1 files changed, 64 insertions, 14 deletions

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index b5f3a63..3ff19b8 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -3,6 +3,10 @@ class TicketsController < ApplicationController
   respond_to :html #, :json
   #has_scope :open, :type => boolean
 
+  before_filter :set_strings
+
+  before_filter :authorize, :only => [:index]
+
   def new
     @ticket = Ticket.new
     @ticket.comments.build
@@ -10,15 +14,17 @@ class TicketsController < ApplicationController
 
   def create
     @ticket = Ticket.new(params[:ticket])
-    if current_user
+    if logged_in?
       @ticket.created_by = current_user.id
       @ticket.email = current_user.email if current_user.email
       @ticket.comments.last.posted_by = current_user.id
     else
       @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
     end
-
     flash[:notice] = 'Ticket was successfully created.' if @ticket.save
+    if !logged_in?
+      flash[:notice] = flash[:notice] + ' You can later access this ticket at the url ' + request.protocol + request.host_with_port + ticket_path(@ticket.id) + '. You might want to bookmark this page to find it again. Anybody with this URL will be able to access this ticket, so if you are on a shared computer you might want to remove it from the browser history' #todo
+    end
     respond_with(@ticket)
 
   end
@@ -33,34 +39,78 @@ class TicketsController < ApplicationController
 
   def show
     @ticket = Ticket.find(params[:id])
+    if !@ticket
+      redirect_to tickets_path, :alert => "No such ticket"
+      return
+    end
+    ticket_access_denied? #authorize_ticket_access
     # @ticket.comments.build
     # build ticket comments?
   end
 
   def update
     @ticket = Ticket.find(params[:id])
-    @ticket.attributes = params[:ticket]
 
-    @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    if !ticket_access_denied?
+      if status = params[:change_status] #close or open button was pressed
+        @ticket.close if params[:change_status] == 'close'
+        @ticket.reopen if params[:change_status] == 'open'
+      else
+        params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
+        @ticket.attributes = params[:ticket] #this will call comments_attributes=
+        # @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection
+        @ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection
 
-    if @ticket.save
-      flash[:notice] = 'Ticket was successfully updated.'
-      respond_with @ticket
-    else
-      #redirect_to [:show, @ticket] #
-      flash[:alert] = 'Ticket has not been changed'
-      redirect_to @ticket
-      #respond_with(@ticket) # why does this go to edit?? redirect???
+        # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
+        @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+      end
+      if @ticket.changed? and @ticket.save
+        flash[:notice] = 'Ticket was successfully updated.'
+        if @ticket.is_open
+          respond_with @ticket
+        else #for closed tickets, redirect to index.
+          redirect_to tickets_path
+        end
+      else
+        #redirect_to [:show, @ticket] #
+        flash[:alert] = 'Ticket has not been changed'
+        redirect_to @ticket
+        #respond_with(@ticket) # why does this go to edit?? redirect???
+      end
     end
   end
 
   def index
-    # @tickets = Ticket.by_title #not actually what we will want
-    respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access
+    #TODO: we will need pagination
+    @all_tickets = Ticket.for_user(current_user, params, admin?) #for tests, useful to have as separate variable
+
+    #below works if @tickets is a CouchRest::Model::Designs::View, but not if it is an Array
+    @tickets = @all_tickets.page(params[:page]).per(10) #TEST
+    #respond_with(@tickets)
+  end
+
+  def destroy
+    @ticket = Ticket.find(params[:id])
+    @ticket.destroy if admin?
+    redirect_to tickets_path
   end
 
   private
 
+  def ticket_access?
+    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
+  end
+
+  def ticket_access_denied?
+    access_denied unless ticket_access?
+  end
+
+
+  def set_strings
+    @post_reply_str = 'Post reply' #t :post_reply
+    @reply_close_str = 'Reply and close' #t :reply_and_close
+  end
+
   # not using now, as we are using comment_attributes= from the Ticket model
 =begin
   def add_comment