diff --git a/src/messenger/webim/libs/operator.php b/src/messenger/webim/libs/operator.php index de73989f..d0138088 100644 --- a/src/messenger/webim/libs/operator.php +++ b/src/messenger/webim/libs/operator.php @@ -15,13 +15,15 @@ $can_administrate = 0; $can_takeover = 1; $can_viewthreads = 2; +$can_modifyprofile = 3; -$can_count = 3; +$can_count = 4; $permission_ids = array( $can_administrate => "admin", $can_takeover => "takeover", - $can_viewthreads => "viewthreads" + $can_viewthreads => "viewthreads", + $can_modifyprofile => "modifyprofile" ); function operator_by_login($login) { diff --git a/src/messenger/webim/locales/en/properties b/src/messenger/webim/locales/en/properties index a0bae686..dae6367c 100644 --- a/src/messenger/webim/locales/en/properties +++ b/src/messenger/webim/locales/en/properties @@ -332,6 +332,7 @@ pending.table.head.waittime=Waiting time pending.table.speak=Click to chat with the visitor pending.table.view=Watch the chat permission.admin=System administration: settings, operators management, button generation +permission.modifyprofile=Ability to modify profile permission.takeover=Take over chat thread permission.viewthreads=View another operator's chat thread permissions.intro=Change restrictions and available features for this operator. diff --git a/src/messenger/webim/operator/avatar.php b/src/messenger/webim/operator/avatar.php index e593a7a9..f92ddaf3 100644 --- a/src/messenger/webim/operator/avatar.php +++ b/src/messenger/webim/operator/avatar.php @@ -22,6 +22,9 @@ $opId = verifyparam( "op","/^\d{1,9}$/"); $page = array('opid' => $opId, 'avatar' => ''); $errors = array(); +$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) + || is_capable($can_administrate, $operator); + $op = operator_by_id($opId); if( !$op ) { @@ -30,7 +33,7 @@ if( !$op ) { } else if( isset($_POST['op']) ) { $avatar = $op['vcavatar']; - if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { + if(!$canmodify) { $errors[] = getlocal('page_agent.cannot_modify'); } else if( isset($_FILES['avatarFile']) && $_FILES['avatarFile']['name']) { @@ -77,7 +80,7 @@ if( !$op ) { } } else { - if (isset($_GET['delete']) && $_GET['delete'] == "true") { + if (isset($_GET['delete']) && $_GET['delete'] == "true" && $canmodify) { update_operator_avatar($op['operatorid'],''); header("Location: $webimroot/operator/avatar.php?op=$opId"); exit; @@ -86,6 +89,7 @@ if( !$op ) { } $page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-"; +$page['canmodify'] = $canmodify ? "1" : ""; prepare_menu($operator); setup_operator_settings_tabs($opId,1); diff --git a/src/messenger/webim/operator/operator.php b/src/messenger/webim/operator/operator.php index 7cb6134e..35f6cc27 100644 --- a/src/messenger/webim/operator/operator.php +++ b/src/messenger/webim/operator/operator.php @@ -53,11 +53,12 @@ if( isset($_POST['login']) && isset($_POST['password']) ) { ( $opId && $existing_operator && $opId != $existing_operator['operatorid']) ) $errors[] = getlocal("page_agent.error.duplicate_login"); - - if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { + $canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) + || is_capable($can_administrate, $operator); + if(!$canmodify) { $errors[] = getlocal('page_agent.cannot_modify'); } - + if( count($errors) == 0 ) { if (!$opId) { $newop = create_operator($login,$password,$localname,$commonname,""); @@ -90,7 +91,16 @@ if( isset($_POST['login']) && isset($_POST['password']) ) { } } +if(!$opId && !is_capable($can_administrate, $operator)) { + $errors[] = "You are not allowed to create operators"; +} + +$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) + || is_capable($can_administrate, $operator); + $page['stored'] = isset($_GET['stored']); +$page['canmodify'] = $canmodify ? "1" : ""; + prepare_menu($operator); setup_operator_settings_tabs($opId,0); start_html_output(); diff --git a/src/messenger/webim/operator/opgroups.php b/src/messenger/webim/operator/opgroups.php index 4119eeda..4f6f79a2 100644 --- a/src/messenger/webim/operator/opgroups.php +++ b/src/messenger/webim/operator/opgroups.php @@ -32,6 +32,9 @@ $page = array('opid' => $opId); $page['groups'] = get_groups(false); $errors = array(); +$canmodify = ($opId == $operator['operatorid'] && is_capable($can_modifyprofile, $operator)) + || is_capable($can_administrate, $operator); + $op = operator_by_id($opId); if( !$op ) { @@ -39,10 +42,10 @@ if( !$op ) { } else if( isset($_POST['op']) ) { - if($opId != $operator['operatorid'] && !is_capable($can_administrate, $operator)) { + if(!$canmodify) { $errors[] = getlocal('page_agent.cannot_modify'); } - + if(count($errors) == 0) { $new_groups = array(); foreach($page['groups'] as $group) { @@ -59,6 +62,7 @@ if( !$op ) { $page['formgroup'] = array(); $page['currentop'] = $op ? topage(get_operator_name($op))." (".$op['vclogin'].")" : "-not found-"; +$page['canmodify'] = $canmodify ? "1" : ""; if($op) { foreach(get_operator_groupids($opId) as $rel) { diff --git a/src/messenger/webim/view/agent.php b/src/messenger/webim/view/agent.php index d0b3b97b..61bb12bf 100644 --- a/src/messenger/webim/view/agent.php +++ b/src/messenger/webim/view/agent.php @@ -19,7 +19,7 @@ $page['menuid'] = $page['opid'] == $page['currentopid'] ? "profile" : "operators function tpl_content() { global $page, $webimroot, $errors; ?> - + @@ -34,6 +34,7 @@ require_once('inc_errors.php');
+
@@ -52,7 +53,7 @@ require_once('inc_errors.php');
*
- + />

@@ -61,7 +62,7 @@ require_once('inc_errors.php');
*
- + />

@@ -70,7 +71,7 @@ require_once('inc_errors.php');
*
- + />

@@ -79,7 +80,7 @@ require_once('inc_errors.php');
*
- + />

@@ -88,16 +89,17 @@ require_once('inc_errors.php');
*
- + />

- + +
- +
@@ -108,7 +110,7 @@ require_once('inc_errors.php');
- +
cannot load avatar
+ &delete=true'> +

+ +
+
+ No avatar +
+
+
*
@@ -72,6 +81,7 @@ require_once('inc_errors.php');
+
diff --git a/src/messenger/webim/view/operator_groups.php b/src/messenger/webim/view/operator_groups.php index d9727027..bea429f6 100644 --- a/src/messenger/webim/view/operator_groups.php +++ b/src/messenger/webim/view/operator_groups.php @@ -50,17 +50,18 @@ require_once('inc_errors.php');
- /> + />

+
- +