mirror of https://github.com/itflow-org/itflow
Add task approval system
This commit is contained in:
wrongecho
parent
88a29b7599
commit
77e4d2b566
|
|
@ -4134,10 +4134,30 @@ if (LATEST_DATABASE_VERSION > CURRENT_DATABASE_VERSION) {
|
|||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.8'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '2.3.8') {
|
||||
// // Insert queries here required to update to DB version 2.3.9
|
||||
if (CURRENT_DATABASE_VERSION == '2.3.8') {
|
||||
|
||||
mysqli_query($mysqli, "
|
||||
CREATE TABLE `task_approvals` (
|
||||
`approval_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`approval_scope` enum('client','internal') NOT NULL,
|
||||
`approval_type` enum('any','technical','billing','specific') NOT NULL,
|
||||
`approval_required_user_id` int(11) DEFAULT NULL,
|
||||
`approval_status` enum('pending','approved','declined') NOT NULL,
|
||||
`approval_created_by` int(11) NOT NULL,
|
||||
`approval_approved_by` varchar(255) DEFAULT NULL,
|
||||
`approval_url_key` varchar(200) NOT NULL,
|
||||
`approval_task_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`approval_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
|
||||
");
|
||||
|
||||
mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.9'");
|
||||
}
|
||||
|
||||
// if (CURRENT_DATABASE_VERSION == '2.3.9') {
|
||||
// // Insert queries here required to update to DB version 2.4.0
|
||||
// // Then, update the database to the next sequential version
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.3.9'");
|
||||
// mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '2.4.0'");
|
||||
// }
|
||||
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -992,3 +992,23 @@ if (isset($_GET['apex_domain_check'])) {
|
|||
|
||||
echo json_encode($response);
|
||||
}
|
||||
|
||||
// Get internal users/techs
|
||||
if (isset($_GET['get_internal_users'])) {
|
||||
enforceUserPermission('module_support');
|
||||
|
||||
$sql = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT user_id, user_name
|
||||
FROM users
|
||||
WHERE user_type = 1 AND user_status = 1 AND user_archived_at IS NULL
|
||||
ORDER BY user_name"
|
||||
);
|
||||
|
||||
while ($row = mysqli_fetch_assoc($sql)) {
|
||||
$response['users'][] = $row;
|
||||
}
|
||||
|
||||
echo json_encode($response);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,140 @@
|
|||
<?php
|
||||
|
||||
require_once '../../../includes/modal_header.php';
|
||||
|
||||
$task_id = intval($_GET['id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tasks
|
||||
WHERE task_id = $task_id
|
||||
LIMIT 1"
|
||||
);
|
||||
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$task_name = nullable_htmlentities($row['task_name']);
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
ob_start();
|
||||
|
||||
?>
|
||||
|
||||
<div class="modal-header bg-dark">
|
||||
<h5 class="modal-title"><i class="fa fa-fw fa-shield-alt mr-2"></i>New approver for task <?=$task_name?></h5>
|
||||
<button type="button" class="close text-white" data-dismiss="modal">
|
||||
<span>×</span>
|
||||
</button>
|
||||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
|
||||
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
|
||||
|
||||
<div class="modal-body">
|
||||
|
||||
<div class="form-group">
|
||||
<label>Approval scope <strong class="text-danger">*</strong></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-layer-group"></i></span>
|
||||
</div>
|
||||
<select class="form-control" name="approval_scope" id="approval_scope" required>
|
||||
<option value="">Select scope...</option>
|
||||
<option value="internal">Internal</option>
|
||||
<option value="client">Client</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="form-group d-none" id="approval_type_wrapper">
|
||||
<label>Who can approve? <strong class="text-danger">*</strong></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-user-check"></i></span>
|
||||
</div>
|
||||
<select class="form-control" name="approval_type" id="approval_type" required>
|
||||
<!-- JS -->
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="form-group d-none" id="specific_user_wrapper">
|
||||
<label>Select specific internal approver <strong class="text-danger">*</strong></label>
|
||||
<div class="input-group">
|
||||
<div class="input-group-prepend">
|
||||
<span class="input-group-text"><i class="fa fa-fw fa-user-circle"></i></span>
|
