From 670450bcfb25c91015c81cf55a178d81b9d5d6ad Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Wed, 23 Apr 2025 10:22:33 +0100
Subject: [PATCH] Ticket statuses - Allow ordering from admin settings, this
 can replace the need to move the Kanban columns

---
 admin_ticket_status.php                 | 16 ++++++++--------
 ajax/ajax_custom_ticket_status_edit.php | 15 +++++++++++++--
 post/admin/admin_ticket_status.php      |  9 ++++++++-
 ticket.php                              |  2 +-
 tickets.php                             |  2 +-
 5 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/admin_ticket_status.php b/admin_ticket_status.php
index 6c687a0e..8b98dcff 100644
--- a/admin_ticket_status.php
+++ b/admin_ticket_status.php
@@ -1,7 +1,7 @@
 <?php
 
 // Default Column Sortby Filter
-$sort = "ticket_status_name";
+$sort = "ticket_status_order";
 $order = "ASC";
 
 require_once "includes/inc_all_admin.php";
@@ -79,7 +79,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                     if ($ticket_status_active) {
                         $ticket_status_display = "<div class='text-success text-bold'>Active</div>";
                     } else {
-                        $ticket_status_display = "<div class='text-secondary'>Disabled</div>";
+                        $ticket_status_display = "<div class='text-secondary'>Inactive</div>";
                     }
 
                     ?>
@@ -97,7 +97,6 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                             <span class='badge badge-pill text-light p-2' style="background-color: <?php echo $ticket_status_color; ?>"><?php echo $ticket_status_name; ?></span>
                         <td><?php echo $ticket_status_display; ?></td>
                         <td>
-                            <?php if ( $ticket_status_id > 5 ) { ?>
                             <div class="dropdown dropleft text-center">
                                 <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
                                     <i class="fas fa-ellipsis-h"></i>
@@ -106,13 +105,14 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
                                     <a class="dropdown-item" href="#" data-toggle="ajax-modal" data-ajax-url="ajax/ajax_custom_ticket_status_edit.php" data-ajax-id="<?php echo $ticket_status_id; ?>">
                                         <i class="fas fa-fw fa-edit mr-2"></i>Edit
                                     </a>
-                                    <div class="dropdown-divider"></div>
-                                    <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket_status=<?php echo $ticket_status_id; ?>">
-                                        <i class="fas fa-fw fa-trash mr-2"></i>Delete
-                                    </a>
+                                    <?php if (!$ticket_status_active) { ?>
+                                        <div class="dropdown-divider"></div>
+                                        <a class="dropdown-item text-danger text-bold confirm-link" href="post.php?delete_ticket_status=<?php echo $ticket_status_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token']; ?>">
+                                            <i class="fas fa-fw fa-trash mr-2"></i>Delete
+                                        </a>
+                                    <?php } ?>
                                 </div>
                             </div>
-                            <?php } ?>
                         </td>
                     </tr>
 
diff --git a/ajax/ajax_custom_ticket_status_edit.php b/ajax/ajax_custom_ticket_status_edit.php
index 121b115a..c9a3ad16 100644
--- a/ajax/ajax_custom_ticket_status_edit.php
+++ b/ajax/ajax_custom_ticket_status_edit.php
@@ -8,6 +8,7 @@ $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_
 $row = mysqli_fetch_array($sql);
 $ticket_status_name = nullable_htmlentities($row['ticket_status_name']);
 $ticket_status_color = nullable_htmlentities($row['ticket_status_color']);
+$ticket_status_order = intval($row['ticket_status_order']);
 $ticket_status_active = intval($row['ticket_status_active']);
 
 // Generate the HTML form content using output buffering.
@@ -30,7 +31,7 @@ ob_start();
                 <div class="input-group-prepend">
                     <span class="input-group-text"><i class="fa fa-fw fa-tag"></i></span>
                 </div>
-                <input type="text" class="form-control" name="name" maxlength="200" value="<?php echo $ticket_status_name; ?>" required>
+                <input type="text" class="form-control" name="name" maxlength="200" value="<?php echo $ticket_status_name; ?>" required <?php if ($ticket_status_id <= 5) { echo "readonly"; } ?>>
             </div>
         </div>
 
