Fix comment avatar, activity log labels, and ticket update permissions
- add_comment.php: include user_id in response for avatar rendering - ticket.js: add buildCommentElement() helper that matches server-rendered comment structure (avatar, edit/delete buttons, textarea); use it in addComment() and submitReply() so new comments show the avatar immediately - AuditLogModel: logCommentCreate uses action_type='comment' not 'create' - TicketView: formatAction handles entity_type='comment' with action_type='create' for existing DB records; prevents "created this ticket" showing for comments - update_ticket.php: remove owner/assignee restriction so any authenticated team member can update ticket status and fields Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+2
-1
@@ -157,9 +157,10 @@ try {
|
||||
}, $mentionedUsers);
|
||||
}
|
||||
|
||||
// Add user display name to result for frontend
|
||||
// Add user info to result for frontend avatar rendering
|
||||
if ($result['success']) {
|
||||
$result['user_name'] = $currentUser['display_name'] ?? $currentUser['username'];
|
||||
$result['user_id'] = $userId;
|
||||
}
|
||||
|
||||
// Discard any unexpected output
|
||||
|
||||
+2
-10
@@ -93,16 +93,8 @@ try {
|
||||
];
|
||||
}
|
||||
|
||||
// Authorization: admins can edit any ticket; others only their own or assigned
|
||||
if (!$this->isAdmin
|
||||
&& (int)$currentTicket['created_by'] !== (int)$this->userId
|
||||
&& (int)$currentTicket['assigned_to'] !== (int)$this->userId
|
||||
) {
|
||||
return [
|
||||
'success' => false,
|
||||
'error' => 'Permission denied'
|
||||
];
|
||||
}
|
||||
// Any authenticated team member can update tickets.
|
||||
// Admin-only operations (delete, bulk actions) are enforced separately.
|
||||
|
||||
// Merge current data with updates, keeping existing values for missing fields
|
||||
$updateData = [
|
||||
|
||||
Reference in New Issue
Block a user