Support Timer comes with a permission called, "view time spent". It is assumed that only those with "view time spent" permissions would be able to view the time spent on each ticket. However, this is not the case. All users able to view tickets can also view the time spent on each ticket. Below is a modification to the support_timer.module to ensure only those with "view time spent" can see the time spent on tickets:

Find the code:

      // Display time spent on ticket.
      $timer = db_fetch_object(db_query('SELECT time, date, summary FROM {support_ticket_comment_timer} WHERE cid = %d', $comment->cid));
      if (!empty($timer) && ($timer->time || $timer->date)) {
        $date = date('d M Y', $timer->date);

Directly underneath it paste the following:

		// Ensures only those with "view time spent" can see the time spent on tickets.
		if (user_access('view time spent')) {
				$comment->comment = "<div class='support-timer'><div class='time'>Time: $timer->time</div><div class='date'>Date: $date</div><div class='summary'>Summary: $timer->summary</div></div>" . $comment->comment;
			}

Comments

jeremy’s picture

Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.