Open Script Solution

This article will show you how to modify your osTicket System in order to give the ability for the certain staff to add new staff record based on his/her department. As we know, only staff which has Admin account type can do this, since there are only two account type in osTicket up to v1.6 RC5; they are: Staff and Admin. If you set the certain staff’s account type which has Managers user-group become Admin account type (in order to give him/her the ability to add his/her new staff from Admin Panel), then they will be able to access all features that located on Admin Panel. So, instead of to give full access for that Manager, then we should create the new permission in user group basis, afterwards, we assign Yes to the Managers user group, so they will be able to add their own new staff without having to access Admin Panel. There will be a new tab in Staff Panel named My Staff. This new tab will have two new sub-tabs, they are: My Staff Members and Add My New Staff in order to make it different with the Staff tab at Admin Panel.

1. First of all, you have to alter your ost_groups table by using this following SQL query. Please note that ost_ is the table prefix name. If it differs with yours, then adjust it by yourself.

   ALTER TABLE ost_groups 
   ADD COLUMN `can_manage_staff` tinyint(1) default 0 NOT NULL;

2. Download this file: my_dept_staff.zip. Extract it, there are two files inside, afterwards, put those two files to your \include\staff\ sub directory of your osTicket.
3. Open your \include\staff\group.inc.php file, and find this code:

   99 100

   </tr> </table>

   then replace with this following code:

   99 100 101 102 103 104 105 106 107

   </tr> <tr><th>Can Manage Staff</th> <!-- added by Masino Sinaga, December 8, 2009 --> <td> <input type="radio" name="can_manage_staff" value="1" <?=$info['can_manage_staff']?'checked':''?> />Yes <input type="radio" name="can_manage_staff" value="0" <?=!$info['can_manage_staff']?'checked':''?> />No &nbsp;&nbsp;<i>Ability to add/update/disable/delete staff of your current department.</i> </td> </tr> </table>

4. Open your \include\class.staff.php file, and find this code:

   227 228 229

   function canManageKb() { //kb = knowledge base. return ($this->isadmin() || $this->udata['can_manage_kb'])?true:false; }

   after the last line of that code, please insert this following code:

   230 231 232

   function canManageStaff() { // added by Masino Sinaga, December 8, 2009 return ($this->isadmin() || $this->udata['can_manage_staff'])?true:false; }

5. Open your \include\class.nav.php file, and find this code:

   39 40

   $tabs['kbase']=array('desc'=>'Knowledge Base','href'=>'kb.php','title'=>'Knowledge Base: Premade'); }

   after the last line of that code, please insert this following code:

   41 42 43

   if($thisuser && $thisuser->canManageStaff()){ $tabs['staffdept']=array('desc'=>'My Staff','href'=>'mystaff.php','title'=>'Staff'); }

6. Open your \include\class.group.php file, and find this code:

   59	', can_manage_kb='.db_input($vars['can_manage_kb']);

   then replace it with this following code:

   59 60

   ', can_manage_kb='.db_input($vars['can_manage_kb']). ', can_manage_staff='.db_input($vars['can_manage_staff']); // added by Masino Sinaga, December 8, 2009

7. Create a new php file named mystaff.php, then put this file to your \scp\ sub directory after you copy, paste, and save this following code:

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

   <?php /********************************************************************* mystaff.php   Staff Base handle Based on the kb.php file Original code by: Peter Rotich <peter@osticket.com> Modified code by: Masino Sinaga, http://www.openscriptsolution.com Copyright (c) 2006,2007,2008,2009 osTicket http://www.osticket.com   Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details.   vim: expandtab sw=4 ts=4 sts=4: $Id: $ **********************************************************************/   require('staff.inc.php'); if(!$thisuser->isadmin() && !$thisuser->canManageStaff()) die('Staff Access Page Denied'); // modified by Masino Sinaga, Dec 8, 2009) die('Access denied');   $page=''; if(!$page && $_REQUEST['a']=='add' && !$replyID) $page='staffdept.inc.php';   $inc=$page?$page:'staffdeptmembers.inc.php';   $nav->setTabActive('staffdept'); $nav->addSubMenu(array('desc'=>'My Staff Members','href'=>'mystaff.php','iconclass'=>'users')); $nav->addSubMenu(array('desc'=>'Add My New Staff','href'=>'mystaff.php?a=add','iconclass'=>'newuser')); require_once(STAFFINC_DIR.'header.inc.php'); require_once(STAFFINC_DIR.$inc); require_once(STAFFINC_DIR.'footer.inc.php');   ?>

8. Open your \scp\admin.php file, and find this code:

   19	if(!$thisuser or !$thisuser->isadmin()){

   then replace with this following code:

   if(!$thisuser and !$thisuser->isadmin() and !$thisuser->canManageStaff()){ // modified by Masino Sinaga, December 8, 2009

