diff --git a/ajax.php b/ajax.php
index 9e13c3a0..e8d81564 100644
--- a/ajax.php
+++ b/ajax.php
@@ -15,6 +15,7 @@ require_once "plugins/totp/totp.php";
* Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
*/
if (isset($_GET['certificate_fetch_parse_json_details'])) {
+ enforceUserPermission('module_support');
// PHP doesn't appreciate attempting SSL sockets to non-existent domains
if (empty($_GET['domain'])) {
@@ -43,7 +44,7 @@ if (isset($_GET['certificate_fetch_parse_json_details'])) {
* Looks up info for a given certificate ID from the database, used to dynamically populate modal fields
*/
if (isset($_GET['certificate_get_json_details'])) {
- validateTechRole();
+ enforceUserPermission('module_support');
$certificate_id = intval($_GET['certificate_id']);
$client_id = intval($_GET['client_id']);
@@ -109,7 +110,7 @@ if (isset($_GET['domain_get_json_details'])) {
* Looks up info on the ticket number provided, used to populate the ticket merge modal
*/
if (isset($_GET['merge_ticket_get_json_details'])) {
- validateTechRole();
+ enforceUserPermission('module_support');
$merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
@@ -134,7 +135,7 @@ if (isset($_GET['merge_ticket_get_json_details'])) {
* Looks up info for a given network ID from the database, used to dynamically populate modal fields
*/
if (isset($_GET['network_get_json_details'])) {
- validateTechRole();
+ enforceUserPermission('module_support');
$network_id = intval($_GET['network_id']);
$client_id = intval($_GET['client_id']);
@@ -159,6 +160,8 @@ if (isset($_GET['network_get_json_details'])) {
}
if (isset($_POST['client_set_notes'])) {
+ enforceUserPermission('module_client', 2);
+
$client_id = intval($_POST['client_id']);
$notes = sanitizeInput($_POST['notes']);
@@ -171,6 +174,8 @@ if (isset($_POST['client_set_notes'])) {
}
if (isset($_POST['contact_set_notes'])) {
+ enforceUserPermission('module_client', 2);
+
$contact_id = intval($_POST['contact_id']);
$notes = sanitizeInput($_POST['notes']);
@@ -191,6 +196,8 @@ if (isset($_POST['contact_set_notes'])) {
}
if (isset($_POST['asset_set_notes'])) {
+ enforceUserPermission('module_support', 2);
+
$asset_id = intval($_POST['asset_id']);
$notes = sanitizeInput($_POST['notes']);
@@ -211,7 +218,7 @@ if (isset($_POST['asset_set_notes'])) {
}
/*
- * Collision Detection/Avoidance
+ * Ticketing Collision Detection/Avoidance
* Called upon loading a ticket, and every 2 mins thereafter
* Is used in conjunction with ticket_query_views to show who is currently viewing a ticket
*/
@@ -222,7 +229,7 @@ if (isset($_GET['ticket_add_view'])) {
}
/*
- * Collision Detection/Avoidance
+ * Ticketing Collision Detection/Avoidance
* Returns formatted text of the agents currently viewing a ticket
* Called upon loading a ticket, and every 2 mins thereafter
*/
@@ -255,7 +262,7 @@ if (isset($_GET['ticket_query_views'])) {
* Generates public/guest links for sharing logins/docs
*/
if (isset($_GET['share_generate_link'])) {
- validateTechRole();
+ enforceUserPermission('module_support', 2);
$item_encrypted_username = ''; // Default empty
$item_encrypted_credential = ''; // Default empty
@@ -375,7 +382,7 @@ if (isset($_GET['share_generate_link'])) {
* Looks up info for a given recurring (was scheduled) ticket ID from the database, used to dynamically populate modal edit fields
*/
if (isset($_GET['recurring_ticket_get_json_details'])) {
- validateTechRole();
+ enforceUserPermission('module_support');
$client_id = intval($_GET['client_id']);
$ticket_id = intval($_GET['ticket_id']);
@@ -426,6 +433,8 @@ if (isset($_GET['recurring_ticket_get_json_details'])) {
