Closed (fixed)
Project:
Support Timer
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Bug report
Assigned:
Reporter:
Created:
23 Oct 2009 at 15:53 UTC
Updated:
24 Dec 2009 at 22:50 UTC
Support Timer comes with a permission called, "view time spent". It is assumed that only those with "view time spent" permissions would be able to view the time spent on each ticket. However, this is not the case. All users able to view tickets can also view the time spent on each ticket. Below is a modification to the support_timer.module to ensure only those with "view time spent" can see the time spent on tickets:
Find the code:
// Display time spent on ticket.
$timer = db_fetch_object(db_query('SELECT time, date, summary FROM {support_ticket_comment_timer} WHERE cid = %d', $comment->cid));
if (!empty($timer) && ($timer->time || $timer->date)) {
$date = date('d M Y', $timer->date);
Directly underneath it paste the following:
// Ensures only those with "view time spent" can see the time spent on tickets.
if (user_access('view time spent')) {
$comment->comment = "<div class='support-timer'><div class='time'>Time: $timer->time</div><div class='date'>Date: $date</div><div class='summary'>Summary: $timer->summary</div></div>" . $comment->comment;
}
Comments
Comment #1
jeremy commentedThanks, fix committed:
http://drupal.org/cvs?commit=300474