Fixes zammad#967 - Access to my own Tickets (where I'm customer of) i…

…n a Group im not Agent.

app/assets/javascripts/app/controllers/customer_ticket_create.coffee

@@ -212,4 +212,15 @@ class Index extends App.ControllerContent
     @formEnable(@$('.js-submit'), 'button')
 
 App.Config.set('customer_ticket_new', Index, 'Routes')
-App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], setting: ['customer_ticket_create'], divider: true }, 'NavBarRight')
+App.Config.set('CustomerTicketNew', {
+  prio: 8003,
+  parent: '#new',
+  name: 'New Ticket',
+  translate: true,
+  target: '#customer_ticket_new',
+  permission: (navigation) ->
+    return false if navigation.permissionCheck('ticket.agent')
+    return navigation.permissionCheck('ticket.customer')
+  setting: ['customer_ticket_create'],
+  divider: true
+}, 'NavBarRight')

app/assets/javascripts/app/controllers/navigation.coffee

@@ -361,6 +361,7 @@ class App.Navigation extends App.ControllerWidgetPermanent
 
   filterNavbarPermissionOk: (item) ->
     return true unless item.permission
+    return item.permission(@) if typeof item.permission is 'function'
 
     return _.any item.permission, (permissionName) =>
       return @permissionCheck(permissionName)

app/assets/javascripts/app/controllers/ticket_overview.coffee

@@ -1049,35 +1049,34 @@ class Table extends App.Controller
       ticketListShow.push App.Ticket.find(ticket.id)
 
     # if customer and no ticket exists, show the following message only
-    if !ticketListShow[0] && @permissionCheck('ticket.customer')
+    if !ticketListShow[0] && !@permissionCheck('ticket.agent')
       @html App.view('customer_not_ticket_exists')()
       return
 
     # set page title
     @overview = App.Overview.find(overview.id)
 
     # render init page
-    checkbox = true
+    checkbox = false
     edit     = false
     if @permissionCheck('admin.overview')
       edit = true
-    if @permissionCheck('ticket.customer')
-      checkbox = false
-      edit     = false
-    view_modes = [
-      {
-        name:  'S'
-        type:  's'
-        class: 'active' if @view_mode is 's'
-      },
-      {
-        name:  'M'
-        type:  'm'
-        class: 'active' if @view_mode is 'm'
-      }
-    ]
-    if @permissionCheck('ticket.customer')
-      view_modes = []
+    if @permissionCheck('ticket.agent')
+      checkbox = true
+    view_modes = []
+    if @permissionCheck('ticket.agent')
+      view_modes = [
+        {
+          name:  'S'
+          type:  's'
+          class: 'active' if @view_mode is 's'
+        },
+        {
+          name:  'M'
+          type:  'm'
+          class: 'active' if @view_mode is 'm'
+        }
+      ]
     html = App.view('agent_ticket_view/content')(
       overview:   @overview
       view_modes: view_modes

app/assets/javascripts/app/controllers/ticket_zoom.coffee

@@ -137,59 +137,74 @@ class App.TicketZoom extends App.Controller
     )
 
   load: (data, ignoreSame = false, local = false) =>
-
-    # check if ticket has changed
     newTicketRaw = data.assets.Ticket[@ticket_id]
-    #console.log(newTicketRaw.updated_at)
-    #console.log(@ticketUpdatedAtLastCall)
 
+    loadAssets = true
     if @ticketUpdatedAtLastCall
 
       # ignore if record is already shown
       if ignoreSame && new Date(newTicketRaw.updated_at).getTime() is new Date(@ticketUpdatedAtLastCall).getTime()
         #console.log('debug no fetched, current ticket already there or requested')
-        return
+        loadAssets = false
 
       # do not render if newer ticket is already requested
       if new Date(newTicketRaw.updated_at).getTime() < new Date(@ticketUpdatedAtLastCall).getTime()
         #console.log('fetched no fetch, current ticket already newer')
-        return
+        loadAssets = false
 
       # remember current record if newer as requested record
       if new Date(newTicketRaw.updated_at).getTime() > new Date(@ticketUpdatedAtLastCall).getTime()
         @ticketUpdatedAtLastCall = newTicketRaw.updated_at
     else
       @ticketUpdatedAtLastCall = newTicketRaw.updated_at
 
