AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add task approval system

Browse Source
This commit is contained in:
wrongecho
2026-01-09 17:14:44 +00:00
parent 88a29b7599
commit 77e4d2b566
12 changed files with 814 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
agent/ajax.php
View File

@@ -992,3 +992,23 @@ if (isset($_GET['apex_domain_check'])) {
echo json_encode($response);
}
// Get internal users/techs
if (isset($_GET['get_internal_users'])) {
enforceUserPermission('module_support');
$sql = mysqli_query(
$mysqli,
"SELECT user_id, user_name
FROM users
WHERE user_type = 1 AND user_status = 1 AND user_archived_at IS NULL
ORDER BY user_name"
);
while ($row = mysqli_fetch_assoc($sql)) {
$response['users'][] = $row;
}
echo json_encode($response);
exit;
}

140
agent/modals/ticket/ticket_task_approver_add.php Normal file
View File

@@ -0,0 +1,140 @@
<?php
require_once '../../../includes/modal_header.php';
$task_id = intval($_GET['id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tasks
WHERE task_id = $task_id
LIMIT 1"
);
$row = mysqli_fetch_array($sql);
$task_name = nullable_htmlentities($row['task_name']);
// Generate the HTML form content using output buffering.
ob_start();
?>
<div class="modal-header bg-dark">
<h5 class="modal-title"><i class="fa fa-fw fa-shield-alt mr-2"></i>New approver for task <?=$task_name?></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
<input type="hidden" name="csrf_token" value="<?= $_SESSION['csrf_token'] ?>">
<div class="modal-body">
<div class="form-group">
<label>Approval scope <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-layer-group"></i></span>
</div>
<select class="form-control" name="approval_scope" id="approval_scope" required>
<option value="">Select scope...</option>
<option value="internal">Internal</option>
<option value="client">Client</option>
</select>
</div>
</div>
<div class="form-group d-none" id="approval_type_wrapper">
<label>Who can approve? <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user-check"></i></span>
</div>
<select class="form-control" name="approval_type" id="approval_type" required>
<!-- JS -->
</select>
</div>
</div>
<div class="form-group d-none" id="specific_user_wrapper">
<label>Select specific internal approver <strong class="text-danger">*</strong></label>
<div class="input-group">
<div class="input-group-prepend">
<span class="input-group-text"><i class="fa fa-fw fa-user-circle"></i></span>
</div>
<select class="form-control select2" name="approval_required_user_id" id="specific_user_select">
<option value="">Select user...</option>
</select>
</div>
</div>
</div>
<div class="modal-footer">
<button type="submit" name="add_ticket_task_approver" class="btn btn-primary text-bold"><i class="fa fa-check mr-2"></i>Save</button>
<button type="button" class="btn btn-light" data-dismiss="modal"><i class="fa fa-times mr-2"></i>Cancel</button>
</div>
</form>
<!-- JS to make the correct boxes appear depending on if internal/client approval) -->
<script>
$('#approval_scope').on('change', function() {
const scope = $(this).val();
const typeSelect = $('#approval_type');
const wrapper = $('#approval_type_wrapper');
typeSelect.empty();
$('#specific_user_wrapper').addClass('d-none');
if (!scope) {
wrapper.addClass('d-none');
return;
}
wrapper.removeClass('d-none');
if (scope === 'internal') {
typeSelect.append('<option value="">Select...</option>');
typeSelect.append('<option value="any">Any internal reviewer</option>');
typeSelect.append('<option value="specific">Specific agent</option>');
}
if (scope === 'client') {
typeSelect.append('<option value="">Select...</option>');
typeSelect.append('<option value="any">Ticket contact</option>');
typeSelect.append('<option value="technical">Technical contacts</option>');
typeSelect.append('<option value="billing">Billing contacts</option>');
}
});
// Specific user (internal only for now)
$('#approval_type').on('change', function() {
const type = $(this).val();
const scope = $('#approval_scope').val();
const userSelect = $('#specific_user_select');
if (type !== 'specific' || scope !== 'internal') {
$('#specific_user_wrapper').addClass('d-none');
return;
}
$('#specific_user_wrapper').removeClass('d-none');
userSelect.empty().append('<option value="">Loading...</option>');
$.getJSON('ajax.php?get_internal_users=true', function(data) {
userSelect.empty().append('<option value="">Select user...</option>');
data.users.forEach(function(u) {
userSelect.append(`<option value="${u.user_id}">${u.user_name}</option>`);
});
});
});
</script>
<?php
require_once '../../../includes/modal_footer.php';

