AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Permissions - clients and tickets 

Enforce new permissions model in clients and tickets
This commit is contained in:
wrongecho 2024-09-20 21:10:24 +01:00
parent 847870a45a
commit 23f776efa3
9 changed files with 121 additions and 106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
client_add_modal.php
View File

@ -8,6 +8,7 @@
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<input type="hidden" name="lead" value="0">
<input type="hidden" name="net_terms" value="0">
<input type="hidden" name="currency_code" value="<?php echo $session_company_currency; ?>">

6
client_tickets.php
View File

@ -119,7 +119,7 @@ $total_tickets_closed = intval($row['total_tickets_closed']);
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_number&order=<?php echo $disp; ?>">Number</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_subject&order=<?php echo $disp; ?>">Subject</a></th>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=contact_name&order=<?php echo $disp; ?>">Contact</a></th>
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<th class="text-center"><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_billable&order=<?php echo $disp; ?>">Billable</a></th>
<?php } ?>
<th><a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_priority&order=<?php echo $disp; ?>">Priority</a></th>
@ -237,8 +237,8 @@ $total_tickets_closed = intval($row['total_tickets_closed']);
<a href="#" data-toggle="modal" data-target="#editTicketContactModal<?php echo $ticket_id; ?>"><?php echo $contact_display; ?></a>
</td>
<!-- Ticket Billable (if accounting enabled -->
<?php if ($config_module_enable_accounting) { ?>
<!-- Ticket Billable (if accounting perms & enabled) -->
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<td class="text-center">
<a href="#" data-toggle="modal" data-target="#editTicketBillableModal<?php echo $ticket_id; ?>">
<?php

26
clients.php
View File

@ -96,11 +96,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fa fa-fw fa-user-friends mr-2"></i><?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?> Management</h3>
<div class="card-tools">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addClientModal">
<i class="fas fa-plus mr-2"></i>New
<?php if($leads == 0){ echo "Client"; } else { echo "Lead"; } ?>
<?php if ($leads == 0) { echo "Client"; } else { echo "Lead"; } ?>
</button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
@ -134,13 +134,13 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="col-md-8">
<div class="btn-toolbar float-right">
<div class="btn-group mr-2">
<a href="?leads=0" class="btn btn-<?php if($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
<a href="?leads=0" class="btn btn-<?php if ($leads == 0){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-user-friends mr-2"></i>Clients</a>
<a href="?leads=1" class="btn btn-<?php if ($leads == 1){ echo "primary"; } else { echo "default"; } ?>"><i class="fa fa-fw fa-bullhorn mr-2"></i>Leads</a>
</div>
<div class="btn-group mr-2">
<a href="?<?php echo $url_query_strings_sort ?>&archived=<?php if($archived == 1){ echo 0; } else { echo 1; } ?>"
class="btn btn-<?php if($archived == 1){ echo "primary"; } else { echo "default"; } ?>">
class="btn btn-<?php if ($archived == 1) { echo "primary"; } else { echo "default"; } ?>">
<i class="fa fa-fw fa-archive mr-2"></i>Archived
</a>
</div>
@ -270,8 +270,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php if ($sort == 'contact_name') { echo $order_icon; } ?>
</a>
</th>
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if ($session_user_role == 3) { ?> <th class="text-center">Action</th> <?php } ?>
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?> <th class="text-right">Billing</th> <?php } ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?> <th class="text-center">Action</th> <?php } ?>
</tr>
</thead>
<tbody>
@ -387,7 +387,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</div>
<?php } ?>
<div class="mt-1 text-secondary">
<small><strong>Created:</strong> <?php echo $client_created_at; ?></small>
<small><strong>Created: </strong> <?php echo $client_created_at; ?></small>
</div>
</td>
@ -425,8 +425,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php } ?>
</td>
<!-- Show Billing for Admin/Accountant roles only and if accounting module is enabled -->
<?php if (($session_user_role == 3 || $session_user_role == 1) && $config_module_enable_accounting == 1) { ?>
<!-- Show Billing if perms & if accounting module is enabled -->
<?php if ((lookupUserPermission("module_financial") >= 1) && $config_module_enable_accounting == 1) { ?>
<td class="text-right">
<div class="mt-1">
<span class="text-secondary">Balance</span> <span class="<?php echo $balance_text_color; ?>"><?php echo numfmt_format_currency($currency_format, $balance, $session_company_currency); ?></span>
@ -443,8 +443,8 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
</td>
<?php } ?>
<!-- Show actions for Admin role only -->
<?php if ($session_user_role == 3) { ?>
<!-- Actions -->
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<td>
<div class="dropdown dropleft text-center">
<button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
@ -457,7 +457,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>

