ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Projects/Tickets

Browse Source 
- Hide new project button for users that only have support read access
- Hide new ticket button for users that only have support read access
- Enforce client access restrictions for viewing project details based off project client
- Prevent selecting the 'Select tickets' text when linking ticket
This commit is contained in:
Marcus Hill
2025-05-11 11:45:47 +01:00
parent 429dfa5ca4
commit 1400983d8c
4 changed files with 57 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modals/project_link_ticket_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content bg-dark"> <div class="modal-content bg-dark">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Link Ticket to Project: <strong><?php echo $project_name; ?></strong></h5> <h5 class="modal-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Link open ticket to project: <strong><?php echo $project_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal"> <button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span> <span>&times;</span>
</button> </button>
@@ -18,7 +18,7 @@
<span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span> <span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span>
</div> </div>
<select class="form-control select2" multiple name="tickets[]" required> <select class="form-control select2" multiple name="tickets[]" required>
<option value="">- Select a Tickets -</option> <option value="" disabled>- Select Ticket(s) -</option>
<?php <?php
$sql_tickets_select = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = 0 AND ticket_closed_at IS NULL $client_ticket_select_query"); $sql_tickets_select = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = 0 AND ticket_closed_at IS NULL $client_ticket_select_query");
@@ -28,7 +28,7 @@
$ticket_number_select = intval($row['ticket_number']); $ticket_number_select = intval($row['ticket_number']);
$ticket_subject_select = nullable_htmlentities($row['ticket_subject']); $ticket_subject_select = nullable_htmlentities($row['ticket_subject']);
?> ?>
<option value="<?php echo $ticket_id_select; ?>"><?php echo "$ticket_prefix_select $ticket_number_select - $ticket_subject_select"; ?></option> <option value="<?php echo $ticket_id_select; ?>"><?php echo "$ticket_prefix_select$ticket_number_select - $ticket_subject_select"; ?></option>
<?php <?php
} }

18
project_details.php
View File

@@ -13,6 +13,14 @@ if (isset($_GET['client_id'])) {
$client_url = ''; $client_url = '';
} }
// Perms & Project client access snippet
enforceUserPermission('module_support');
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
if (isset($_GET['project_id'])) { if (isset($_GET['project_id'])) {
$project_id = intval($_GET['project_id']); $project_id = intval($_GET['project_id']);
@@ -21,7 +29,9 @@ if (isset($_GET['project_id'])) {
"SELECT * FROM projects "SELECT * FROM projects
LEFT JOIN clients ON project_client_id = client_id LEFT JOIN clients ON project_client_id = client_id
LEFT JOIN users ON project_manager = user_id LEFT JOIN users ON project_manager = user_id
WHERE project_id = $project_id LIMIT 1" WHERE project_id = $project_id
$project_permission_snippet
LIMIT 1"
); );
if (mysqli_num_rows($sql_project) == 0) { if (mysqli_num_rows($sql_project) == 0) {
@@ -67,10 +77,10 @@ if (isset($_GET['project_id'])) {
$project_completed_date_display = ""; $project_completed_date_display = "";
} }
// Override Tab Title // No Sanitizing needed as this var will opnly be used in the tab title // Override Tab Title // No Sanitizing needed as this var will only be used in the tab title
$tab_title = "{$row['project_prefix']}{$row['project_number']}"; $tab_title = "{$row['project_prefix']}{$row['project_number']}";
$page_title = $row['project_name']; $page_title = $row['project_name'];
// Get Tickets // Get Tickets
$sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets $sql_tickets = mysqli_query($mysqli, "SELECT * FROM tickets
LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id LEFT JOIN ticket_statuses ON ticket_status = ticket_status_id
@@ -218,7 +228,7 @@ if (isset($_GET['project_id'])) {
</button> </button>
<div class="dropdown-menu"> <div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#linkTicketModal"> <a class="dropdown-item" href="#" data-toggle="modal" data-target="#linkTicketModal">
<i class="fas fa-fw fa-life-ring mr-2"></i>Ticket <i class="fas fa-fw fa-life-ring mr-2"></i>Open Ticket
</a> </a>
</div> </div>
</div> </div>

