Skip to content
Permalink
Browse files

fix(permissions): role hierarchy not allowing ticket status updates

  • Loading branch information...
polonel committed Apr 10, 2019
1 parent 0f67611 commit 51029b6f75d1a74a03bb647ef2a054a717241677
Showing with 23 additions and 5 deletions.
  1. +3 −1 src/controllers/tickets.js
  2. +20 −4 src/views/subviews/singleticket.hbs
@@ -477,7 +477,9 @@ ticketsController.single = function (req, res) {
async.waterfall(
[
function (next) {
if (!req.user.role.isAdmin && !req.user.role.isAgent) return next(null, ticket.group.members)
if (!req.user.role.isAdmin && !req.user.role.isAgent) {
return groupSchema.getAllGroupsOfUserNoPopulate(req.user._id, next)
}

departmentSchema.getUserDepartments(req.user._id, function (err, departments) {
if (err) return next(err)
@@ -23,7 +23,11 @@
<div class="ticket-status ticket-new"><span>New</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-new"><span>New</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-new cursor-pointer" ng-click="showStatusSelect()"><span>New</span></div>
{{else}}
<div class="ticket-status ticket-new"><span>New</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 1}}
@@ -34,7 +38,11 @@
<div class="ticket-status ticket-open"><span>Open</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-open"><span>Open</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-open cursor-pointer" ng-click="showStatusSelect()"><span>Open</span></div>
{{else}}
<div class="ticket-status ticket-open"><span>Open</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 2}}
@@ -45,7 +53,11 @@
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-pending cursor-pointer" ng-click="showStatusSelect()"><span>Pending</span></div>
{{else}}
<div class="ticket-status ticket-pending"><span>Pending</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
{{#is data.ticket.status 3}}
@@ -56,7 +68,11 @@
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{/hasPermOverRole}}
{{else}}
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{#hasPermOverRole data.ticket.owner.role data.common.loggedInAccount.role "tickets:update"}}
<div title="Change Status" class="ticket-status ticket-closed cursor-pointer" ng-click="showStatusSelect()"><span>Closed</span></div>
{{else}}
<div class="ticket-status ticket-closed"><span>Closed</span></div>
{{/hasPermOverRole}}
{{/canUserOrAdmin}}
{{/is}}
<span class="drop-icon material-icons" style="left: auto; right: 22px; bottom: -18px">keyboard_arrow_down</span>

0 comments on commit 51029b6

Please sign in to comment.
You can’t perform that action at this time.