25
inc_client_top_head.php
View File

@ -5,7 +5,7 @@
<a href="#" data-toggle="collapse" data-target="#clientHeader"><h4 class="text-secondary" data-toggle="tooltip" data-placement="right" title="Client ID: <?php echo $client_id; ?>"><strong><?php echo $client_name; ?></strong> <?php if ($client_archived_at) { echo "(archived)"; } ?></h4></a>
</div>
<div class="col">
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_client") >= 2) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-dark btn-sm float-right" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
@ -14,14 +14,16 @@
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#editClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit Client
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php if (lookupUserPermission("module_client") >= 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#exportClientPDFModal">
<i class="fas fa-fw fa-file-pdf mr-2"></i>Export Data
</a>
<?php } ?>
<?php if (empty($client_archived_at)) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>">
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_client=<?php echo $client_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive Client
</a>
<?php } else { ?>
@ -31,7 +33,7 @@
</a>
<?php } ?>
<?php if ($session_user_role == 3 && $client_archived_at) { ?>
<?php if (lookupUserPermission("module_client") >= 3 && $client_archived_at) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold" href="#" data-toggle="modal" data-target="#deleteClientModal<?php echo $client_id; ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete Client
@ -115,8 +117,8 @@
</div>
<?php if ($session_user_role == 1 || $session_user_role == 3 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_financial") >= 1 && $config_module_enable_accounting == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Billing</h5>
<div class="ml-1 text-secondary">Hourly Rate
<span class="text-dark float-right"> <?php echo numfmt_format_currency($currency_format, $client_rate, $client_currency_code); ?></span>
@ -141,8 +143,8 @@
</div>
<?php } ?>
<div class="col-md border-left border-top">
<?php if (lookupUserPermission("module_support") >= 1 && $config_module_enable_ticketing == 1) { ?>
<div class="col-md border-left border-top">
<h5 class="text-secondary mt-1">Support</h5>
<div class="ml-1 text-secondary">Open Tickets
<span class="text-dark float-right"><?php echo $num_active_tickets; ?></span>
@ -156,6 +158,7 @@
<?php echo $client_tags_display; ?>
<?php } ?>
</div>
<?php } ?>
</div>
</div>

34
post/client.php
View File

@ -6,11 +6,11 @@
if (isset($_POST['add_client'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_client', 2);
require_once 'post/client_model.php';
validateAdminRole();
$location_phone = preg_replace("/[^0-9]/", '', $_POST['location_phone']);
$address = sanitizeInput($_POST['address']);
$city = sanitizeInput($_POST['city']);
@ -117,9 +117,9 @@ if (isset($_POST['add_client'])) {
if (isset($_POST['edit_client'])) {
require_once 'post/client_model.php';
enforceUserPermission('module_client', 2);
validateAdminRole();
require_once 'post/client_model.php';
$client_id = intval($_POST['client_id']);
@ -153,7 +153,8 @@ if (isset($_POST['edit_client'])) {
if (isset($_GET['archive_client'])) {
validateAdminRole();
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 2);
$client_id = intval($_GET['archive_client']);
@ -175,6 +176,8 @@ if (isset($_GET['archive_client'])) {
if (isset($_GET['undo_archive_client'])) {
enforceUserPermission('module_client', 2);
$client_id = intval($_GET['undo_archive_client']);
// Get Client Name
@ -194,10 +197,8 @@ if (isset($_GET['undo_archive_client'])) {
if (isset($_GET['delete_client'])) {
validateAdminRole();
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_client', 3);
$client_id = intval($_GET['delete_client']);
@ -337,6 +338,8 @@ if (isset($_GET['delete_client'])) {
if (isset($_POST['export_clients_csv'])) {
enforceUserPermission('module_client', 1);
//get records from database
$sql = mysqli_query($mysqli, "SELECT * FROM clients
LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
@ -377,7 +380,7 @@ if (isset($_POST['export_clients_csv'])) {
if (isset($_POST["import_clients_csv"])) {
validateTechRole();
enforceUserPermission('module_client', 2);
$file_name = $_FILES["file"]["tmp_name"];
$error = false;
@ -604,14 +607,21 @@ if (isset($_GET['download_clients_csv_template'])) {
if (isset($_POST['export_client_pdf'])) {
validateAdminRole();
// TODO: Enforce perms based on which individual boxes are ticked
enforceUserPermission('module_client', 3);
enforceUserPermission('module_support', 1);
enforceUserPermission('module_sales', 1);
enforceUserPermission('module_financial', 1);
$client_id = intval($_POST['client_id']);
$export_contacts = intval($_POST['export_contacts']);
$export_locations = intval($_POST['export_locations']);
$export_assets = intval($_POST['export_assets']);
$export_software = intval($_POST['export_software']);
$export_logins = intval($_POST['export_logins']);
$export_logins = 0;
if (lookupUserPermission("module_credential") >= 1) {
$export_logins = intval($_POST['export_logins']);
}
$export_networks = intval($_POST['export_networks']);
$export_certificates = intval($_POST['export_certificates']);
$export_domains = intval($_POST['export_domains']);

