Ticket: #add Allow category manager to view all tickets in his category (#6501)

yverhenne · web-flow · commit 3bcb5a21784f · 2025-08-01T10:33:51.000+02:00
Author: @yverhenne
diff --git a/main/inc/lib/TicketManager.php b/main/inc/lib/TicketManager.php
@@ -242,6 +242,39 @@ public static function getUsersInCategory($categoryId)
         return Database::store_result($result);
     }
 
+    /**
+     * Returns the list of category IDs assigned to a user.
+     *
+     * @param int $userId
+     * @param int $projectId
+     *
+     * @return int[]
+     */
+    public static function getCategoryIdsByUser($userId, $projectId = 0)
+    {
+        $tableRel = Database::get_main_table(TABLE_TICKET_CATEGORY_REL_USER);
+        $tableCat = Database::get_main_table(TABLE_TICKET_CATEGORY);
+        $userId = (int) $userId;
+        $projectId = (int) $projectId;
+
+        $sql = "SELECT rel.category_id
+                FROM $tableRel rel
+                INNER JOIN $tableCat cat ON (rel.category_id = cat.id)
+                WHERE rel.user_id = $userId";
+
+        if (!empty($projectId)) {
+            $sql .= " AND cat.project_id = $projectId";
+        }
+
+        $result = Database::query($sql);
+        $categories = [];
+        while ($row = Database::fetch_array($result)) {
+            $categories[] = (int) $row['category_id'];
+        }
+
+        return $categories;
+    }
+
     /**
      * @param int $categoryId
      */
@@ -902,7 +935,14 @@ public static function getTicketsByCurrentUser(
 
         // Check if a role was set to the project
         if ($userIsAllowInProject == false) {
-            $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId )";
+            $categoryList = self::getCategoryIdsByUser($userId, $projectId);
+            $categoryCondition = '';
+            if (!empty($categoryList)) {
+                $categoryIds = implode(',', array_map('intval', $categoryList));
+                $categoryCondition = " OR ticket.category_id IN ($categoryIds)";
+            }
+
+            $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId".$categoryCondition.")";
         }
 
         // Search simple
@@ -1094,11 +1134,25 @@ public static function getTotalTicketsCurrentUser()
         // Check if a role was set to the project
         if (!empty($allowRoleList) && is_array($allowRoleList)) {
             if (!in_array($userInfo['status'], $allowRoleList)) {
-                $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId )";
+                $categoryList = self::getCategoryIdsByUser($userId, $projectId);
+                $categoryCondition = '';
+                if (!empty($categoryList)) {
+                    $categoryIds = implode(',', array_map('intval', $categoryList));
+                    $categoryCondition = " OR ticket.category_id IN ($categoryIds)";
+                }
+
+                $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId".$categoryCondition.")";
             }
         } else {
             if (!api_is_platform_admin()) {
-                $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId )";
+                $categoryList = self::getCategoryIdsByUser($userId, $projectId);
+                $categoryCondition = '';
+                if (!empty($categoryList)) {
+                    $categoryIds = implode(',', array_map('intval', $categoryList));
+                    $categoryCondition = " OR ticket.category_id IN ($categoryIds)";
+                }
+
+                $sql .= " AND (ticket.assigned_last_user = $userId OR ticket.sys_insert_user_id = $userId".$categoryCondition.")";
             }
         }
 
@@ -2588,4 +2642,4 @@ public static function notifiyTicketUpdated(int $ticketId, int $categoryId, stri
             }
         }
     }
-}
+}
diff --git a/main/ticket/ticket_details.php b/main/ticket/ticket_details.php
@@ -134,10 +134,14 @@ class: "controls"
 $allowEdition = $ticket['ticket']['assigned_last_user'] == $user_id ||
     $ticket['ticket']['sys_insert_user_id'] == $user_id ||
     $isAdmin;
+$allowCategory = TicketManager::userIsAssignedToCategory(
+    $user_id,
+    $ticket['ticket']['category_id']
+);
 
 if (false === $userIsAllowInProject) {
-    // make sure it's either a user assigned to this ticket, or the reporter, or and admin
-    if (false === $allowEdition) {
+    // make sure it's either a user assigned to this ticket, the reporter, an admin or the category manager
+    if (false === $allowEdition && false === $allowCategory) {
         api_not_allowed(true);
     }
 }
@@ -539,4 +543,4 @@ function getForm($ticket)
     $form->addButtonSend(get_lang('Send'));
 
     return $form;
-}
+}
