summaryrefslogtreecommitdiff
path: root/help/app/controllers/tickets_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'help/app/controllers/tickets_controller.rb')
-rw-r--r--help/app/controllers/tickets_controller.rb67
1 files changed, 49 insertions, 18 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4684a40..4130ee6 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -33,25 +33,32 @@ class TicketsController < ApplicationController
def show
@ticket = Ticket.find(params[:id])
+ ticket_access_denied?
# @ticket.comments.build
# build ticket comments?
end
def update
- @ticket = Ticket.find(params[:id])
- @ticket.attributes = params[:ticket]
- # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+ @ticket = Ticket.find(params[:id])
+ if !ticket_access_denied?
- if @ticket.save
- flash[:notice] = 'Ticket was successfully updated.'
- respond_with @ticket
- else
- #redirect_to [:show, @ticket] #
- flash[:alert] = 'Ticket has not been changed'
- redirect_to @ticket
- #respond_with(@ticket) # why does this go to edit?? redirect???
+ #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
+ @ticket.is_open = params[:ticket][:is_open]
+ if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
+ @ticket.attributes = params[:ticket]
+ end
+ # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
+ @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+ if @ticket.save
+ flash[:notice] = 'Ticket was successfully updated.'
+ respond_with @ticket
+ else
+ #redirect_to [:show, @ticket] #
+ flash[:alert] = 'Ticket has not been changed'
+ redirect_to @ticket
+ #respond_with(@ticket) # why does this go to edit?? redirect???
+ end
end
end
@@ -59,18 +66,42 @@ class TicketsController < ApplicationController
# @tickets = Ticket.by_title #not actually what we will want
#we'll want only tickets that this user can access
# @tickets = Ticket.by_is_open.key(params[:status])
- if params[:status] == 'open'
- @tickets = Ticket.by_is_open.key(true)
- elsif params[:status] == 'closed'
- @tickets = Ticket.by_is_open.key(false)
+
+ #below is obviously too messy and not what we want, but wanted to get basic functionality there
+ if admin?
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open.key(true)
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open.key(false)
+ else
+ @tickets = Ticket.all
+ end
+ elsif logged_in?
+ if params[:status] == 'open'
+ @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+ elsif params[:status] == 'closed'
+ @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+ else
+ @tickets = Ticket.by_created_by.key(current_user.id).all
+ end
else
- @tickets = Ticket.all
- end
+ access_denied
+ end
+
respond_with(@tickets)
end
private
+ def ticket_access_denied?
+ # TODO---we will allow unauthenticated users to view tickets with a code
+ if !admin? and current_user.id != @ticket.created_by
+ @ticket = nil
+ access_denied
+ end
+
+ end
+
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment