Merge pull request #66 from jessib/feature/comment_creation_access

Per ISEC informational issue, manually set the private property only in ...
author: azul <azul@riseup.net> 2013-08-15 00:03:00 -0700
committer: azul <azul@riseup.net> 2013-08-15 00:03:00 -0700
commit: be944809f6708be55a1111085b1483af3c646b14 (patch)
tree: e61ef82604a5ab404339fc6dbf3ba53bf0478d2a /help/app/controllers/tickets_controller.rb
parent: bca39b8f0d44dc31f77a3bfc8a94d452b4c77670 (diff)
parent: 53cd653ade859ec240d14981c4e9f85cc62cd6fd (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 094612c..a03ef22 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -18,6 +18,7 @@ class TicketsController < ApplicationController
     @ticket = Ticket.new(params[:ticket])
 
     @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    @ticket.comments.last.private = false unless admin?
     @ticket.created_by = current_user.id if logged_in?
     @ticket.email = current_user.email_address if logged_in? and current_user.email_address
 
@@ -58,6 +59,7 @@ class TicketsController < ApplicationController
 
       if @ticket.comments_changed?
         @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+        @ticket.comments.last.private = false unless admin?
       end
 
       if @ticket.changed?
author	azul <azul@riseup.net>	2013-08-15 00:03:00 -0700
committer	azul <azul@riseup.net>	2013-08-15 00:03:00 -0700
commit	be944809f6708be55a1111085b1483af3c646b14 (patch)
tree	e61ef82604a5ab404339fc6dbf3ba53bf0478d2a /help/app/controllers/tickets_controller.rb
parent	bca39b8f0d44dc31f77a3bfc8a94d452b4c77670 (diff)
parent	53cd653ade859ec240d14981c4e9f85cc62cd6fd (diff)