* Looks up info for a given quote ID from the database, used to dynamically populate modal fields
*/
if (isset($_GET['quote_get_json_details'])) {
+ enforceUserPermission('module_sales');
+
$quote_id = intval($_GET['quote_id']);
// Get quote details
@@ -462,6 +471,7 @@ if (isset($_GET['quote_get_json_details'])) {
* Returns sorted list of active clients
*/
if (isset($_GET['get_active_clients'])) {
+ enforceUserPermission('module_client');
$client_sql = mysqli_query(
$mysqli,
@@ -481,6 +491,8 @@ if (isset($_GET['get_active_clients'])) {
* Returns ordered list of active contacts for a specified client
*/
if (isset($_GET['get_client_contacts'])) {
+ enforceUserPermission('module_client');
+
$client_id = intval($_GET['client_id']);
$contact_sql = mysqli_query(
@@ -502,7 +514,7 @@ if (isset($_GET['get_client_contacts'])) {
* When provided with a login ID, checks permissions and returns the 6-digit code
*/
if (isset($_GET['get_totp_token_via_id'])) {
- validateTechRole();
+ enforceUserPermission('module_credential');
$login_id = intval($_GET['login_id']);
@@ -530,6 +542,152 @@ if (isset($_GET['get_readable_pass'])) {
echo json_encode(GenerateReadablePassword(4));
}
+/*
+ * ITFlow - POST request handler for client tickets
+ */
+if (isset($_POST['update_kanban_status_position'])) {
+ // Update multiple ticket status kanban orders
+ enforceUserPermission('module_support', 2);
+
+ $positions = $_POST['positions'];
+
+ foreach ($positions as $position) {
+ $status_id = intval($position['status_id']);
+ $kanban = intval($position['status_kanban']);
+
+ mysqli_query($mysqli, "UPDATE ticket_statuses SET ticket_status_order = $kanban WHERE ticket_status_id = $status_id");
+ }
+
+ // return a response
+ echo json_encode(['status' => 'success']);
+ exit;
+}
+
+if (isset($_POST['update_kanban_ticket'])) {
+ // Update ticket kanban order and status
+ enforceUserPermission('module_support', 2);
+
+ // all tickets on the column
+ $positions = $_POST['positions'];
+
+ foreach ($positions as $position) {
+ $ticket_id = intval($position['ticket_id']);
+ $kanban = intval($position['ticket_order']); // ticket kanban position
+ $status = intval($position['ticket_status']); // ticket statuses
+ $oldStatus = intval($position['ticket_oldStatus']); // ticket old status if moved
+
+ $statuses['Closed'] = 5;
+ $statuses['Resolved'] = 4;
+
+ // Continue if status is null / Closed
+ if ($status === null || $status === $statuses['Closed']) {
+ continue;
+ }
+
+
+ if ($oldStatus === false) {
+ // if ticket was not moved, just uptdate the order on kanban
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban WHERE ticket_id = $ticket_id");
+ customAction('ticket_update', $ticket_id);
+ } else {
+ // If the ticket was moved from a resolved status to another status, we need to update ticket_resolved_at
+ if ($oldStatus === $statuses['Resolved']) {
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NULL WHERE ticket_id = $ticket_id");
+ customAction('ticket_update', $ticket_id);
+ } elseif ($status === $statuses['Resolved']) {
+ // If the ticket was moved to a resolved status, we need to update ticket_resolved_at
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status, ticket_resolved_at = NOW() WHERE ticket_id = $ticket_id");
+ customAction('ticket_update', $ticket_id);
+
+ // Client notification email
+ if (!empty($config_smtp_host) && $config_ticket_client_general_notifications == 1) {
+
+ // Get details
+ $ticket_sql = mysqli_query($mysqli, "SELECT contact_name, contact_email, ticket_prefix, ticket_number, ticket_subject, ticket_status_name, ticket_assigned_to, ticket_url_key, ticket_client_id FROM tickets
+ LEFT JOIN clients ON ticket_client_id = client_id
