summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--help/app/controllers/tickets_controller.rb75
-rw-r--r--help/app/models/ticket.rb25
-rw-r--r--help/app/views/tickets/index.html.haml6
-rw-r--r--help/app/views/tickets/show.html.haml16
-rw-r--r--users/app/controllers/controller_extension/authentication.rb4
-rw-r--r--users/test/unit/user_test.rb11
6 files changed, 106 insertions, 31 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4c7415b..4f5c427 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -3,6 +3,12 @@ class TicketsController < ApplicationController
respond_to :html #, :json
#has_scope :open, :type => boolean
+ def initialize
+ @post_reply_str = 'Post reply' #t :post_reply
+ # @close_str = 'Close ticket' #t :close_ticket
+ @reply_close_str = 'Reply and close' #t :reply_and_close
+ end
+
def new
@ticket = Ticket.new
@ticket.comments.build
@@ -33,34 +39,79 @@ class TicketsController < ApplicationController
def show
@ticket = Ticket.find(params[:id])
+ ticket_access_denied?
+ redirect_to root_url, :alert => "No such ticket" if !@ticket
# @ticket.comments.build
# build ticket comments?
end
def update
- @ticket = Ticket.find(params[:id])
- @ticket.attributes = params[:ticket]
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ @ticket = Ticket.find(params[:id])
+ if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated
- if @ticket.save
- flash[:notice] = 'Ticket was successfully updated.'
- respond_with @ticket
- else
- #redirect_to [:show, @ticket] #
- flash[:alert] = 'Ticket has not been changed'
- redirect_to @ticket
- #respond_with(@ticket) # why does this go to edit?? redirect???
+ params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
+ @ticket.attributes = params[:ticket] #this will call comments_attributes=
+
+ @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection
+
+ # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
+ @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+ if @ticket.changed? and @ticket.save
+ flash[:notice] = 'Ticket was successfully updated.'
+ respond_with @ticket
+ else
+ #redirect_to [:show, @ticket] #
+ flash[:alert] = 'Ticket has not been changed'
+ redirect_to @ticket
+ #respond_with(@ticket) # why does this go to edit?? redirect???
+ end
end
end
def index
# @tickets = Ticket.by_title #not actually what we will want
- respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access
+ #we'll want only tickets that this user can access
+ # @tickets = Ticket.by_is_open.key(params[:status])
+
+ #below is obviously too messy and not what we want, but wanted to get basic functionality there
+ if admin?
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open.key(true)
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open.key(false)
+ else
+ @tickets = Ticket.all
+ end
+ elsif logged_in?
+ #TODO---if, when logged in, user accessed unauthenticated ticket, then seems okay to list it in their list of tickets. Thus, include all tickets that the user has posted to, not just those that they created.
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+ else
+ @tickets = Ticket.by_created_by.key(current_user.id).all
+ end
+ else
+ access_denied
+ return
+ end
+
+ respond_with(@tickets)
end
private
+
+ def ticket_access_denied?
+ # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
+ if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
+ @ticket = nil
+ access_denied
+ end
+
+ end
+
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index f38fed2..cb8e397 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -23,20 +23,24 @@ class Ticket < CouchRest::Model::Base
#property :user_verified, TrueClass, :default => false #will be true exactly when user is set
#admins
- property :code, String, :protected => true # only should be set if created_by is nil
+ #property :code, String, :protected => true # only should be set if created_by is nil #instead we will just use couchdb ID
property :is_open, TrueClass, :default => true
property :comments, [TicketComment]
timestamps!
#before_validation :set_created_by, :set_code, :set_email, :on => :create
- before_validation :set_code, :set_email, :on => :create
+ before_validation :set_email, :on => :create
#named_scope :open, :conditions => {:is_open => true} #??
design do
view :by_title
+ view :by_is_open
+ view :by_created_by
+ view :by_is_open_and_created_by
+
end
validates :title, :presence => true
@@ -55,10 +59,12 @@ class Ticket < CouchRest::Model::Base
!!created_by
end
- def set_code
+=begin
+ def set_code #let's not use this---can use same show url
# ruby 1.9 provides url-safe option---this is not necessarily url-safe
self.code = SecureRandom.hex(8) if !is_creator_validated?
end
+=end
def set_email
@@ -77,12 +83,13 @@ class Ticket < CouchRest::Model::Base
end
def comments_attributes=(attributes)
-
- comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
- #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
- comment.posted_at = Time.now
- comments << comment
-
+ if attributes # could be empty as we will empty if nothing was typed in
+ comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
+ #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
+ # what about: comment.posted_by = self.updated_by (will need to add ticket.updated_by)
+ comment.posted_at = Time.now
+ comments << comment
+ end
end
=begin
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 6db2140..dff39ce 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,9 +1,11 @@
-%h2 tickets index (just as space)
+%h1 tickets index (just as space)
Create a
= link_to "new ticket", new_ticket_path
= # below shouldn't be unless logged in
%h2 Tickets
-= # want to have selection option to see tickets, that are open, closed or all
+= form_tag (tickets_path, :method => :get) do # want to redo as ajax, and make sure it displays the selected option
+ = select_tag :status, options_for_select(["open", "closed", "all"])
+ = submit_tag "filter"
- @tickets.each do |ticket|
%p
= link_to ticket.title, ticket
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..132d50f 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,13 +1,10 @@
+%h1 tickets show (just as space)
+%h1 tickets show (just as space)
- if flash[:notice]
=flash[:notice]
- if flash[:alert]
=flash[:alert]
%h2= @ticket.title
-is open?
-= @ticket.is_open
-- if @ticket.code
- code:
- = @ticket.code
- if @ticket.email
email:
= @ticket.email
@@ -22,5 +19,10 @@ is open?
= f.simple_fields_for :comments, TicketComment.new do |c|
= c.input :body, :label => 'Comment', :as => :text
= #render :partial => 'new_comment'
- = f.button :submit
- = link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file
+ = f.label :is_open
+ = f.select :is_open, [true, false]
+ = f.button :submit, @post_reply_str
+ = f.button :submit, @reply_close_str
+ = # TODO want to have button to close
+ = # TODO if admin, have button to delete
+ = link_to t(:cancel), tickets_path, :class => :btn
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index c3342f3..e27b4da 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -20,7 +20,9 @@ module ControllerExtension::Authentication
end
def access_denied
- redirect_to login_url, :alert => "Not authorized"
+ # TODO: should we redirect to the root_url in either case, and have the root_url include the login screen (and also ability to create unauthenticated tickets) when no user is logged in?
+ redirect_to login_url, :alert => "Not authorized" if !logged_in?
+ redirect_to root_url, :alert => "Not authorized" if logged_in?
end
def admin?
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index f057ca7..9977fca 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -48,4 +48,15 @@ class UserTest < ActiveSupport::TestCase
assert_equal client_rnd, srp_session.aa
end
+ test 'is user an admin' do
+ admin_login = APP_CONFIG['admins'].first
+ attribs = User.valid_attributes_hash
+ attribs[:login] = admin_login
+ admin_user = User.new(attribs)
+ assert admin_user.is_admin?
+ assert !@user.is_admin?
+
+ end
+
+
end