Show staff names, but not citizen names

Only show people's names if the user is logged in, or if the person to display is a city staff
member.

Updates #363

crm/blocks/html/ticketHistory/info.inc

@@ -1,23 +1,48 @@
 <?php
 /**
- * @copyright 2011-2020 City of Bloomington, Indiana
+ * @copyright 2011-2021 City of Bloomington, Indiana
  * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
  * @param array  $this->history
  * @param Ticket $this->ticket          (optional)
  * @param bool   $this->disableComments (optional)
  */
+use Application\Models\Action;
 use Application\Models\Person;
 ?>
 <section class="history">
     <header>
         <h1><?= $this->_('history'); ?></h1>
     </header>
 	<?php
-        if (Person::isAllowed('people', 'view')) {
-            $this->_include('ticketHistory/partials/personalInfo.inc');
-        }
-        else {
-            $this->_include('ticketHistory/partials/genericInfo.inc');
+        $canViewPeople = Person::isAllowed('people', 'view');
+
+        foreach ($this->history as $event) {
+            $description = $event->getDescription($this->template);
+            echo "
+            <article class=\"historyItem\">
+                <header>
+                    <h1>{$event->getActionDate(DATETIME_FORMAT)} $description</h1>
+                </header>
+            ";
+
+            if (!$this->disableComments) {
+                $notes = self::escape($event->getNotes());
+                if ($notes) {
+                    echo "<p>$notes</p>";
+                }
+            }
+            switch ($event->getAction()->getName()) {
+                case Action::UPDATED:
+                    if ($event->getData()) { echo json_encode($event->getData()); }
+                break;
+            }
+
+            $notification = $event->getSentNotifications();
+            if ($notification) {
+                $this->notification = $notification;
+                $this->_include('ticketHistory/sentNotification.inc');
+            }
+            echo "</article>";
         }
 	?>
 </section>

crm/blocks/html/ticketHistory/sentNotification.inc

@@ -1,16 +1,19 @@
 <?php
 /**
- * @copyright 2016-2020 City of Bloomington, Indiana
+ * @copyright 2016-2021 City of Bloomington, Indiana
  * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
  * @param stdClass $this->notification
  */
 use Application\Models\Person;
 
-$people = [];
+$canView = Person::isAllowed('people', 'view');
+$people  = [];
 foreach ($this->notification->people as $id) {
     try {
         $person = new Person($id);
-        $people[] = self::escape($person->getFullname());
+        $people[] = ($person->getUsername() || $canView)
+            ? self::escape($person->getFullname())
+            : $this->_('anonymous');
     }
     catch (\Exception $e) { }
 }

crm/blocks/html/tickets/ticketInfo.inc

@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright 2011-2020 City of Bloomington, Indiana
+ * @copyright 2011-2021 City of Bloomington, Indiana
  * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
  * @param Ticket $this->ticket
  * @param bool   $this->disableButtons
@@ -32,21 +32,21 @@ $description = $contactMethod || $description
     : '';
 $description = $description ? "<p>$description</p>" : '';
 
