1 files changed, 161 insertions, 0 deletions

diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
new file mode 100644
index 0000000..99357ab
--- /dev/null
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -0,0 +1,161 @@
+class TicketsController < ApplicationController
+  include AutoTicketsPathHelper
+
+  respond_to :html, :json
+  #has_scope :open, :type => boolean
+
+  before_filter :require_login, :only => [:index]
+  before_filter :fetch_ticket, :only => [:show, :update, :destroy]
+  before_filter :require_ticket_access, :only => [:show, :update, :destroy]
+  before_filter :fetch_user
+  before_filter :set_title
+
+  def new
+    @ticket = Ticket.new
+    @ticket.created_by = current_user.id
+    @ticket.comments.build
+  end
+
+  def create
+    @ticket = Ticket.new(params[:ticket])
+
+    #protecting posted_by isn't working, so this should protect it:
+    @ticket.comments.last.posted_by = current_user.id
+    @ticket.comments.last.private = false unless admin?
+    @ticket.created_by = current_user.id
+    if @ticket.save
+      flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
+      if !logged_in?
+        flash[:notice] += " " + t(:access_ticket_text, :full_url => ticket_url(@ticket.id))
+      end
+    end
+    respond_with(@ticket, :location => auto_ticket_path(@ticket))
+  end
+
+  def show
+    @comment = TicketComment.new
+    if !@ticket
+      redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => t(:ticket))
+      return
+    end
+  end
+
+  def update
+    if params[:button] == 'close'
+      @ticket.is_open = false
+      @ticket.save
+      redirect_to_tickets
+    elsif params[:button] == 'open'
+      @ticket.is_open = true
+      @ticket.save
+      redirect_to auto_ticket_path(@ticket)
+    else
+      @ticket.attributes = cleanup_ticket_params(params[:ticket])
+
+      if params[:button] == 'reply_and_close'
+        @ticket.close
+      end
+
+      if @ticket.comments_changed?
+        @ticket.comments.last.posted_by = current_user.id
+        @ticket.comments.last.private = false unless admin?
+      end
+
+      if @ticket.changed? and @ticket.save
+        flash[:notice] = t(:changes_saved)
+        redirect_to_tickets
+      else
+        flash[:error] = @ticket.errors.full_messages.join(". ") if @ticket.changed?
+        redirect_to auto_ticket_path(@ticket)
+      end
+    end
+  end
+
+  def index
+    @all_tickets = Ticket.search(search_options(params))
+    @tickets = @all_tickets.page(params[:page]).per(APP_CONFIG[:pagination_size])
+  end
+
+  def destroy
+    # should we allow non-admins to delete their own tickets? i don't think necessary.
+    @ticket.destroy if admin?
+    redirect_to auto_tickets_path
+  end
+
+  protected
+
+  def set_title
+    @title = t(:tickets)
+  end
+
+  private
+
+  #
+  # redirects to ticket index, if appropriate.
+  # otherwise, just redirects to @ticket
+  #
+  def redirect_to_tickets
+    if logged_in?
+      if params[:button] == t(:reply_and_close)
+        redirect_to auto_tickets_path
+      else
+        redirect_to auto_ticket_path(@ticket)
+      end
+    else
+      # if we are not logged in, there is no index to view
+      redirect_to auto_ticket_path(@ticket)
+    end
+  end
+
+  #
+  # unset comments hash if no new comment was typed
+  #
+  def cleanup_ticket_params(ticket)
+    if ticket && ticket[:comments_attributes]
+      if ticket[:comments_attributes].values.first[:body].blank?
+        ticket[:comments_attributes] = nil
+      end
+    end
+    return ticket
+  end
+
+  def fetch_ticket
+    @ticket = Ticket.find(params[:id])
+    if !@ticket
+      if admin?
+        redirect_to auto_tickets_path,
+          alert: t(:no_such_thing, thing: 'ticket')
+      else
+        access_denied
+      end
+    end
+  end
+
+  def require_ticket_access
+    access_denied unless ticket_access?
+  end
+
+  def ticket_access?
+    admin? or
+      @ticket.created_by.blank? or
+      current_user.id == @ticket.created_by
+  end
+
+  def fetch_user
+    if params[:user_id]
+      @user = User.find(params[:user_id])
+    end
+  end
+
+  #
+  # clean up params for ticket search
+  #
+  def search_options(params)
+    params.merge(
+      :admin_status => params[:user_id] ? 'mine' : 'all',
+      :user_id      => @user ? @user.id : current_user.id,
+      :is_admin     => admin?
+    )
+  end
+
+end