {
 .input.attached input {
   height: 100%;
   box-sizing: border-box;
+  margin-right:0;
+  border: 1px solid #999;
+  border-right:none;
 }
 .input.attached .button.attached {
   height: 100%;
-- 
GitLab