From 1ae2da80540680b4c2335d7391f7fb511f485517 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Tue, 1 Apr 2025 08:46:22 +0100
Subject: [PATCH 1/3] User activity

Hide the See More button if the user can't actually access the logs due to not being an admin
---
 user_activity.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/user_activity.php b/user_activity.php
index cf962980..287706a7 100644
--- a/user_activity.php
+++ b/user_activity.php
@@ -41,9 +41,11 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
         <?php } ?>
         </tbody>
     </table>
-    <div class="card-footer">
-        <a href="admin_audit_log.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
-    </div>
+    <?php if (isset($session_is_admin) && $session_is_admin === true) { ?>
+        <div class="card-footer">
+            <a href="admin_audit_log.php?q=<?php echo "$session_name successfully logged in"; ?>">See More...</a>
+        </div>
+    <?php } ?>
 </div>
 
 <div class="card card-dark">
@@ -86,9 +88,11 @@ $sql_recent_logs = mysqli_query($mysqli, "SELECT * FROM logs
         ?>
         </tbody>
     </table>
-    <div class="card-footer">
-        <a href="admin_audit_log.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
-    </div>
+    <?php if (isset($session_is_admin) && $session_is_admin === true) { ?>
+        <div class="card-footer">
+            <a href="admin_audit_log.php?q=<?php echo nullable_htmlentities($session_name); ?>">See More...</a>
+        </div>
+    <?php } ?>
 </div>
 
 <?php

From dc49f80cc3c1d1b04e351e6bfda75e6a1fc50fa7 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Tue, 1 Apr 2025 09:03:33 +0100
Subject: [PATCH 2/3] Tickets - Fix bulk assign

Fix bulk assigning tickets to agents
---
 post/user/ticket.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post/user/ticket.php b/post/user/ticket.php
index 41d31701..8d1d8bf4 100644
--- a/post/user/ticket.php
+++ b/post/user/ticket.php
@@ -732,7 +732,7 @@ if (isset($_POST['bulk_assign_ticket'])) {
                 $agent_name = "No One";
             } else {
                 // Get & verify assigned agent details
-                $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to AND user_settings.user_role > 1");
+                $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assign_to");
                 $agent_details = mysqli_fetch_array($agent_details_sql);
 
                 $agent_name = sanitizeInput($agent_details['user_name']);

From 7286248fefb50741527b8b42f3c3c9efe0cb8e21 Mon Sep 17 00:00:00 2001
From: wrongecho <marcus@itflow.org>
Date: Tue, 1 Apr 2025 09:12:24 +0100
Subject: [PATCH 3/3] Ticket assign

Remove the role check altogether, its the old way of doing the roles anyway
---
 post/user/ticket.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/post/user/ticket.php b/post/user/ticket.php
index 41d31701..2cdafddf 100644
--- a/post/user/ticket.php
+++ b/post/user/ticket.php
@@ -576,7 +576,7 @@ if (isset($_POST['assign_ticket'])) {
         $agent_name = "No One";
     } else {
         // Get & verify assigned agent details
-        $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users LEFT JOIN user_settings ON users.user_id = user_settings.user_id WHERE users.user_id = $assigned_to AND users.user_role_id > 1");
+        $agent_details_sql = mysqli_query($mysqli, "SELECT user_name, user_email FROM users WHERE users.user_id = $assigned_to");
         $agent_details = mysqli_fetch_array($agent_details_sql);
 
         $agent_name = sanitizeInput($agent_details['user_name']);