28
projects.php
View File

@@ -8,7 +8,7 @@ $order = "ASC";
if (isset($_GET['client_id'])) { if (isset($_GET['client_id'])) {
require_once "includes/inc_all_client.php"; require_once "includes/inc_all_client.php";
$client_query = "AND project_client_id = $client_id"; $client_query = "AND project_client_id = $client_id";
$client_url = "client_id=$client_id&"; $client_url = "client_id=$client_id&";
} else { } else {
require_once "includes/inc_all.php"; require_once "includes/inc_all.php";
@@ -16,8 +16,12 @@ if (isset($_GET['client_id'])) {
$client_url = ''; $client_url = '';
} }
// Perms // Perms & Project client access snippet
enforceUserPermission('module_support'); enforceUserPermission('module_support');
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
// Status Query // Status Query
@@ -27,18 +31,12 @@ if (isset($_GET['status'])) {
$status = intval($_GET['status']); $status = intval($_GET['status']);
} }
if($status == 1) { if ($status == 1) {
$status_query = "IS NOT NULL"; $status_query = "IS NOT NULL";
} else { } else {
$status_query = "IS NULL"; $status_query = "IS NULL";
} }
// Ticket client access snippet
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query($get_copy); $url_query_strings_sort = http_build_query($get_copy);
@@ -63,9 +61,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark"> <div class="card card-dark">
<div class="card-header py-2"> <div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fas fa-fw fa-project-diagram mr-2"></i>Projects</h3> <h3 class="card-title mt-2"><i class="fas fa-fw fa-project-diagram mr-2"></i>Projects</h3>
<div class="card-tools"> <?php if (lookupUserPermission("module_support") >= 2) { ?>
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addProjectModal"><i class="fas fa-plus mr-2"></i>New Project</button> <div class="card-tools">
</div> <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addProjectModal"><i class="fas fa-plus mr-2"></i>New Project</button>
</div>
<?php } ?>
</div> </div>
<div class="card-body"> <div class="card-body">
@@ -97,7 +97,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<i class="fa fa-fw fa-archive mr-2"></i>Archived <i class="fa fa-fw fa-archive mr-2"></i>Archived
</a> </a>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
@@ -224,7 +224,7 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
$sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL"); $sql_closed_tickets = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = $project_id AND ticket_closed_at IS NOT NULL");
$closed_ticket_count = mysqli_num_rows($sql_closed_tickets); $closed_ticket_count = mysqli_num_rows($sql_closed_tickets);
// Ticket Closed Percent // Ticket Closed Percent
if($ticket_count) { if($ticket_count) {
$tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100); $tickets_closed_percent = round(($closed_ticket_count / $ticket_count) * 100);

50
tickets.php
View File

@@ -82,7 +82,7 @@ if (isset($_GET['assigned']) & !empty($_GET['assigned'])) {
$ticket_assigned_query = 'AND ticket_assigned_to = ' . intval($_GET['assigned']); $ticket_assigned_query = 'AND ticket_assigned_to = ' . intval($_GET['assigned']);
$ticket_assigned_filter_id = intval($_GET['assigned']); $ticket_assigned_filter_id = intval($_GET['assigned']);
} }
} }
//Rebuild URL //Rebuild URL
$url_query_strings_sort = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order, 'status' => $status, 'assigned' => $ticket_assigned_filter_id))); $url_query_strings_sort = http_build_query(array_merge($_GET, array('sort' => $sort, 'order' => $order, 'status' => $status, 'assigned' => $ticket_assigned_filter_id)));
@@ -172,21 +172,23 @@ $sql_categories = mysqli_query(
<a href="?<?php echo $client_url; ?>status=Closed" class="text-light"><strong><?php echo $total_tickets_closed; ?></strong> Closed</a> <a href="?<?php echo $client_url; ?>status=Closed" class="text-light"><strong><?php echo $total_tickets_closed; ?></strong> Closed</a>
</small> </small>
</h3> </h3>
<div class="card-tools"> <?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="btn-group"> <div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal"> <div class="btn-group">
<i class="fas fa-plus mr-2"></i>New Ticket <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal">
</button> <i class="fas fa-plus mr-2"></i>New Ticket
<?php if ($num_rows[0] > 0) { ?> </button>
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button> <?php if ($num_rows[0] > 0) { ?>
<div class="dropdown-menu"> <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportTicketModal"> <div class="dropdown-menu">
<i class="fa fa-fw fa-download mr-2"></i>Export <a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#exportTicketModal">
</a> <i class="fa fa-fw fa-download mr-2"></i>Export
</a>
</div>
<?php } ?>
</div> </div>
<?php } ?>
</div> </div>
</div> <?php } ?>
</div> </div>
<div class="card-body"> <div class="card-body">
<form autocomplete="off"> <form autocomplete="off">
@@ -294,17 +296,17 @@ $sql_categories = mysqli_query(
</div> </div>
</div> </div>
<div <div
class="collapse class="collapse
<?php <?php
if ( if (
!empty($_GET['dtf']) !empty($_GET['dtf'])
|| (isset($_GET['canned_date']) && $_GET['canned_date'] !== "custom") || (isset($_GET['canned_date']) && $_GET['canned_date'] !== "custom")
|| (isset($_GET['status']) && is_array($_GET['status']) || (isset($_GET['status']) && is_array($_GET['status'])
|| (isset($_GET['assigned']) && $_GET['assigned'] || (isset($_GET['assigned']) && $_GET['assigned']
))) )))
{ echo "show"; } { echo "show"; }
?>" ?>"
id="advancedFilter" id="advancedFilter"
> >
<div class="row"> <div class="row">
@@ -436,4 +438,4 @@ if (isset($_GET["view"])) {
<?php <?php
require_once "modals/ticket_add_modal.php"; require_once "modals/ticket_add_modal.php";
require_once "modals/ticket_export_modal.php"; require_once "modals/ticket_export_modal.php";
require_once "includes/footer.php"; require_once "includes/footer.php";