||||
</div>
|
||||
<select class="form-control select2" name="approval_required_user_id" id="specific_user_select">
|
||||
<option value="">Select user...</option>
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
<div class="modal-footer">
|
||||
<button type="submit" name="add_ticket_task_approver" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
|
||||
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
|
||||
</div>
|
||||
|
||||
</form>
|
||||
|
||||
|
||||
<!-- JS to make the correct boxes appear depending on if internal/client approval) -->
|
||||
<script>
|
||||
$('#approval_scope').on('change', function() {
|
||||
const scope = $(this).val();
|
||||
const typeSelect = $('#approval_type');
|
||||
const wrapper = $('#approval_type_wrapper');
|
||||
|
||||
typeSelect.empty();
|
||||
$('#specific_user_wrapper').addClass('d-none');
|
||||
|
||||
if (!scope) {
|
||||
wrapper.addClass('d-none');
|
||||
return;
|
||||
}
|
||||
|
||||
wrapper.removeClass('d-none');
|
||||
|
||||
if (scope === 'internal') {
|
||||
typeSelect.append('<option value="">Select...</option>');
|
||||
typeSelect.append('<option value="any">Any internal reviewer</option>');
|
||||
typeSelect.append('<option value="specific">Specific agent</option>');
|
||||
}
|
||||
|
||||
if (scope === 'client') {
|
||||
typeSelect.append('<option value="">Select...</option>');
|
||||
typeSelect.append('<option value="any">Ticket contact</option>');
|
||||
typeSelect.append('<option value="technical">Technical contacts</option>');
|
||||
typeSelect.append('<option value="billing">Billing contacts</option>');
|
||||
}
|
||||
});
|
||||
|
||||
// Specific user (internal only for now)
|
||||
$('#approval_type').on('change', function() {
|
||||
const type = $(this).val();
|
||||
const scope = $('#approval_scope').val();
|
||||
const userSelect = $('#specific_user_select');
|
||||
|
||||
if (type !== 'specific' || scope !== 'internal') {
|
||||
$('#specific_user_wrapper').addClass('d-none');
|
||||
return;
|
||||
}
|
||||
|
||||
$('#specific_user_wrapper').removeClass('d-none');
|
||||
userSelect.empty().append('<option value="">Loading...</option>');
|
||||
|
||||
$.getJSON('ajax.php?get_internal_users=true', function(data) {
|
||||
userSelect.empty().append('<option value="">Select user...</option>');
|
||||
data.users.forEach(function(u) {
|
||||
userSelect.append(`<option value="${u.user_id}">${u.user_name}</option>`);
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
</script>
|
||||
|
||||
<?php
|
||||
|
||||
require_once '../../../includes/modal_footer.php';
|
||||
|
|
@ -14,6 +14,14 @@ $task_name = nullable_htmlentities($row['task_name']);
|
|||
$task_completion_estimate = intval($row['task_completion_estimate']);
|
||||
$task_completed_at = nullable_htmlentities($row['task_completed_at']);
|
||||
|
||||
// Approvals
|
||||
$sql_task_approvals = mysqli_query($mysqli, "
|
||||
SELECT user_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_created_by, approval_approved_by FROM task_approvals
|
||||
LEFT JOIN users ON user_id = approval_required_user_id
|
||||
WHERE approval_task_id = $task_id
|
||||
ORDER BY approval_approved_by"
|
||||
);
|
||||
|
||||
// Generate the HTML form content using output buffering.
|
||||
ob_start();
|
||||
|
||||
|
|
@ -27,7 +35,7 @@ ob_start();
|
|||
</div>
|
||||
<form action="post.php" method="post" autocomplete="off">
|
||||
<input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
|
||||
|
||||
|
||||
<div class="modal-body">
|
||||
|
||||
<div class="form-group">
|
||||
|
|
@ -49,7 +57,53 @@ ob_start();
|
|||
<input type="number" class="form-control" name="completion_estimate" placeholder="Estimated time to complete task in mins" value="<?php echo $task_completion_estimate; ?>">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<?php if (mysqli_num_rows($sql_task_approvals) > 0) { ?>
|
||||
<hr>
|
||||
<div class="form-group">
|
||||
<b>Task Approvals</b>
|
||||
|
||||
<table class="table table-sm table-bordered" style="margin-top:10px;">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Scope</th>
|
||||
<th>Type</th>
|
||||
<th>Status</th>
|
||||
<th>Action</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<?php while ($row = mysqli_fetch_array($sql_task_approvals)) {
|
||||
$approval_id = intval($row['approval_id']);
|
||||
$approval_scope = nullable_htmlentities($row['approval_scope']);
