SD-SimpleDesk

@@ -12,6 +12,27 @@

 			<add><![CDATA[

 	elseif (!empty($_REQUEST['ticket']))

 	{

+		$_REQUEST['ticket'] = (int) $_REQUEST['ticket'];

+		// First we check that we can see said ticket and figure out what department we're in.

+		$request = shd_db_query('', '

+			SELECT hdt.id_dept

+			FROM {db_prefix}helpdesk_tickets AS hdt

+			WHERE id_ticket = {int:ticket}

+				AND {query_see_ticket}',

+			array(

+				'ticket' => $_REQUEST['ticket'],

+			)

+		);

+

+		// If there's a row, we need to process it and then issue the follow on query. If not, fall through to the next cut-off point, outside of this edit.

+		if ($smcFunc['db_num_rows']($request) != 0)

+		{

+			list($dept) = $smcFunc['db_fetch_row']($request);

+			$smcFunc['db_free_result']($request);

+

+			// Now check their permission. If they don't have permission to view in this department, bye.

+			shd_is_allowed_to('shd_view_attachment', $dept);

+			

 			// Make sure the attachment is on this ticket, note right now we're forcing it to be "approved"

 			$request = shd_db_query('', '

 				SELECT a.id_folder, a.filename, a.file_hash, a.fileext, a.id_attach, a.attachment_type, a.mime_type, 1 AS approved, hdtr.id_member

@@ -19,8 +40,7 @@

 					INNER JOIN {db_prefix}helpdesk_attachments AS hda ON (a.id_attach = hda.id_attach)

 					INNER JOIN {db_prefix}helpdesk_ticket_replies AS hdtr ON (hda.id_msg = hdtr.id_msg)

 					INNER JOIN {db_prefix}helpdesk_tickets AS hdt ON (hdtr.id_ticket = hdt.id_ticket)

-			WHERE {query_see_ticket}

-				AND a.id_attach = {int:attach}

+				WHERE a.id_attach = {int:attach}

 					AND hdt.id_ticket = {int:ticket}

 				LIMIT 1',

 				array(

@@ -28,6 +48,7 @@

 					'ticket' => (int) $_REQUEST['ticket'],

 				)

 			);

+		}

 	}]]></add>

 		</operation>

 	</file>

@@ -155,6 +155,7 @@ $txt['error_invalid_fields'] = 'The following fields have values that cannot be

 $txt['error_missing_fields'] = 'The following fields were not completed and need to be: %1$s';

 $txt['shd_cannot_move_dept'] = 'You cannot move this ticket, there is nowhere to move it to.';

 $txt['shd_no_perm_move_dept'] = 'You are not permitted to move this ticket to another department.';

+$txt['cannot_shd_delete_attachment'] = 'You are not permitted to delete attachments.';

 // The main Helpdesk.

 $txt['shd_home'] = 'Helpdesk'; // separate string in case someone wants to change it independently of the main/admin menu

@@ -248,6 +249,8 @@ $txt['shd_ticket_unassign'] = 'Un-Assign';

 $txt['shd_ticket_delete'] = 'Delete';

 $txt['shd_delete_confirm'] = 'Are you sure you want to delete this ticket? If deleted, this ticket will be moved to recycling bin.';

 $txt['shd_delete_reply_confirm'] = 'Are you sure you want to delete this reply? If deleted, this reply will be moved to the recycling bin.';

+$txt['shd_delete_attach_confirm'] = 'Are you sure you want to delete this attachment? (This cannot be undone!)';

+$txt['shd_delete_attach'] = 'Delete this attachment';

 $txt['shd_ticket_restore'] = 'Restore';

 $txt['shd_delete_permanently'] = 'Delete permanently';

 $txt['shd_delete_permanently_confirm'] = 'Are you sure you want to permanently delete this ticket? This CANNOT be undone!';

@@ -190,8 +190,12 @@ $txt['permissionname_shd_restore_reply_any'] = 'Any replies';

 //! @name Attachments

 //@{

+$txt['permissionname_shd_view_attachment'] = 'View attachments';

+$txt['permissionhelp_shd_view_attachment'] = 'This permission allows a user to view the attachments on tickets.';

 $txt['permissionname_shd_post_attachment'] = 'Post attachments';

 $txt['permissionhelp_shd_post_attachment'] = 'This permission allows a user to post attachments to tickets.';