80
post/ticket.php
View File

@ -6,7 +6,7 @@
if (isset($_POST['add_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client']);
$assigned_to = intval($_POST['assigned_to']);
@ -186,7 +186,7 @@ if (isset($_POST['add_ticket'])) {
if (isset($_POST['edit_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$contact_id = intval($_POST['contact']);
@ -269,7 +269,7 @@ if (isset($_POST['edit_ticket'])) {
if (isset($_POST['edit_ticket_priority'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$priority = sanitizeInput($_POST['priority']);
@ -287,7 +287,7 @@ if (isset($_POST['edit_ticket_priority'])) {
if (isset($_POST['edit_ticket_contact'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$contact_id = intval($_POST['contact']);
@ -360,7 +360,7 @@ if (isset($_POST['edit_ticket_contact'])) {
if (isset($_POST['add_ticket_watcher'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$client_id = intval($_POST['client_id']);
@ -431,7 +431,7 @@ if (isset($_POST['add_ticket_watcher'])) {
if (isset($_POST['edit_ticket_watchers'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$client_id = intval($_POST['client_id']);
@ -460,7 +460,7 @@ if (isset($_POST['edit_ticket_watchers'])) {
if (isset($_GET['delete_ticket_watcher'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$watcher_id = intval($_GET['delete_ticket_watcher']);
@ -474,7 +474,7 @@ if (isset($_GET['delete_ticket_watcher'])) {
if (isset($_POST['edit_ticket_asset'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$asset_id = intval($_POST['asset']);
@ -493,7 +493,7 @@ if (isset($_POST['edit_ticket_asset'])) {
if (isset($_POST['edit_ticket_vendor'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$vendor_id = intval($_POST['vendor']);
@ -512,7 +512,7 @@ if (isset($_POST['edit_ticket_vendor'])) {
if (isset($_POST['edit_ticket_priority'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$priority = sanitizeInput($_POST['priority']);
@ -530,8 +530,7 @@ if (isset($_POST['edit_ticket_priority'])) {
if (isset($_POST['assign_ticket'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$ticket_id = intval($_POST['ticket_id']);
@ -630,7 +629,7 @@ if (isset($_POST['assign_ticket'])) {
if (isset($_GET['delete_ticket'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
@ -668,8 +667,7 @@ if (isset($_GET['delete_ticket'])) {
if (isset($_POST['bulk_assign_ticket'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$assign_to = intval($_POST['assign_to']);
@ -769,8 +767,7 @@ if (isset($_POST['bulk_assign_ticket'])) {
if (isset($_POST['bulk_edit_ticket_priority'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$priority = sanitizeInput($_POST['bulk_priority']);
@ -809,8 +806,7 @@ if (isset($_POST['bulk_edit_ticket_priority'])) {
if (isset($_POST['bulk_merge_tickets'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_count = count($_POST['ticket_ids']); // Get a ticket count
$merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
@ -868,8 +864,7 @@ if (isset($_POST['bulk_merge_tickets'])) {
if (isset($_POST['bulk_resolve_tickets'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$details = mysqli_escape_string($mysqli, $_POST['bulk_details']);
@ -979,8 +974,7 @@ if (isset($_POST['bulk_resolve_tickets'])) {
if (isset($_POST['bulk_ticket_reply'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$ticket_reply = mysqli_escape_string($mysqli, $_POST['bulk_reply_details']);
@ -1117,8 +1111,7 @@ if (isset($_POST['bulk_ticket_reply'])) {
// Currenly not UI Frontend for this
if (isset($_POST['bulk_add_ticket_project'])) {
// Role check
validateTechRole();
enforceUserPermission('module_support', 2);
// POST variables
$project_id = intval($_POST['project_id']);
@ -1161,7 +1154,7 @@ if (isset($_POST['bulk_add_ticket_project'])) {