|
||||
$approval_type = nullable_htmlentities($row['approval_type']);
|
||||
$approval_user_name = nullable_htmlentities($row['user_name']);
|
||||
$approval_status = nullable_htmlentities($row['approval_status']);
|
||||
$approval_created_by = intval($row['approval_created_by']);
|
||||
$approval_approved_by = nullable_htmlentities($row['approval_approved_by']);
|
||||
?>
|
||||
<tr>
|
||||
<td><?= ucfirst($approval_scope) ?></td>
|
||||
<td><?= ucfirst($approval_type) ?> <?php if (!empty($approval_user_name)) { echo " - $approval_user_name"; } ?></td>
|
||||
<td><?= ucfirst($approval_status) ?></td>
|
||||
<td>
|
||||
<?php if ($approval_status !== 'approved') { ?>
|
||||
<a class="text-danger"
|
||||
onclick="return confirm('Delete this approval request?');"
|
||||
href="post.php?delete_ticket_task_approver=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-fw fa-trash-alt"></i>Delete
|
||||
</a>
|
||||
<!-- confirm-link won't work -->
|
||||
<?php } ?>
|
||||
</td>
|
||||
</tr>
|
||||
<?php } ?>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="modal-footer">
|
||||
|
|
|
|||
|
|
@ -155,6 +155,247 @@ if (isset($_GET['undo_complete_task'])) {
|
|||
|
||||
}
|
||||
|
||||
if (isset($_POST['add_ticket_task_approver'])) {
|
||||
|
||||
validateCSRFToken($_POST['csrf_token']);
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$task_id = intval($_POST['task_id']);
|
||||
$scope = sanitizeInput($_POST['approval_scope']);
|
||||
$type = sanitizeInput($_POST['approval_type']);
|
||||
$approval_url_key = randomString(32);
|
||||
|
||||
$required_user_id = "NULL";
|
||||
if ($type == 'specific') {
|
||||
$required_user_id = intval($_POST['approval_required_user_id']);
|
||||
}
|
||||
|
||||
mysqli_query($mysqli, "INSERT INTO task_approvals SET approval_scope = '$scope', approval_type = '$type', approval_required_user_id = $required_user_id, approval_status = 'pending', approval_created_by = $session_user_id, approval_url_key = '$approval_url_key', approval_task_id = $task_id");
|
||||
|
||||
$approval_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Task/Ticket Info
|
||||
$tt_row = mysqli_fetch_array(mysqli_query($mysqli, "
|
||||
SELECT * FROM tasks
|
||||
LEFT JOIN tickets ON ticket_id = task_ticket_id
|
||||
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
|
||||
WHERE task_id = $task_id LIMIT 1
|
||||
")
|
||||
);
|
||||
$task_name = sanitizeInput($tt_row['task_name']);
|
||||
$ticket_id = intval($tt_row['task_ticket_id']);
|
||||
$ticket_prefix = sanitizeInput($tt_row['ticket_prefix']);
|
||||
$ticket_number = intval($tt_row['ticket_number']);
|
||||
$ticket_subject = sanitizeInput($tt_row['ticket_subject']);
|
||||
$ticket_status = sanitizeInput($tt_row['ticket_status_name']);
|
||||
$ticket_url_key = sanitizeInput($tt_row['ticket_url_key']);
|
||||
$ticket_contact_id = intval($tt_row['ticket_contact_id']);
|
||||
$client_id = intval($tt_row['ticket_client_id']);
|
||||
|
||||
// --Notifications--
|
||||
|
||||
// Sanitize Config vars from get_settings.php
|
||||
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
|
||||
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
|
||||
$config_base_url = sanitizeInput($config_base_url);
|
||||
|
||||
// Get Company Info
|
||||
$crow = mysqli_fetch_array(mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"));
|
||||
$company_name = sanitizeInput($crow['company_name']);
|
||||
$company_phone = sanitizeInput(formatPhoneNumber($crow['company_phone'], $crow['company_phone_country_code']));
|
||||
|
||||
// Email contents
|
||||
$subject = "Ticket task approval required - [$ticket_prefix$ticket_number] - $ticket_subject";
|
||||
$body = "<i style=\'color: #808080\'>##- Please type your reply above this line -##</i><br><br>Hello,<br><br>A ticket regarding $ticket_subject has a task requiring your approval:- <br>Task name: $task_name<br>Scope/Type: $scope - $type <br><br>To approve this task, please click <a href=\'https://$config_base_url/guest/guest_approve_ticket_task.php?task_approval_id=$approval_id&url_key=$approval_url_key\'>here</a>.<br>If you require further information, please reply to this e-mail.<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: $ticket_status<br>Portal: <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$ticket_url_key\'>View ticket</a><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
|
||||
|
||||