+$txt['permissionname_shd_delete_attachment'] = 'Delete attachments';

+$txt['permissionhelp_shd_delete_attachment'] = 'This permission allows a user to remove attachments previously added to tickets.';

 //@}

 //! @name Posting proxy tickets (i.e. posting new ticket on behalf of someone else)

@@ -299,6 +303,7 @@ $txt['shd_admin_permissions_homedesc'] = 'This area allows you to configure the

 $txt['shd_permgroup_general'] = 'General helpdesk permissions';

 $txt['shd_permgroup_posting'] = 'Ticket/reply posting';

 $txt['shd_permgroup_ticketactions'] = 'Ticket actions';

+$txt['shd_permgroup_attachments'] = 'Attachments to tickets and replies';

 $txt['shd_permgroup_relationships'] = 'Relationships between tickets';

 $txt['shd_permgroup_deletion'] = 'The recycle bin and ticket/reply deletion';

 $txt['shd_permgroup_moderation'] = 'Ticket moderation and management';

@@ -307,6 +312,7 @@ $txt['shd_permgroup_profile'] = 'User profiles and options';

 $txt['shd_permgroup_short_general'] = 'General';

 $txt['shd_permgroup_short_posting'] = 'Posting';

 $txt['shd_permgroup_short_ticketactions'] = 'Actions';

+$txt['shd_permgroup_short_attachments'] = 'Attachments';

 $txt['shd_permgroup_short_relationships'] = 'Relationships';

 $txt['shd_permgroup_short_deletion'] = 'Delete/Restore';

 $txt['shd_permgroup_short_moderation'] = 'Moderation';

@@ -431,6 +431,64 @@ function shd_perma_delete()

 		fatal_lang_error('shd_no_ticket');

 }

+// Delete a given attachment from the one-click interface.

+function shd_attach_delete()

+{

+	global $smcFunc, $user_info, $context, $sourcedir;

+

+	if (empty($context['ticket_id']) || empty($_GET['attach']) || (int) $_GET['attach'] == 0)

+		fatal_lang_error('no_access', false);

+

+	$_GET['attach'] = (int) $_GET['attach'];

+

+	// Well, we have a ticket id. Let's figure out what department we're in so we can check permissions.

+	$query = shd_db_query('', '

+		SELECT hdt.id_dept, a.filename, hda.id_msg, hdt.subject

+		FROM {db_prefix}attachments AS a

+			INNER JOIN {db_prefix}helpdesk_attachments AS hda ON (hda.id_attach = a.id_attach)

+			INNER JOIN {db_prefix}helpdesk_tickets AS hdt ON (hda.id_ticket = hdt.id_ticket)

+		WHERE {query_see_ticket}

+			AND hda.id_ticket = {int:ticket}

+			AND hda.id_attach = {int:attach}

+			AND a.attachment_type = 0',

+		array(

+			'attach' => $_GET['attach'],

+			'ticket' => $context['ticket_id'],

+		)

+	);

+	if ($smcFunc['db_num_rows']($query) == 0)

+	{

+		$smcFunc['db_free_result']($query);

+		fatal_lang_error('no_access');

+	}

+

+	list($dept, $filename, $id_msg, $subject) = $smcFunc['db_fetch_row']($query);

+	$smcFunc['db_free_result']($query);

+

+	shd_is_allowed_to('shd_delete_attachment', $dept);

+

+	// So, we can delete the attachment. We already know it exists, we know we have permission.

+	$log_params = array(

+		'subject' => $subject,

+		'ticket' => $context['ticket_id'],

+		'msg' => $id_msg,

+		'att_removed' => array(htmlspecialchars($filename)),

+	);

+

+	shd_log_action('editticket', $log_params);

+

+	// Now you can delete

+	require_once($sourcedir . '/ManageAttachments.php');

+	$attachmentQuery = array(

+		'attachment_type' => 0,

+		'id_msg' => 0,

+		'id_attach' => array($_GET['attach']),

+	);

+	removeAttachments($attachmentQuery);

+

+	redirectexit('action=helpdesk;sa=ticket;ticket=' . $context['ticket_id']);

+}

+

 // Restore the given ticket from the recycling bin.

 function shd_ticket_restore()

 {

@@ -904,6 +903,9 @@ function shd_display_load_attachments()