if (isset($_POST['add_ticket_reply'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
@ -1306,7 +1299,7 @@ if (isset($_POST['add_ticket_reply'])) {
if (isset($_POST['edit_ticket_reply'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_reply_id = intval($_POST['ticket_reply_id']);
$ticket_reply = mysqli_real_escape_string($mysqli, $_POST['ticket_reply']);
@ -1327,7 +1320,7 @@ if (isset($_POST['edit_ticket_reply'])) {
if (isset($_GET['archive_ticket_reply'])) {
validateAdminRole();
enforceUserPermission('module_support', 2);
$ticket_reply_id = intval($_GET['archive_ticket_reply']);
@ -1344,7 +1337,7 @@ if (isset($_GET['archive_ticket_reply'])) {
if (isset($_POST['merge_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']); // Child ticket ID to be closed
$merge_into_ticket_number = intval($_POST['merge_into_ticket_number']); // Parent ticket *number*
@ -1407,7 +1400,7 @@ if (isset($_POST['merge_ticket'])) {
if (isset($_POST['change_client_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$client_id = intval($_POST['new_client_id']);
@ -1429,7 +1422,7 @@ if (isset($_POST['change_client_ticket'])) {
if (isset($_GET['resolve_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
@ -1521,7 +1514,7 @@ if (isset($_GET['resolve_ticket'])) {
if (isset($_GET['close_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
// CSRF Check
validateCSRFToken($_GET['csrf_token']);
@ -1612,7 +1605,7 @@ if (isset($_GET['close_ticket'])) {
if (isset($_GET['reopen_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_GET['reopen_ticket']);
@ -1627,6 +1620,9 @@ if (isset($_GET['reopen_ticket'])) {
if (isset($_POST['add_invoice_from_ticket'])) {
enforceUserPermission('module_support', 2);
enforceUserPermission('module_sales', 2);
$invoice_id = intval($_POST['invoice_id']);
$ticket_id = intval($_POST['ticket_id']);
$date = sanitizeInput($_POST['date']);
@ -1727,7 +1723,7 @@ if (isset($_POST['add_invoice_from_ticket'])) {
if (isset($_POST['export_client_tickets_csv'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$client_id = intval($_POST['client_id']);
@ -1776,7 +1772,7 @@ if (isset($_POST['export_client_tickets_csv'])) {
if (isset($_POST['add_recurring_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
require_once 'post/recurring_ticket_model.php';
@ -1804,7 +1800,7 @@ if (isset($_POST['add_recurring_ticket'])) {
if (isset($_POST['edit_recurring_ticket'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
require_once 'post/recurring_ticket_model.php';
@ -1831,7 +1827,7 @@ if (isset($_POST['edit_recurring_ticket'])) {
if (isset($_GET['delete_recurring_ticket'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
$scheduled_ticket_id = intval($_GET['delete_recurring_ticket']);
@ -1855,7 +1851,8 @@ if (isset($_GET['delete_recurring_ticket'])) {
}
if (isset($_POST['bulk_delete_scheduled_tickets']) || isset($_POST['bulk_delete_recurring_tickets'])) {
validateAdminRole();
enforceUserPermission('module_support', 3);
validateCSRFToken($_POST['csrf_token']);
$count = 0; // Default 0
@ -1884,7 +1881,8 @@ if (isset($_POST['bulk_delete_scheduled_tickets']) || isset($_POST['bulk_delete_
if (isset($_POST['set_billable_status'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
enforceUserPermission('module_sales', 2);
$ticket_id = intval($_POST['ticket_id']);
$billable_status = sanitizeInput($_POST['billable_status']);
@ -1916,7 +1914,7 @@ if (isset($_POST['set_billable_status'])) {
if (isset($_POST['edit_ticket_schedule'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_POST['ticket_id']);
$onsite = intval($_POST['onsite']);
@ -2094,7 +2092,7 @@ if (isset($_POST['edit_ticket_schedule'])) {
if (isset($_GET['cancel_ticket_schedule'])) {
validateTechRole();
enforceUserPermission('module_support', 2);
$ticket_id = intval($_GET['cancel_ticket_schedule']);

