diff --git a/ajax.php b/ajax.php index 8d6265c7..ff0f1cd9 100644 --- a/ajax.php +++ b/ajax.php @@ -58,6 +58,13 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){ * Looks up info for a given certificate ID from the database, used to dynamically populate modal fields */ if(isset($_GET['certificate_get_json_details'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + $certificate_id = intval($_GET['certificate_id']); $client_id = intval($_GET['client_id']); @@ -80,6 +87,13 @@ if(isset($_GET['certificate_get_json_details'])){ * Looks up info for a given domain ID from the database, used to dynamically populate modal fields */ if(isset($_GET['domain_get_json_details'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + $domain_id = intval($_GET['domain_id']); $client_id = intval($_GET['client_id']); @@ -102,6 +116,13 @@ if(isset($_GET['domain_get_json_details'])){ * Looks up info on the ticket number provided, used to populate the ticket merge modal */ if(isset($_GET['merge_ticket_get_json_details'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']); $sql = mysqli_query($mysqli,"SELECT * FROM tickets @@ -123,6 +144,13 @@ if(isset($_GET['merge_ticket_get_json_details'])){ * Looks up info for a given network ID from the database, used to dynamically populate modal fields */ if(isset($_GET['network_get_json_details'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + $network_id = intval($_GET['network_id']); $client_id = intval($_GET['client_id']); @@ -200,6 +228,13 @@ if(isset($_GET['ticket_query_views'])){ * Generates public/guest links for sharing logins/docs */ if(isset($_GET['share_generate_link'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + $client_id = intval($_GET['client_id']); $item_type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type']))); $item_id = intval($_GET['id']); @@ -239,4 +274,34 @@ if(isset($_GET['share_generate_link'])){ // Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - Item ID: $item_id', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id"); +} + +/* + * Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields + */ +if(isset($_GET['scheduled_ticket_get_json_details'])){ + if($session_user_role == 1){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); + } + + $client_id = intval($_GET['client_id']); + $ticket_id = intval($_GET['ticket_id']); + + $ticket_sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets + WHERE scheduled_ticket_id = $ticket_id + AND scheduled_ticket_client_id = $client_id LIMIT 1"); + while($row = mysqli_fetch_array($ticket_sql)){ + $response['ticket'][] = $row; + } + + $asset_sql = mysqli_query($mysqli, "SELECT asset_id, asset_name FROM assets WHERE asset_client_id = $client_id AND asset_archived_at IS NULL"); + while($row = mysqli_fetch_array($asset_sql)){ + $response['assets'][] = $row; + } + + echo json_encode($response); + } \ No newline at end of file diff --git a/client_domain_edit_modal.php b/client_domain_edit_modal.php index 9a3c0bff..89a0f4df 100644 --- a/client_domain_edit_modal.php +++ b/client_domain_edit_modal.php @@ -32,7 +32,7 @@
- + @@ -64,7 +64,7 @@
- + diff --git a/client_domains.php b/client_domains.php index 30fe12db..46df0a4e 100644 --- a/client_domains.php +++ b/client_domains.php @@ -161,7 +161,7 @@ include("client_domain_add_modal.php"); // If we get a response from post.php, parse it as JSON const response = JSON.parse(data); - // Access the domain info (one), registrars (multiple) and webhosts (multiple_ + // Access the domain info (one), registrars (multiple) and webhosts (multiple) const domain = response.domain[0]; const vendors = response.vendors; diff --git a/client_routes.php b/client_routes.php index c3c4d505..bd26b408 100644 --- a/client_routes.php +++ b/client_routes.php @@ -102,14 +102,17 @@ if(isset($_GET['tab'])){ elseif($_GET['tab'] == "logs"){ include("client_logs.php"); } - elseif($_GET['tab'] == "shared-items"){ - if($session_user_role > 1){ + elseif($_GET['tab'] == "shared-items") { + if ($session_user_role > 1) { include("client_shared_items.php"); } } + elseif($_GET['tab'] == "scheduled-tickets") { + if ($session_user_role > 1) { + include("client_scheduled_tickets.php"); + } + } } else{ include("client_overview.php"); } - -?> \ No newline at end of file diff --git a/client_scheduled_tickets.php b/client_scheduled_tickets.php new file mode 100644 index 00000000..ab6c0adc --- /dev/null +++ b/client_scheduled_tickets.php @@ -0,0 +1,150 @@ + $sb, 'o' => $o))); + +// SQL +$sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM scheduled_tickets + LEFT JOIN clients on scheduled_ticket_client_id = client_id + WHERE scheduled_ticket_client_id = $client_id + AND scheduled_tickets.scheduled_ticket_subject LIKE '%$q%' + ORDER BY $sb $o LIMIT $record_from, $record_to" +); + +$num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); + + +?> + + +
+
+

Scheduled Tickets

+
+ +
+ +
+ + +
+ +
+
+ +
+ +
+
+
+ +
+
+
+ +
+ + "> + + + + + + + + + + + + + + + + + + + + + + + + +
SubjectPriorityFrequencyNext Run DateAction
)"> +
+ +
+ )">Edit + +
+ Delete +
+ +
+
+
+ +
+
\ No newline at end of file diff --git a/client_shared_items.php b/client_shared_items.php index ee1c5fa6..8a1d6a39 100644 --- a/client_shared_items.php +++ b/client_shared_items.php @@ -39,6 +39,9 @@ if(isset($_GET['o'])){ $disp = "DESC"; } +// Current tab +$tab = str_replace('-', ' ', htmlentities($_GET['tab'])); + //Rebuild URL $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o))); @@ -60,12 +63,12 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
- +
- +
diff --git a/client_side_nav.php b/client_side_nav.php index 5c422a1d..90b438d6 100644 --- a/client_side_nav.php +++ b/client_side_nav.php @@ -306,6 +306,13 @@ +
  • + "> + +