 	$context['ticket_attach'][$modSettings['shd_attachments_mode']] = array();

+	if (!shd_allowed_to('shd_view_attachment', $context['ticket']['dept']))

+		return;

+

 	if ($modSettings['shd_attachments_mode'] == 'ticket')

 	{

 		$query = shd_db_query('', '

@@ -973,6 +975,7 @@ function shd_attachment_info($attach_info)

 	global $scripturl, $context, $modSettings, $txt, $sourcedir, $smcFunc;

 	$filename = preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($attach_info['filename']));

+	$deleteable = shd_allowed_to('shd_delete_attachment', $context['ticket']['dept']);

 	$attach = array(

 		'id' => $attach_info['id_attach'],

@@ -982,6 +985,7 @@ function shd_attachment_info($attach_info)

 		'href' => $scripturl . '?action=dlattach;ticket=' . $context['ticket_id'] . '.0;attach=' . $attach_info['id_attach'],

 		'link' => shd_attach_icon($filename) . '&nbsp;<a href="' . $scripturl . '?action=dlattach;ticket=' . $context['ticket_id'] . '.0;attach=' . $attach_info['id_attach'] . '">' . htmlspecialchars($attach_info['filename']) . '</a>',

 		'is_image' => !empty($modSettings['attachmentShowImages']) && !empty($attach_info['width']) && !empty($attach_info['height']),

+		'can_delete' => $deleteable,

 	);

 	if ($attach['is_image'])

@@ -657,6 +657,8 @@ function shd_save_ticket()

 			shd_modify_ticket_post($msgOptions, $ticketOptions, $posterOptions);

 			// OK, did we get any custom fields back?

+			if (!empty($context['custom_fields_updated']))

+			{

 				foreach ($context['custom_fields_updated'] as $field)

 				{

 					if ($field['oldvalue'] == $field['newvalue'])

@@ -666,6 +668,7 @@ function shd_save_ticket()

 					$field['subject'] = $ticketinfo['subject'];

 					shd_log_action($action, $field);

 				}

+			}

 			shd_clear_active_tickets($ticketinfo['id_member_started']);

 		}

 		shd_done_posting();

@@ -1524,6 +1527,7 @@ function shd_load_attachments()

 		$context['current_attachments'] = array();

 	$context['ticket_attach'][$modSettings['shd_attachments_mode']] = array();

+	$deleteable = shd_allowed_to('shd_delete_attachment', $context['ticket_form']['dept']);

 	// Get existing attachments

 	$query = shd_db_query('', '

@@ -1544,6 +1548,7 @@ function shd_load_attachments()

 		$context['current_attachments'][] = array(

 			'id' => $row['id_attach'],

 			'name' => preg_replace('~&#(\\d{1,7}|x[0-9a-fA-F]{1,6});~', '&#\\1;', htmlspecialchars($row['filename'])),

+			'can_delete' => $deleteable,

 		);

 	$smcFunc['db_free_result']($query);

@@ -1747,6 +1752,8 @@ function shd_handle_attachments()

 	// Check if they are trying to delete any current attachments....

 	if (isset($_POST['attach_del']))

 	{

+		shd_is_allowed_to('shd_delete_attachment', $context['ticket_form']['dept']);

+

 		$del_temp = array();

 		foreach ($_POST['attach_del'] as $i => $dummy)

 			$del_temp[$i] = (int) $dummy;

@@ -116,6 +116,7 @@ function shd_main()

 		'permadelete' => array('SimpleDesk-Delete.php', 'shd_perma_delete'),

 		'deleteticket' => array('SimpleDesk-Delete.php', 'shd_ticket_delete'),

 		'deletereply' => array('SimpleDesk-Delete.php', 'shd_reply_delete'),

+		'deleteattach' => array('SimpleDesk-Delete.php', 'shd_attach_delete'),

 		'restoreticket' => array('SimpleDesk-Delete.php', 'shd_ticket_restore'),

 		'restorereply' => array('SimpleDesk-Delete.php', 'shd_reply_restore'),

 		'emaillog' => array('SimpleDesk-Notifications.php', 'shd_notify_popup'),

@@ -42,9 +42,10 @@ function shd_load_all_permission_sets()

