Merge pull request #148 from azul/feature/api-quota-support

Feature/api quota support + current_user null pattern
author: azul <azul@riseup.net> 2014-04-25 12:15:37 +0200
committer: azul <azul@riseup.net> 2014-04-25 12:15:37 +0200
commit: 76ad25ba0ee344f185f8e8cdfe066685cd3b0447 (patch)
tree: d8122b5b5144c917f5e1924c1428a3a871e94149 /engines/support/app
parent: 2b6200f508ddb8e1c8a76fd3778881c39d787d8d (diff)
parent: be81b7430e0a2046125be7c3a4b01b8725f4afe6 (diff)
3 files changed, 28 insertions, 26 deletions
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 4be3493..650f628 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -5,7 +5,8 @@ class TicketsController < ApplicationController
   #has_scope :open, :type => boolean
 
   before_filter :require_login, :only => [:index]
-  before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
+  before_filter :fetch_ticket, :only => [:show, :update, :destroy]
+  before_filter :require_ticket_access, :only => [:show, :update, :destroy]
   before_filter :fetch_user
   before_filter :set_title
 
@@ -17,11 +18,11 @@ class TicketsController < ApplicationController
   def create
     @ticket = Ticket.new(params[:ticket])
 
-    @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    #protecting posted_by isn't working, so this should protect it:
+    @ticket.comments.last.posted_by = current_user.id
     @ticket.comments.last.private = false unless admin?
-    @ticket.created_by = current_user.id if logged_in?
-    @ticket.email = current_user.email_address if logged_in? and current_user.email_address
-
+    @ticket.created_by = current_user.id
+    @ticket.email = current_user.email_address if current_user.email_address
     if @ticket.save
       flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
 
@@ -58,7 +59,7 @@ class TicketsController < ApplicationController
       end
 
       if @ticket.comments_changed?
-        @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+        @ticket.comments.last.posted_by = current_user.id
         @ticket.comments.last.private = false unless admin?
       end
 
@@ -120,19 +121,28 @@ class TicketsController < ApplicationController
     return ticket
   end
 
-  def ticket_access?
-    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
-  end
-
   def fetch_ticket
     @ticket = Ticket.find(params[:id])
-    if !@ticket and admin?
-      redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
-      return
+    if !@ticket
+      if admin?
+        redirect_to auto_tickets_path,
+          alert: t(:no_such_thing, thing: 'ticket')
+      else
+        access_denied
+      end
     end
+  end
+
+  def require_ticket_access
     access_denied unless ticket_access?
   end
 
+  def ticket_access?
+    admin? or
+      @ticket.created_by.blank? or
+      current_user.id == @ticket.created_by
+  end
+
   def fetch_user
     if params[:user_id]
       @user = User.find(params[:user_id])
diff --git a/engines/support/app/views/tickets/new.html.haml b/engines/support/app/views/tickets/new.html.haml
index ba86ac3..65ed67b 100644
--- a/engines/support/app/views/tickets/new.html.haml
+++ b/engines/support/app/views/tickets/new.html.haml
@@ -2,22 +2,14 @@
 
 = render 'tickets/tabs'
 
-- if admin? && @user
-  - email = @user.email_address
-  - regarding = @user.login
-- elsif logged_in?
-  - email = current_user.email_address
-  - regarding = current_user.login
+- user = @user if admin?
+- user ||= current_user
 
 = simple_form_for @ticket, :validate => true, :html => {:class => 'form-horizontal'} do |f|
   = hidden_ticket_fields
   = f.input :subject
-  - if logged_in?
-    = f.input :email, input_html: {value: email}
-    = f.input :regarding_user, input_html: {value: regarding}
-  - else
-    = f.input :email
-    = f.input :regarding_user
+  = f.input :email, input_html: {value: user.email_address}
+  = f.input :regarding_user, input_html: {value: user.login}
   = f.simple_fields_for :comments, @comment do |c|
     = c.input :body, :label => t(:description), :as => :text, :input_html => {:class => "full-width", :rows=> 5}
     - if admin?
diff --git a/engines/support/app/views/tickets/show.html.haml b/engines/support/app/views/tickets/show.html.haml
index bbca4bf..4f3c127 100644
--- a/engines/support/app/views/tickets/show.html.haml
+++ b/engines/support/app/views/tickets/show.html.haml
@@ -7,6 +7,6 @@
       = render :partial => 'tickets/comment', :collection => @ticket.comments
       %tr
         %td.user
-          = logged_in? ? current_user.login : t(:anonymous)
+          = current_user.login || t(:anonymous)
         %td.comment
           = render 'tickets/new_comment_form'
author	azul <azul@riseup.net>	2014-04-25 12:15:37 +0200
committer	azul <azul@riseup.net>	2014-04-25 12:15:37 +0200
commit	76ad25ba0ee344f185f8e8cdfe066685cd3b0447 (patch)
tree	d8122b5b5144c917f5e1924c1428a3a871e94149 /engines/support/app
parent	2b6200f508ddb8e1c8a76fd3778881c39d787d8d (diff)
parent	be81b7430e0a2046125be7c3a4b01b8725f4afe6 (diff)