66use PanicHD \PanicHD \Models \Setting ;
77use PanicHD \PanicHD \Traits \TicketRoutes ;
88
9- class UserAccessMiddleware
9+ class UserAccessMiddleware
1010{
1111 use TicketRoutes;
1212 /**
@@ -20,15 +20,15 @@ class UserAccessMiddleware
2020 public function handle ($ requestClosure $ next
2121 {
2222 $ memberfindOrFail (auth ()->user ()->id );
23-
24- // Granted to all Admins
23+
24+ // Granted to all Admins
2525 if ($ memberisAdmin ()) {
2626 return $ next$ request
2727 }
28-
28+
2929 // Get Ticket instance. Fails if not found
3030 $ ticket$ this getRouteTicket ($ request
31-
31+
3232 // Ticket Owner has access
3333 if ($ memberisTicketOwner ($ ticketid )) {
3434 return $ next$ request
@@ -39,24 +39,28 @@ public function handle($request, Closure $next)
3939 if ($ memberisAssignedAgent ($ ticketid )){
4040 return $ next$ request
4141 }
42-
42+
4343 if ($ membercurrentLevel () > 1 and Setting::grab ('agent_restrict ' ) == 0 ){
4444 // Check if element is a visible item for this agent
4545 if ($ membercategories ()->where ('id ' ,$ ticketcategory_id )->count () == 1 ){
4646 return $ next$ request
4747 }
4848 }
4949 }
50-
51- // Disable comment store for foreign user
52- if ($ this mod_route_prefix != 'comment ' ) {
53- // Tickets from users in a visible ticketit_department value for current user
50+
51+ if ($ this mod_route_prefix == 'ticket ' ) {
52+ // Notified users may access the ticket
53+ if ($ ticketcommentNotifications ()->where ('member_id ' , $ memberid )->count () > 0 ){
54+ return $ next$ request
55+ }
56+
57+ // Tickets from users in a visible ticketit_department value for current user
5458 if (in_array ($ ticketuser_id , $ membergetMyNoticesUsers ())){
5559 return $ next$ request
5660 }
57- }
58-
61+ }
62+
5963 return redirect ()->action ('\PanicHD\PanicHD\Controllers\TicketsController@index ' )
6064 ->with ('warning ' , trans ('panichd::lang.you-are-not-permitted-to-access ' ));
6165 }
62- }
66+ }
0 commit comments