changed system to mod/admin permissions, though there's still a bug in show_ticket

This commit is contained in:
Quitta 2013-07-18 12:43:33 +02:00
parent 8353b2a99a
commit b994a8279d
20 changed files with 42 additions and 28 deletions

View file

@ -15,6 +15,20 @@ class Ticket_User{
$dbl->execute($query, $values);
}
public static function isMod($user){
if(isset($user) && $user->getPermission() > 1){
return true;
}
return false;
}
public static function isAdmin($user){
if(isset($user) && $user->getPermission() == 3){
return true;
}
return false;
}
//return constructed element based on TUserId

View file

@ -4,7 +4,7 @@ function add_sgroup(){
if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){
if( Ticket_User::isAdmin($_SESSION['ticket_user'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$inner_tag = filter_var($_POST['Tag'], FILTER_SANITIZE_STRING);
$tag = "[" . $inner_tag . "]";

View file

@ -4,7 +4,7 @@ function add_user_to_sgroup(){
if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin() && isset($_POST['target_id'])){
if( Ticket_User::isAdmin($_SESSION['ticket_user']) && isset($_POST['target_id'])){
$name = filter_var($_POST['Name'],FILTER_SANITIZE_STRING);
$id = filter_var($_POST['target_id'],FILTER_SANITIZE_NUMBER_INT);
$user_id = WebUsers::getId($name);

View file

@ -9,7 +9,7 @@ function change_info(){
if(isset($_POST['target_id'])){
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{

View file

@ -9,7 +9,7 @@ function change_mail(){
if(isset($_POST['target_id'])){
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
@ -42,7 +42,7 @@ function change_mail(){
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
@ -56,7 +56,7 @@ function change_mail(){
$result['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}

View file

@ -9,7 +9,7 @@ function change_password(){
if(isset($_POST['target_id'])){
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{

View file

@ -7,7 +7,7 @@ function create_ticket(){
if(isset($_POST['target_id'])){
//if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if( ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user']) ){
$category = filter_var($_POST['Category'], FILTER_SANITIZE_NUMBER_INT);
$title = filter_var($_POST['Title'], FILTER_SANITIZE_STRING);

View file

@ -9,14 +9,14 @@ function reply_on_ticket(){
$target_ticket = new Ticket();
$target_ticket->load_With_TId($ticket_id);
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user']) ){
try{
$author = $_SESSION['ticket_user']->getTUserId();
$content = filter_var($_POST['Content'], FILTER_SANITIZE_STRING);
Ticket::createReply($content, $author, $ticket_id);
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && WebUsers::isAdmin()){
if(isset($_POST['ChangeStatus']) && isset($_POST['ChangePriority']) && Ticket_User::isMod($_SESSION['ticket_user'])){
$newStatus = filter_var($_POST['ChangeStatus'], FILTER_SANITIZE_NUMBER_INT);
$newPriority = filter_var($_POST['ChangePriority'], FILTER_SANITIZE_NUMBER_INT);
Ticket::updateTicketStatusAndPriority($ticket_id,$newStatus, $newPriority, $author);

View file

@ -7,7 +7,7 @@ function createticket(){
//in case user_id-GET param set it's value as target_id, if no user_id-param is given, use the session id.
if(isset($_GET['user_id'])){
if(($_GET['user_id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
if(($_GET['user_id'] != $_SESSION['id']) && ( ! ticket_user::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access!
$_SESSION['error_code'] = "403";

View file

@ -2,7 +2,7 @@
function libuserlist(){
if(WebUsers::isAdmin()){
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
//This checks to see if there is a page number. If not, it will set it to page 1
if (!(isset($_GET['pagenum']))){
$pagenum = 1;

View file

@ -4,14 +4,14 @@ function settings(){
if(WebUsers::isLoggedIn()){
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if(isset($_GET['id'])){
if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){
if(($_GET['id'] != $_SESSION['id']) && (!Ticket_User::isMod($_SESSION['ticket_user'])) ){
//ERROR: No access!
$_SESSION['error_code'] = "403";
header("Location: index.php?page=error");
exit;
}else{
$result = WebUsers::getInfo($_GET['id']);
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
$result['target_id'] = $_GET['id'];

View file

@ -3,7 +3,7 @@
function sgroup_list(){
//if logged in
if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if(isset($_GET['delete'])){
$delete_id = filter_var($_GET['delete'], FILTER_SANITIZE_NUMBER_INT);

