diff --git a/src/controllers/api/v1/routes.js b/src/controllers/api/v1/routes.js
index 681b3de57..bd6533c84 100644
--- a/src/controllers/api/v1/routes.js
+++ b/src/controllers/api/v1/routes.js
@@ -106,10 +106,10 @@ module.exports = function (middleware, router, controllers) {
router.post('/api/v1/public/account/create', checkCaptcha, checkOrigin, apiCtrl.users.createPublicAccount)
// Groups
- router.get('/api/v1/groups', apiv1, canUser('groups:view'), apiCtrl.groups.get)
+ router.get('/api/v1/groups', apiv1, apiCtrl.groups.get)
router.get('/api/v1/groups/all', apiv1, canUser('groups:view'), apiCtrl.groups.getAll)
router.post('/api/v1/groups/create', apiv1, canUser('groups:create'), apiCtrl.groups.create)
- router.get('/api/v1/groups/:id', apiv1, canUser('groups:view'), apiCtrl.groups.getSingleGroup)
+ router.get('/api/v1/groups/:id', apiv1, apiCtrl.groups.getSingleGroup)
router.put('/api/v1/groups/:id', apiv1, canUser('groups:update'), apiCtrl.groups.updateGroup)
router.delete('/api/v1/groups/:id', apiv1, canUser('groups:delete'), apiCtrl.groups.deleteGroup)
@@ -155,7 +155,7 @@ module.exports = function (middleware, router, controllers) {
router.post(genBaseUrl + 'tickets_by_user', apiv1, canUser('reports:create'), reportsGenCtrl.ticketsByUser)
// Settings
- router.get('/api/v1/settings', apiv1, isAdmin, apiCtrl.settings.getSettings)
+ router.get('/api/v1/settings', apiv1, apiCtrl.settings.getSettings)
router.put('/api/v1/settings', apiv1, isAdmin, apiCtrl.settings.updateSetting)
router.post('/api/v1/settings/testmailer', apiv1, isAdmin, apiCtrl.settings.testMailer)
router.put('/api/v1/settings/mailer/template/:id', apiv1, isAdmin, apiCtrl.settings.updateTemplateSubject)
diff --git a/src/controllers/api/v1/settings.js b/src/controllers/api/v1/settings.js
index 390f7e554..d904a53df 100644
--- a/src/controllers/api/v1/settings.js
+++ b/src/controllers/api/v1/settings.js
@@ -32,6 +32,30 @@ apiSettings.getSettings = function (req, res) {
settingsUtil.getSettings(function (err, settings) {
if (err) return res.status(400).json({ success: false, error: err })
+ // Sanitize
+ if (!req.user.role.isAdmin) {
+ delete settings.data.settings.mailerHost
+ delete settings.data.settings.mailerSSL
+ delete settings.data.settings.mailerPort
+ delete settings.data.settings.mailerUsername
+ delete settings.data.settings.mailerPassword
+ delete settings.data.settings.mailerFrom
+ delete settings.data.settings.mailerCheckEnabled
+ delete settings.data.settings.mailerCheckPolling
+ delete settings.data.settings.mailerCheckHost
+ delete settings.data.settings.mailerCheckPort
+ delete settings.data.settings.mailerCheckPassword
+ delete settings.data.settings.mailerCheckTicketType
+ delete settings.data.settings.mailerCheckTicketPriority
+ delete settings.data.settings.mailerCheckCreateAccount
+ delete settings.data.settings.mailerCheckDeleteMessage
+ delete settings.data.settings.tpsEnabled
+ delete settings.data.settings.tpsUsername
+ delete settings.data.settings.tpsApiKey
+
+ delete settings.data.mailTemplates
+ }
+
return res.json({ success: true, settings: settings })
})
}
diff --git a/src/helpers/hbs/helpers.js b/src/helpers/hbs/helpers.js
index 2f81811f3..4bad268e0 100644
--- a/src/helpers/hbs/helpers.js
+++ b/src/helpers/hbs/helpers.js
@@ -693,7 +693,7 @@ var helpers = {
var p = require('../../permissions')
if (p.canThis(user.role, perm)) return options.fn(this)
- options.inverse(this)
+ return options.inverse(this)
},
checkRole: function (role, perm, options) {
diff --git a/src/public/js/app.js b/src/public/js/app.js
index 8a069c3c2..55fee8055 100644
--- a/src/public/js/app.js
+++ b/src/public/js/app.js
@@ -36,6 +36,7 @@ require(['jquery', 'modules/helpers', 'angular', 'async', 'angularjs/services'],
}
],
function (err) {
+ if (err) console.log(err)
if (err) throw new Error(err)
require(['angularjs/main'], function () {
diff --git a/src/views/partials/settings/permissions.hbs b/src/views/partials/settings/permissions.hbs
index de245a19b..216d96827 100644
--- a/src/views/partials/settings/permissions.hbs
+++ b/src/views/partials/settings/permissions.hbs
@@ -232,7 +232,7 @@
diff --git a/src/views/subviews/profile.hbs b/src/views/subviews/profile.hbs
index c901472e1..35a22e07e 100644
--- a/src/views/subviews/profile.hbs
+++ b/src/views/subviews/profile.hbs
@@ -133,7 +133,7 @@
diff --git a/src/views/subviews/singleticket.hbs b/src/views/subviews/singleticket.hbs
index 25ce942c4..5a75c46ea 100644
--- a/src/views/subviews/singleticket.hbs
+++ b/src/views/subviews/singleticket.hbs
@@ -14,28 +14,28 @@
{{data.ticket.status}}
{{#is data.ticket.status 0}}
- {{#canUserOrAdmin data.user "agent:*"}}
+ {{#canUserOrAdmin data.common.loggedInAccount "agent:*"}}
New
{{else}}
New
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 1}}
- {{#canUserOrAdmin data.user "agent:*"}}
+ {{#canUserOrAdmin data.common.loggedInAccount "agent:*"}}
Open
{{else}}
Open
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 2}}
- {{#canUserOrAdmin data.user "agent:*"}}
+ {{#canUserOrAdmin data.common.loggedInAccount "agent:*"}}
Pending
{{else}}
Pending
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 3}}
- {{#canUserOrAdmin data.user "agent:*"}}
+ {{#canUserOrAdmin data.common.loggedInAccount "agent:*"}}
Closed
{{else}}
Closed
@@ -59,7 +59,7 @@
{{#if data.ticket.assignee}}
@@ -294,7 +294,7 @@
- {{#hasPermOverRole data.ticket.owner.role data.user.role 'tickets:notes'}}
+ {{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role 'tickets:notes'}}
Notes
{{size data.ticket.notes}}