Admin deletion of tickets, although need to figure out jquery interaction. And some minor tweaks.

3 files changed, 21 insertions, 14 deletions

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4f5c427..ced9569 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -39,17 +39,17 @@ class TicketsController < ApplicationController
 
   def show
     @ticket = Ticket.find(params[:id])
-    ticket_access_denied?
-    redirect_to root_url, :alert => "No such ticket" if !@ticket
+    redirect_to tickets_path, :alert => "No such ticket" if !@ticket
+    authorize_ticket_access
     # @ticket.comments.build
     # build ticket comments?
   end
   
   def update
-    
-    @ticket = Ticket.find(params[:id])
-    if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated
 
+    @ticket = Ticket.find(params[:id])
+    
+    if ticket_access?
       params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
       @ticket.attributes = params[:ticket] #this will call comments_attributes=
       
@@ -100,16 +100,20 @@ class TicketsController < ApplicationController
     respond_with(@tickets) 
   end
 
+  def destroy
+    @ticket = Ticket.find(params[:id])
+    @ticket.destroy if admin?
+    redirect_to tickets_path
+  end
+
   private
   
-  
-  def ticket_access_denied?
-    # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
-    if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
-      @ticket = nil
-      access_denied
-    end
-   
+  def ticket_access?
+    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) 
+  end
+
+  def authorize_ticket_access
+    access_denied unless ticket_access?
   end
 
   # not using now, as we are using comment_attributes= from the Ticket model
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index 132d50f..eaa3356 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -23,6 +23,9 @@
   = f.select :is_open, [true, false]
   = f.button :submit, @post_reply_str
   = f.button :submit, @reply_close_str
+  = #link_to t(:destroy), ticket_path,  :confirm => 'are you sure?', :method => :delete, :class => :btn if admin? # for link_to to work with delete, need to figure out jquery interaction correctly. see  http://stackoverflow.com/questions/3774925/delete-link-sends-get-instead-of-delete-in-rails-3-view etc..
+  = button_to 'destroy', ticket_path, :confirm => 'are you sure?', :method => :delete  if admin? #TODO---confirmation not working
+  = # button_to("test destroy", {}, {:onclick => "return confirm('Are you sure?')", :method => :delete, :remote => true}) #this works but is ugly
   = # TODO want to have button to close
   = # TODO if admin, have  button to delete
   = link_to t(:cancel), tickets_path, :class => :btn
diff --git a/help/config/routes.rb b/help/config/routes.rb
index 5e57e02..86a9201 100644
--- a/help/config/routes.rb
+++ b/help/config/routes.rb
@@ -1,5 +1,5 @@
 Rails.application.routes.draw do
 
-  resources :tickets, :only => [:new, :create, :index, :show, :update]
+  resources :tickets, :only => [:new, :create, :index, :show, :update, :destroy]
   #resources :ticket, :only => [:show]
 end