if ($scope == 'internal' && $type == 'specific' && $session_user_id !== $required_user_id) {
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name needs your approval for ticket $ticket_prefix$ticket_number task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $required_user_id");
|
||||
|
||||
if (!empty($config_smtp_host)) {
|
||||
$agent_contact = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $required_user_id AND user_archived_at IS NULL"));
|
||||
$name = sanitizeInput($agent_contact['user_name']);
|
||||
$email = sanitizeInput($agent_contact['user_email']);
|
||||
|
||||
// Only add contact to email queue if email is valid
|
||||
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$data[] = [
|
||||
'from' => $config_ticket_from_email,
|
||||
'from_name' => $config_ticket_from_name,
|
||||
'recipient' => $email,
|
||||
'recipient_name' => $name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
|
||||
addToMailQueue($data);
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'any') {
|
||||
|
||||
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $ticket_contact_id LIMIT 1"));
|
||||
$contact_name = sanitizeInput($contact_row['contact_name']);
|
||||
$contact_email = sanitizeInput($contact_row['contact_email']);
|
||||
|
||||
$data = [];
|
||||
|
||||
if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
|
||||
$data[] = [
|
||||
'from' => $config_ticket_from_email,
|
||||
'from_name' => $config_ticket_from_name,
|
||||
'recipient' => $contact_email,
|
||||
'recipient_name' => $contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
addToMailQueue($data);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'technical') {
|
||||
|
||||
$sql_technical_contacts = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT contact_name, contact_email FROM contacts
|
||||
WHERE contact_technical = 1
|
||||
AND contact_email != ''
|
||||
AND contact_client_id = $client_id"
|
||||
);
|
||||
|
||||
$data = [];
|
||||
|
||||
while ($technical_contact = mysqli_fetch_array($sql_technical_contacts)) {
|
||||
$technical_contact_name = sanitizeInput($technical_contact['contact_name']);
|
||||
$technical_contact_email = sanitizeInput($technical_contact['contact_email']);
|
||||
|
||||
if (filter_var($technical_contact_email, FILTER_VALIDATE_EMAIL)) {
|
||||
$data[] = [
|
||||
'from' => $config_ticket_from_email,
|
||||
'from_name' => $config_ticket_from_name,
|
||||
'recipient' => $technical_contact_email,
|
||||
'recipient_name' => $technical_contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
addToMailQueue($data);
|
||||
|
||||
}
|
||||
|
||||
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'billing') {
|
||||
|
||||
$sql_billing_contacts = mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT contact_name, contact_email FROM contacts
|
||||
WHERE contact_billing = 1
|
||||
AND contact_email != ''
|
||||
AND contact_client_id = $client_id"
|
||||
);
|
||||
|
||||
$data = [];
|
||||
|
||||
while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
|
||||
$billing_contact_name = sanitizeInput($billing_contact['contact_name']);
|
||||
$billing_contact_email = sanitizeInput($billing_contact['contact_email']);
|
||||
|
||||
if (filter_var($billing_contact_email, FILTER_VALIDATE_EMAIL)) {
|
||||
$data[] = [
|
||||
'from' => $config_ticket_from_email,
|
||||
'from_name' => $config_ticket_from_name,
|
||||
'recipient' => $billing_contact_email,
|
||||
'recipient_name' => $billing_contact_name,
|
||||
'subject' => $subject,
|
||||
'body' => $body
|
||||
];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
addToMailQueue($data);
|
||||
|
||||
}
|
||||
|
||||
// Logging
|
||||
logAction("Task", "Edit", "$session_name added task approver for $task_name", $client_id, $task_id);
|
||||
|
||||
flash_alert("Added approver");
|
||||
redirect();
|
||||
}
|
||||
|
||||
if (isset($_GET['approve_ticket_task'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
||||
$task_id = intval($_GET['approve_task']);
|
||||
$approval_id = intval($_GET['approval_id']);
|
||||
|
||||
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'"));
|
||||
|
||||
$task_name = nullable_htmlentities($approval_row['task_name']);
|
||||
$scope = nullable_htmlentities($approval_row['approval_scope']);
|
||||
$type = nullable_htmlentities($approval_row['approval_type']);
|
||||
$required_user = intval($approval_row['approval_required_user_id']);