58
agent/modals/ticket/ticket_task_edit.php
View File

@@ -14,6 +14,14 @@ $task_name = nullable_htmlentities($row['task_name']);
$task_completion_estimate = intval($row['task_completion_estimate']);
$task_completed_at = nullable_htmlentities($row['task_completed_at']);
// Approvals
$sql_task_approvals = mysqli_query($mysqli, "
SELECT user_name, approval_id, approval_scope, approval_type, approval_required_user_id, approval_status, approval_created_by, approval_approved_by FROM task_approvals
LEFT JOIN users ON user_id = approval_required_user_id
WHERE approval_task_id = $task_id
ORDER BY approval_approved_by"
);
// Generate the HTML form content using output buffering.
ob_start();
@@ -27,7 +35,7 @@ ob_start();
</div>
<form action="post.php" method="post" autocomplete="off">
<input type="hidden" name="task_id" value="<?php echo $task_id; ?>">
<div class="modal-body">
<div class="form-group">
@@ -49,7 +57,53 @@ ob_start();
<input type="number" class="form-control" name="completion_estimate" placeholder="Estimated time to complete task in mins" value="<?php echo $task_completion_estimate; ?>">
</div>
</div>
<?php if (mysqli_num_rows($sql_task_approvals) > 0) { ?>
<hr>
<div class="form-group">
<b>Task Approvals</b>
<table class="table table-sm table-bordered" style="margin-top:10px;">
<thead>
<tr>
<th>Scope</th>
<th>Type</th>
<th>Status</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php while ($row = mysqli_fetch_array($sql_task_approvals)) {
$approval_id = intval($row['approval_id']);
$approval_scope = nullable_htmlentities($row['approval_scope']);
$approval_type = nullable_htmlentities($row['approval_type']);
$approval_user_name = nullable_htmlentities($row['user_name']);
$approval_status = nullable_htmlentities($row['approval_status']);
$approval_created_by = intval($row['approval_created_by']);
$approval_approved_by = nullable_htmlentities($row['approval_approved_by']);
?>
<tr>
<td><?= ucfirst($approval_scope) ?></td>
<td><?= ucfirst($approval_type) ?> <?php if (!empty($approval_user_name)) { echo " - $approval_user_name"; } ?></td>
<td><?= ucfirst($approval_status) ?></td>
<td>
<?php if ($approval_status !== 'approved') { ?>
<a class="text-danger"
onclick="return confirm('Delete this approval request?');"
href="post.php?delete_ticket_task_approver=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-fw fa-trash-alt"></i>Delete
</a>
<!-- confirm-link won't work -->
<?php } ?>
</td>
</tr>
<?php } ?>
</tbody>
</table>
</div>
<?php } ?>
</div>
<div class="modal-footer">

