From 9061bfd9a3f6dd9546797eac4a45818311680f1a Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <mkaufmann@nutime.de>
Date: Mon, 25 Feb 2013 14:09:14 +0100
Subject: [PATCH] customers should only see the ticket-categories created by
 their admin/reseller. Also, there now needs to be a 'tickets-see-all' flag
 for admins

Signed-off-by: Michael Kaufmann (d00p) <mkaufmann@nutime.de>
---
 admin_tickets.php                               | 17 +++++++++++++----
 customer_tickets.php                            |  4 ++--
 install/froxlor.sql                             |  1 +
 install/install.php                             |  1 +
 install/updates/froxlor/0.9/update_0.9.inc.php  |  8 +++++++-
 .../admin/admin/formfield.admin_add.php         |  8 ++++++++
 .../admin/admin/formfield.admin_edit.php        |  8 ++++++++
 lng/english.lng.php                             |  1 +
 lng/german.lng.php                              |  1 +
 9 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/admin_tickets.php b/admin_tickets.php
index 969746aa..13ae3024 100644
--- a/admin_tickets.php
+++ b/admin_tickets.php
@@ -216,12 +216,16 @@ if($page == 'tickets'
 			else
 			{
 				$categories = '';
-				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
+				$where = '';
+				if ($userinfo['tickets_see_all'] != '1') {
+					$where = 'WHERE `adminid` = "' . $userinfo['adminid'] . '"';
+				}
+				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` '.$where.' ORDER BY `logicalorder`, `name` ASC');
 
 				if(isset($result['name'])
 				   && $result['name'] != '')
 				{
-					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
+					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` '.$where.' ORDER BY `logicalorder`, `name` ASC');
 
 					while($row = $db->fetch_array($result2))
 					{
@@ -454,11 +458,16 @@ elseif($page == 'categories'
 			'name' => $lng['ticket']['category'],
 			'logicalorder' => $lng['ticket']['logicalorder']
 		);
+
+		$where = '';
+		if ($userinfo['tickets_see_all'] != '1') {
+			$where = " `main`.`adminid` = '" . (int)$userinfo['adminid'] . "'";
+		}
 		$paging = new paging($userinfo, $db, TABLE_PANEL_TICKET_CATS, $fields, $settings['panel']['paging'], $settings['panel']['natsorting']);
 		$result = $db->query("SELECT `main`.`id`, `main`.`name`, `main`.`logicalorder`, (
                               SELECT COUNT(`sub`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub`
                               WHERE `sub`.`category` = `main`.`id`
-                              AND `sub`.`answerto` = '0' AND `sub`.`adminid` = '" . $userinfo['adminid'] . "')
+                              AND `sub`.`answerto` = '0'  AND `sub`.`adminid` = '" . $userinfo['adminid'] . "')
                               as `ticketcount`, (
                               SELECT COUNT(`sub2`.`id`) FROM `" . TABLE_PANEL_TICKETS . "` `sub2`
                               WHERE `sub2`.`category` = `main`.`id`
@@ -466,7 +475,7 @@ elseif($page == 'categories'
                               AND (`sub2`.`status` = '0' OR `sub2`.`status` = '1' OR `sub2`.`status` = '2')
                               AND `sub2`.`adminid` = '" . $userinfo['adminid'] . "'
                               ) as `ticketcountnotclosed`
-                              FROM `" . TABLE_PANEL_TICKET_CATS . "` `main` WHERE `main`.`adminid` = '" . (int)$userinfo['adminid'] . "' " . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
+                              FROM `" . TABLE_PANEL_TICKET_CATS . "` `main` WHERE " . $where . $paging->getSqlWhere(true) . " " . $paging->getSqlOrderBy() . " " . $paging->getSqlLimit());
 		$paging->setEntries($db->num_rows($result));
 		$sortcode = $paging->getHtmlSortCode($lng);
 		$arrowcode = $paging->getHtmlArrowCode($filename . '?page=' . $page . '&s=' . $s);
diff --git a/customer_tickets.php b/customer_tickets.php
index 8640b946..51ade7ab 100644
--- a/customer_tickets.php
+++ b/customer_tickets.php
@@ -221,12 +221,12 @@ elseif($page == 'tickets')
 			else
 			{
 				$categories = '';
-				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `logicalorder`, `name` ASC');
+				$result = $db->query_first('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
 
 				if(isset($result['name'])
 				   && $result['name'] != '')
 				{
-					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` ORDER BY `logicalorder`, `name` ASC');
+					$result2 = $db->query('SELECT `id`, `name` FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `adminid` = "' . $userinfo['adminid'] . '" ORDER BY `logicalorder`, `name` ASC');
 
