function __construct() { parent::__construct(); $mainframe =& JFactory::getApplication(); $option = 'com_rsticketspro'; $user = JFactory::getUser(); if ($user->get('guest')) { $link = JRequest::getURI(); $link = base64_encode($link); $user_option = RSTicketsProHelper::isJ16() ? 'com_users' : 'com_user'; $mainframe->redirect(RSTicketsProHelper::route('index.php?option=' . $user_option . '&view=login&return=' . $link, false)); } $this->_db = JFactory::getDBO(); $this->_getIsStaff(); if ($this->is_staff) { $this->_getPermissions(); $departments = RSTicketsProHelper::getCurrentDepartments(); } $this->_getTicket(); if (!$this->is_staff && $this->_ticket->customer_id != $user->get('id')) { JError::raiseWarning(500, JText::_('RST_CUSTOMER_CANNOT_VIEW_TICKET')); $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false)); } if ($this->is_staff) { // staff - check if belongs to department only if he is not the customer if ($this->_ticket->customer_id != $user->get('id') && !in_array($this->_ticket->department_id, $departments)) { JError::raiseWarning(500, JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false)); } if (RSTicketsProHelper::getConfig('staff_force_departments') && !in_array($this->_ticket->department_id, $departments)) { JError::raiseWarning(500, JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false)); } if (!$this->_permissions->see_unassigned_tickets && $this->_ticket->staff_id == 0) { JError::raiseWarning(500, JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false)); } if (!$this->_permissions->see_other_tickets && $this->_ticket->staff_id > 0 && $this->_ticket->staff_id != $user->get('id')) { JError::raiseWarning(500, JText::_('RST_STAFF_CANNOT_VIEW_TICKET')); $mainframe->redirect(RSTicketsProHelper::route('index.php?option=com_rsticketspro&view=rsticketspro', false)); } } if ($mainframe->isSite()) { $pathway =& $mainframe->getPathway(); $pathway->addItem('[' . $this->_ticket->code . '] ' . $this->_ticket->subject, ''); } $document =& JFactory::getDocument(); $document->setTitle('[' . $this->_ticket->code . '] ' . $this->_ticket->subject, ''); $this->_setData(); $this->_processData(); }
function _buildQuery() { $mainframe =& JFactory::getApplication(); $option = 'com_rsticketspro'; $this->_db->setQuery("SELECT VERSION()"); $mysql_version = $this->_db->loadResult(); $what = RSTicketsProHelper::getConfig('show_user_info'); $cusername = $what == 'username' ? 'c.username AS customer' : 'c.username'; $cname = $what == 'name' ? 'c.name AS customer' : 'c.name'; $cemail = $what == 'email' ? 'c.email AS customer' : 'c.email'; $susername = $what == 'username' ? 's.username AS staff' : 's.username'; $sname = $what == 'name' ? 's.name AS staff' : 's.name'; $semail = $what == 'email' ? 's.email AS staff' : 's.email'; $query = "SELECT t.*, {$cusername}, {$cname}, {$cemail}, {$susername}, {$sname}, {$semail}, st.name AS status, pr.name AS priority FROM #__rsticketspro_tickets t LEFT JOIN #__users c ON (t.customer_id = c.id) LEFT JOIN #__users s ON (t.staff_id = s.id) LEFT JOIN #__rsticketspro_statuses st ON (st.id = t.status_id) LEFT JOIN #__rsticketspro_priorities pr ON (pr.id = t.priority_id) WHERE 1"; $user = JFactory::getUser(); // staff member ? $this->is_staff = RSTicketsProHelper::isStaff(); if ($this->is_staff) { $departments = RSTicketsProHelper::getCurrentDepartments(); // do we have a filter set ? $show_filter = $this->params->get('show_filter'); if ($show_filter) { switch ($show_filter) { case 'show_assigned': $query .= " AND staff_id = '" . (int) $user->get('id') . "'"; break; case 'show_submitted': $query .= " AND customer_id = '" . (int) $user->get('id') . "'"; break; case 'show_both': $query .= " AND (staff_id = '" . (int) $user->get('id') . "' OR customer_id = '" . (int) $user->get('id') . "')"; break; case 'show_unassigned': $query .= " AND staff_id = 0"; break; } } // detect current permissions $this->_permissions = RSTicketsProHelper::getCurrentPermissions(); // can see unassigned tickets ? if (!$this->_permissions->see_unassigned_tickets) { $query .= " AND staff_id > 0"; } // can see other (assigned) tickets ? if (!$this->_permissions->see_other_tickets) { $query .= " AND staff_id IN (0," . (int) $user->get('id') . ")"; } $flagged = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.flagged', 'flagged', 0, 'int'); if ($flagged) { $query .= " AND flagged='1'"; } } else { $query .= " AND customer_id = '" . (int) $user->get('id') . "'"; } $priority_id = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.priority_id', 'priority_id', array(0), 'array'); JArrayHelper::toInteger($priority_id, array(0)); if ($this->params->get('default_priority') && $priority_id[0] == 0) { $default_priority = $this->params->get('default_priority'); if (is_array($default_priority)) { $default_priority = implode(',', $default_priority); } $query .