diff options
author | jessib <jessib@riseup.net> | 2012-11-05 13:18:43 -0800 |
---|---|---|
committer | jessib <jessib@riseup.net> | 2012-11-05 13:18:43 -0800 |
commit | c7177593aaf2b1b8fd8dbd53b9cfb6562e1411d7 (patch) | |
tree | 476e067b49bc740890e44e5abbf42408ee41d6d2 /help/app | |
parent | 3515a598341282c20feb5950a81f43552280688d (diff) |
Use the same URL for viewing tickets when authenticated or not---the couchdb ID will be the random string for the secret URL.
Tickets created when user was unauthenticated will be viewable by anybody who knows the URL.
Diffstat (limited to 'help/app')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 7 | ||||
-rw-r--r-- | help/app/models/ticket.rb | 8 | ||||
-rw-r--r-- | help/app/views/tickets/show.html.haml | 7 |
3 files changed, 11 insertions, 11 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 4130ee6..a9e0bd4 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -41,7 +41,7 @@ class TicketsController < ApplicationController def update @ticket = Ticket.find(params[:id]) - if !ticket_access_denied? + if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone. @ticket.is_open = params[:ticket][:is_open] @@ -93,9 +93,10 @@ class TicketsController < ApplicationController private + def ticket_access_denied? - # TODO---we will allow unauthenticated users to view tickets with a code - if !admin? and current_user.id != @ticket.created_by + # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket + if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by) @ticket = nil access_denied end diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb index 6301e9e..eaad574 100644 --- a/help/app/models/ticket.rb +++ b/help/app/models/ticket.rb @@ -23,14 +23,14 @@ class Ticket < CouchRest::Model::Base #property :user_verified, TrueClass, :default => false #will be true exactly when user is set #admins - property :code, String, :protected => true # only should be set if created_by is nil + #property :code, String, :protected => true # only should be set if created_by is nil #instead we will just use couchdb ID property :is_open, TrueClass, :default => true property :comments, [TicketComment] timestamps! #before_validation :set_created_by, :set_code, :set_email, :on => :create - before_validation :set_code, :set_email, :on => :create + before_validation :set_email, :on => :create #named_scope :open, :conditions => {:is_open => true} #?? @@ -59,10 +59,12 @@ class Ticket < CouchRest::Model::Base !!created_by end - def set_code +=begin + def set_code #let's not use this---can use same show url # ruby 1.9 provides url-safe option---this is not necessarily url-safe self.code = SecureRandom.hex(8) if !is_creator_validated? end +=end def set_email diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml index 3fb1d34..92b8d03 100644 --- a/help/app/views/tickets/show.html.haml +++ b/help/app/views/tickets/show.html.haml @@ -5,9 +5,6 @@ - if flash[:alert] =flash[:alert] %h2= @ticket.title -- if @ticket.code - code: - = @ticket.code - if @ticket.email email: = @ticket.email @@ -24,6 +21,6 @@ = #render :partial => 'new_comment' = f.label :is_open = f.select :is_open, [true, false] - = f.button :submit # have button to close - = # want to ahve button to close + = f.button :submit + = # TODO want to have button to close = link_to t(:cancel), tickets_path, :class => :btn
\ No newline at end of file |