241
agent/post/task.php
View File

@@ -155,6 +155,247 @@ if (isset($_GET['undo_complete_task'])) {
}
if (isset($_POST['add_ticket_task_approver'])) {
validateCSRFToken($_POST['csrf_token']);
enforceUserPermission('module_support', 2);
$task_id = intval($_POST['task_id']);
$scope = sanitizeInput($_POST['approval_scope']);
$type = sanitizeInput($_POST['approval_type']);
$approval_url_key = randomString(32);
$required_user_id = "NULL";
if ($type == 'specific') {
$required_user_id = intval($_POST['approval_required_user_id']);
}
mysqli_query($mysqli, "INSERT INTO task_approvals SET approval_scope = '$scope', approval_type = '$type', approval_required_user_id = $required_user_id, approval_status = 'pending', approval_created_by = $session_user_id, approval_url_key = '$approval_url_key', approval_task_id = $task_id");
$approval_id = mysqli_insert_id($mysqli);
// Task/Ticket Info
$tt_row = mysqli_fetch_array(mysqli_query($mysqli, "
SELECT * FROM tasks
LEFT JOIN tickets ON ticket_id = task_ticket_id
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
WHERE task_id = $task_id LIMIT 1
")
);
$task_name = sanitizeInput($tt_row['task_name']);
$ticket_id = intval($tt_row['task_ticket_id']);
$ticket_prefix = sanitizeInput($tt_row['ticket_prefix']);
$ticket_number = intval($tt_row['ticket_number']);
$ticket_subject = sanitizeInput($tt_row['ticket_subject']);
$ticket_status = sanitizeInput($tt_row['ticket_status_name']);
$ticket_url_key = sanitizeInput($tt_row['ticket_url_key']);
$ticket_contact_id = intval($tt_row['ticket_contact_id']);
$client_id = intval($tt_row['ticket_client_id']);
// --Notifications--
// Sanitize Config vars from get_settings.php
$config_ticket_from_name = sanitizeInput($config_ticket_from_name);
$config_ticket_from_email = sanitizeInput($config_ticket_from_email);
$config_base_url = sanitizeInput($config_base_url);
// Get Company Info
$crow = mysqli_fetch_array(mysqli_query($mysqli, "SELECT company_name, company_phone, company_phone_country_code FROM companies WHERE company_id = 1"));
$company_name = sanitizeInput($crow['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($crow['company_phone'], $crow['company_phone_country_code']));
// Email contents
$subject = "Ticket task approval required - [$ticket_prefix$ticket_number] - $ticket_subject";
$body = "<i style=\'color: #808080\'>##- Please type your reply above this line -##</i><br><br>Hello,<br><br>A ticket regarding $ticket_subject has a task requiring your approval:- <br>Task name: $task_name<br>Scope/Type: $scope - $type <br><br>To approve this task, please click <a href=\'https://$config_base_url/guest/guest_approve_ticket_task.php?task_approval_id=$approval_id&url_key=$approval_url_key\'>here</a>.<br>If you require further information, please reply to this e-mail.<br><br>Ticket: $ticket_prefix$ticket_number<br>Subject: $ticket_subject<br>Status: $ticket_status<br>Portal: <a href=\'https://$config_base_url/guest/guest_view_ticket.php?ticket_id=$ticket_id&url_key=$ticket_url_key\'>View ticket</a><br><br>--<br>$company_name - Support<br>$config_ticket_from_email<br>$company_phone";
if ($scope == 'internal' && $type == 'specific' && $session_user_id !== $required_user_id) {
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name needs your approval for ticket $ticket_prefix$ticket_number task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $required_user_id");
if (!empty($config_smtp_host)) {
$agent_contact = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE user_id = $required_user_id AND user_archived_at IS NULL"));
$name = sanitizeInput($agent_contact['user_name']);
$email = sanitizeInput($agent_contact['user_email']);
// Only add contact to email queue if email is valid
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $email,
'recipient_name' => $name,
'subject' => $subject,
'body' => $body
];
addToMailQueue($data);
}
}
}
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'any') {
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT contact_name, contact_email FROM contacts WHERE contact_id = $ticket_contact_id LIMIT 1"));
$contact_name = sanitizeInput($contact_row['contact_name']);
$contact_email = sanitizeInput($contact_row['contact_email']);
$data = [];
