1# --
2# Copyright (C) 2001-2020 OTRS AG, https://otrs.com/
3# --
4# This software comes with ABSOLUTELY NO WARRANTY. For details, see
5# the enclosed file COPYING for license information (GPL). If you
6# did not receive this file, see https://www.gnu.org/licenses/gpl-3.0.txt.
7# --
8
9package Kernel::Modules::AgentTicketWatcher;
10
11use strict;
12use warnings;
13
14our $ObjectManagerDisabled = 1;
15
16use Kernel::System::VariableCheck qw(:all);
17use Kernel::Language qw(Translatable);
18
19sub new {
20    my ( $Type, %Param ) = @_;
21
22    # allocate new hash for object
23    my $Self = {%Param};
24    bless( $Self, $Type );
25
26    return $Self;
27}
28
29sub Run {
30    my ( $Self, %Param ) = @_;
31
32    # get needed objects
33    my $ConfigObject = $Kernel::OM->Get('Kernel::Config');
34    my $LayoutObject = $Kernel::OM->Get('Kernel::Output::HTML::Layout');
35
36    # ------------------------------------------------------------ #
37    # check if feature is active
38    # ------------------------------------------------------------ #
39    if ( !$ConfigObject->Get('Ticket::Watcher') ) {
40        return $LayoutObject->ErrorScreen(
41            Message => Translatable('Feature is not active'),
42        );
43    }
44
45    # ------------------------------------------------------------ #
46    # check access
47    # ------------------------------------------------------------ #
48    my @Groups;
49    if ( $ConfigObject->Get('Ticket::WatcherGroup') ) {
50        @Groups = @{ $ConfigObject->Get('Ticket::WatcherGroup') };
51    }
52
53    my $GroupObject = $Kernel::OM->Get('Kernel::System::Group');
54    my $Access      = 1;
55    if (@Groups) {
56        $Access = 0;
57        for my $Group (@Groups) {
58            my $HasPermission = $GroupObject->PermissionCheck(
59                UserID    => $Self->{UserID},
60                GroupName => $Group,
61                Type      => 'rw',
62            );
63            if ($HasPermission) {
64                $Access = 1;
65            }
66        }
67    }
68    if ( !$Access ) {
69        return $Self->{Layout}->NoPermission();
70    }
71
72    # get ACL restrictions
73    my %PossibleActions = ( 1 => $Self->{Action} );
74
75    # get ticket object
76    my $TicketObject = $Kernel::OM->Get('Kernel::System::Ticket');
77
78    my $ACL = $TicketObject->TicketAcl(
79        Data          => \%PossibleActions,
80        Action        => $Self->{Action},
81        TicketID      => $Self->{TicketID},
82        ReturnType    => 'Action',
83        ReturnSubType => '-',
84        UserID        => $Self->{UserID},
85    );
86    my %AclAction = $TicketObject->TicketAclActionData();
87
88    # check if ACL restrictions exist
89    if ( $ACL || IsHashRefWithData( \%AclAction ) ) {
90
91        my %AclActionLookup = reverse %AclAction;
92
93        # show error screen if ACL prohibits this action
94        if ( !$AclActionLookup{ $Self->{Action} } ) {
95            return $LayoutObject->NoPermission( WithHeader => 'yes' );
96        }
97    }
98
99    # ------------------------------------------------------------ #
100    # subscribe a ticket
101    # ------------------------------------------------------------ #
102    if ( $Self->{Subaction} eq 'Subscribe' ) {
103
104        # challenge token check for write action
105        $LayoutObject->ChallengeTokenCheck();
106
107        # Checks if the user has permissions to see the ticket.
108        #   This is needed because watching grants ro permissions (depending on configuration).
109        my $Access = $TicketObject->TicketPermission(
110            Type     => 'ro',
111            TicketID => $Self->{TicketID},
112            UserID   => $Self->{UserID},
113        );
114        if ( !$Access ) {
115            return $LayoutObject->NoPermission( WithHeader => 'yes' );
116        }
117
118        # set subscribe
119        my $Subscribe = $TicketObject->TicketWatchSubscribe(
120            TicketID    => $Self->{TicketID},
121            WatchUserID => $Self->{UserID},
122            UserID      => $Self->{UserID},
123        );
124
125        if ( !$Subscribe ) {
126            return $LayoutObject->ErrorScreen();
127        }
128
129        # redirect
130        return $LayoutObject->Redirect(
131            OP => "Action=AgentTicketZoom;TicketID=$Self->{TicketID}",
132        );
133    }
134
135    # ------------------------------------------------------------ #
136    # unsubscribe a ticket
137    # ------------------------------------------------------------ #
138    elsif ( $Self->{Subaction} eq 'Unsubscribe' ) {
139
140        # challenge token check for write action
141        $LayoutObject->ChallengeTokenCheck();
142
143        # We don't need a permission check here as we will remove
144        #   permissions by unsubscribing.
145        my $Unsubscribe = $TicketObject->TicketWatchUnsubscribe(
146            TicketID    => $Self->{TicketID},
147            WatchUserID => $Self->{UserID},
148            UserID      => $Self->{UserID},
149        );
150
151        if ( !$Unsubscribe ) {
152            return $LayoutObject->ErrorScreen();
153        }
154
155        # redirect
156        # checks if the user has permissions to see the ticket
157        my $Access = $TicketObject->TicketPermission(
158            Type     => 'ro',
159            TicketID => $Self->{TicketID},
160            UserID   => $Self->{UserID},
161        );
162        if ( !$Access ) {
163
164            # generate output
165            return $LayoutObject->Redirect(
166                OP => $Self->{LastScreenOverview} || 'Action=AgentDashboard',
167            );
168        }
169        return $LayoutObject->Redirect(
170            OP => "Action=AgentTicketZoom;TicketID=$Self->{TicketID}",
171        );
172    }
173
174    return $LayoutObject->ErrorScreen(
175        Message => Translatable('Invalid Subaction.'),
176    );
177}
178
1791;
180