|
||||
$created_by = intval($approval_row['approval_created_by']);
|
||||
$ticket_id = intval($approval_row['task_ticket_id']);
|
||||
|
||||
if (!$approval_row) {
|
||||
flash_alert("Cannot find/approve that task", 'error');
|
||||
redirect();
|
||||
exit;
|
||||
}
|
||||
|
||||
// Validate approver (deny)
|
||||
if ($required_user > 0 && $required_user !== $session_user_id) {
|
||||
flash_alert("You cannot approve that task", 'error');
|
||||
redirect();
|
||||
exit;
|
||||
}
|
||||
if ($required_user == 0 && $type = 'any' && $created_by == $session_user_id) {
|
||||
flash_alert("You cannot approve your own task", 'error');
|
||||
redirect();
|
||||
exit;
|
||||
}
|
||||
|
||||
// Approve
|
||||
mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'");
|
||||
|
||||
// Notify
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $created_by");
|
||||
// TODO: Email agent
|
||||
|
||||
// Logging
|
||||
logAction("Task", "Edit", "$session_name approved task $task_name (approval $approval_id)", 0, $task_id);
|
||||
|
||||
flash_alert("Approved");
|
||||
redirect();
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['delete_ticket_task_approver'])) {
|
||||
|
||||
validateCSRFToken($_GET['csrf_token']);
|
||||
|
||||
enforceUserPermission('module_support', 3);
|
||||
|
||||
$approval_id = intval($_GET['delete_ticket_task_approver']);
|
||||
|
||||
mysqli_query($mysqli, "DELETE FROM task_approvals WHERE approval_id = $approval_id");
|
||||
|
||||
logAction("Task", "Delete", "$session_name deleted task approval request ($approval_id)", 0, 0);
|
||||
|
||||
flash_alert("Approval request deleted", 'error');
|
||||
|
||||
redirect();
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['complete_all_tasks'])) {
|
||||
|
||||
enforceUserPermission('module_support', 2);
|
||||
|
|
|
|||
|
|
@ -961,23 +961,82 @@ if (isset($_GET['ticket_id'])) {
|
|||
|
||||
<table class="table table-sm" id="tasks">
|
||||
<?php
|
||||
while($row = mysqli_fetch_array($sql_tasks)){
|
||||
while ($row = mysqli_fetch_array($sql_tasks)) {
|
||||
$task_id = intval($row['task_id']);
|
||||
$task_name = nullable_htmlentities($row['task_name']);
|
||||
//$task_description = nullable_htmlentities($row['task_description']); // not in db yet
|
||||
$task_completion_estimate = intval($row['task_completion_estimate']);
|
||||
$task_completed_at = nullable_htmlentities($row['task_completed_at']);
|
||||
|
||||
// Check for approvals
|
||||
$task_needs_approval = false;
|
||||
$task_needs_approval = mysqli_num_rows(mysqli_query(
|
||||
$mysqli,
|
||||
"SELECT 1 FROM task_approvals
|
||||
WHERE approval_task_id = $task_id
|
||||
AND approval_status IN ('pending','declined')
|
||||
LIMIT 1"
|
||||
)) > 0;
|
||||
|
||||
$approval_id = 0;
|
||||
$user_can_approve = false;
|
||||
$approval_rows = mysqli_query($mysqli, "
|
||||
SELECT approval_id, approval_scope, approval_type, approval_required_user_id, approval_created_by
|
||||
FROM task_approvals WHERE approval_task_id = $task_id AND approval_status = 'pending'
|
||||
");
|
||||
|
||||
while ($approval = mysqli_fetch_array($approval_rows)) {
|
||||
|
||||
$scope = nullable_htmlentities($approval['approval_scope']);
|
||||
$type = nullable_htmlentities($approval['approval_type']);
|
||||
$required_user = intval($approval['approval_required_user_id']);
|
||||
$created_by = intval($approval['approval_created_by']);
|
||||
|
||||
// Named, specific user?
|
||||
if ($scope == 'internal' && $type == 'specific' && $required_user == $session_user_id) {
|
||||
$user_can_approve = true;
|
||||
$approval_id = intval($approval['approval_id']);
|
||||
continue;
|
||||
}
|
||||
|
||||
// Any internal user, but the one who created the task
|
||||
if ($scope == 'internal' && $type == 'any' && $created_by !== $session_user_id) {
|
||||
$user_can_approve = true;
|
||||
$approval_id = intval($approval['approval_id']);
|
||||
continue;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
?>
|
||||
<tr data-task-id="<?= $task_id ?>">
|
||||
<td>
|
||||
<?php if ($task_completed_at) { ?>
|
||||
<i class="far fa-check-square text-success"></i>
|
||||
<?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
|
||||
<a href="post.php?complete_task=<?php echo $task_id; ?>">
|
||||
<i class="far fa-square text-dark"></i>
|
||||
</a>
|
||||
|
||||
<?php if ($task_needs_approval) { ?>
|
||||
<i class="fas fa-shield-alt text-warning"