if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $contact_email,
'recipient_name' => $contact_name,
'subject' => $subject,
'body' => $body
];
addToMailQueue($data);
}
}
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'technical') {
$sql_technical_contacts = mysqli_query(
$mysqli,
"SELECT contact_name, contact_email FROM contacts
WHERE contact_technical = 1
AND contact_email != ''
AND contact_client_id = $client_id"
);
$data = [];
while ($technical_contact = mysqli_fetch_array($sql_technical_contacts)) {
$technical_contact_name = sanitizeInput($technical_contact['contact_name']);
$technical_contact_email = sanitizeInput($technical_contact['contact_email']);
if (filter_var($technical_contact_email, FILTER_VALIDATE_EMAIL)) {
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $technical_contact_email,
'recipient_name' => $technical_contact_name,
'subject' => $subject,
'body' => $body
];
}
}
addToMailQueue($data);
}
if (!empty($config_smtp_host) && $scope == 'client' && $type == 'billing') {
$sql_billing_contacts = mysqli_query(
$mysqli,
"SELECT contact_name, contact_email FROM contacts
WHERE contact_billing = 1
AND contact_email != ''
AND contact_client_id = $client_id"
);
$data = [];
while ($billing_contact = mysqli_fetch_array($sql_billing_contacts)) {
$billing_contact_name = sanitizeInput($billing_contact['contact_name']);
$billing_contact_email = sanitizeInput($billing_contact['contact_email']);
if (filter_var($billing_contact_email, FILTER_VALIDATE_EMAIL)) {
$data[] = [
'from' => $config_ticket_from_email,
'from_name' => $config_ticket_from_name,
'recipient' => $billing_contact_email,
'recipient_name' => $billing_contact_name,
'subject' => $subject,
'body' => $body
];
}
}
addToMailQueue($data);
}
// Logging
logAction("Task", "Edit", "$session_name added task approver for $task_name", $client_id, $task_id);
flash_alert("Added approver");
redirect();
}
if (isset($_GET['approve_ticket_task'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 2);
$task_id = intval($_GET['approve_task']);
$approval_id = intval($_GET['approval_id']);
$approval_row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM task_approvals LEFT JOIN tasks on task_id = approval_task_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'"));
$task_name = nullable_htmlentities($approval_row['task_name']);
$scope = nullable_htmlentities($approval_row['approval_scope']);
$type = nullable_htmlentities($approval_row['approval_type']);
$required_user = intval($approval_row['approval_required_user_id']);
$created_by = intval($approval_row['approval_created_by']);
$ticket_id = intval($approval_row['task_ticket_id']);
if (!$approval_row) {
flash_alert("Cannot find/approve that task", 'error');
redirect();
exit;
}
// Validate approver (deny)
if ($required_user > 0 && $required_user !== $session_user_id) {
flash_alert("You cannot approve that task", 'error');
redirect();
exit;
}
if ($required_user == 0 && $type = 'any' && $created_by == $session_user_id) {
flash_alert("You cannot approve your own task", 'error');
redirect();
exit;
}
// Approve
mysqli_query($mysqli, "UPDATE task_approvals SET approval_status = 'approved', approval_approved_by = $session_user_id WHERE approval_id = $approval_id AND approval_task_id = $task_id AND approval_scope = 'internal'");
// Notify
mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Ticket', notification = '$session_name approved ticket task $task_name', notification_action = 'ticket.php?ticket_id=$ticket_id', notification_client_id = 0, notification_user_id = $created_by");
// TODO: Email agent
// Logging
logAction("Task", "Edit", "$session_name approved task $task_name (approval $approval_id)", 0, $task_id);
flash_alert("Approved");
redirect();
}
if (isset($_GET['delete_ticket_task_approver'])) {
validateCSRFToken($_GET['csrf_token']);
enforceUserPermission('module_support', 3);
$approval_id = intval($_GET['delete_ticket_task_approver']);
mysqli_query($mysqli, "DELETE FROM task_approvals WHERE approval_id = $approval_id");
logAction("Task", "Delete", "$session_name deleted task approval request ($approval_id)", 0, 0);
flash_alert("Approval request deleted", 'error');
redirect();
}
if (isset($_GET['complete_all_tasks'])) {
enforceUserPermission('module_support', 2);

