Merge pull request #430 from greezybacon/feature/client-edits

Allow clients to edit their information

Reviewed-By: Peter Rotich <peter@osticket.com>

include/class.config.php

@@ -150,6 +150,7 @@ class OsticketConfig extends Config {
         'auto_claim_tickets'=>  true,
         'system_language' =>    'en_US',
         'default_storage_bk' => 'D',
+        'allow_client_updates' => false,
     );
 
     function OsticketConfig($section=null) {
@@ -295,6 +296,10 @@ class OsticketConfig extends Config {
         return $this->get('enable_html_thread');
     }
 
+    function allowClientUpdates() {
+        return $this->get('allow_client_updates');
+    }
+
     function getClientTimeout() {
         return $this->getClientSessionTimeout();
     }
@@ -877,6 +882,7 @@ class OsticketConfig extends Config {
             'show_related_tickets'=>isset($vars['show_related_tickets'])?1:0,
             'hide_staff_name'=>isset($vars['hide_staff_name'])?1:0,
             'enable_html_thread'=>isset($vars['enable_html_thread'])?1:0,
+            'allow_client_updates'=>isset($vars['allow_client_updates'])?1:0,
             'allow_attachments'=>isset($vars['allow_attachments'])?1:0,
             'allowed_filetypes'=>strtolower(preg_replace("/\n\r|\r\n|\n|\r/", '',trim($vars['allowed_filetypes']))),
             'max_file_size'=>$vars['max_file_size'],

include/client/edit.inc.php

+<?php
+
+if(!defined('OSTCLIENTINC') || !$thisclient || !$ticket || !$ticket->checkUserAccess($thisclient)) die('Access Denied!');
+
+?>
+
+<h1>
+    Editing Ticket #<?php echo $ticket->getNumber(); ?>
+</h1>
+
+<form action="tickets.php" method="post">
+    <?php echo csrf_token(); ?>
+    <input type="hidden" name="a" value="edit"/>
+    <input type="hidden" name="id" value="<?php echo $_REQUEST['id']; ?>"/>
+<table width="800">
+    <tbody id="dynamic-form">
+    <?php if ($forms)
+        foreach ($forms as $form) {
+            $form->render(false);
+    } ?>
+    </tbody>
+</table>
+<hr>
+<p style="text-align: center;">
+    <input type="submit" value="Update"/>
+    <input type="reset" value="Reset"/>
+    <input type="button" value="Cancel" onclick="javascript:
+        window.location.href='index.php';"/>
+</p>
+</form>

include/client/header.inc.php

@@ -44,8 +44,9 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
             <p>
              <?php
              if($thisclient && is_object($thisclient) && $thisclient->isValid()) {
-                 echo Format::htmlchars($thisclient->getName()).'&nbsp;-&nbsp;';
+                 echo Format::htmlchars($thisclient->getName()).'&nbsp;|';
                  ?>
+                <a href="<?php echo ROOT_PATH; ?>profile.php">Profile</a> |
                 <?php
                 if($cfg->showRelatedTickets()) {?>
                 <a href="<?php echo ROOT_PATH; ?>tickets.php">Tickets <b>(<?php echo $thisclient->getNumTickets(); ?>)</b></a> -
@@ -54,7 +55,7 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
                 <a href="<?php echo ROOT_PATH; ?>logout.php?auth=<?php echo $ost->getLinkToken(); ?>">Log Out</a>
              <?php
              }elseif($nav){ ?>
-                 Guest User - <a href="<?php echo ROOT_PATH; ?>login.php">Log In</a>
+                 Guest User | <a href="<?php echo ROOT_PATH; ?>login.php">Log In</a>
               <?php
              } ?>
             </p>

include/client/profile.inc.php

+<?php
+
+?>
+<h1>Manage Your Profile Information</h1>
+<p>
+Use the forms below to update the information we have on file for your
+account
+</p>
+<form action="profile.php" method="post">
+  <?php csrf_token(); ?>
+<table width="800">
+<?php
+foreach ($user->getForms() as $f) {
+    $f->render(false);
+}
+?>
+</table>
+<hr>
+<p style="text-align: center;">
+    <input type="submit" value="Update"/>
+    <input type="reset" value="Reset"/>
+    <input type="button" value="Cancel" onclick="javascript:
+        window.location.href='index.php';"/>
+</p>
+</form>