 			'general' => 'status.png',

 			'posting' => 'log_newticket.png',

 			'deletion' => 'log_delete.png',

-			'profile' => 'profile.png',

+			'attachments' => 'attachments.png',

 		),

 		array(

+			'profile' => 'profile.png',

 			'ticketactions' => 'assign.png',

 			'relationships' => 'relationships.png',

 			'moderation' => 'modification.png',

@@ -65,7 +66,6 @@ function shd_load_all_permission_sets()

 		'shd_edit_ticket' => array(true, 'posting', 'log_editticket.png'),

 		'shd_reply_ticket' => array(true, 'posting', 'log_newreply.png'),

 		'shd_edit_reply' => array(true, 'posting', 'log_editreply.png'),

-		'shd_post_attachment' => array(false, 'posting', 'attachments.png'),

 		'shd_post_proxy' => array(false, 'posting', 'proxy.png'),

 		'shd_override_cf' => array(false, 'posting', 'custom_fields.png'),

@@ -77,6 +77,10 @@ function shd_load_all_permission_sets()

 		'shd_alter_privacy' => array(true, 'ticketactions', 'log_markprivate.png'),

 		'shd_assign_ticket' => array(true, 'ticketactions', 'log_assign.png'),

+		'shd_view_attachment' => array(false, 'attachments', 'attachments.png'),

+		'shd_post_attachment' => array(false, 'attachments', 'attachments_add.png'),

+		'shd_delete_attachment' => array(false, 'attachments', 'attachments_delete.png'),

+

 		'shd_view_profile' => array(true, 'profile', 'profile.png'),

 		'shd_view_profile_log' => array(true, 'profile', 'log.png'),

 		'shd_view_preferences' => array(true, 'profile', 'preferences.png'),

@@ -133,6 +137,7 @@ function shd_load_role_templates()

 				'shd_edit_ticket_own' => ROLEPERM_ALLOW,

 				'shd_reply_ticket_own' => ROLEPERM_ALLOW,

 				'shd_edit_reply_own' => ROLEPERM_ALLOW,

+				'shd_view_attachment' => ROLEPERM_ALLOW,

 				'shd_post_attachment' => ROLEPERM_ALLOW,

 				'shd_resolve_ticket_own' => ROLEPERM_ALLOW,

 				'shd_unresolve_ticket_own' => ROLEPERM_ALLOW,

@@ -159,8 +164,9 @@ function shd_load_role_templates()

 				'shd_edit_ticket_any' => ROLEPERM_ALLOW,

 				'shd_reply_ticket_any' => ROLEPERM_ALLOW,

 				'shd_edit_reply_any' => ROLEPERM_ALLOW,

-				'shd_post_attachment' => ROLEPERM_ALLOW,

 				'shd_post_proxy' => ROLEPERM_ALLOW,

+				'shd_view_attachment' => ROLEPERM_ALLOW,

+				'shd_post_attachment' => ROLEPERM_ALLOW,

 				'shd_resolve_ticket_any' => ROLEPERM_ALLOW,

 				'shd_unresolve_ticket_any' => ROLEPERM_ALLOW,

 				'shd_view_ticket_logs_any' => ROLEPERM_ALLOW,

@@ -200,9 +206,11 @@ function shd_load_role_templates()

 				'shd_edit_ticket_any' => ROLEPERM_ALLOW,

 				'shd_reply_ticket_any' => ROLEPERM_ALLOW,

 				'shd_edit_reply_any' => ROLEPERM_ALLOW,

-				'shd_post_attachment' => ROLEPERM_ALLOW,

 				'shd_post_proxy' => ROLEPERM_ALLOW,

 				'shd_override_cf' => ROLEPERM_ALLOW,

+				'shd_view_attachment' => ROLEPERM_ALLOW,

+				'shd_post_attachment' => ROLEPERM_ALLOW,

+				'shd_delete_attachment' => ROLEPERM_ALLOW,

 				'shd_resolve_ticket_any' => ROLEPERM_ALLOW,

 				'shd_unresolve_ticket_any' => ROLEPERM_ALLOW,

 				'shd_view_ticket_logs_any' => ROLEPERM_ALLOW,

@@ -357,14 +357,16 @@ function template_ticket_leftcolumn()

 */

 function template_viewticketattach()

 {

-	global $context, $settings, $txt;

+	global $context, $settings, $txt, $scripturl;

