diff --git a/agent/post/project.php b/agent/post/project.php index 12e5aefe..1edfcbc7 100644 --- a/agent/post/project.php +++ b/agent/post/project.php @@ -19,6 +19,11 @@ if (isset($_POST['add_project'])) { $client_id = intval($_POST['client_id']); $project_template_id = intval($_POST['project_template_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + // Sanitize Project Prefix $config_project_prefix = sanitizeInput($config_project_prefix); @@ -102,6 +107,11 @@ if (isset($_POST['edit_project'])) { $project_manager = intval($_POST['project_manager']); $client_id = intval($_POST['client_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + mysqli_query($mysqli, "UPDATE projects SET project_name = '$project_name', project_description = '$project_description', project_due = '$due_date', project_manager = $project_manager, project_client_id = $client_id WHERE project_id = $project_id"); logAction("Project", "Edit", "$session_name edited project $project_name", $client_id, $project_id); @@ -126,6 +136,11 @@ if (isset($_GET['close_project'])) { $project_name = sanitizeInput($row['project_name']); $client_id = intval($row['project_client_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + mysqli_query($mysqli, "UPDATE projects SET project_completed_at = NOW() WHERE project_id = $project_id"); logAction("Project", "Close", "$session_name closed project $project_name", $client_id, $project_id); @@ -150,6 +165,11 @@ if (isset($_GET['archive_project'])) { $project_name = sanitizeInput($row['project_name']); $client_id = intval($row['project_client_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NOW() WHERE project_id = $project_id"); logAction("Project", "Archive", "$session_name archived project $project_name", $client_id, $project_id); @@ -174,6 +194,11 @@ if (isset($_GET['restore_project'])) { $project_name = sanitizeInput($row['project_name']); $client_id = sanitizeInput($row['project_client_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + mysqli_query($mysqli, "UPDATE projects SET project_archived_at = NULL WHERE project_id = $project_id"); logAction("Project", "Restore", "$session_name restored project $project_name", $client_id, $project_id); @@ -198,6 +223,11 @@ if (isset($_GET['delete_project'])) { $project_name = sanitizeInput($row['project_name']); $client_id = intval($row['project_client_id']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + mysqli_query($mysqli, "DELETE FROM projects WHERE project_id = $project_id"); logAction("Project", "Delete", "$session_name deleted project $project_name", $client_id, $project_id); @@ -222,6 +252,11 @@ if (isset($_POST['link_ticket_to_project'])) { $client_id = intval($row['project_client_id']); $project_name = sanitizeInput($row['project_name']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + // Add Tickets if (isset($_POST['tickets'])) { @@ -268,6 +303,11 @@ if (isset($_POST['link_closed_ticket_to_project'])) { $client_id = intval($row['project_client_id']); $project_name = sanitizeInput($row['project_name']); + // Don't Enforce Client Access if Project doesn't have an assigned client + if ($client_id) { + enforceClientAccess(); + } + // Get ticket details $sql = mysqli_query($mysqli, "SELECT ticket_id, ticket_prefix, ticket_number, ticket_subject, ticket_updated_at FROM tickets WHERE ticket_number = $ticket_number"); if (mysqli_num_rows($sql) == 0) {