summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--help/app/controllers/tickets_controller.rb2
-rw-r--r--help/app/models/ticket_comment.rb2
-rw-r--r--users/app/controllers/v1/sessions_controller.rb2
-rw-r--r--users/app/models/account_settings.rb2
4 files changed, 5 insertions, 3 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 094612c..a03ef22 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -18,6 +18,7 @@ class TicketsController < ApplicationController
@ticket = Ticket.new(params[:ticket])
@ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ @ticket.comments.last.private = false unless admin?
@ticket.created_by = current_user.id if logged_in?
@ticket.email = current_user.email_address if logged_in? and current_user.email_address
@@ -58,6 +59,7 @@ class TicketsController < ApplicationController
if @ticket.comments_changed?
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+ @ticket.comments.last.private = false unless admin?
end
if @ticket.changed?
diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb
index 1df7eec..13bea2b 100644
--- a/help/app/models/ticket_comment.rb
+++ b/help/app/models/ticket_comment.rb
@@ -7,7 +7,7 @@ class TicketComment
property :posted_at, Time#, :protected => true
#property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created
property :body, String
- property :private, TrueClass # private comments are only viewable by admins
+ property :private, TrueClass # private comments are only viewable by admins #this is checked when set, to make sure it was set by an admin
# ? timestamps!
validates :body, :presence => true
diff --git a/users/app/controllers/v1/sessions_controller.rb b/users/app/controllers/v1/sessions_controller.rb
index e3459d6..c99d1f3 100644
--- a/users/app/controllers/v1/sessions_controller.rb
+++ b/users/app/controllers/v1/sessions_controller.rb
@@ -29,7 +29,7 @@ module V1
def destroy
logout
- redirect_to root_path
+ head :no_content
end
protected
diff --git a/users/app/models/account_settings.rb b/users/app/models/account_settings.rb
index a73a95a..27fa227 100644
--- a/users/app/models/account_settings.rb
+++ b/users/app/models/account_settings.rb
@@ -16,7 +16,7 @@ class AccountSettings
protected
- def update_login(login, verifier)
+ def update_login(login)
return unless login.present?
@old_identity = Identity.for(@user)
@user.login = login