    Scheduled Tickets

    +     +
    • +
  • "> diff --git a/js/scheduledTickets.js b/js/scheduledTickets.js new file mode 100644 index 00000000..8922823e --- /dev/null +++ b/js/scheduledTickets.js @@ -0,0 +1,63 @@ +function populateScheduledTicketEditModal(client_id, ticket_id) { + + // Send a GET request to ajax.php as ajax.php?scheduled_ticket_get_json_details=true&client_id=NUM&ticket_id=NUM + jQuery.get( + "ajax.php", + {scheduled_ticket_get_json_details: 'true', client_id: client_id, ticket_id: ticket_id}, + function(data){ + + // If we get a response from post.php, parse it as JSON + const response = JSON.parse(data); + + // Access the ticket info, and all potential assets + const ticket = response.ticket[0]; + const assets = response.assets; + + // Populate the scheduled ticket modal fields + document.getElementById("editHeader").innerText = " Edit Scheduled ticket: " + ticket.scheduled_ticket_subject; + document.getElementById("editTicketId").value = ticket_id; + document.getElementById("editClientId").value = client_id; + document.getElementById("editTicketSubject").value = ticket.scheduled_ticket_subject; + document.getElementById("editTicketNextRun").value = ticket.scheduled_ticket_next_run; + $('#editTicketDetails').summernote('code', ticket.scheduled_ticket_details); + + + // Frequency dropdown + var frequencyDropdown = document.querySelector("#editTicketFrequency"); + Array.from(frequencyDropdown.options).forEach(function (option, index){ + if(option.id === ticket.scheduled_ticket_frequency){ + frequencyDropdown.selectedIndex = index; + } + }); + + // Priority dropdown + var priorityDropdown = document.querySelector("#editTicketPriority"); + Array.from(priorityDropdown.options).forEach(function (option, index){ + if(option.id === ticket.scheduled_ticket_priority){ + priorityDropdown.selectedIndex = index; + } + }); + + // Asset dropdown + var assetDropdown = document.getElementById("editTicketAssetId"); + + // Clear asset dropdown + var i, L = assetDropdown.options.length -1; + for(i = L; i >= 0; i--) { + assetDropdown.remove(i); + } + assetDropdown[assetDropdown.length] = new Option('- Asset -', '0'); + + // Populate dropdown + assets.forEach(asset => { + if(parseInt(asset.asset_id) == parseInt(ticket.scheduled_ticket_asset_id)){ + // Selected asset + assetDropdown[assetDropdown.length] = new Option(asset.asset_name, asset.asset_id, true, true); + } + else{ + assetDropdown[assetDropdown.length] = new Option(asset.asset_name, asset.asset_id); + } + }); + } + ); +} \ No newline at end of file diff --git a/post.php b/post.php index 4da7d7eb..61b3652e 100644 --- a/post.php +++ b/post.php @@ -2817,7 +2817,7 @@ if(isset($_POST['edit_transfer'])){ if(isset($_GET['delete_transfer'])){ $transfer_id = intval($_GET['delete_transfer']); - //Query the transfer ID to get the Pyament and Expense IDs so we can delete those as well + //Query the transfer ID to get the Payment and Expense IDs so we can delete those as well $sql = mysqli_query($mysqli,"SELECT * FROM transfers WHERE transfer_id = $transfer_id AND company_id = $session_company_id"); $row = mysqli_fetch_array($sql); $expense_id = $row['transfer_expense_id']; @@ -3802,7 +3802,7 @@ if(isset($_POST['add_payment'])){ $amount = floatval($_POST['amount']); $account = intval($_POST['account']); $currency_code = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['currency_code']))); - $payment_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['payment_method']))); + $payment_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['payment_method']))); $reference = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['reference']))); $email_receipt = intval($_POST['email_receipt']); $base_url = $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); @@ -6031,7 +6031,7 @@ if(isset($_POST['edit_scheduled_ticket'])){ mysqli_query($mysqli, "UPDATE scheduled_tickets SET scheduled_ticket_subject = '$subject', scheduled_ticket_details = '$details', scheduled_ticket_priority = '$priority', scheduled_ticket_frequency = '$frequency', scheduled_ticket_next_run = '$next_run_date', scheduled_ticket_updated_at = NOW(), scheduled_ticket_asset_id = '$asset_id', company_id = '$session_company_id' WHERE scheduled_ticket_id = '$ticket_id'"); // Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Updated scheduled ticket for $subject - $frequency', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Update', log_description = 'Updated scheduled ticket for $subject - $frequency', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id, log_user_id = $session_user_id"); $_SESSION['alert_message'] = "Scheduled ticket updated."; @@ -6041,11 +6041,11 @@ if(isset($_POST['edit_scheduled_ticket'])){ if(isset($_GET['delete_scheduled_ticket'])){ - if($session_user_role == 1){ - $_SESSION['alert_type'] = "danger"; - $_SESSION['alert_message'] = "You are not permitted to do that!"; - header("Location: " . $_SERVER["HTTP_REFERER"]); - exit(); + if($session_user_role != 3){ + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "You are not permitted to do that!"; + header("Location: " . $_SERVER["HTTP_REFERER"]); + exit(); } $scheduled_ticket_id = intval($_GET['delete_scheduled_ticket']); diff --git a/scheduled_ticket_edit_modal.php b/scheduled_ticket_edit_modal.php index 969dede2..b6f0a13a 100644 --- a/scheduled_ticket_edit_modal.php +++ b/scheduled_ticket_edit_modal.php @@ -1,101 +1,91 @@ -