45
ticket.php
View File

@ -361,10 +361,11 @@ if (isset($_GET['ticket_id'])) {
</span>
</div>
<div class="card-tools d-print-none">
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="card-tools d-print-none">
<div class="btn-toolbar">
<?php if ($config_module_enable_accounting && $ticket_billable == 1 && empty($invoice_id)) { ?>
<?php if ($config_module_enable_accounting && $ticket_billable == 1 && empty($invoice_id) && lookupUserPermission("module_sales") >= 2) { ?>
<a href="#" class="btn btn-light btn-sm ml-3" href="#" data-toggle="modal" data-target="#addInvoiceFromTicketModal">
<i class="fas fa-fw fa-file-invoice mr-2"></i>Invoice
</a>
@ -376,7 +377,6 @@ if (isset($_GET['ticket_id'])) {
<a href="post.php?reopen_ticket=<?php echo $ticket_id; ?>" class="btn btn-light btn-sm ml-3">
<i class="fas fa-fw fa-redo mr-2"></i>Reopen
</a>
&nbsp;
<?php } ?>
<?php if (empty($ticket_resolved_at) && $task_count == $completed_task_count) { ?>
@ -421,7 +421,7 @@ if (isset($_GET['ticket_id'])) {
<a class="dropdown-item" href="#" data-toggle="modal" id="clientChangeTicketModalLoad" data-target="#clientChangeTicketModal">
<i class="fas fa-fw fa-people-carry mr-2"></i>Change Client
</a>
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_support") == 3) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket=<?php echo $ticket_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash mr-2"></i>Delete
@ -432,6 +432,7 @@ if (isset($_GET['ticket_id'])) {
<?php } ?>
</div>
</div>
<?php } ?>
</div> <!-- Card Header -->
@ -495,11 +496,11 @@ if (isset($_GET['ticket_id'])) {
// Billable
if ($config_module_enable_accounting) { ?>
<?php if($invoice_id) { ?>
<?php if ($invoice_id && lookupUserPermission("module_sales") >= 1) { ?>
<div class="mt-1">
<i class="fa fa-fw fa-dollar-sign text-secondary mr-2"></i>Invoiced: <?php echo "$invoice_prefix$invoice_number"; ?>
</div>
<?php } else { ?>
<?php } elseif (lookupUserPermission("module_sales") >= 1) { ?>
<div class="mt-1">
<i class="fa fa-fw fa-dollar-sign text-secondary mr-2"></i>Ticket is
<a href="#" data-toggle="modal" data-target="#editTicketBillableModal<?php echo $ticket_id; ?>">
@ -588,7 +589,7 @@ if (isset($_GET['ticket_id'])) {
</div>
<!-- Only show ticket reply modal if status is not closed -->
<?php if (empty($ticket_resolved_at) && empty($ticket_closed_at)) { ?>
<?php if (lookupUserPermission("module_support") >= 2 && empty($ticket_resolved_at) && empty($ticket_closed_at)) { ?>
<div class="card card-body d-print-none pb-0">
@ -747,20 +748,20 @@ if (isset($_GET['ticket_id'])) {
<?php if ($ticket_reply_type !== "Client" && empty($ticket_closed_at)) { ?>
<div class="card-tools d-print-none mb-2">
<div class="dropdown dropleft">
<button class="btn btn-sm btn-tool" type="button" id="dropdownMenuButton" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#replyEditTicketModal<?php echo $ticket_reply_id; ?>">
<i class="fas fa-fw fa-edit text-secondary mr-2"></i>Edit
</a>
<?php if ($session_user_role == 3) { ?>
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<button class="btn btn-sm btn-tool" type="button" id="dropdownMenuButton" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#replyEditTicketModal<?php echo $ticket_reply_id; ?>">
<i class="fas fa-fw fa-edit text-secondary mr-2"></i>Edit
</a>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger confirm-link" href="post.php?archive_ticket_reply=<?php echo $ticket_reply_id; ?>">
<i class="fas fa-fw fa-archive mr-2"></i>Archive
</a>
<?php } ?>
</div>
</div>
<?php } ?>
</div>
</div>
<?php } ?>
@ -870,7 +871,7 @@ if (isset($_GET['ticket_id'])) {
<!-- Tasks Card -->
<div class="card card-body">
<?php if (empty($ticket_closed_at)) { ?>
<?php if (empty($ticket_closed_at) && lookupUserPermission("module_support") >= 2) { ?>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="ticket_id" value="<?php echo $ticket_id; ?>">
<div class="form-group">
@ -899,7 +900,7 @@ if (isset($_GET['ticket_id'])) {
<td>
<?php if ($task_completed_at) { ?>
<i class="far fa-fw fa-check-square text-primary"></i>
<?php } else { ?>
<?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
<a href="post.php?complete_task=<?php echo $task_id; ?>">
<i class="far fa-fw fa-square text-secondary"></i>
</a>
@ -908,7 +909,7 @@ if (isset($_GET['ticket_id'])) {
<td><?php echo $task_name; ?></td>
<td>
<div class="float-right">
<?php if (empty($ticket_closed_at)) { ?>
<?php if (empty($ticket_closed_at) && lookupUserPermission("module_support") >= 2) { ?>
<div class="dropdown dropleft text-center">
<button class="btn btn-link text-secondary btn-sm" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-ellipsis-v"></i>
@ -1127,7 +1128,7 @@ if (isset($_GET['ticket_id'])) {
</div> <!-- End row -->
<?php
if (empty($ticket_closed_at)) {
if (lookupUserPermission("module_support") >= 2 && empty($ticket_closed_at)) {
require_once "ticket_edit_modal.php";
require_once "ticket_assign_modal.php";
@ -1149,7 +1150,7 @@ if (isset($_GET['ticket_id'])) {
require_once "ticket_merge_modal.php";
}
if ($config_module_enable_accounting) {
if (lookupUserPermission("module_support") >= 2 && lookupUserPermission("module_sales") >= 2 && $config_module_enable_accounting) {
require_once "ticket_edit_billable_modal.php";
require_once "ticket_invoice_add_modal.php";
}

