summaryrefslogtreecommitdiff
path: root/engines/support
diff options
context:
space:
mode:
Diffstat (limited to 'engines/support')
-rw-r--r--engines/support/app/controllers/tickets_controller.rb36
-rw-r--r--engines/support/app/views/tickets/new.html.haml16
-rw-r--r--engines/support/app/views/tickets/show.html.haml2
3 files changed, 28 insertions, 26 deletions
diff --git a/engines/support/app/controllers/tickets_controller.rb b/engines/support/app/controllers/tickets_controller.rb
index 4be3493..650f628 100644
--- a/engines/support/app/controllers/tickets_controller.rb
+++ b/engines/support/app/controllers/tickets_controller.rb
@@ -5,7 +5,8 @@ class TicketsController < ApplicationController
#has_scope :open, :type => boolean
before_filter :require_login, :only => [:index]
- before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
+ before_filter :fetch_ticket, :only => [:show, :update, :destroy]
+ before_filter :require_ticket_access, :only => [:show, :update, :destroy]
before_filter :fetch_user
before_filter :set_title
@@ -17,11 +18,11 @@ class TicketsController < ApplicationController
def create
@ticket = Ticket.new(params[:ticket])
- @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ #protecting posted_by isn't working, so this should protect it:
+ @ticket.comments.last.posted_by = current_user.id
@ticket.comments.last.private = false unless admin?
- @ticket.created_by = current_user.id if logged_in?
- @ticket.email = current_user.email_address if logged_in? and current_user.email_address
-
+ @ticket.created_by = current_user.id
+ @ticket.email = current_user.email_address if current_user.email_address
if @ticket.save
flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
@@ -58,7 +59,7 @@ class TicketsController < ApplicationController
end
if @ticket.comments_changed?
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+ @ticket.comments.last.posted_by = current_user.id
@ticket.comments.last.private = false unless admin?
end
@@ -120,19 +121,28 @@ class TicketsController < ApplicationController
return ticket
end
- def ticket_access?
- @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
- end
-
def fetch_ticket
@ticket = Ticket.find(params[:id])
- if !@ticket and admin?
- redirect_to auto_tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
- return
+ if !@ticket
+ if admin?
+ redirect_to auto_tickets_path,
+ alert: t(:no_such_thing, thing: 'ticket')
+ else
+ access_denied
+ end
end
+ end
+
+ def require_ticket_access
access_denied unless ticket_access?
end
+ def ticket_access?
+ admin? or
+ @ticket.created_by.blank? or
+ current_user.id == @ticket.created_by
+ end
+
def fetch_user
if params[:user_id]
@user = User.find(params[:user_id])
diff --git a/engines/support/app/views/tickets/new.html.haml b/engines/support/app/views/tickets/new.html.haml
index ba86ac3..65ed67b 100644
--- a/engines/support/app/views/tickets/new.html.haml
+++ b/engines/support/app/views/tickets/new.html.haml
@@ -2,22 +2,14 @@
= render 'tickets/tabs'
-- if admin? && @user
- - email = @user.email_address
- - regarding = @user.login
-- elsif logged_in?
- - email = current_user.email_address
- - regarding = current_user.login
+- user = @user if admin?
+- user ||= current_user
= simple_form_for @ticket, :validate => true, :html => {:class => 'form-horizontal'} do |f|
= hidden_ticket_fields
= f.input :subject
- - if logged_in?
- = f.input :email, input_html: {value: email}
- = f.input :regarding_user, input_html: {value: regarding}
- - else
- = f.input :email
- = f.input :regarding_user
+ = f.input :email, input_html: {value: user.email_address}
+ = f.input :regarding_user, input_html: {value: user.login}
= f.simple_fields_for :comments, @comment do |c|
= c.input :body, :label => t(:description), :as => :text, :input_html => {:class => "full-width", :rows=> 5}
- if admin?
diff --git a/engines/support/app/views/tickets/show.html.haml b/engines/support/app/views/tickets/show.html.haml
index bbca4bf..4f3c127 100644
--- a/engines/support/app/views/tickets/show.html.haml
+++ b/engines/support/app/views/tickets/show.html.haml
@@ -7,6 +7,6 @@
= render :partial => 'tickets/comment', :collection => @ticket.comments
%tr
%td.user
- = logged_in? ? current_user.login : t(:anonymous)
+ = current_user.login || t(:anonymous)
%td.comment
= render 'tickets/new_comment_form'