include/client/view.inc.php

@@ -15,6 +15,10 @@ if(!$dept || !$dept->isPublic())
             <h1>
                 Ticket #<?php echo $ticket->getNumber(); ?> &nbsp;
                 <a href="view.php?id=<?php echo $ticket->getId(); ?>" title="Reload"><span class="Icon refresh">&nbsp;</span></a>
+<?php if ($cfg->allowClientUpdates()) { ?>
+                <a class="action-button" href="tickets.php?a=edit&id=<?php
+                     echo $ticket->getId(); ?>"><i class="icon-edit"></i> Edit</a>
+<?php } ?>
             </h1>
         </td>
     </tr>

include/staff/settings-tickets.inc.php

@@ -135,6 +135,14 @@ if(!($maxfileuploads=ini_get('max_file_uploads')))
                 Enable rich text in ticket thread and autoresponse emails
             </td>
         </tr>
+        <tr>
+            <td>Allow Client Updates:</td>
+            <td>
+                <input type="checkbox" name="allow_client_updates" <?php
+                echo $config['allow_client_updates']?'checked="checked"':''; ?>>
+                Allow clients to update ticket details via the web portal
+            </td>
+        </tr>
         <tr>
             <th colspan="2">
                 <em><b>Attachments</b>:  Size and max. uploads setting mainly apply to web tickets.</em>

profile.php

+<?php
+/*********************************************************************
+    profile.php
+
+    Manage client profile. This will allow a logged-in user to manage
+    his/her own public (non-internal) information
+
+    Peter Rotich <peter@osticket.com>
+    Jared Hancock <jared@osticket.com>
+    Copyright (c)  2006-2013 osTicket
+    http://www.osticket.com
+
+    Released under the GNU General Public License WITHOUT ANY WARRANTY.
+    See LICENSE.TXT for details.
+
+    vim: expandtab sw=4 ts=4 sts=4:
+    $Id: $
+**********************************************************************/
+require 'secure.inc.php';
+
+require_once 'class.user.php';
+$user = User::lookup($thisclient->getId());
+
+if ($user && $_POST) {
+    $errors = array();
+    if ($user->updateInfo($_POST, $errors))
+        Http::redirect('tickets.php');
+}
+
+$inc = 'profile.inc.php';
+
+include(CLIENTINC_DIR.'header.inc.php');
+include(CLIENTINC_DIR.$inc);
+include(CLIENTINC_DIR.'footer.inc.php');
+

tickets.php

@@ -32,6 +32,25 @@ if($_REQUEST['id']) {
 if($_POST && is_object($ticket) && $ticket->getId()):
     $errors=array();
     switch(strtolower($_POST['a'])){
+    case 'edit':
+        if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
+            $errors['err']='Access Denied. Possibly invalid ticket ID';
+        elseif (!$cfg || !$cfg->allowClientUpdates())
+            $errors['err']='Access Denied. Client updates are currently disabled';
+        else {
+            $forms=DynamicFormEntry::forTicket($ticket->getId());
+            foreach ($forms as $form)
+                if (!$form->isValid())
+                    $errors = array_merge($errors, $form->errors());
+        }
+        if (!$errors) {
+            foreach ($forms as $f) $f->save();
+            $_REQUEST['a'] = null; //Clear edit action - going back to view.
+            $ticket->logNote('Ticket details updated', sprintf(
+                'Ticket details were updated by client %s <%s>',
+                $thisclient->getName(), $thisclient->getEmail()));
+        }
+        break;
     case 'reply':
         if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
             $errors['err']='Access Denied. Possibly invalid ticket ID';
@@ -70,7 +89,15 @@ if($_POST && is_object($ticket) && $ticket->getId()):
 endif;
 $nav->setActiveNav('tickets');
 if($ticket && $ticket->checkUserAccess($thisclient)) {
-    $inc='view.inc.php';
+    if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'edit'
+            && $cfg->allowClientUpdates()) {
+        $inc = 'edit.inc.php';
+        if (!$forms) $forms=DynamicFormEntry::forTicket($ticket->getId());
+        // Auto add new fields to the entries
+        foreach ($forms as $f) $f->addMissingFields();
+    }
+    else
+        $inc='view.inc.php';
 } elseif($cfg->showRelatedTickets() && $thisclient->getNumTickets()) {
     $inc='tickets.inc.php';
 } else {