|
||||
data-toggle="tooltip"
|
||||
data-placement="top"
|
||||
title="Approval required"></i>
|
||||
|
||||
<?php if ($user_can_approve) { ?>
|
||||
<a class="confirm-link" href="post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
|
||||
<i class="fas fa-thumbs-up text-green"></i>
|
||||
</a>
|
||||
<?php } ?>
|
||||
|
||||
<span class="text-dark ml-2"><?= $task_name ?></span>
|
||||
|
||||
<?php } else { ?>
|
||||
<a href="post.php?complete_task=<?php echo $task_id; ?>">
|
||||
<i class="far fa-square text-dark"></i>
|
||||
</a>
|
||||
<span class="text-dark ml-2"><?php echo $task_name; ?></span>
|
||||
<?php } ?>
|
||||
|
||||
<?php } ?>
|
||||
<span class="text-dark ml-2"><?php echo $task_name; ?></span>
|
||||
</td>
|
||||
<td>
|
||||
<div class="float-right">
|
||||
|
|
@ -997,6 +1056,12 @@ if (isset($_GET['ticket_id'])) {
|
|||
data-modal-url="modals/ticket/ticket_task_edit.php?id=<?= $task_id ?>">
|
||||
<i class="fas fa-fw fa-edit mr-2"></i>Edit
|
||||
</a>
|
||||
<?php if (!$task_completed_at) { ?>
|
||||
<a class="dropdown-item ajax-modal" href="#"
|
||||
data-modal-url="modals/ticket/ticket_task_approver_add.php?id=<?= $task_id ?>">
|
||||
<i class="fas fa-fw fa-shield-alt mr-2"></i>Add Approvers
|
||||
</a>
|
||||
<?php } ?>
|
||||
<?php if ($task_completed_at) { ?>
|
||||
<a class="dropdown-item" href="post.php?undo_complete_task=<?php echo $task_id; ?>">
|
||||
<i class="fas fa-fw fa-arrow-circle-left mr-2"></i>Mark incomplete
|
||||
|
|
|
|||
|
|
@ -185,6 +185,43 @@ if (isset($_POST['add_ticket_comment'])) {
|
|||
}
|
||||
}
|
||||
|
||||
if (isset($_GET['approve_ticket_task'])) {
|
||||
|
||||
$task_id = intval($_GET['approve_ticket_task']);
|
||||
$approval_id = intval($_GET['approval_id']);
|
||||
$url_key = sanitizeInput($_GET['approval_url_key']);
|
||||
|
||||
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'"));
|
||||
|
||||
$task_name = nullable_htmlentities($approval_row['task_name']);
|
||||
$scope = nullable_htmlentities($approval_row['approval_scope']);
|
||||
$type = nullable_htmlentities($approval_row['approval_type']);
|
||||
$required_user = intval($approval_row['approval_required_user_id']);
|
||||
$created_by = intval($approval_row['approval_created_by']);
|
||||
$ticket_id = intval($approval_row['task_ticket_id']);
|
||||
|
||||
if (!$approval_row) {
|
||||
flash_alert("Cannot find/approve that task", 'warning');
|
||||
redirect();
|
||||
exit;
|
||||
}
|
||||
|
||||
// Approve
|
||||
mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending' AND approval_scope = 'client'");
|
||||
|
||||
|
||||
// Notify tech
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_contact_email approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = $session_client_id, notification_user_id = $created_by");
|
||||
// TODO: Email agent
|
||||
|
||||
// Logging
|
||||
logAction("Task", "Edit", "Contact $session_contact_email approved task $task_name (approval $approval_id)", $session_client_id, $task_id);
|
||||
|
||||
flash_alert("Task Approved");
|
||||
redirect();
|
||||
|
||||
}
|
||||
|
||||
if (isset($_POST['add_ticket_feedback'])) {
|
||||
|
||||
$ticket_id = intval($_POST['ticket_id']);
|
||||
|
|
|
|||
|
|
@ -70,6 +70,13 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
|||
);
|
||||
$completed_task_count = mysqli_num_rows($sql_tasks_completed);
|
||||
|
||||
// Get pending task approvals
|
||||
$sql_task_approvals = mysqli_query($mysqli,"
|
||||
SELECT task_id, task_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_url_key
|
||||
FROM tasks
|
||||
LEFT JOIN task_approvals ON task_id = task_approvals.approval_task_id
|
||||
WHERE task_ticket_id = $ticket_id AND task_completed_at IS NULL AND approval_scope = 'client' AND approval_status = 'pending'
|
||||
");
|
||||
?>
|
||||
|
||||
<ol class="breadcrumb d-print-none">
|
||||
|
|
@ -130,6 +137,59 @@ if (isset($_GET['id']) && intval($_GET['id'])) {
|
|||
</div>
|
||||
</div>
|
||||
|
||||
<!-- Approvals -->
|
||||
<?php if (mysqli_num_rows($sql_task_approvals) > 0) { ?>
|
||||
<div class="card">
|
||||
<div class="card-body">
|
||||
<h5>Approvals</h5>
|
||||
This ticket has tasks requiring approval:
|
||||
|
||||
<ul>
|
||||
<?php
|
||||
|
||||
while ($approvals = mysqli_fetch_array($sql_task_approvals)) {
|
||||
$task_id = intval($approvals['task_id']);
|
||||
$approval_id = intval($approvals['approval_id']);
