summaryrefslogtreecommitdiff
path: root/help/app/controllers
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2013-08-12 12:00:11 -0700
committerjessib <jessib@riseup.net>2013-08-12 12:00:11 -0700
commit83681dfe050ce2ae74d5d1ca451d495d48f029ba (patch)
treec5e053614999a3094e1bceef1e6e0cacb942d0d2 /help/app/controllers
parentbca39b8f0d44dc31f77a3bfc8a94d452b4c77670 (diff)
Per ISEC informational issue, manually set the private property only in cases where it is an admin who set it.
Diffstat (limited to 'help/app/controllers')
-rw-r--r--help/app/controllers/tickets_controller.rb2
1 files changed, 2 insertions, 0 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 094612c..b8d2c09 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -18,6 +18,7 @@ class TicketsController < ApplicationController
@ticket = Ticket.new(params[:ticket])
@ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ @ticket.comments.last.private = true if admin? and @ticket.comments.last.private
@ticket.created_by = current_user.id if logged_in?
@ticket.email = current_user.email_address if logged_in? and current_user.email_address
@@ -58,6 +59,7 @@ class TicketsController < ApplicationController
if @ticket.comments_changed?
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+ @ticket.comments.last.private = true if admin? and @ticket.comments.last.private
end
if @ticket.changed?