forked from osTicket/osTicket
-
Notifications
You must be signed in to change notification settings - Fork 2
/
tickets.php
150 lines (135 loc) · 5.66 KB
/
tickets.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
<?php
/*********************************************************************
tickets.php
Main client/user interface.
Note that we are using external ID. The real (local) ids are hidden from user.
Peter Rotich <[email protected]>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require('secure.inc.php');
if(!is_object($thisclient) || !$thisclient->isValid()) die('Access denied'); //Double check again.
if ($thisclient->isGuest())
$_REQUEST['id'] = $thisclient->getTicketId();
require_once(INCLUDE_DIR.'class.ticket.php');
require_once(INCLUDE_DIR.'class.json.php');
$ticket=null;
if($_REQUEST['id']) {
if (!($ticket = Ticket::lookup($_REQUEST['id']))) {
$errors['err']=__('Unknown or invalid ticket ID.');
} elseif(!$ticket->checkUserAccess($thisclient)) {
$errors['err']=__('Unknown or invalid ticket ID.'); //Using generic message on purpose!
$ticket=null;
}
}
if (!$ticket && $thisclient->isGuest())
Http::redirect('view.php');
$tform = TicketForm::objects()->one()->getForm();
$messageField = $tform->getField('message');
$attachments = $messageField->getWidget()->getAttachments();
//Process post...depends on $ticket object above.
if ($_POST && is_object($ticket) && $ticket->getId()) {
$errors=array();
switch(strtolower($_POST['a'])){
case 'edit':
if(!$ticket->checkUserAccess($thisclient) //double check perm again!
|| $thisclient->getId() != $ticket->getUserId())
$errors['err']=__('Access Denied. Possibly invalid ticket ID');
else {
$forms=DynamicFormEntry::forTicket($ticket->getId());
$changes = array();
foreach ($forms as $form) {
$form->filterFields(function($f) { return !$f->isStorable(); });
$form->setSource($_POST);
if (!$form->isValidForClient(true))
$errors = array_merge($errors, $form->errors());
}
}
if (!$errors) {
foreach ($forms as $form) {
$changes += $form->getChanges();
$form->saveAnswers(function ($f) {
return $f->isVisibleToUsers()
&& $f->isEditableToUsers(); });
}
if ($changes) {
$user = User::lookup($thisclient->getId());
$ticket->logEvent('edited', array('fields' => $changes), $user);
}
$_REQUEST['a'] = null; //Clear edit action - going back to view.
}
break;
case 'reply':
if(!$ticket->checkUserAccess($thisclient)) //double check perm again!
$errors['err']=__('Access Denied. Possibly invalid ticket ID');
$_POST['message'] = ThreadEntryBody::clean($_POST[$messageField->getFormName()]);
if (!$_POST['message'])
$errors['message'] = __('Message required');
if(!$errors) {
//Everything checked out...do the magic.
$vars = array(
'userId' => $thisclient->getId(),
'poster' => (string) $thisclient->getName(),
'message' => $_POST['message']
);
$vars['files'] = $attachments->getFiles();
if (isset($_POST['draft_id']))
$vars['draft_id'] = $_POST['draft_id'];
if(($msgid=$ticket->postMessage($vars, 'Web'))) {
$msg=__('Message Posted Successfully');
// Cleanup drafts for the ticket. If not closed, only clean
// for this staff. Else clean all drafts for the ticket.
Draft::deleteForNamespace('ticket.client.' . $ticket->getId());
// Drop attachments
$attachments->reset();
$attachments->getForm()->setSource(array());
} else {
$errors['err'] = sprintf('%s %s',
__('Unable to post the message.'),
__('Correct any errors below and try again.'));
}
} elseif(!$errors['err']) {
$errors['err'] = __('Correct any errors below and try again.');
}
break;
default:
$errors['err']=__('Unknown action');
}
}
elseif (is_object($ticket) && $ticket->getId()) {
switch(strtolower($_REQUEST['a'])) {
case 'print':
if (!$ticket || !$ticket->pdfExport($_REQUEST['psize']))
$errors['err'] = __('Unable to print to PDF.')
.' '.__('Internal error occurred');
break;
}
}
$nav->setActiveNav('tickets');
if($ticket && $ticket->checkUserAccess($thisclient)) {
if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'edit'
&& $ticket->hasClientEditableFields()) {
$inc = 'edit.inc.php';
if (!$forms) $forms=DynamicFormEntry::forTicket($ticket->getId());
// Auto add new fields to the entries
foreach ($forms as $form) {
$form->filterFields(function($f) { return !$f->isStorable(); });
$form->addMissingFields();
}
}
else
$inc='view.inc.php';
} elseif($thisclient->getNumTickets($thisclient->canSeeOrgTickets())) {
$inc='tickets.inc.php';
} else {
$nav->setActiveNav('new');
$inc='open.inc.php';
}
include(CLIENTINC_DIR.'header.inc.php');
include(CLIENTINC_DIR.$inc);
print $tform->getMedia();
include(CLIENTINC_DIR.'footer.inc.php');
?>