-    # notify if ticket changed not by my self
-    if @initFetched
-      if newTicketRaw.updated_by_id isnt @Session.get('id')
-        App.TaskManager.notify(@taskKey)
-    @initFetched = true
+    # load assets
+    if loadAssets
 
-    if !@doNotLog
-      @doNotLog = 1
-      @recentView('Ticket', @ticket_id)
+      # notify if ticket changed not by my self
+      if @initFetched
+        if newTicketRaw.updated_by_id isnt @Session.get('id')
+          App.TaskManager.notify(@taskKey)
+      @initFetched = true
 
-    # remember article ids
-    @ticket_article_ids = data.ticket_article_ids
+      if !@doNotLog
+        @doNotLog = 1
+        @recentView('Ticket', @ticket_id)
 
-    # remember link
-    @links = data.links
+      # remember article ids
+      @ticket_article_ids = data.ticket_article_ids
 
-    # remember tags
-    @tags = data.tags
+      # remember link
+      @links = data.links
 
-    # get edit form attributes
-    @formMeta = data.form_meta
+      # remember tags
+      @tags = data.tags
 
-    # load assets
-    App.Collection.loadAssets(data.assets, targetModel: 'Ticket')
+      App.Collection.loadAssets(data.assets, targetModel: 'Ticket')
 
-    # get data
-    @ticket = App.Ticket.fullLocal(@ticket_id)
+    # get ticket
+    @ticket         = App.Ticket.fullLocal(@ticket_id)
     @ticket.article = undefined
 
+    view       = @ticket.currentView()
+    readable   = @ticket.userGroupAccess('read')
+    changeable = @ticket.userGroupAccess('change')
+    fullable   = @ticket.userGroupAccess('full')
+    formMeta   = data.form_meta
+
+    # on the following states we want to rerender the ticket:
+    # - if the object attribute configuration has changed (attribute values, restrictions, filters)
+    # - if the user view has changed (agent/customer)
+    # - if the ticket permission has changed (read/write/full)
+    if @view && ( !_.isEqual(@formMeta, formMeta) || @view isnt view || @readable isnt readable || @changeable isnt changeable || @fullable isnt fullable )
+      @renderDone = false
+
+    @view       = view
+    @readable   = readable
+    @changeable = changeable
+    @fullable   = fullable
+    @formMeta   = formMeta
+
     # render page
     @render(local)
 
@@ -410,7 +425,6 @@ class App.TicketZoom extends App.Controller
       elLocal = $(App.view('ticket_zoom')
         ticket:         @ticket
         nav:            @nav
-        isCustomer:     @permissionCheck('ticket.customer')
         scrollbarWidth: App.Utils.getScrollBarWidth()
         dir:            App.i18n.dir()
       )
@@ -460,6 +474,7 @@ class App.TicketZoom extends App.Controller
 
       @highligher = new App.TicketZoomHighlighter(
         el:        elLocal.find('.js-highlighterContainer')
+        ticket:    @ticket
         ticket_id: @ticket_id
       )
 
@@ -611,12 +626,12 @@ class App.TicketZoom extends App.Controller
         subject:     ''
         type:        'note'
         body:        ''
-        internal:    internal
+        internal:    ''
         in_reply_to: ''
         subtype:     ''
 
-    if @permissionCheck('ticket.customer')
-      currentStore.article.internal = ''
+    if @ticket.currentView() is 'agent'
+      currentStore.article.internal = internal
 
     currentStore
 
@@ -637,7 +652,7 @@ class App.TicketZoom extends App.Controller
     return if modelDiff.ticket.state_id
 
     # and we are in the customer interface
-    return if !@permissionCheck('ticket.customer')
+    return if @ticket.currentView() isnt 'customer'
 
     # and the default is was not set before
     return if @isDefaultFollowUpStateSet
@@ -676,7 +691,7 @@ class App.TicketZoom extends App.Controller
 
     delete currentParams.article.form_id
 
-    if @permissionCheck('ticket.customer')
+    if @ticket.currentView() is 'customer'
       currentParams.article.internal = ''
 
     currentParams
@@ -802,7 +817,7 @@ class App.TicketZoom extends App.Controller
       )
 
