Hi guys,
Was wondering if someone could point me to the correct PHP file/function/method etc. that would check the logged in Agent's department access.
I want to run some code on the main Agent dashboard but only for Agents who are part of the "IT" department.
All other agents in other departments should not be able to see whatever the code does.
Is this feasible?
My specs:
osTicket Version: 1.10.4
Webserver: Apache
MySQL: v5.7.23
PHP: v5.6.35
OS: Ubuntu 16.04.1
$staff->getDepartments(); will give you the agent's department.
staff->dept_access; will give you Department access (dept_id, role_id).
$staff->canAccessDept($dept_id); will check if the agent can access a certain Dept by ID.
Basically, just check the include/class.staff.php file for more information.
Cheers.
Thanks man! Appreciate it.
The dept_id, is that whatever is in the database under the ost_department table?
So if under that table, in the id column, lets say it has a value of "1" for the IT department would it be setup in this fashion?
if(staff->canAccessDept(1)) {
echo "Hey";
}
Correctamundo.
if ($staff->canAccessDept((int) 1)) {
echo "Hey";
}The above states:
If the $staff can access Department with ID of 1 then echo "Hey".
Cheers.
Super appreciative man, thank you very much.
Just to let others know if they're curious, I've installed this live-chat side-by-side with osTicket: https://livehelperchat.com/osticket-extension-394a.html
Its called Live Helper Chat.
It also includes a way to embed a chatbox.
I'm basically allowing an internal chatbox for the IT department to osTicket.
However we have other departments that utilize the osTicket system as well, and I want to dedicate this internal chat for IT agents only. Hence the request above.
I am editing the "header.inc.php" file. Not sure if this is the best one, but it was the only one I was able to get the chat widget to appear consistently on osTicket for staff.
At the bottom of that file I've included this snippet of code:
<?php
require_once(INCLUDE_DIR.'class.staff.php');
if ($staff->canAccessDept((int) 1)) {
echo "<script type='text/javascript'>";
echo "var LHCChatboxOptions = {hashchatbox:'empty',identifier:'default',status_text:'Chatbox'};";
echo "(function() {";
echo "var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;";
echo "po.src = '//10.2.10.108/lhc/index.php/chatbox/getstatus/(position)/bottom_right/(top)/300/(units)/pixels/(width)/300/(height)/300/(chat_height)/220';";
echo "var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);";
echo "})();";
echo "</script>";
}
?>
However now the ticket queue below the upper dashboard has become completely invisible and I'm not sure why....
I can see the dashboard, settings, manage, emails, agents, etc. links/menus up above but nothing below.
I think I'm screwing up with the 'include' of the class.staff.php... maybe its not a require_once but an include_once I need to use?
Regardless, when I figure it out, I can write up a bash script to automate the install/config of the Live Helper Chat and write a tutorial on how to get it to show up on your Staff page and IDEALLY get it so you can dictate which departments have which chats.
This works great because you can create multiple 'chats' per departments natively within Live Helper Chat UI and then add the chat 'ID' to that snippet of javascript code (up above) to tell it which chat widget to call.
Also, how did you get code to show up in the code-box @KevinTheJedi ! lol, I haven't figured out this new forum yet.
EDIT: NVM figured it out ? its bracket code close-bracket btw guys...
All I have to say is please be careful using 3rd party apps/extensions and always, always, ALWAYS look at every bit of the source code to make sure it's not doing anything malicious (if you don't understand a piece of it research it until you do). You don't know what the code truly does and if it has opened holes for XSS attacks, SQL injections, etc. or even if it sends your data somewhere else. So just...please be careful.
Side Note:
Also, be careful when posting guides/tutorials on connecting 3rd party apps/extensions as you could be leading someone down a hole that opens the aforementioned attacks. Not fun lol ?
Cheers.
Thank you for the heads-up.
Our current system is strictly internal and not open to the WAN.
But I will see about maybe getting some devs to comb through this application and see if there are some critical vulnerabilities.
I wouldn't use require_once() nor include_once() as I believe class.staff.php is already required elsewhere. If $staff object isn't working for you out of the gate then use $thisstaff (current staff).
Cheers.
Also, instead of echo-ing a bunch of times just end the PHP block, enter the JS, then open the block back up:
<?php
if ($thisstaff->canAccessDept((int) 1)) {
?>
<script type='text/javascript'>
var LHCChatboxOptions = {hashchatbox:'empty',identifier:'default',status_text:'Chatbox'};
(function() {
var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true;
po.src = '//10.2.10.108/lhc/index.php/chatbox/getstatus/(position)/bottom_right/(top)/300/(units)/pixels/(width)/300/(height)/300/(chat_height)/220';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s);
})();
</script>
<?php
}
?>Makes for much cleaner code ??
Here is a frame of reference for what I'm talking about in the source code:
https://github.com/osTicket/osTicket/blob/develop/include/class.forms.php#L3947-L3973
Cheers.
YES! Thank you so much man, that was it!
FYI, for whatever reason I had to uncheck "Fall back to primary role on assignments" on the Agent profiles to ensure that agents that were not part of the IT department would not see the chat.
EDIT: Holy crap, thanks for the cleaned-up code man!
I will post back here some pics/notes/scripts for the install with the WARNING you listed above about using 3rd party applications / security issues etc.