|
||||
$task_name = nullable_htmlentities($approvals['task_name']);
|
||||
$approval_type = nullable_htmlentities($approvals['approval_type']);
|
||||
$approval_url_key = nullable_htmlentities($approvals['approval_url_key']);
|
||||
|
||||
$contact_can_approve = false; // Default
|
||||
|
||||
if ($approval_type == 'any') {
|
||||
$contact_can_approve = true;
|
||||
}
|
||||
|
||||
if ($session_contact_primary) {
|
||||
$contact_can_approve = true;
|
||||
}
|
||||
|
||||
if ($approval_type == 'technical' && $session_contact_is_technical_contact) {
|
||||
$contact_can_approve = true;
|
||||
}
|
||||
|
||||
if ($approval_type == 'billing' && $session_contact_is_billing_contact) {
|
||||
$contact_can_approve = true;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
<li>
|
||||
<?php echo $task_name;
|
||||
if ($contact_can_approve) { ?> - <a href="post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&approval_url_key=<?= $approval_url_key ?>" class="confirm-link">Approve task</a> <?php }
|
||||
else {?> - Please ask your <?= $approval_type ?> contact to approve this task <?php } ?>
|
||||
</li>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
</ul>
|
||||
|
||||
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<?php } ?>
|
||||
|
||||
<hr>
|
||||
|
||||
<!-- Either show the reply comments box, option to re-open ticket, show ticket smiley feedback or thanks for feedback -->
|
||||
|
|
|
|||
19
db.sql
19
db.sql
|
|
@ -2441,6 +2441,25 @@ CREATE TABLE `tasks` (
|
|||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `task_approvals`
|
||||
--
|
||||
|
||||
DROP TABLE IF EXISTS `task_approvals`;
|
||||
CREATE TABLE IF NOT EXISTS `task_approvals` (
|
||||
`approval_id` int(11) NOT NULL AUTO_INCREMENT,
|
||||
`approval_scope` enum('client','internal') NOT NULL,
|
||||
`approval_type` enum('any','technical','billing','specific') NOT NULL,
|
||||
`approval_required_user_id` int(11) DEFAULT NULL,
|
||||
`approval_status` enum('pending','approved','declined') NOT NULL,
|
||||
`approval_created_by` int(11) NOT NULL,
|
||||
`approval_approved_by` varchar(255) DEFAULT NULL,
|
||||
`approval_url_key` varchar(200) NOT NULL,
|
||||
`approval_task_id` int(11) NOT NULL,
|
||||
PRIMARY KEY (`approval_id`)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
|
||||
/*!40101 SET character_set_client = @saved_cs_client */;
|
||||
|
||||
--
|
||||
-- Table structure for table `taxes`
|
||||
--
|
||||
|
|
|
|||
|
|
@ -0,0 +1,114 @@
|
|||
<?php
|
||||
|
||||
require_once "includes/inc_all_guest.php";
|
||||
|
||||
//Initialize the HTML Purifier to prevent XSS
|
||||
require "../plugins/htmlpurifier/HTMLPurifier.standalone.php";
|
||||
|
||||
$purifier_config = HTMLPurifier_Config::createDefault();
|
||||
$purifier_config->set('Cache.DefinitionImpl', null); // Disable cache by setting a non-existent directory or an invalid one
|
||||
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
|
||||
$purifier = new HTMLPurifier($purifier_config);
|
||||
|
||||
if (!isset($_GET['task_approval_id'], $_GET['url_key'])) {
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
|
||||
exit();
|
||||
}
|
||||
|
||||
// Company info
|
||||
$company_sql_row = mysqli_fetch_array(mysqli_query($mysqli, "
|
||||
SELECT
|
||||
company_phone,
|
||||
company_phone_country_code,
|
||||
company_website
|
||||
FROM
|
||||
companies,
|
||||
settings
|
||||
WHERE
|
||||
companies.company_id = settings.company_id
|
||||
AND companies.company_id = 1"
|
||||
));
|
||||
|
||||
$company_phone_country_code = nullable_htmlentities($company_sql_row['company_phone_country_code']);
|
||||
$company_phone = nullable_htmlentities(formatPhoneNumber($company_sql_row['company_phone'], $company_phone_country_code));
|
||||
$company_website = nullable_htmlentities($company_sql_row['company_website']);
|
||||
|
||||
$approval_id = intval($_GET['task_approval_id']);
|
||||
$url_key = sanitizeInput($_GET['url_key']);
|
||||
|
||||
$task_row = mysqli_fetch_assoc(mysqli_query($mysqli,
|
||||
"SELECT * FROM task_approvals
|
||||
LEFT JOIN tasks ON approval_task_id = task_id
|
||||
LEFT JOIN tickets on task_ticket_id = ticket_id
|
||||
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
|
||||
WHERE approval_id = $approval_id AND approval_url_key = '$url_key'
|
||||
LIMIT 1"
|
||||
));
|
||||
|
||||
if (!$task_row) {
|
||||
// Invalid
|
||||
