5 files changed, 70 insertions, 19 deletions

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4c7415b..4130ee6 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -33,34 +33,75 @@ class TicketsController < ApplicationController
 
   def show
     @ticket = Ticket.find(params[:id])
+    ticket_access_denied?
     # @ticket.comments.build
     # build ticket comments?
   end
   
   def update
-    @ticket = Ticket.find(params[:id])
-    @ticket.attributes = params[:ticket]
     
-    @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    @ticket = Ticket.find(params[:id])
+    if !ticket_access_denied?
 
-    if @ticket.save
-      flash[:notice] = 'Ticket was successfully updated.'
-      respond_with @ticket
-    else
-      #redirect_to [:show, @ticket] #
-      flash[:alert] = 'Ticket has not been changed'
-      redirect_to @ticket
-      #respond_with(@ticket) # why does this go to edit?? redirect???
+      #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
+      @ticket.is_open = params[:ticket][:is_open]
+      if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
+        @ticket.attributes = params[:ticket]
+      end
+      # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
+      @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+      if @ticket.save
+        flash[:notice] = 'Ticket was successfully updated.'
+        respond_with @ticket
+      else
+        #redirect_to [:show, @ticket] #
+        flash[:alert] = 'Ticket has not been changed'
+        redirect_to @ticket
+        #respond_with(@ticket) # why does this go to edit?? redirect???
+      end
     end
   end
 
   def index
     # @tickets = Ticket.by_title #not actually what we will want
-    respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access
+    #we'll want only tickets that this user can access
+    # @tickets = Ticket.by_is_open.key(params[:status])
+
+    #below is obviously too messy and not what we want, but wanted to get basic functionality there
+    if admin?
+      if params[:status] == 'open'
+        @tickets = Ticket.by_is_open.key(true)
+      elsif params[:status] == 'closed'
+        @tickets = Ticket.by_is_open.key(false)
+      else
+        @tickets = Ticket.all
+      end
+    elsif logged_in?
+      if params[:status] == 'open'
+        @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+      elsif params[:status] == 'closed'
+        @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+      else
+        @tickets = Ticket.by_created_by.key(current_user.id).all
+      end
+    else
+      access_denied
+    end      
+
+    respond_with(@tickets) 
   end
 
   private
   
+  def ticket_access_denied?
+    # TODO---we will allow unauthenticated users to view tickets with a code
+    if !admin? and current_user.id != @ticket.created_by
+      @ticket = nil
+      access_denied
+    end
+   
+  end
+
   # not using now, as we are using comment_attributes= from the Ticket model
 =begin
   def add_comment
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index f38fed2..6301e9e 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -37,6 +37,10 @@ class Ticket < CouchRest::Model::Base
 
   design do
     view :by_title
+    view :by_is_open
+    view :by_created_by
+    view :by_is_open_and_created_by
+
   end
 
   validates :title, :presence => true
@@ -77,9 +81,9 @@ class Ticket < CouchRest::Model::Base
   end
 
   def comments_attributes=(attributes)
-
     comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
     #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
+    # what about: comment.posted_by = self.updated_by  (will need to add ticket.updated_by)
     comment.posted_at = Time.now
     comments << comment
     
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 6db2140..dff39ce 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,9 +1,11 @@
-%h2 tickets index (just as space)
+%h1 tickets index (just as space)
 Create a 
 = link_to "new ticket", new_ticket_path
 = # below shouldn't be unless logged in
 %h2 Tickets
-= # want to have selection option to see tickets, that are open, closed or all
+= form_tag (tickets_path, :method => :get) do # want to redo as ajax, and make sure it displays the selected option
+  = select_tag :status, options_for_select(["open", "closed", "all"])
+  = submit_tag "filter"
 - @tickets.each do |ticket|
   %p
   = link_to ticket.title, ticket
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..3fb1d34 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,10 +1,10 @@
+%h1 tickets show (just as space)
+%h1 tickets show (just as space)
 - if flash[:notice]
   =flash[:notice]
 - if flash[:alert]
   =flash[:alert]
 %h2= @ticket.title
-is open?
-= @ticket.is_open
 - if @ticket.code
   code:
   = @ticket.code
@@ -22,5 +22,8 @@ is open?
   = f.simple_fields_for :comments, TicketComment.new do |c|
     = c.input :body, :label => 'Comment', :as => :text
   = #render :partial => 'new_comment'
-  = f.button :submit
+  = f.label :is_open
+  = f.select :is_open, [true, false]
+  = f.button :submit # have button to close
+  = # want to ahve button to close
   = link_to t(:cancel), tickets_path, :class => :btn
\ No newline at end of file
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index c3342f3..ebd80b0 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -20,7 +20,8 @@ module ControllerExtension::Authentication
   end
 
   def access_denied
-    redirect_to login_url, :alert => "Not authorized"
+    redirect_to login_url, :alert => "Not authorized" if !logged_in?
+    redirect_to root_url, :alert => "Not authorized"
   end
 
   def admin?