+

+	$remove_txt = JavaScriptEscape($txt['shd_delete_attach_confirm']);

 	if (!empty($context['ticket_attach']['ticket']))

 	{

 		echo '	<div class="tborder">

 					<div class="title_bar grid_header">

 						<h3 class="titlebg">

-							<img src="', $settings['default_images_url'], '/simpledesk/attachments.png" alt="x" />', $txt['shd_ticket_attachments'], ' (', count($context['ticket_attach']['ticket']), ')

+							<img src="', $settings['default_images_url'], '/simpledesk/attachments.png" alt="" />', $txt['shd_ticket_attachments'], ' (', count($context['ticket_attach']['ticket']), ')

 						</h3>

 					</div>

 					<div class="windowbg2">

@@ -388,7 +390,13 @@ function template_viewticketattach()

 			echo '

 								<strong>', $attachment['link'], '</strong>

 								<span class="smalltext">

-									(', $attachment['size'], ')

+									(', $attachment['size'], ')';

+

+			if (!empty($attachment['can_delete']))

+				echo '

+									<a href="', $scripturl, '?action=helpdesk;sa=deleteattach;ticket=', $context['ticket_id'], ';attach=', $attachment['id'], '" onclick="return confirm(', $remove_txt, ');"><img src="', $settings['default_images_url'], '/simpledesk/delete.png" title="', $txt['shd_delete_attach'], '" alt="', $txt['shd_delete_attach'], '" /></a>';

+

+			echo '

 								</span>

 							</div>';

 		}

@@ -537,7 +545,9 @@ function template_quickreply()

 // Arantor: I swear I spent more time farting around with this trying to make it not look like crap than I did the rest of the thumbnail code.

 function template_inline_attachments($msg)

 {

-	global $context, $txt;

+	global $context, $txt, $scripturl, $settings;

+

+	$remove_txt = JavaScriptEscape($txt['shd_delete_attach_confirm']);

 	if (!empty($context['ticket_attach']['reply'][$msg]))

 	{

@@ -576,7 +586,14 @@ function template_inline_attachments($msg)

 			}

 			echo '

-										', $attachment['link'], '

+										', $attachment['link'];

+

+

+			if (!empty($attachment['can_delete']))

+				echo '

+									<a href="', $scripturl, '?action=helpdesk;sa=deleteattach;ticket=', $context['ticket_id'], ';attach=', $attachment['id'], '" onclick="return confirm(', $remove_txt, ');"><img src="', $settings['default_images_url'], '/simpledesk/delete.png" title="', $txt['shd_delete_attach'], '" alt="', $txt['shd_delete_attach'], '" /></a>';

+

+			echo '

 									</td>';

 			$count++;

@@ -540,7 +540,7 @@ function template_preview()

 function template_ticket_additional_options()

 {

-	global $context, $options, $txt, $modSettings;

+	global $context, $options, $txt, $modSettings, $settings;

 	echo '

 					<div class="information shd_reply_attachments" id="shd_attach_container"', !empty($context['shd_display']) ? ' style="display:none;"' : '', '>

@@ -566,7 +566,20 @@ function template_ticket_additional_options()

 						<dl id="postAttachment">

 							<dt>

 								', $txt['attached'], ':

-							</dt>

+							</dt>';

+

+		$can_delete = false;

+		foreach ($context['current_attachments'] as $attachment)

+		{

+			if (!empty($attachment['can_delete']))

+				$can_delete = true;

+			break;

+		}

+

+		if ($can_delete)

+		{

+

+			echo '

 							<dd class="smalltext">

 								<input type="hidden" name="attach_del[]" value="0" />

 								', $txt['uncheck_unwatchd_attach'], ':

@@ -576,6 +589,14 @@ function template_ticket_additional_options()

 							<dd class="smalltext">

 								<label for="attachment_', $attachment['id'], '"><input type="checkbox" id="attachment_', $attachment['id'], '" name="attach_del[]" value="', $attachment['id'], '"', empty($attachment['unchecked']) ? ' checked="checked"' : '', ' class="input_check" onclick="javascript:oAttach.checkActive();" /> ', $attachment['name'], '</label>

 							</dd>';

+		}

+		else

+		{

+			foreach ($context['current_attachments'] as $attachment)

+				echo '

+							<dd class="smalltext">', $attachment['name'], '</dd>';

+		}

+

 		echo '

 						</dl>';

 	}