+ LEFT JOIN contacts ON ticket_contact_id = contact_id
+ LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
+ WHERE ticket_id = $ticket_id
+ ");
+ $row = mysqli_fetch_array($ticket_sql);
+
+ $contact_name = sanitizeInput($row['contact_name']);
+ $contact_email = sanitizeInput($row['contact_email']);
+ $ticket_prefix = sanitizeInput($row['ticket_prefix']);
+ $ticket_number = intval($row['ticket_number']);
+ $ticket_subject = sanitizeInput($row['ticket_subject']);
+ $client_id = intval($row['ticket_client_id']);
+ $ticket_assigned_to = intval($row['ticket_assigned_to']);
+ $ticket_status = sanitizeInput($row['ticket_status_name']);
+ $url_key = sanitizeInput($row['ticket_url_key']);
+
+ // Sanitize Config vars from get_settings.php
+ $config_ticket_from_name = sanitizeInput($config_ticket_from_name);
+ $config_ticket_from_email = sanitizeInput($config_ticket_from_email);
+ $config_base_url = sanitizeInput($config_base_url);
+
+ // Get Company Info
+ $sql = mysqli_query($mysqli, "SELECT company_name, company_phone FROM companies WHERE company_id = 1");
+ $row = mysqli_fetch_array($sql);
+ $company_name = sanitizeInput($row['company_name']);
+ $company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
+
+ // EMAIL
+ $subject = "Ticket resolved - [$ticket_prefix$ticket_number] - $ticket_subject | (pending closure)";
+ $body = "##- Please type your reply above this line -##
Hello $contact_name,
Your ticket regarding $ticket_subject has been marked as solved and is pending closure.
If your request/issue is resolved, you can simply ignore this email. If you need further assistance, please reply or re-open to let us know!
Ticket: $ticket_prefix$ticket_number
Subject: $ticket_subject
Status: $ticket_status
Portal: View ticket
--
$company_name - Support
$config_ticket_from_email
$company_phone";
+
+ // Check email valid
+ if (filter_var($contact_email, FILTER_VALIDATE_EMAIL)) {
+
+ $data = [];
+
+ // Email Ticket Contact
+ // Queue Mail
+
+ $data[] = [
+ 'from' => $config_ticket_from_email,
+ 'from_name' => $config_ticket_from_name,
+ 'recipient' => $contact_email,
+ 'recipient_name' => $contact_name,
+ 'subject' => $subject,
+ 'body' => $body
+ ];
+ }
+
+ // Also Email all the watchers
+ $sql_watchers = mysqli_query($mysqli, "SELECT watcher_email FROM ticket_watchers WHERE watcher_ticket_id = $ticket_id");
+ $body .= "
----------------------------------------
YOU ARE A COLLABORATOR ON THIS TICKET";
+ while ($row = mysqli_fetch_array($sql_watchers)) {
+ $watcher_email = sanitizeInput($row['watcher_email']);
+
+ // Queue Mail
+ $data[] = [
+ 'from' => $config_ticket_from_email,
+ 'from_name' => $config_ticket_from_name,
+ 'recipient' => $watcher_email,
+ 'recipient_name' => $watcher_email,
+ 'subject' => $subject,
+ 'body' => $body
+ ];
+ }
+ addToMailQueue($data);
+ }
+ //End Mail IF
+
+ } else {
+ // If the ticket was moved from any status to another status
+ mysqli_query($mysqli, "UPDATE tickets SET ticket_order = $kanban, ticket_status = $status WHERE ticket_id = $ticket_id");
+ customAction('ticket_update', $ticket_id);
+ }
+ }
+
+ }
+
+ // return a response
+ echo json_encode(['status' => 'success','payload' => $positions]);
+ exit;
+}
+
if (isset($_POST['update_ticket_tasks_order'])) {
// Update multiple ticket tasks order
enforceUserPermission('module_support', 2);
@@ -537,7 +695,7 @@ if (isset($_POST['update_ticket_tasks_order'])) {
$positions = $_POST['positions'];
$ticket_id = intval($_POST['ticket_id']);
- foreach ($positions as $position) {
+ foreach ($positions as $position) {
$id = intval($position['id']);
$order = intval($position['order']);