Guests cannot see related tickets

ac13377f · Jared Hancock · 00276456 · ac13377f · ac13377f · ac13377f
Commit ac13377f authored 11 years ago by Jared Hancock
--- a/include/class.auth.php
+++ b/include/class.auth.php
@@ -793,6 +793,7 @@ class AuthTokenAuthentication extends UserAuthenticationBackend {
        if (!$user || strcmp($this->getAuthKey($user), $authkey))
            return null;
+        $user->flagGuest();
        return $user;
    }

--- a/include/class.client.php
+++ b/include/class.client.php
@@ -18,6 +18,7 @@ abstract class TicketUser {
    static private $token_regex = '/^(?P<type>\w{1})(?P<algo>\d+)x(?P<hash>.*)$/i';
    protected  $user;
+    protected $_guest = false;
    function __construct($user) {
        $this->user = $user;
@@ -137,6 +138,14 @@ abstract class TicketUser {
                    && $this->user->getId() == $this->getTicket()->getOwnerId());
    }
+    function flagGuest() {
+        $this->_guest = true;
+    }
+    function isGuest() {
+        return $this->_guest;
+    }
    abstract function getTicketId();
    abstract function getTicket();
 }

--- a/include/class.nav.php
+++ b/include/class.nav.php
@@ -282,7 +282,7 @@ class UserNav {
            $navs['new']=array('desc'=>'Open&nbsp;New&nbsp;Ticket','href'=>'open.php','title'=>'');
            if($user && $user->isValid()) {
-                if($cfg && $cfg->showRelatedTickets()) {
+                if(!$user->isGuest() && $cfg && $cfg->showRelatedTickets()) {
                    $navs['tickets']=array('desc'=>sprintf('Tickets&nbsp;(%d)',$user->getNumTickets()),
                                           'href'=>'tickets.php',
                                            'title'=>'Show all tickets');

--- a/include/client/header.inc.php
+++ b/include/client/header.inc.php
@@ -43,7 +43,8 @@ header("Content-Type: text/html; charset=UTF-8\r\n");
                style="height: 5em"></a>
            <p>
             <?php
-             if($thisclient && is_object($thisclient) && $thisclient->isValid()) {
+                if ($thisclient && is_object($thisclient) && $thisclient->isValid()
+                    && !$thisclient->isGuest()) {
                 echo Format::htmlchars($thisclient->getName()).'&nbsp;|';
                 ?>
                <a href="<?php echo ROOT_PATH; ?>account.php">Profile</a> |

--- a/tickets.php
+++ b/tickets.php
@@ -16,6 +16,10 @@
 **********************************************************************/
 require('secure.inc.php');
 if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
+if ($thisclient->isGuest())
+    $_REQUEST['id'] = $thisclient->getTicketId();
 require_once(INCLUDE_DIR.'class.ticket.php');
 require_once(INCLUDE_DIR.'class.json.php');
 $ticket=null;