queue: Impose staff visibility constraints

a83fcc40 · Jared Hancock · Peter Rotich · 27b7d19e · a83fcc40 · a83fcc40
Commit a83fcc40 authored 9 years ago by Jared Hancock Committed by Peter Rotich 7 years ago
--- a/include/class.search.php
+++ b/include/class.search.php
@@ -1107,6 +1107,15 @@ class SavedSearch extends VerySimpleModel {
            || $this->hasFlag(self::FLAG_PUBLIC);
    }

+    function ignoreVisibilityConstraints() {
+        global $thisstaff;
+
+        // For saved searches (not queues), staff can have a permission to
+        // see all records
+        return !$this->hasFlag(self::FLAG_QUEUE)
+            && $thisstaff->hasPerm(SearchBackend::PERM_EVERYTHING);
+    }
+
    protected function hasFlag($flag) {
        return $this->flags & $flag !== 0;
    }

--- a/include/staff/templates/queue-tickets.tmpl.php
+++ b/include/staff/templates/queue-tickets.tmpl.php
@@ -2,12 +2,34 @@
 // Calling convention (assumed global scope):
 // $tickets - <QuerySet> with all columns and annotations necessary to
 //      render the full page
-// $count - <int> number of records matching the search / filter part of the
-//      query
+
+// For searches, some staff members may be able to see everything
+$view_all_tickets = $queue->ignoreVisibilityConstraints();
+
+// Impose visibility constraints
+// ------------------------------------------------------------
+if (!$view_all_tickets) {
+    // -- Open and assigned to me
+    $assigned = Q::any(array(
+        'staff_id' => $thisstaff->getId(),
+    ));
+    // -- Open and assigned to a team of mine
+    if ($teams = array_filter($thisstaff->getTeams()))
+        $assigned->add(array('team_id__in' => $teams));
+
+    $visibility = Q::any(new Q(array('status__state'=>'open', $assigned)));
+
+    // -- Routed to a department of mine
+    if (!$thisstaff->showAssignedOnly() && ($depts=$thisstaff->getDepts()))
+        $visibility->add(array('dept_id__in' => $depts));
+
+    $tickets->filter($visibility);
+}

 $page = ($_GET['p'] && is_numeric($_GET['p']))?$_GET['p']:1;
 $pageNav = new Pagenate($count, $page, PAGE_LIMIT);
 $pageNav->setURL('tickets.php', $args);
+$count = count($tickets);
 $tickets = $pageNav->paginate($tickets);

 // Make sure the cdata materialized view is available

--- a/scp/tickets.php
+++ b/scp/tickets.php
@@ -459,7 +459,6 @@ if($ticket) {
        $inc = 'templates/queue-tickets.tmpl.php';
        $quick_filter = @$_REQUEST['filter'];
        $tickets = $queue->getQuery(false, $quick_filter);
-        $count = count($tickets);
    }

    //Clear active submenu on search with no status