Skip to content

Commit

Permalink
fix(permissions): role hierarchy not allowing ticket status updates
Browse files Browse the repository at this point in the history
  • Loading branch information
polonel committed Apr 10, 2019
1 parent 0f67611 commit 51029b6
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 5 deletions.
4 changes: 3 additions & 1 deletion src/controllers/tickets.js
Original file line number Diff line number Diff line change
Expand Up @@ -477,7 +477,9 @@ ticketsController.single = function (req, res) {
async.waterfall(
[
function (next) {
if (!req.user.role.isAdmin && !req.user.role.isAgent) return next(null, ticket.group.members)
if (!req.user.role.isAdmin && !req.user.role.isAgent) {
return groupSchema.getAllGroupsOfUserNoPopulate(req.user._id, next)
}

departmentSchema.getUserDepartments(req.user._id, function (err, departments) {
if (err) return next(err)
Expand Down
24 changes: 20 additions & 4 deletions src/views/subviews/singleticket.hbs
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,11 @@
<div class="ticket-status ticket-new"><span>New</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-new"><span>New</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-new cursor-pointer" ng-click="showStatusSelect()"><span>New</span></div>
{{else}}
<div class="ticket-status ticket-new"><span>New</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 1}}
Expand All @@ -34,7 +38,11 @@
<div class="ticket-status ticket-open"><span>Open</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-open"><span>Open</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-open cursor-pointer" ng-click="showStatusSelect()"><span>Open</span></div>
{{else}}
<div class="ticket-status ticket-open"><span>Open</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 2}}
Expand All @@ -45,7 +53,11 @@
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-pending cursor-pointer" ng-click="showStatusSelect()"><span>Pending</span></div>
{{else}}
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 3}}
Expand All @@ -56,7 +68,11 @@
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-closed cursor-pointer" ng-click="showStatusSelect()"><span>Closed</span></div>
{{else}}
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
<span class="drop-icon material-icons" style="left: auto; right: 22px; bottom: -18px">keyboard_arrow_down</span>
Expand Down

0 comments on commit 51029b6

Please sign in to comment.