Disabled Category still showing for limited access user

[kilimats]

I've disabled a category for a non admin user, He do not see those category tickets in his profile (which is good) but can select that hidden category when making a new ticket, is this a bug or am i missing something ?

[Klemen]

Like Microsoft would say - it's not a bug, it's a feature

Actually this is normal because usually even if a staff member doesn't have access to a category, he/she should be able to for example enter or move tickets to more appropriate category.

But I see your point, will consider adding a permission to disallow this.

[steve]

Does anybody have any idea how to make a quick hack to only show categories the logged in user has permission to view?

[Klemen]

Find the SQL code that gets category list in the file you are editing and check each category with the hesk_okCategory() function.

For example in admin_ticket.php this would probably work (didn't test it): change

Code: Select all

$categories_options='';
while ($row=hesk_dbFetchAssoc($result))

to

Code: Select all

$categories_options='';
while ($row=hesk_dbFetchAssoc($result) && hesk_okCategory($row['id'], 0) )

[steve]

That did seam to work, when this code is used the category drop down box does not have any data.


Here was my mod (admin/new_ticket.php)

Code: Select all

<?php
	if (!empty($_GET['catid']))
	{
		$_SESSION['as_category'] = intval($_GET['catid']);
	}

	$sql = 'SELECT * FROM `'.hesk_dbEscape($hesk_settings['db_pfix']).'categories` ORDER BY `cat_order` ASC';
	$result = hesk_dbQuery($sql);
	while ($row=hesk_dbFetchAssoc($result) && hesk_okCategory($row['id'], 0) )
	{
	    if (isset($_SESSION['as_category']) && $_SESSION['as_category'] == $row['id']) {$selected = ' selected="selected"';}
	    else {$selected = '';}
	    echo '<option value="'.$row['id'].'"'.$selected.'>'.$row['name'].'</option>';
	}

	?>

[Klemen]

No, sorry, after thinking about it it's wrong code, obviously

Instead of that rather add this to inside the while loop, after {

Code: Select all

if ( ! hesk_okCategory($row['id'], 0) ) {continue;}

[steve]

Perfect! Thanks Klemen

[Goue1]

Where do you add your mod in /admin/new_ticket.php ?

I'm noob in php coding..

EDIT: sorry for my mistake I find where put it!

Thanks for your job!