2
ticket_edit_modal.php
View File

@ -98,7 +98,7 @@
</div>
</div>
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<div class="form-group">
<div class="custom-control custom-switch">
<input type="checkbox" class="custom-control-input" name="billable" <?php if ($ticket_billable == 1) { echo "checked"; } ?> value="1" id="billableSwitch<?php echo $ticket_id; ?>">

8
tickets.php
View File

@ -154,7 +154,8 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
<i class="fa fa-fw fa-exclamation-triangle mr-2"></i>Unassigned Tickets | <strong> <?php echo $total_tickets_unassigned; ?></strong>
</a>
<div class="dropdown ml-2" id="bulkActionButton" hidden>
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="dropdown ml-2" id="bulkActionButton" hidden>
<button class="btn btn-secondary dropdown-toggle" type="button" data-toggle="dropdown">
<i class="fas fa-fw fa-layer-group mr-2"></i>Bulk Action (<span id="selectedCount">0</span>)
</button>
@ -184,6 +185,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
</a>
</div>
</div>
<?php } ?>
</div>
@ -328,7 +330,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
</a>
</th>
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<th class="text-center">
<a class="text-dark" href="?<?php echo $url_query_strings_sort; ?>&sort=ticket_billable&order=<?php echo $disp; ?>">
Billable <?php if ($sort == 'ticket_billable') { echo $order_icon; } ?>
@ -514,7 +516,7 @@ $user_active_assigned_tickets = intval($row['total_tickets_assigned']);
</td>
<!-- Ticket Billable (if accounting enabled -->
<?php if ($config_module_enable_accounting) { ?>
<?php if ($config_module_enable_accounting && lookupUserPermission("module_sales") >= 2) { ?>
<td class="text-center">
<a href="#" data-toggle="modal" data-target="#editTicketBillableModal<?php echo $ticket_id; ?>">
<?php