LotusGuild/tinker_tickets
4
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Fix 500 error for non-admin users on dashboard

Browse Source 
StatsModel queries used `FROM tickets WHERE` with no table alias, but
getVisibilityFilter() returns SQL referencing `t.visibility`. Admins
were unaffected because they get `1=1` with no column references.
Added `t` alias to all three tickets queries that use $visSQL.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Jared Vititoe
2026-03-28 22:42:39 -04:00
parent d33f761a55
commit f0abadfc57
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
models/StatsModel.php
+4 -4
View File
@@ -228,7 +228,7 @@ class StatsModel {
SUM(CASE WHEN priority = 1 AND status != 'Closed' THEN 1 ELSE 0 END) as critical, SUM(CASE WHEN priority = 1 AND status != 'Closed' THEN 1 ELSE 0 END) as critical,
AVG(CASE WHEN status = 'Closed' AND closed_at > created_at AVG(CASE WHEN status = 'Closed' AND closed_at > created_at
THEN TIMESTAMPDIFF(HOUR, created_at, closed_at) ELSE NULL END) as avg_resolution THEN TIMESTAMPDIFF(HOUR, created_at, closed_at) ELSE NULL END) as avg_resolution
FROM tickets WHERE ($visSQL)"; FROM tickets t WHERE ($visSQL)";
if (!empty($visParams)) { if (!empty($visParams)) {
$stmt = $this->conn->prepare($countsSql); $stmt = $this->conn->prepare($countsSql);
@@ -244,13 +244,13 @@ class StatsModel {
// Query 2: Get priority, status, and category breakdowns in one query // Query 2: Get priority, status, and category breakdowns in one query
$breakdownSql = "SELECT $breakdownSql = "SELECT
'priority' as type, CONCAT('P', priority) as label, COUNT(*) as count 'priority' as type, CONCAT('P', priority) as label, COUNT(*) as count
FROM tickets WHERE status != 'Closed' AND ($visSQL) GROUP BY priority FROM tickets t WHERE status != 'Closed' AND ($visSQL) GROUP BY priority
UNION ALL UNION ALL
SELECT 'status' as type, status as label, COUNT(*) as count SELECT 'status' as type, status as label, COUNT(*) as count
FROM tickets WHERE ($visSQL) GROUP BY status FROM tickets t WHERE ($visSQL) GROUP BY status
UNION ALL UNION ALL
SELECT 'category' as type, category as label, COUNT(*) as count SELECT 'category' as type, category as label, COUNT(*) as count
FROM tickets WHERE status != 'Closed' AND ($visSQL) GROUP BY category"; FROM tickets t WHERE status != 'Closed' AND ($visSQL) GROUP BY category";
if (!empty($visParams)) { if (!empty($visParams)) {
// Need to bind params 3 times (once per UNION branch) // Need to bind params 3 times (once per UNION branch)