This feature adds a setting to the control panel to require signing in to
view attachments. This is in addition to the security already provided in
the download URLs. Currently, download URLs are signed for a specific help
desk, and automatically expire after about 24 hours. The exact timing is the
following midnight allowing for at least 12 hours cache time.

Administrators can impose this extra security feature to refuse serving
attachment files if the user is not currently signed in. This could prevent
third-party users from viewing an attachment if they were able to get access
to the download URL before it expired.

* Separate primary from extended access members when listing department
  access.

* Add ability to update primary department members role

* Quick staff add - inherit role of the primary department as default role

Add ability get sorted department members. Extended members are sorted, annotated
and cached.

Consolidate agents name sorting in Staff::nsort. The routing expects a query
set.

isMember routine wrongly assumed getMembers returned staff_id indexed
hashtable.

Session backend issues update via write on new session which caused
assertion to fail.

If the Return-Path header does not match the From header, emails are significantly more likely to be blocked by spam filters.

This patch forces the return header to match the from address without having to change php.ini and therefore works properly on servers that have multiple apps sending from multiple email addresses for example shared hosting, multiple support emails in one instance etc.

Add callback filter to standard iteration method to skip deleted items.

Use file id instead of attachment id to unset new
Get new files objects as array

Credit @Jared

Include username when checking if a system email already exists. This
is important for emails that use aliases.

Use org_id to filter users to update on organization delete

If something like members__staff is considered leaving the Team model,
and the `members` relationship is nullable, and the `staff` relationship is
not, in the context of the compiled SQL statement, the second join should
also be considered nullable (LEFT join), because otherwise inconsistent
results would be returned from the query.

In other words, if a count is considered as an annotation to the Team model
instances, Teams with zero members should still be considered as valid teams
and should be selected with such an annotation. Before this patch, however,
the join between TeamMember and Staff would have been an inner join instead
of a LEFT join, which could skew the database results.

This fixes an issue where the CDATA table is updated with the OLD version of
an answer after it is updated. That is, after an answer is updated, the
CDATA table is also updated to reflect the change; however, the old content
of the answer value is used when updating the CDATA value.

This fixes an issue where the PK of ThreadEntry will be NULLed in the
following code

```php
$entry = ThreadEntry::create(array(...));
$entry->save();
$entry->email_info = new ThreadEntryEmailInfo(array(
    'mid' => 'xyzAbc',
));
```

In the above code, the $entry->__set('email_info', <ThreadEntryEmailInfo>)
would be invoked. The ThreadEntryEmailInfo object is new, and so will cause
the local part of the relationship (`id` in this case) to
become null further down in the `__set` method.

This issue is fixed in this commit by removing the NULL assignment to the
new object. This was added in 11322766,
however, it is unclear why the null assignment is performed.

This commit attempts to remove some of the confusing and redundant code to
attach files to thread entries and replace it with a single code base. It
also attempts to remove and error where a single attachment might be
attached to a new thread entry multiple times.

Lastly, it removes the insert followed by an update for emails with inline
images. This should improve performance processing emails as only one trip
to the database is now necessary for thread entries with inline images.

Make config items caching class instance based.

This PR addresses a bug where an agent-opened ticket doesn't set closed by
or mistakenly set it to auto-assigned agent when a status of closed state is
selected.

* Always credit the agent opening the ticket with close credit on closure
* Only do ticket auto-assignment IF the resulting status is in open state

Fix for  Auth Ticket generation & check mismatch #3005

This partially reverts a change in the ORM changing the QuerySet::all()
method to return an Iterator rather than an array. I spent a while proposing
a patch to replace usage of all() with iterations; however, I cannot propose
a valid reason to abandon the previous methodology.

This reintroduces the previous behavior: calling all() will yield an array
of results from the QuerySet's iteration system.

Somehow the attachment security checks got duplicated and messed up. Perhaps
it was a bad merge?

This fixes a regression in 4f8f236d, where
the parameters are sent in the SQL statement to the database. Objects which
are converted to a string must be propertly quoted when placed in the query.

Add year to php to Date Picker (js) translation table

Make sure due date time dropdown display matches the option value.

Stop doing double timezone offset