From 8b9bc4427984e12c0c0423bc036deeb4fbabc7b5 Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <mkaufmann@nutime.de>
Date: Mon, 25 Feb 2013 15:54:33 +0100
Subject: [PATCH] custom order of ticket-categories has to be
 admin/reseller-dependend

Signed-off-by: Michael Kaufmann (d00p) <mkaufmann@nutime.de>
---
 admin_tickets.php                   | 29 ++++++++++++++++-------------
 lib/classes/ticket/class.ticket.php |  8 ++++++--
 2 files changed, 22 insertions(+), 15 deletions(-)

diff --git a/admin_tickets.php b/admin_tickets.php
index 13ae3024..cc0f4282 100644
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -32,17 +32,20 @@ if(isset($_POST['id']))
 elseif(isset($_GET['id']))
 {
 	$id = intval($_GET['id']);
-	
-	if (!$userinfo['customers_see_all']) {
-		/*
-		 * Check if the current user is allowed to see the current ticket.
-		 */
-		$sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `adminid` = '".$userinfo['admindid']."'";
-		
-		$result = $db->query_first($sql);
-		if ($result == null) {
-			// no rights to see the requested ticket
-			standard_error(array('ticketnotaccessible'));
+
+	// only check if this is not a category-id
+	if (!isset($_GET['page']) || (isset($_GET['page']) && $_GET['page'] != 'categories')) {
+		if (!$userinfo['customers_see_all']) {
+			/*
+			 * Check if the current user is allowed to see the current ticket.
+			 */
+			$sql = "SELECT `id` FROM `panel_tickets` WHERE `id` = '".$id."' AND `adminid` = '".$userinfo['admindid']."'";
+
+			$result = $db->query_first($sql);
+			if ($result == null) {
+				// no rights to see the requested ticket
+				standard_error(array('ticketnotaccessible'));
+			}
 		}
 	}
 }
@@ -512,7 +515,7 @@ elseif($page == 'categories'
 			if($order < 1 || $order >= 1000)
 			{
 				// use the latest available
-				$order = ticket::getHighestOrderNumber($db) + 1;
+				$order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1;
 			}
 
 			if($category == '')
@@ -528,7 +531,7 @@ elseif($page == 'categories'
 		}
 		else
 		{
-			$order = ticket::getHighestOrderNumber($db) + 1;
+			$order = ticket::getHighestOrderNumber($db, $userinfo['adminid']) + 1;
 
 			$category_new_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_new.php';
 			$category_new_form = htmlform::genHTMLForm($category_new_data);
diff --git a/lib/classes/ticket/class.ticket.php b/lib/classes/ticket/class.ticket.php
index 6ceb46ee..52160944 100644
--- a/lib/classes/ticket/class.ticket.php
+++ b/lib/classes/ticket/class.ticket.php
@@ -449,9 +449,13 @@ class ticket
 	 * 
 	 * @return int highest order number
 	 */
-	static public function getHighestOrderNumber($_db = null)
+	static public function getHighestOrderNumber($_db = null, $_uid = 0)
 	{
-		$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`;";
+		$where = '';
+		if ($_uid > 0) {
+			$where = ' WHERE `adminid` = "'.(int)$_uid.'"';
+		}
+		$sql = "SELECT MAX(`logicalorder`) as `highestorder` FROM `" . TABLE_PANEL_TICKET_CATS . "`".$where.";";
 		$result = $_db->query_first($sql);
 		return (isset($result['highestorder']) ? (int)$result['highestorder'] : 0);
 	}