View file

@ -4,7 +4,7 @@ function show_queue(){
//if logged in & queue id is given
if(WebUsers::isLoggedIn() && isset($_GET['get'])){
if( WebUsers::isAdmin()){
if( Ticket_User::isMod($_SESSION['ticket_user'])){
$result['queue_action'] = filter_var($_GET['get'], FILTER_SANITIZE_STRING);
$queueArray = Ticket_Queue_Handler::getTickets($result['queue_action'],2);
@ -16,7 +16,7 @@ function show_queue(){
$result['tickets'][$i]['author'] = WebUsers::getUsername($ticket['authorExtern']);
$i++;
}
if(WebUsers::isAdmin()){
if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;

View file

@ -11,7 +11,7 @@ function show_reply(){
$ticket = new Ticket();
$ticket->load_With_TId($reply->getTicket());
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
if(($ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$content = new Ticket_Content();
$content->load_With_TContentId($reply->getContent());
@ -25,7 +25,7 @@ function show_reply(){
$result['reply_content'] = $content->getContent();
$result['author'] = $author->getExternId();
$result['authorName'] = WebUsers::getUsername($author->getExternId());
if(WebUsers::isAdmin()){
if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;

View file

@ -3,7 +3,7 @@
function show_sgroup(){
//if logged in
if(WebUsers::isLoggedIn()){
if( WebUsers::isAdmin()){
if(Ticket_User::isAdmin($_SESSION['ticket_user'])){
if( isset($_GET['id'])){
//['target_id'] holds the id of the group!

View file

@ -8,7 +8,7 @@ function show_ticket(){
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || WebUsers::isAdmin() ){
if(($target_ticket->getAuthor() == $_SESSION['ticket_user']->getTUserId()) || Ticket_User::isMod($_SESSION['ticket_user'] )){
$entire_ticket = Ticket::getEntireTicket( $result['ticket_id']);
Ticket_Log::createLogEntry($result['ticket_id'],$_SESSION['ticket_user']->getTUserId(), 3);
@ -28,7 +28,7 @@ function show_ticket(){
$result['ticket_replies'][$i]['author'] = WebUsers::getUsername($reply['authorExtern']);
$i++;
}
if(WebUsers::isAdmin()){
if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
//$result['statusList'] = Ticket::getStatusArray();
}

View file

@ -5,7 +5,7 @@ function show_ticket_log(){
//if logged in
if(WebUsers::isLoggedIn() && isset($_GET['id'])){
//only allow admins to browse the log!
if(WebUsers::isAdmin() ){
if(Ticket_User::isMod($_SESSION['ticket_user']) ){
$result['ticket_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);
$target_ticket = new Ticket();
$target_ticket->load_With_TId($result['ticket_id']);
@ -33,7 +33,7 @@ function show_ticket_log(){
$result['ticket_logs'][$i]['timestamp_elapsed'] = Gui_Elements::time_elapsed_string($log['timestamp']);
$i++;
}
if(WebUsers::isAdmin()){
if(Ticket_User::isMod($_SESSION['ticket_user'])){
$result['isAdmin'] = "TRUE";
}
return $result;

View file

@ -4,7 +4,7 @@ function show_user(){
//if logged in
if(WebUsers::isLoggedIn()){
if( !isset($_GET['id']) || WebUsers::isAdmin() || $_GET['id'] == $_SESSION['id'] ){
if( !isset($_GET['id']) || Ticket_User::isMod($_SESSION['ticket_user']) || $_GET['id'] == $_SESSION['id'] ){
if(isset($_GET['id'])){
$result['target_id'] = filter_var($_GET['id'], FILTER_SANITIZE_NUMBER_INT);

View file

@ -1,7 +1,7 @@
<?php
function userlist(){
if(WebUsers::isAdmin()){
if(Ticket_User::isMod($_SESSION['ticket_user'])){
$users = WebUsers::getUsers();
$i = 0;
$pageResult['userlist'] = Array();

View file

@ -36,12 +36,12 @@
<p><span class="label label-info"> {$reply.timestamp}</span>
{if $reply.permission eq '1'}
<!-- <span class="label label-important"><strong></i>[User]:</strong></span>-->
{else if $reply.permission eq '2'}
{else if $reply.permission gt '1'}
<span class="label label-important"><strong><i class="icon-star icon-white"></i>[CSR]</strong></span>
{/if}
<span class="label label-warning"><strong><i class="icon-user icon-white"></i>{if isset($isAdmin) and $isAdmin eq "TRUE"} <a href="index.php?page=show_user&id={$reply.authorExtern}"><font color="white">{$reply.author}</font>{else}{$reply.author} {/if}</a></strong></span></p>
<p><pre{if $reply.permission eq '2'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
<p><pre{if $reply.permission gt '1'} style="background-color:rgb(248, 200, 200);"{/if}>{$reply.replyContent}</pre></p>
</td>
</tr>
{/foreach}