   Find again this code:

   452 453

   case 'dept': include_once(INCLUDE_DIR.'class.dept.php');

   before the first line of that code, please insert this following code:

   451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508

   case 'staffdept': // added by Masino Sinaga, MOD Create My Staff Under My Dept (for Managers), added by Masino Sinaga, December 8, 2009 include_once(INCLUDE_DIR.'class.staff.php'); $do=strtolower($_POST['do']); switch($do){ case 'update': $staff = new Staff($_POST['staff_id']); if($staff && $staff->getId()) { if($staff->update($_POST,$errors)) $msg='Staff profile updated successfully'; elseif(!$errors['err']) $errors['err']='Error updating the user'; }else{ $errors['err']='Internal error'; } break; case 'create': if(($uID=Staff::create($_POST,$errors))) $msg=Format::htmlchars($_POST['firstname'].' '.$_POST['lastname']).' added successfully'; elseif(!$errors['err']) $errors['err']='Unable to add the user. Internal error'; break; case 'mass_process': //ok..at this point..look WMA. if($_POST['uids'] && is_array($_POST['uids'])) { $ids=implode(',',$_POST['uids']); $selected=count($_POST['uids']); if(isset($_POST['enable'])) { $sql='UPDATE '.STAFF_TABLE.' SET isactive=1,updated=NOW() WHERE isactive=0 AND staff_id IN('.$ids.')'; db_query($sql); $msg=db_affected_rows()." of $selected selected users enabled";   }elseif(in_array($thisuser->getId(),$_POST['uids'])) { //sucker...watch what you are doing...why don't you just DROP the DB? $errors['err']='You can not lock or delete yourself!'; }elseif(isset($_POST['disable'])) { $sql='UPDATE '.STAFF_TABLE.' SET isactive=0, updated=NOW() '. ' WHERE isactive=1 AND staff_id IN('.$ids.') AND staff_id!='.$thisuser->getId(); db_query($sql); $msg=db_affected_rows()." of $selected selected users locked"; //Release tickets assigned to the user?? NO? could be a temp thing // May be auto-release if not logged in for X days? }elseif(isset($_POST['delete'])) { db_query('DELETE FROM '.STAFF_TABLE.' WHERE staff_id IN('.$ids.') AND staff_id!='.$thisuser->getId()); $msg=db_affected_rows()." of $selected selected users deleted"; //Demote the user db_query('UPDATE '.DEPT_TABLE.' SET manager_id=0 WHERE manager_id IN('.$ids.') '); db_query('UPDATE '.TICKET_TABLE.' SET staff_id=0 WHERE staff_id IN('.$ids.') '); }else{ $errors['err']='Uknown command!'; } }else{ $errors['err']='No users selected.'; } break; default: $errors['err']='Uknown command!'; } break;

   Find again this code:

   738 739

   //Departments case 'dept': //lazy

   before the first line of that code, please insert this following code:

   737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759

   case 'staffdept': // added by Masino Sinaga, MOD Create Staff Under My Dept (for Managers), added by Masino Sinaga, December 8, 2009 $group=null; //Tab and Nav options. $nav->setTabActive('staffdept'); $nav->addSubMenu(array('desc'=>'My Staff Members','href'=>'admin.php?t=staffdept','iconclass'=>'users')); $nav->addSubMenu(array('desc'=>'Add My New Staff','href'=>'admin.php?t=staffdept&a=new','iconclass'=>'newuser')); $page=''; switch($thistab){ case 'staffdept': $page='staffdeptmembers.inc.php'; if(($id=$_REQUEST['id']?$_REQUEST['id']:$_POST['staff_id']) && is_numeric($id)) { $staff = new Staff($id); if(!$staff || !is_object($staff) || $staff->getId()!=$id) { $staff=null; $errors['err']='Unable to fetch info on rep ID#'.$id; } } $page=($staff or ($_REQUEST['a']=='new' && !$uID))?'staffdept.inc.php':'staffdeptmembers.inc.php'; break; default: $page='staffdeptmembers.inc.php'; } break;

After you applied all of the modification code, go to your Admin Panel -> Staff -> User Groups, then click on the Managers item, then choose Yes at the Can Manage Staff directive, and click on the Submit button to save the changes.

Then create a new staff, assign that staff with Managers user group, and make sure you choose Staff as the account type, afterwards, login by using that staff account, so now you should see a new tab in Staff Panel named My Staff. You can test it by adding some new staff records, and now you can see that there is only one department option (based on the current logged-in staff’s department) at the Department directive, and there is only one option for the User Group directive; it is Staff.

The conclusion for this MOD is: this My Staff tab is very useful if you want to give the ability for the certain staff which has the Staff account type to create a new staff without having to access the Panel Admin (of course, since that account type of that staff is not admin).