ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Projects/Tickets

Browse Source 
- Hide new project button for users that only have support read access
- Hide new ticket button for users that only have support read access
- Enforce client access restrictions for viewing project details based off project client
- Prevent selecting the 'Select tickets' text when linking ticket
This commit is contained in:
Marcus Hill
2025-05-11 11:45:47 +01:00
parent 429dfa5ca4
commit 1400983d8c
4 changed files with 57 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modals/project_link_ticket_modal.php
View File

@@ -2,7 +2,7 @@
<div class="modal-dialog">
<div class="modal-content bg-dark">
<div class="modal-header">
<h5 class="modal-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Link Ticket to Project: <strong><?php echo $project_name; ?></strong></h5>
<h5 class="modal-title"><i class="fas fa-fw fa-life-ring mr-2"></i>Link open ticket to project: <strong><?php echo $project_name; ?></strong></h5>
<button type="button" class="close text-white" data-dismiss="modal">
<span>&times;</span>
</button>
@@ -18,7 +18,7 @@
<span class="input-group-text"><i class="fa fa-fw fa-life-ring"></i></span>
</div>
<select class="form-control select2" multiple name="tickets[]" required>
<option value="">- Select a Tickets -</option>
<option value="" disabled>- Select Ticket(s) -</option>
<?php
$sql_tickets_select = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_project_id = 0 AND ticket_closed_at IS NULL $client_ticket_select_query");

16
project_details.php
View File

@@ -13,6 +13,14 @@ if (isset($_GET['client_id'])) {
$client_url = '';
}
// Perms & Project client access snippet
enforceUserPermission('module_support');
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
if (isset($_GET['project_id'])) {
$project_id = intval($_GET['project_id']);
@@ -21,7 +29,9 @@ if (isset($_GET['project_id'])) {
"SELECT * FROM projects
LEFT JOIN clients ON project_client_id = client_id
LEFT JOIN users ON project_manager = user_id
WHERE project_id = $project_id LIMIT 1"
WHERE project_id = $project_id
$project_permission_snippet
LIMIT 1"
);
if (mysqli_num_rows($sql_project) == 0) {
@@ -67,7 +77,7 @@ if (isset($_GET['project_id'])) {
$project_completed_date_display = "";
}
// Override Tab Title // No Sanitizing needed as this var will opnly be used in the tab title
// Override Tab Title // No Sanitizing needed as this var will only be used in the tab title
$tab_title = "{$row['project_prefix']}{$row['project_number']}";
$page_title = $row['project_name'];
@@ -218,7 +228,7 @@ if (isset($_GET['project_id'])) {
</button>
<div class="dropdown-menu">
<a class="dropdown-item" href="#" data-toggle="modal" data-target="#linkTicketModal">
<i class="fas fa-fw fa-life-ring mr-2"></i>Ticket
<i class="fas fa-fw fa-life-ring mr-2"></i>Open Ticket
</a>
</div>
</div>

14
projects.php
View File

@@ -16,8 +16,12 @@ if (isset($_GET['client_id'])) {
$client_url = '';
}
// Perms
// Perms & Project client access snippet
enforceUserPermission('module_support');
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
// Status Query
@@ -33,12 +37,6 @@ if($status == 1) {
$status_query = "IS NULL";
}
// Ticket client access snippet
$project_permission_snippet = '';
if (!empty($client_access_string)) {
$project_permission_snippet = "AND project_client_id IN ($client_access_string) OR project_client_id = 0";
}
//Rebuild URL
$url_query_strings_sort = http_build_query($get_copy);
@@ -63,9 +61,11 @@ $num_rows = mysqli_fetch_row(mysqli_query($mysqli, "SELECT FOUND_ROWS()"));
<div class="card card-dark">
<div class="card-header py-2">
<h3 class="card-title mt-2"><i class="fas fa-fw fa-project-diagram mr-2"></i>Projects</h3>
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="card-tools">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addProjectModal"><i class="fas fa-plus mr-2"></i>New Project</button>
</div>
<?php } ?>
</div>
<div class="card-body">

2
tickets.php
View File

@@ -172,6 +172,7 @@ $sql_categories = mysqli_query(
<a href="?<?php echo $client_url; ?>status=Closed" class="text-light"><strong><?php echo $total_tickets_closed; ?></strong> Closed</a>
</small>
</h3>
<?php if (lookupUserPermission("module_support") >= 2) { ?>
<div class="card-tools">
<div class="btn-group">
<button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addTicketModal">
@@ -187,6 +188,7 @@ $sql_categories = mysqli_query(
<?php } ?>
</div>
</div>
<?php } ?>
</div>
<div class="card-body">
<form autocomplete="off">