Background: osTicket allows access to assigned open tickets (both personal
and team assignments) regardless of the assigned department or group. This
is necessary to allow staff to work on tickets in an otherwise restricted
department.

When a staff member closes a ticket, they're credited (ticket.staff_id is
set to staff's id) for the purpose of showing who closed the ticket.
osTicket mistakenly allowed continued access to closed tickets even when the
staff doesn't have access to the ticket based on departmental access.