diff options
author | Azul <azul@leap.se> | 2012-11-27 12:15:14 +0100 |
---|---|---|
committer | Azul <azul@leap.se> | 2012-11-27 12:15:14 +0100 |
commit | 5bed0e431017c3be5cccca42a7a1509cc06e98ac (patch) | |
tree | daf0dbf67a2212bbb3f7c826a319756646359856 /help | |
parent | be479d2c55d502c6e4303700b68e0a619f646834 (diff) |
check for logged_in? in before filter - one less case to cover
Diffstat (limited to 'help')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 33 |
1 files changed, 16 insertions, 17 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 04cf1a9..3ce3a8a 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -5,6 +5,8 @@ class TicketsController < ApplicationController before_filter :set_strings + before_filter :authorize, :only => [:index] + def new @ticket = Ticket.new @ticket.comments.build @@ -16,7 +18,7 @@ class TicketsController < ApplicationController @ticket.created_by = current_user.id @ticket.email = current_user.email if current_user.email @ticket.comments.last.posted_by = current_user.id - else + else @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set. end flash[:notice] = 'Ticket was successfully created.' if @ticket.save @@ -45,7 +47,7 @@ class TicketsController < ApplicationController # @ticket.comments.build # build ticket comments? end - + def update @ticket = Ticket.find(params[:id]) @@ -53,12 +55,12 @@ class TicketsController < ApplicationController if status = params[:change_status] #close or open button was pressed @ticket.close if params[:change_status] == 'close' @ticket.reopen if params[:change_status] == 'open' - else + else params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed - @ticket.attributes = params[:ticket] #this will call comments_attributes= + @ticket.attributes = params[:ticket] #this will call comments_attributes= # @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection @ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection - + # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by: @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it. end @@ -90,11 +92,11 @@ class TicketsController < ApplicationController elsif params[:open_status] == 'closed' @tickets = Ticket.by_updated_at_and_is_closed # @tickets = Ticket.by_is_open.key(false) #returns CouchRest::Model::Designs::View - else + else # @tickets = Ticket.all #returns CouchRest::Model::Designs::View @tickets = Ticket.by_updated_at end - elsif logged_in? + else #TODO---if, when logged in, user accessed unauthenticated ticket, then seems okay to list it in their list of tickets. Thus, include all tickets that the user has posted to, not just those that they created. if params[:open_status] == 'open' @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]) @@ -103,18 +105,15 @@ class TicketsController < ApplicationController else @tickets = Ticket.by_created_by(:key => current_user.id) end - else - access_denied - return - end + end # todo. presumably quite inefficent. sorts by updated_at increasing. would also make it an array, so pagination wouldn't work # @tickets = @tickets.sort{|x,y| x.updated_at <=> y.updated_at} #below works if @tickets is a CouchRest::Model::Designs::View, but not if it is an Array - @tickets = @tickets.page(params[:page]).per(10) #TEST + @tickets = @tickets.page(params[:page]).per(10) #TEST - #respond_with(@tickets) + #respond_with(@tickets) end def destroy @@ -124,9 +123,9 @@ class TicketsController < ApplicationController end private - + def ticket_access? - @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) + @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) end def ticket_access_denied? @@ -137,11 +136,11 @@ class TicketsController < ApplicationController admin_tickets = [] tickets = Ticket.all tickets.each do |ticket| - ticket.comments.each do |comment| + ticket.comments.each do |comment| if comment.posted_by == id and (params[:open_status] != 'open' or ticket.is_open) and (params[:open_status] != 'closed' or !ticket.is_open) #limit based on whether the ticket is open if open_status is set to open or closed admin_tickets << ticket break - end + end end end # TODO. is this inefficent?: |