From 5073188d711a6e73355827629c888ac1c518753a Mon Sep 17 00:00:00 2001 From: Maxi Redigonda Date: Thu, 11 Jul 2019 18:16:35 -0300 Subject: [PATCH 1/2] Makes frontend allow ticket editing for any staff member --- client/src/app-components/ticket-viewer.js | 3 +++ .../src/app/admin/panel/tickets/admin-panel-view-ticket.js | 5 +---- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/client/src/app-components/ticket-viewer.js b/client/src/app-components/ticket-viewer.js index b2279e1e..9f8db3d7 100644 --- a/client/src/app-components/ticket-viewer.js +++ b/client/src/app-components/ticket-viewer.js @@ -444,6 +444,7 @@ class TicketViewer extends React.Component { } }).then(this.onTicketModification.bind(this)); } + addTag(tag) { API.call({ path: '/ticket/add-tag', @@ -463,6 +464,7 @@ class TicketViewer extends React.Component { } }).then(this.onTicketModification.bind(this)) } + onCustomResponsesChanged({index}) { let replaceContentWithCustomResponse = () => { this.setState({ @@ -523,6 +525,7 @@ class TicketViewer extends React.Component { commentError: true }); } + onSubmit(formState) { this.setState({ loading: true diff --git a/client/src/app/admin/panel/tickets/admin-panel-view-ticket.js b/client/src/app/admin/panel/tickets/admin-panel-view-ticket.js index 83566c0c..f1273c20 100644 --- a/client/src/app/admin/panel/tickets/admin-panel-view-ticket.js +++ b/client/src/app/admin/panel/tickets/admin-panel-view-ticket.js @@ -75,10 +75,7 @@ class AdminPanelViewTicket extends React.Component { onChange: this.retrieveTicket.bind(this), assignmentAllowed: this.props.assignmentAllowed, customResponses: this.props.customResponses, - editable: ( - (this.state.ticket.owner && this.state.ticket.owner.id == SessionStore.getSessionData().userId) || - (this.state.ticket.author && this.state.ticket.author.staff && this.state.ticket.author.id == SessionStore.getSessionData().userId) - ) + editable: true }; } From c70e9a444ddfe6b9be4f09060f51d0d07f6c7ec0 Mon Sep 17 00:00:00 2001 From: Maxi Redigonda Date: Thu, 11 Jul 2019 19:42:09 -0300 Subject: [PATCH 2/2] Allows all staff members in charge of the department of a ticket to manage it (change its department, priority, comment on it, etc.) --- server/controllers/ticket/change-priority.php | 32 ++++++++----------- server/controllers/ticket/close.php | 14 +++----- server/controllers/ticket/comment.php | 2 +- 3 files changed, 19 insertions(+), 29 deletions(-) diff --git a/server/controllers/ticket/change-priority.php b/server/controllers/ticket/change-priority.php index c27ac798..5f4741ad 100755 --- a/server/controllers/ticket/change-priority.php +++ b/server/controllers/ticket/change-priority.php @@ -50,26 +50,20 @@ class ChangePriorityController extends Controller { $ticket = Ticket::getByTicketNumber($ticketNumber); $user = Controller::getLoggedUser(); - if (!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION); + if(!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION); + $ticket->priority = $priority; + $ticket->unread = !$ticket->isAuthor($user); + $event = Ticketevent::getEvent(Ticketevent::PRIORITY_CHANGED); + $event->setProperties(array( + 'authorStaff' => Controller::getLoggedUser(), + 'content' => $ticket->priority, + 'date' => Date::getCurrentDate() + )); + $ticket->addEvent($event); + $ticket->store(); - if($ticket->owner && $user->id === $ticket->owner->id) { - $ticket->priority = $priority; - $ticket->unread = !$ticket->isAuthor($user); - $event = Ticketevent::getEvent(Ticketevent::PRIORITY_CHANGED); - $event->setProperties(array( - 'authorStaff' => Controller::getLoggedUser(), - 'content' => $ticket->priority, - 'date' => Date::getCurrentDate() - )); - $ticket->addEvent($event); - $ticket->store(); - - Log::createLog('PRIORITY_CHANGED', $ticket->ticketNumber); - Response::respondSuccess(); - } else { - throw new RequestException(ERRORS::NO_PERMISSION); - } - + Log::createLog('PRIORITY_CHANGED', $ticket->ticketNumber); + Response::respondSuccess(); } } diff --git a/server/controllers/ticket/close.php b/server/controllers/ticket/close.php index 6edbb55e..eacc1b2f 100755 --- a/server/controllers/ticket/close.php +++ b/server/controllers/ticket/close.php @@ -61,19 +61,15 @@ class CloseController extends Controller { public function handler() { $this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); + $user = Controller::getLoggedUser(); - if( - (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) && - !$this->ticket->isOwner(Controller::getLoggedUser()) && - !$this->ticket->isAuthor(Controller::getLoggedUser()) - ) { + if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && + !$this->ticket->isAuthor($user)){ throw new RequestException(ERRORS::NO_PERMISSION); } - if(Controller::isStaffLogged()){ - $user = Controller::getLoggedUser(); - - if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION); + if(Controller::isStaffLogged() && (!$user->canManageTicket($this->ticket))){ + throw new RequestException(ERRORS::NO_PERMISSION); } $this->markAsUnread(); diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index fb10e330..75e3cb51 100755 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -83,7 +83,7 @@ class CommentController extends Controller { $isOwner = $this->ticket->isOwner(Controller::getLoggedUser()); $user = Controller::getLoggedUser(); - if((Controller::isUserSystemEnabled() || Controller::isStaffLogged()) && !$isOwner && !$isAuthor) { + if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){ throw new RequestException(ERRORS::NO_PERMISSION); }