echo "<br><h2>Oops, something went wrong! Please raise a ticket if you believe this is an error.</h2>";
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
$task_id = intval($task_row['task_id']);
|
||||
$task_name = nullable_htmlentities($task_row['task_name']);
|
||||
$approval_scope = nullable_htmlentities($task_row['approval_scope']);
|
||||
$approval_type = nullable_htmlentities($task_row['approval_type']);
|
||||
$approval_status = nullable_htmlentities($task_row['approval_status']);
|
||||
|
||||
$ticket_prefix = nullable_htmlentities($task_row['ticket_prefix']);
|
||||
$ticket_number = intval($task_row['ticket_number']);
|
||||
$ticket_status = nullable_htmlentities($task_row['ticket_status_name']);
|
||||
$ticket_priority = nullable_htmlentities($task_row['ticket_priority']);
|
||||
$ticket_subject = nullable_htmlentities($task_row['ticket_subject']);
|
||||
$ticket_details = $purifier->purify($task_row['ticket_details']);
|
||||
|
||||
?>
|
||||
|
||||
<div class="card mt-3">
|
||||
<div class="card-header bg-dark text-center">
|
||||
<h4 class="mt-1">
|
||||
Task Approval for Ticket <?php echo $ticket_prefix, $ticket_number ?>
|
||||
</h4>
|
||||
</div>
|
||||
|
||||
<div class="card-body prettyContent">
|
||||
<h5><strong>Subject:</strong> <?php echo $ticket_subject ?></h5>
|
||||
<p>
|
||||
<strong>State:</strong> <?php echo $ticket_status ?>
|
||||
<br>
|
||||
<strong>Priority:</strong> <?php echo $ticket_priority ?>
|
||||
<br>
|
||||
</p>
|
||||
<?php echo $ticket_details ?>
|
||||
<hr>
|
||||
<h5>Task Approval</h5>
|
||||
<p>
|
||||
<strong>Task Name: </strong><?= ucfirst($task_name); ?>
|
||||
<br>
|
||||
<strong>Scope/Type:</strong> <?= ucfirst($approval_scope) . " - " . ucfirst($approval_type)?>
|
||||
<br>
|
||||
<strong>Status:</strong> <?= ucfirst($approval_status)?>
|
||||
<br>
|
||||
<?php
|
||||
if ($approval_status == 'pending') { ?>
|
||||
<strong>Action: </strong><a href="guest_post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&approval_url_key=<?= $url_key ?>" class="confirm-link text-bold">Approve Task</a>
|
||||
<?php } ?>
|
||||
</p>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<hr>
|
||||
|
||||
<div class="card-footer">
|
||||
<?php echo "<i class='fas fa-phone fa-fw mr-2'></i>$company_phone | <i class='fas fa-globe fa-fw mr-2 ml-2'></i>$company_website"; ?>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
require_once $_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php';
|
||||
|
||||
|
|
@ -225,6 +225,39 @@ if (isset($_GET['add_ticket_feedback'], $_GET['url_key'])) {
|
|||
|
||||
}
|
||||
|
||||
if (isset($_GET['approve_ticket_task'])) {
|
||||
|
||||
$task_id = intval($_GET['approve_ticket_task']);
|
||||
$approval_id = intval($_GET['approval_id']);
|
||||
$url_key = sanitizeInput($_GET['approval_url_key']);
|
||||
|
||||
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'"));
|
||||
|
||||
$task_name = nullable_htmlentities($approval_row['task_name']);
|
||||
$scope = nullable_htmlentities($approval_row['approval_scope']);
|
||||
$type = nullable_htmlentities($approval_row['approval_type']);
|
||||
$required_user = intval($approval_row['approval_required_user_id']);
|
||||
$created_by = intval($approval_row['approval_created_by']);
|
||||
$ticket_id = intval($approval_row['task_ticket_id']);
|
||||
|
||||
if (!$approval_row) {
|
||||
exit("Cannot find/approve that task");
|
||||
}
|
||||
|
||||
// Approve
|
||||
mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $required_user WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_url_key = '$url_key' AND approval_status = 'pending'");
|
||||
|
||||
// Notify tech
|
||||
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = 'Guest approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_user_id = $created_by");
|
||||
|
||||
// Logging
|
||||
logAction("Task", "Edit", "Guest user approved task $task_name via link (approval $approval_id)", 0, $task_id);
|
||||
|
||||
flash_alert("Task Approved");
|
||||
redirect();
|
||||
|
||||
}
|
||||
|
||||
if (isset($_GET['export_quote_pdf'])) {
|
||||
|
||||
$quote_id = intval($_GET['export_quote_pdf']);
|
||||
|
|
|
|||
|
|
@ -5,4 +5,4 @@
|
|||
* It is used in conjunction with database_updates.php
|
||||
*/
|
||||
|
||||
DEFINE("LATEST_DATABASE_VERSION", "2.3.8");
|
||||
DEFINE("LATEST_DATABASE_VERSION", "2.3.9");
|
||||
|
|
|
|||
Loading…
Reference in New Issue