75
agent/ticket.php
View File

@@ -961,23 +961,82 @@ if (isset($_GET['ticket_id'])) {
<table class="table table-sm" id="tasks">
<?php
while($row = mysqli_fetch_array($sql_tasks)){
while ($row = mysqli_fetch_array($sql_tasks)) {
$task_id = intval($row['task_id']);
$task_name = nullable_htmlentities($row['task_name']);
//$task_description = nullable_htmlentities($row['task_description']); // not in db yet
$task_completion_estimate = intval($row['task_completion_estimate']);
$task_completed_at = nullable_htmlentities($row['task_completed_at']);
// Check for approvals
$task_needs_approval = false;
$task_needs_approval = mysqli_num_rows(mysqli_query(
$mysqli,
"SELECT 1 FROM task_approvals
WHERE approval_task_id = $task_id
AND approval_status IN ('pending','declined')
LIMIT 1"
)) > 0;
$approval_id = 0;
$user_can_approve = false;
$approval_rows = mysqli_query($mysqli, "
SELECT approval_id, approval_scope, approval_type, approval_required_user_id, approval_created_by
FROM task_approvals WHERE approval_task_id = $task_id AND approval_status = 'pending'
");
while ($approval = mysqli_fetch_array($approval_rows)) {
$scope = nullable_htmlentities($approval['approval_scope']);
$type = nullable_htmlentities($approval['approval_type']);
$required_user = intval($approval['approval_required_user_id']);
$created_by = intval($approval['approval_created_by']);
// Named, specific user?
if ($scope == 'internal' && $type == 'specific' && $required_user == $session_user_id) {
$user_can_approve = true;
$approval_id = intval($approval['approval_id']);
continue;
}
// Any internal user, but the one who created the task
if ($scope == 'internal' && $type == 'any' && $created_by !== $session_user_id) {
$user_can_approve = true;
$approval_id = intval($approval['approval_id']);
continue;
}
}
?>
<tr data-task-id="<?= $task_id ?>">
<td>
<?php if ($task_completed_at) { ?>
<i class="far fa-check-square text-success"></i>
<?php } elseif (lookupUserPermission("module_support") >= 2) { ?>
<a href="post.php?complete_task=<?php echo $task_id; ?>">
<i class="far fa-square text-dark"></i>
</a>
<?php if ($task_needs_approval) { ?>
<i class="fas fa-shield-alt text-warning"
data-toggle="tooltip"
data-placement="top"
title="Approval required"></i>
<?php if ($user_can_approve) { ?>
<a class="confirm-link" href="post.php?approve_ticket_task=<?= $task_id ?>&approval_id=<?= $approval_id ?>&csrf_token=<?= $_SESSION['csrf_token'] ?>">
<i class="fas fa-thumbs-up text-green"></i>
</a>
<?php } ?>
<span class="text-dark ml-2"><?= $task_name ?></span>
<?php } else { ?>
<a href="post.php?complete_task=<?php echo $task_id; ?>">
<i class="far fa-square text-dark"></i>
</a>
<span class="text-dark ml-2"><?php echo $task_name; ?></span>
<?php } ?>
<?php } ?>
<span class="text-dark ml-2"><?php echo $task_name; ?></span>
</td>
<td>
<div class="float-right">
@@ -997,6 +1056,12 @@ if (isset($_GET['ticket_id'])) {
data-modal-url="modals/ticket/ticket_task_edit.php?id=<?= $task_id ?>">
<i class="fas fa-fw fa-edit mr-2"></i>Edit
</a>
<?php if (!$task_completed_at) { ?>
<a class="dropdown-item ajax-modal" href="#"
data-modal-url="modals/ticket/ticket_task_approver_add.php?id=<?= $task_id ?>">
<i class="fas fa-fw fa-shield-alt mr-2"></i>Add Approvers
</a>
<?php } ?>
<?php if ($task_completed_at) { ?>
<a class="dropdown-item" href="post.php?undo_complete_task=<?php echo $task_id; ?>">
<i class="fas fa-fw fa-arrow-circle-left mr-2"></i>Mark incomplete