= " AND priority_id IN (" . $default_priority . ")"; } $status_id = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.status_id', 'status_id', array(0), 'array'); JArrayHelper::toInteger($status_id, array(0)); if ($this->params->get('default_status') && $status_id[0] == 0) { $default_status = $this->params->get('default_status'); if (is_array($default_status)) { $default_status = implode(',', $default_status); } $query .= " AND status_id IN (" . $default_status . ")"; } // are we searching ? //$task = $mainframe->getUserStateFromRequest($option.'.ticketsfilter.rsticketspro_search', 'task', '', 'int'); $task = JRequest::getCmd('task'); if ($task == 'search') { $session = JFactory::getSession(); $session->set($option . '.ticketsfilter.rsticketspro_search', 1); } $filter_word = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.filter_word', 'filter_word', ''); if ($filter_word) { $this->setState($option . '.ticketsfilter.filter_word', $filter_word); $filter_word = str_replace('%', '\\%', $filter_word); $filter_word = str_replace(' ', '%', $filter_word); $filter_word = $this->_db->getEscaped($filter_word); if (version_compare($mysql_version, '4.1', '<')) { $this->_db->setQuery("SELECT ticket_id FROM #__rsticketspro_ticket_messages WHERE message LIKE '%" . $filter_word . "%'"); $ticket_ids = $this->_db->loadResultArray(); if (empty($ticket_ids)) { $ticket_ids = array(0); } $query .= " AND (code LIKE '%" . $filter_word . "%' OR subject LIKE '%" . $filter_word . "%' OR t.id IN (" . implode(',', $ticket_ids) . "))"; } else { $query .= " AND (code LIKE '%" . $filter_word . "%' OR subject LIKE '%" . $filter_word . "%' OR t.id IN (SELECT ticket_id FROM #__rsticketspro_ticket_messages WHERE message LIKE '%" . $filter_word . "%'))"; } } $customer = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.customer', 'customer', '', 'string'); if ($customer && is_string($customer)) { $this->setState($option . '.ticketsfilter.customer', $customer); $customer = str_replace('%', '\\%', $customer); $customer = str_replace(' ', '%', $customer); $customer = $this->_db->getEscaped($customer); $query .= " AND (c.username LIKE '%" . $customer . "%' OR c.name LIKE '%" . $customer . "%' OR c.email LIKE '%" . $customer . "%')"; } $staff = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.staff', 'staff', ''); if (($staff || $staff === '0') && !is_object($staff) && !is_array($staff)) { $this->setState($option . '.ticketsfilter.staff', $staff); $staff = str_replace('%', '\\%', $staff); $staff = str_replace(' ', '%', $staff); $staff = $this->_db->getEscaped($staff); if ($staff === '0') { $query .= " AND staff_id = 0"; } else { $query .= " AND (s.username LIKE '%" . $staff . "%' OR s.name LIKE '%" . $staff . "%' OR s.email LIKE '%" . $staff . "%')"; } } $department_id = $mainframe->getUserStateFromRequest($option . '.ticketsfilter.department_id', 'department_id', array(0), 'array'); JArrayHelper::toInteger($department_id, array(0)); if (@$department_id[0] != 0) { $query .= " AND department_id IN (" . implode(',', $department_id) . ")"; } if ($this->is_staff && !empty($departments)) { if ($show_filter != 'show_assigned' && $show_filter != 'show_unassigned') { $query .= " AND (department_id IN (" . implode(',', $departments) . ") OR customer_id='" . $user->get('id') . "')"; } else { $query .= " AND department_id IN (" . implode(',', $departments) . ")"; } } $this->setState($option . '.ticketsfilter.department_id', $department_id); if ($priority_id) { if ($priority_id[0] != 0) { $query .= " AND priority_id IN (" . implode(',', $priority_id) . ")"; } $this->setState($option . '.ticketsfilter.priority_id', $priority_id); } if ($status_id) { if ($status_id[0] != 0) { $query .= " AND status_id IN (" . implode(',', $status_id) . ")"; } $this->setState($option . '.ticketsfilter.status_id', $status_id); } // end search check $sortColumn = $this->_db->getEscaped($this->getSortColumn()); $sortOrder = $this->_db->getEscaped($this->getSortOrder()); $query .= " ORDER BY " . $sortColumn . " " . $sortOrder; return $query; }
function getDepartments($show_please_select = false) { $db = JFactory::getDBO(); $db->setQuery("SELECT * FROM #__rsticketspro_departments WHERE `published`='1' ORDER BY `ordering` ASC"); $results = $db->loadObjectList(); $return = array(); if ($show_please_select) { $return[] = JHTML::_('select.option', '', JText::_('RST_PLEASE_SELECT_DEPARTMENT')); } $force_departments = RSTicketsProHelper::getConfig('staff_force_departments'); $is_staff = RSTicketsProHelper::isStaff(); $departments = RSTicketsProHelper::getCurrentDepartments(); foreach ($results as $result) { if ($is_staff && $force_departments && !in_array($result->id, $departments)) { continue; } $return[] = JHTML::_('select.option', $result->id, JText::_($result->name)); } return $return; }