summaryrefslogtreecommitdiff
path: root/help/app
diff options
context:
space:
mode:
authorjessib <jessib@riseup.net>2012-11-05 13:18:43 -0800
committerjessib <jessib@riseup.net>2012-11-05 13:18:43 -0800
commitc7177593aaf2b1b8fd8dbd53b9cfb6562e1411d7 (patch)
tree476e067b49bc740890e44e5abbf42408ee41d6d2 /help/app
parent3515a598341282c20feb5950a81f43552280688d (diff)
Use the same URL for viewing tickets when authenticated or not---the couchdb ID will be the random string for the secret URL.
Tickets created when user was unauthenticated will be viewable by anybody who knows the URL.
Diffstat (limited to 'help/app')
-rw-r--r--help/app/controllers/tickets_controller.rb7
-rw-r--r--help/app/models/ticket.rb8
-rw-r--r--help/app/views/tickets/show.html.haml7
3 files changed, 11 insertions, 11 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4130ee6..a9e0bd4 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -41,7 +41,7 @@ class TicketsController < ApplicationController
def update
@ticket = Ticket.find(params[:id])
- if !ticket_access_denied?
+ if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated
#below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
@ticket.is_open = params[:ticket][:is_open]
@@ -93,9 +93,10 @@ class TicketsController < ApplicationController
private
+
def ticket_access_denied?
- # TODO---we will allow unauthenticated users to view tickets with a code
- if !admin? and current_user.id != @ticket.created_by
+ # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
+ if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
@ticket = nil
access_denied
end
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index 6301e9e..eaad574 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -23,14 +23,14 @@ class Ticket < CouchRest::Model::Base
#property :user_verified, TrueClass, :default => false #will be true exactly when user is set
#admins
- property :code, String, :protected => true # only should be set if created_by is nil
+ #property :code, String, :protected => true # only should be set if created_by is nil #instead we will just use couchdb ID
property :is_open, TrueClass, :default => true
property :comments, [TicketComment]
timestamps!
#before_validation :set_created_by, :set_code, :set_email, :on => :create
- before_validation :set_code, :set_email, :on => :create
+ before_validation :set_email, :on => :create
#named_scope :open, :conditions => {:is_open => true} #??
@@ -59,10 +59,12 @@ class Ticket < CouchRest::Model::Base
!!created_by
end
- def set_code
+=begin
+ def set_code #let's not use this---can use same show url
# ruby 1.9 provides url-safe option---this is not necessarily url-safe
self.code = SecureRandom.hex(8) if !is_creator_validated?
end
+=end
def set_email
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index 3fb1d34..92b8d03 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -5,9 +5,6 @@
- if flash[:alert]
=flash[:alert]
%h2= @ticket.title
-- if @ticket.code
- code:
- = @ticket.code
- if @ticket.email
email:
= @ticket.email
@@ -24,6 +21,6 @@
= #render :partial => 'new_comment'
= f.label :is_open
= f.select :is_open, [true, false]
- = f.button :submit # have button to close
- = # want to ahve button to close
+ = f.button :submit
+ = # TODO want to have button to close
= link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file