From 785e2d8ac5077b0ff0c2209baa3a92032cf2d00b Mon Sep 17 00:00:00 2001
From: Maxi Redigonda <maxiredigonda@gmail.com>
Date: Tue, 28 Jul 2020 16:36:40 -0300
Subject: [PATCH] Forbids call to /get-supervised-tickets from staff

---
 server/controllers/user/get-supervised-tickets.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/controllers/user/get-supervised-tickets.php b/server/controllers/user/get-supervised-tickets.php
index 3a67018e..43930140 100644
--- a/server/controllers/user/get-supervised-tickets.php
+++ b/server/controllers/user/get-supervised-tickets.php
@@ -52,6 +52,8 @@ class GetSupervisedTicketController extends Controller {
     private $supervisedUserList;
 
     public function handler() {
+        if(Controller::isStaffLogged()) throw new RequestException(ERRORS::NO_PERMISSION);
+
         $this->page = Controller::request('page') ? Controller::request('page') : 1;
         $this->showOwnTickets = (bool)Controller::request('showOwnTickets');
         $this->supervisedUserList = Controller::request('supervisedUsers')?  json_decode(Controller::request('supervisedUsers')) : []; 
@@ -66,7 +68,7 @@ class GetSupervisedTicketController extends Controller {
             switch ($key) {
                 case 'authors':
                     return json_encode($this->authors);
-                case 'page' : 
+                case 'page' :
                     return $this->page*1;
                 case 'supervisor':
                     return 1;
@@ -77,12 +79,12 @@ class GetSupervisedTicketController extends Controller {
         
         if(empty($this->authors)) {
             Response::respondSuccess([]);
-        }else{
+        } else {
             $searchController->handler();
-        }        
+        }
     }
     
-    public function  canUserHandleSupervisedUsers() {
+    public function canUserHandleSupervisedUsers() {
         $user = Controller::getLoggedUser();
         if(!$user->supervisedrelation && $this->supervisedUserList) return false;
         
@@ -103,12 +105,12 @@ class GetSupervisedTicketController extends Controller {
         
         if(!empty($this->supervisedUserList)){
             foreach(array_unique($this->supervisedUserList) as $supervised){ 
-                array_push($authors,['id'=> $supervised,'isStaff'=> 0]);
+                array_push($authors, ['id' => $supervised, 'isStaff' => 0]);
             }
         };
         
         if(!in_array( $user->id, $this->supervisedUserList) && $this->showOwnTickets){
-            array_push($authors,['id'=> $user->id*1,'isStaff'=> 0]);
+            array_push($authors, ['id' => $user->id*1, 'isStaff' => 0]);
         }
         return $authors;
     }