     # set defaults
-    if !@permissionCheck('ticket.customer')
+    if ticket.currentView() is 'agent'
       if !ticket['owner_id']
         ticket['owner_id'] = 1
 
@@ -875,7 +890,7 @@ class App.TicketZoom extends App.Controller
       return
 
     # time tracking
-    if @permissionCheck('ticket.customer')
+    if ticket.currentView() is 'customer'
       @submitPost(e, ticket, macro)
       return
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/delete.coffee

@@ -41,7 +41,7 @@ class Delete
     timeframe_miliseconds - (now - created_at)
 
   @deletableForAgent: (actions, ticket, article, ui) ->
-    return false if !ui.permissionCheck('ticket.agent')
+    return false if ticket.currentView() is 'customer'
     return false if article.created_by_id != App.User.current()?.id
     return false if article.type.communication
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/email_reply.coffee

@@ -1,6 +1,6 @@
 class EmailReply extends App.Controller
   @action: (actions, ticket, article, ui) ->
-    return actions if !ui.permissionCheck('ticket.agent')
+    return actions if ticket.currentView() is 'customer'
     group = ticket.group
     return actions if !group.email_address_id
 
@@ -241,7 +241,7 @@ class EmailReply extends App.Controller
     true
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
     group = ticket.group
     return articleTypes if !group.email_address_id
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/facebook_reply.coffee

@@ -1,6 +1,6 @@
 class FacebookReply
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     if article.type.name is 'facebook feed post' || article.type.name is 'facebook feed comment'
       actions.push {
@@ -35,7 +35,7 @@ class FacebookReply
     true
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
 
     return articleTypes if !ticket || !ticket.create_article_type_id
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/internal.coffee

@@ -1,6 +1,6 @@
 class Internal
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     if article.internal is true
       actions.push {

app/assets/javascripts/app/controllers/ticket_zoom/article_action/note.coffee

@@ -7,7 +7,7 @@ class Note
 
   @articleTypes: (articleTypes, ticket, ui) ->
     internal = false
-    if ui.permissionCheck('ticket.agent')
+    if ticket.currentView() is 'agent'
       internal = ui.Config.get('ui_ticket_zoom_article_note_new_internal')
 
     articleTypes.push {

app/assets/javascripts/app/controllers/ticket_zoom/article_action/phone_reply.coffee

@@ -6,7 +6,7 @@ class PhoneReply
     true
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
     articleTypes.push {
       name:       'phone'
       icon:       'phone'

app/assets/javascripts/app/controllers/ticket_zoom/article_action/sms_reply.coffee

@@ -1,6 +1,6 @@
 class SmsReply
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     if article.sender.name is 'Customer' && article.type.name is 'sms'
       actions.push {
@@ -43,7 +43,7 @@ class SmsReply
     true
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
 
     return articleTypes if !ticket || !ticket.create_article_type_id
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/split.coffee

@@ -1,6 +1,6 @@
 class Split
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     actions.push {
       name: 'split'

app/assets/javascripts/app/controllers/ticket_zoom/article_action/telegram.coffee

@@ -1,6 +1,6 @@
 class TelegramReply
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     if article.sender.name is 'Customer' && article.type.name is 'telegram personal-message'
       actions.push {
@@ -43,7 +43,7 @@ class TelegramReply
     true
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
 
     return articleTypes if !ticket || !ticket.create_article_type_id
 

app/assets/javascripts/app/controllers/ticket_zoom/article_action/twitter_reply.coffee

@@ -1,6 +1,6 @@
 class TwitterReply
   @action: (actions, ticket, article, ui) ->
-    return actions if ui.permissionCheck('ticket.customer')
+    return actions if ticket.currentView() is 'customer'
 
     if article.type.name is 'twitter status'
       actions.push {
@@ -126,7 +126,7 @@ class TwitterReply
     })
 
   @articleTypes: (articleTypes, ticket, ui) ->
-    return articleTypes if !ui.permissionCheck('ticket.agent')
+    return articleTypes if ticket.currentView() is 'customer'
 
     return articleTypes if !ticket || !ticket.create_article_type_id