summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--help/app/controllers/tickets_controller.rb67
-rw-r--r--help/app/models/ticket.rb4
-rw-r--r--help/app/views/tickets/index.html.haml2
-rw-r--r--help/app/views/tickets/show.html.haml9
-rw-r--r--users/app/controllers/controller_extension/authentication.rb3
5 files changed, 61 insertions, 24 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4684a40..4130ee6 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -33,25 +33,32 @@ class TicketsController < ApplicationController
def show
@ticket = Ticket.find(params[:id])
+ ticket_access_denied?
# @ticket.comments.build
# build ticket comments?
end
def update
- @ticket = Ticket.find(params[:id])
- @ticket.attributes = params[:ticket]
- # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ @ticket = Ticket.find(params[:id])
+ if !ticket_access_denied?
- if @ticket.save
- flash[:notice] = 'Ticket was successfully updated.'
- respond_with @ticket
- else
- #redirect_to [:show, @ticket] #
- flash[:alert] = 'Ticket has not been changed'
- redirect_to @ticket
- #respond_with(@ticket) # why does this go to edit?? redirect???
+ #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
+ @ticket.is_open = params[:ticket][:is_open]
+ if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
+ @ticket.attributes = params[:ticket]
+ end
+ # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
+ @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+ if @ticket.save
+ flash[:notice] = 'Ticket was successfully updated.'
+ respond_with @ticket
+ else
+ #redirect_to [:show, @ticket] #
+ flash[:alert] = 'Ticket has not been changed'
+ redirect_to @ticket
+ #respond_with(@ticket) # why does this go to edit?? redirect???
+ end
end
end
@@ -59,18 +66,42 @@ class TicketsController < ApplicationController
# @tickets = Ticket.by_title #not actually what we will want
#we'll want only tickets that this user can access
# @tickets = Ticket.by_is_open.key(params[:status])
- if params[:status] == 'open'
- @tickets = Ticket.by_is_open.key(true)
- elsif params[:status] == 'closed'
- @tickets = Ticket.by_is_open.key(false)
+
+ #below is obviously too messy and not what we want, but wanted to get basic functionality there
+ if admin?
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open.key(true)
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open.key(false)
+ else
+ @tickets = Ticket.all
+ end
+ elsif logged_in?
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+ else
+ @tickets = Ticket.by_created_by.key(current_user.id).all
+ end
else
- @tickets = Ticket.all
- end
+ access_denied
+ end
+
respond_with(@tickets)
end
private
+ def ticket_access_denied?
+ # TODO---we will allow unauthenticated users to view tickets with a code
+ if !admin? and current_user.id != @ticket.created_by
+ @ticket = nil
+ access_denied
+ end
+
+ end
+
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index 0407012..6301e9e 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -38,6 +38,9 @@ class Ticket < CouchRest::Model::Base
design do
view :by_title
view :by_is_open
+ view :by_created_by
+ view :by_is_open_and_created_by
+
end
validates :title, :presence => true
@@ -78,7 +81,6 @@ class Ticket < CouchRest::Model::Base
end
def comments_attributes=(attributes)
-
comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
#comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
# what about: comment.posted_by = self.updated_by (will need to add ticket.updated_by)
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 1f46433..dff39ce 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,4 +1,4 @@
-%h2 tickets index (just as space)
+%h1 tickets index (just as space)
Create a
= link_to "new ticket", new_ticket_path
= # below shouldn't be unless logged in
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..3fb1d34 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,10 +1,10 @@
+%h1 tickets show (just as space)
+%h1 tickets show (just as space)
- if flash[:notice]
=flash[:notice]
- if flash[:alert]
=flash[:alert]
%h2= @ticket.title
-is open?
-= @ticket.is_open
- if @ticket.code
code:
= @ticket.code
@@ -22,5 +22,8 @@ is open?
= f.simple_fields_for :comments, TicketComment.new do |c|
= c.input :body, :label => 'Comment', :as => :text
= #render :partial => 'new_comment'
- = f.button :submit
+ = f.label :is_open
+ = f.select :is_open, [true, false]
+ = f.button :submit # have button to close
+ = # want to ahve button to close
= link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index c3342f3..ebd80b0 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -20,7 +20,8 @@ module ControllerExtension::Authentication
end
def access_denied
- redirect_to login_url, :alert => "Not authorized"
+ redirect_to login_url, :alert => "Not authorized" if !logged_in?
+ redirect_to root_url, :alert => "Not authorized"
end
def admin?