 					while($row = $db->fetch_array($result2))
 					{
diff --git a/install/froxlor.sql b/install/froxlor.sql
index 3a46f01e..f2fc8cc4 100644
--- a/install/froxlor.sql
+++ b/install/froxlor.sql
@@ -108,6 +108,7 @@ CREATE TABLE `panel_admins` (
   `ftps_used` int(15) NOT NULL default '0',
   `tickets` int(15) NOT NULL default '-1',
   `tickets_used` int(15) NOT NULL default '0',
+  `tickets_see_all` tinyint(1) NOT NULL default '0',
   `subdomains` int(15) NOT NULL default '0',
   `subdomains_used` int(15) NOT NULL default '0',
   `traffic` bigint(30) NOT NULL default '0',
diff --git a/install/install.php b/install/install.php
index 79de4b01..5974cf64 100644
--- a/install/install.php
+++ b/install/install.php
@@ -768,6 +768,7 @@ if(isset($_POST['installstep'])
 		`ftps_used` = 0,
 		`tickets` = -1,
 		`tickets_used` = 0,
+		`tickets_see_all` = 1,
 		`subdomains` = -1,
 		`subdomains_used` = 0,
 		`traffic` = -1048576,
diff --git a/install/updates/froxlor/0.9/update_0.9.inc.php b/install/updates/froxlor/0.9/update_0.9.inc.php
index 858103de..5935a854 100644
--- a/install/updates/froxlor/0.9/update_0.9.inc.php
+++ b/install/updates/froxlor/0.9/update_0.9.inc.php
@@ -1991,10 +1991,16 @@ if(isFroxlorVersion('0.9.28-svn5')) {
 
 	$update_system_apache24 = isset($_POST['update_system_apache24']) ? (int)$_POST['update_system_apache24'] : '0';
 	showUpdateStep('Setting value for apache-2.4 modification', true);
-
 	// support for Apache-2.4
 	$db->query("INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES ('system', 'apache24', '".$update_system_apache24."');");
+	lastStepStatus(0);
 
+	showUpdateStep("Inserting new tickets-see-all field to panel_admins", true);
+	$db->query("ALTER TABLE `panel_admins` ADD `tickets_see_all` tinyint(1) NOT NULL default '0' AFTER `tickets_used`");
+	lastStepStatus(0);
+
+	showUpdateStep("Updating main admin entry", true);
+	$db->query("UPDATE `panel_admins` SET `tickets_see_all` = '1' WHERE `adminid` = '".$userinfo['adminid']."';");
 	lastStepStatus(0);
 
 	updateToVersion('0.9.28-svn6');
diff --git a/lib/formfields/admin/admin/formfield.admin_add.php b/lib/formfields/admin/admin/formfield.admin_add.php
index d0b7dc97..3f659d62 100644
--- a/lib/formfields/admin/admin/formfield.admin_add.php
+++ b/lib/formfields/admin/admin/formfield.admin_add.php
@@ -200,6 +200,14 @@ return array(
 						'visible' => ($settings['ticket']['enabled'] == '1' ? true : false),
 						'ul_field' => $tickets_ul
 					),
+					'tickets_see_all' => array(
+						'label' => $lng['admin']['tickets_see_all'],
+						'type' => 'checkbox',
+						'values' => array(
+										array ('label' => $lng['panel']['yes'], 'value' => '1')
+									),
+						'value' => array()
+					),
 					'mysqls' => array(
 						'label' => $lng['customer']['mysqls'],
 						'type' => 'textul',
diff --git a/lib/formfields/admin/admin/formfield.admin_edit.php b/lib/formfields/admin/admin/formfield.admin_edit.php
index c21b26fb..861013fc 100644
--- a/lib/formfields/admin/admin/formfield.admin_edit.php
+++ b/lib/formfields/admin/admin/formfield.admin_edit.php
@@ -214,6 +214,14 @@ return array(
 						'visible' => ($settings['ticket']['enabled'] == '1' ? true : false),
 						'ul_field' => $tickets_ul
 					),
+					'tickets_see_all' => array(
+							'label' => $lng['admin']['tickets_see_all'],
+							'type' => 'checkbox',
+							'values' => array(
+									array ('label' => $lng['panel']['yes'], 'value' => '1')
+							),
+							'value' => array($result['tickets_see_all'])
+					),
 					'mysqls' => array(
 						'label' => $lng['customer']['mysqls'],
 						'type' => 'textul',
diff --git a/lng/english.lng.php b/lng/english.lng.php
index 75859e6b..a488a084 100644
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1930,3 +1930,4 @@ $lng['serversettings']['catchall_enabled']['description']  = 'Do you want to pro
 
 // ADDED IN 0.9.28.svn6
 $lng['serversettings']['apache_24'] = 'Use modifications for Apache 2.4';
+$lng['admin']['tickets_see_all'] = 'Can see all ticket-categories?';
diff --git a/lng/german.lng.php b/lng/german.lng.php
index 83f46b47..7a271f81 100644
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1655,3 +1655,4 @@ $lng['serversettings']['catchall_enabled']['description']  = 'Möchten Sie Ihren
 
 // ADDED IN 0.9.28.svn6
 $lng['serversettings']['apache_24'] = 'Anpassungen f&uuml;r Apache 2.4 verwenden';
+$lng['admin']['tickets_see_all'] = 'Kann alle Ticket-Kategorien sehen?';