-$fields = '';
-if (Person::isAllowed('people', 'view')) {
-    $person = $this->ticket->getReportedByPerson();
-    if ($person) {
-        $uri    = BASE_URI.'/people/view?person_id='.$person->getId();
-        $name   = "<a href=\"$uri\">{$person->getFullname()}</a>";
-        $fields.= "<dl><dt>{$this->_('reportedByPerson')}</dt><dd>$name</dd></dl>";
-    }
-    $person = $this->ticket->getAssignedPerson();
-    if ($person) {
-        $uri    = BASE_URI.'/people/view?person_id='.$person->getId();
-        $name   = "<a href=\"$uri\">{$person->getFullname()}</a>";
-        $fields.= "<dl><dt>{$this->_('assignedPerson_id')}</dt><dd>$name</dd></dl>";
-    }
+$fields  = '';
+$canView = Person::isAllowed('people', 'view');
+$person  = $this->ticket->getReportedByPerson();
+if ($person && ($person->getUsername() || $canView)) {
+    $uri    = BASE_URI.'/people/view?person_id='.$person->getId();
+    $name   = "<a href=\"$uri\">{$person->getFullname()}</a>";
+    $fields.= "<dl><dt>{$this->_('reportedByPerson')}</dt><dd>$name</dd></dl>";
 }
+$person = $this->ticket->getAssignedPerson();
+if ($person && ($person->getUsername() || $canView)) {
+    $uri    = BASE_URI.'/people/view?person_id='.$person->getId();
+    $name   = "<a href=\"$uri\">{$person->getFullname()}</a>";
+    $fields.= "<dl><dt>{$this->_('assignedPerson_id')}</dt><dd>$name</dd></dl>";
+}
+
 $cf = $this->ticket->getCategory_id() ? $this->ticket->getCategory()->getCustomFields() : null;
 if ($cf) {
     $data = $this->ticket->getCustomFields();

crm/src/Application/Models/Person.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright 2009-2020 City of Bloomington, Indiana
+ * @copyright 2009-2021 City of Bloomington, Indiana
  * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
  */
 namespace Application\Models;
@@ -9,6 +9,8 @@
 use Application\Database;
 use Application\Models\Email;
 
+use Blossom\Classes\Template;
+
 use Domain\Auth\ExternalIdentity;
 use PHPMailer\PHPMailer\PHPMailer;
 
@@ -387,6 +389,17 @@ public function getFullname()
 		}
 	}
 
+	/**
+	 * Returns the person name only if $person is city staff
+	 * or if the current user is permitted to view all personal info.
+	 */
+	public function anonymizeCitizenName(Template $t): string
+	{
+        return ($this->getUsername() || Person::isAllowed('people', 'view'))
+            ? $this->getFullname()
+            : $t->_('anonymous');
+	}
+
 	/**
 	 * @return string
 	 */

crm/src/Application/Models/TicketHistory.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright 2011-2016 City of Bloomington, Indiana
+ * @copyright 2011-2021 City of Bloomington, Indiana
  * @license http://www.gnu.org/licenses/agpl.txt GNU/AGPL, see LICENSE
  */
 namespace Application\Models;
@@ -151,10 +151,10 @@ public function handleUpdate($post)
 	 */
 	public function getDescription(Template $template)
 	{
-		$a = $this->getAction();
-		if ($a) {
+		$action = $this->getAction();
+		if ($action) {
 			return $this->renderVariables(
-				$this->getAction()->getDescription(),
+				$action->getDescription(),
 				$template
 			);
 		}
@@ -173,14 +173,13 @@ public function getDescription(Template $template)
 	 *
 	 * @param string   $message
 	 * @param Template $template  The template being used for output formatting
-	 * @param Person   $person    The person to whom the message will be displayed
 	 * @return string
 	 */
 	public function renderVariables($message, Template $template)
 	{
         $placeholders = [
-            'enteredByPerson'=> $this->getEnteredByPerson_id() ? $this->getEnteredByPerson()->getFullname() : $template->_('anonymous'),
-            'actionPerson'   => $this->getActionPerson_id()    ? $this->getActionPerson()   ->getFullname() : $template->_('anonymous'),
+            'enteredByPerson'=> $this->getEnteredByPerson_id() ? $this->getEnteredByPerson()->anonymizeCitizenName($template) : $template->_('anonymous'),
+            'actionPerson'   => $this->getActionPerson_id()    ? $this->getActionPerson   ()->anonymizeCitizenName($template) : $template->_('anonymous'),
             'ticket_id'      => $this->getTicket_id(),
             'enteredDate'    => $this->getEnteredDate(DATETIME_FORMAT),
             'actionDate'     => $this->getActionDate (DATETIME_FORMAT)