aces · CamilleBeau · Apr 16, 2025 · Apr 16, 2025 · Apr 16, 2025 · May 13, 2025
diff --git a/modules/issue_tracker/php/edit.class.inc b/modules/issue_tracker/php/edit.class.inc
@@ -142,36 +142,6 @@ class Edit extends \NDB_Page implements ETagCalculator
             }
         }
 
-        // can't set to closed if no any of the persmissions.
-        $reporter         = $db->pselectOne(
-            "SELECT reporter FROM issues WHERE IssueID=:issueID",
-            ['issueID' => $values['issueID']]
-        );
-        $hasPartialAccess = $user->hasAnyPermission(
-            [
-                'issue_tracker_close_site_issue',
-                'issue_tracker_close_all_issue',
-            ]
-        ) || $reporter == $user->getUsername();
-        if ($hasPartialAccess) {
-            $statuses = [
-                'new'          => 'New',
-                'acknowledged' => 'Acknowledged',
-                'assigned'     => 'Assigned',
-                'feedback'     => 'Feedback',
-                'resolved'     => 'Resolved',
-                'closed'       => 'Closed',
-            ];
-        } else {
-            $statuses = [
-                'new'          => 'New',
-                'acknowledged' => 'Acknowledged',
-                'assigned'     => 'Assigned',
-                'feedback'     => 'Feedback',
-                'resolved'     => 'Resolved',
-            ];
-        }
-
         $priorities = [
             'low'       => 'Low',
             'normal'    => 'Normal',
@@ -201,14 +171,20 @@ class Edit extends \NDB_Page implements ETagCalculator
 
         $instruments = \NDB_BVL_Instrument::getInstrumentNamesList($this->loris);
 
-        // Now get issue values
-        $issueData = $this->getIssueData(null, $user);
+        $issueData  = $this->getIssueData(null, $user);
+        $isOwnIssue = $issueData['reporter']
+            == $this->formatUserInformation($user->getUsername());
+
         if (!empty($values['issueID'])
             && $values['issueID'] != "new"
         ) { // if an existing issue
             $issueID   = intval($values['issueID']);
             $issueData = $this->getIssueData($issueID, $user);
 
+            // Re-set isOwnIssue variable if not a new issue
+            $isOwnIssue = $issueData['reporter']
+                == $this->formatUserInformation($user->getUsername());
+
             $provisioner = (new AttachmentProvisioner($issueID));
             $attachments = (new \LORIS\Data\Table())
                 ->withDataFrom($provisioner)
@@ -271,10 +247,28 @@ class Edit extends \NDB_Page implements ETagCalculator
             // React is escaping the string in the template
             // This fixes an issue with multiple escaping (#6643)
         }
-        $issueData['comment'] = null;
 
-        $isOwnIssue = $issueData['reporter']
-            == $this->formatUserInformation($user->getUsername());
+        $statuses = [
+            'new'          => 'New',
+            'acknowledged' => 'Acknowledged',
+            'assigned'     => 'Assigned',
+            'feedback'     => 'Feedback',
+            'resolved'     => 'Resolved',
+        ];
+
+        // Give "close" option if user has site close permissions and the issue
+        // is at a user site, or if the user has close permissions for all sites,
+        // or it is the user's own permission
+        if ($user->hasPermission('issue_tracker_close_all_issue')
+            || ($user->hasPermission('issue_tracker_close_site_issue')
+            && in_array($issueData['centerID'], $user->getCenterIDs()))
+            || ($user->hasPermission('issue_tracker_own_issue')
+            && $isOwnIssue)
+        ) {
+            $statuses['closed'] = 'Closed';
+        }
+
+        $issueData['comment'] = null;
 
         $result = [
             'assignees'         => $assignees,

diff --git a/modules/issue_tracker/php/issue_tracker.class.inc b/modules/issue_tracker/php/issue_tracker.class.inc
@@ -105,7 +105,7 @@ class Issue_Tracker extends \NDB_Menu_Filter_Form
         $user    = $factory->user();
         $db      = $factory->database();
 
-        $hasPartialAcess = !$user->hasAnyPermission(
+        $hasPartialAccess = !$user->hasAnyPermission(
             [
                 'issue_tracker_all_issue',
                 'issue_tracker_site_issue',
@@ -130,7 +130,7 @@ class Issue_Tracker extends \NDB_Menu_Filter_Form
                ON(i.reporter=u.UserID)",
             []
         );
-        if ($hasPartialAcess) {
+        if ($hasPartialAccess) {
             $reporter_expanded = $db->pselect(
                 "SELECT DISTINCT u.UserID,
                         u.Real_name