@@ -44,6 +45,16 @@ ob_start();
             </div>
         </div>
 
+        <div class="form-group">
+            <label>Order</label>
+            <div class="input-group">
+                <div class="input-group-prepend">
+                    <span class="input-group-text"><i class="fa fa-fw fa-sort-numeric-down"></i></span>
+                </div>
+                <input type="number" class="form-control" name="order" placeholder="Leave blank for no order" value="<?php echo $ticket_status_order; ?>">
+            </div>
+        </div>
+
         <div class="form-group">
             <label>Status <strong class="text-danger">*</strong></label>
             <div class="input-group">
@@ -52,7 +63,7 @@ ob_start();
                 </div>
                 <select class="form-control select2" name="status" required>
                     <option <?php if ($ticket_status_active == 1) { echo "selected"; } ?> value="1">Active</option>
-                    <option <?php if ($ticket_status_active == 0) { echo "selected"; } ?> value="0">Disabled</option>
+                    <option <?php if ($ticket_status_active == 0) { echo "selected"; } ?> value="0" <?php if ($ticket_status_id <= 5) { echo "disabled"; } ?>>Inactive</option>
                 </select>
             </div>
         </div>
diff --git a/post/admin/admin_ticket_status.php b/post/admin/admin_ticket_status.php
index dce68dc1..861a8940 100644
--- a/post/admin/admin_ticket_status.php
+++ b/post/admin/admin_ticket_status.php
@@ -25,9 +25,10 @@ if (isset($_POST['edit_ticket_status'])) {
     $ticket_status_id = intval($_POST['ticket_status_id']);
     $name = sanitizeInput($_POST['name']);
     $color = sanitizeInput($_POST['color']);
+    $order = intval($_POST['order']);
     $status = intval($_POST['status']);
 
-    mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id");
+    mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_name = '$name', ticket_status_color = '$color', ticket_status_order = $order, ticket_status_active = $status WHERE ticket_status_id = $ticket_status_id");
 
     // Logging
     logAction("Ticket Status", "Edit", "$session_name edited custom ticket status $name", 0, $ticket_status_id);
@@ -40,8 +41,14 @@ if (isset($_POST['edit_ticket_status'])) {
 
 if (isset($_GET['delete_ticket_status'])) {
 
+    validateCSRFToken($_GET['csrf_token']);
+
     $ticket_status_id = intval($_GET['delete_ticket_status']);
 
+    if ($ticket_status_id <= 5) {
+        exit("Can't delete built-in statuses");
+    }
+
     // Get ticket status name for logging and notification
     $sql = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id = $ticket_status_id");
     $row = mysqli_fetch_array($sql);
diff --git a/ticket.php b/ticket.php
index 7f6fbcb5..8fb6c13c 100644
--- a/ticket.php
+++ b/ticket.php
@@ -676,7 +676,7 @@ if (isset($_GET['ticket_id'])) {
                                             if ($task_count !== $completed_task_count) {
                                                 $status_snippet = "AND ticket_status_id != 4";
                                             }
-                                            $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id != 1 AND ticket_status_id != 5 AND ticket_status_active = 1 $status_snippet");
+                                            $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_id != 1 AND ticket_status_id != 5 AND ticket_status_active = 1 $status_snippet ORDER BY ticket_status_order");
                                             while ($row = mysqli_fetch_array($sql_ticket_status)) {
                                                 $ticket_status_id_select = intval($row['ticket_status_id']);
                                                 $ticket_status_name_select = nullable_htmlentities($row['ticket_status_name']); ?>
diff --git a/tickets.php b/tickets.php
index 91a0b428..a677beab 100644
--- a/tickets.php
+++ b/tickets.php
@@ -368,7 +368,7 @@ $sql_categories = mysqli_query(
                                 <label>Ticket Status</label>
                                 <select onchange="this.form.submit()" class="form-control select2" name="status[]" data-placeholder="Select Status" multiple>
 
-                                        <?php $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_active = 1");
+                                        <?php $sql_ticket_status = mysqli_query($mysqli, "SELECT * FROM ticket_statuses WHERE ticket_status_active = 1 ORDER BY ticket_status_order");
                                         while ($row = mysqli_fetch_array($sql_ticket_status)) {
                                             $ticket_status_id = intval($row['ticket_status_id']);
                                             $ticket_status_name = nullable_htmlentities($row['ticket_status_name']); ?>