diff options
Diffstat (limited to 'help/app/controllers')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 65 |
1 files changed, 53 insertions, 12 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 4c7415b..4130ee6 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -33,34 +33,75 @@ class TicketsController < ApplicationController def show @ticket = Ticket.find(params[:id]) + ticket_access_denied? # @ticket.comments.build # build ticket comments? end def update - @ticket = Ticket.find(params[:id]) - @ticket.attributes = params[:ticket] - @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + @ticket = Ticket.find(params[:id]) + if !ticket_access_denied? - if @ticket.save - flash[:notice] = 'Ticket was successfully updated.' - respond_with @ticket - else - #redirect_to [:show, @ticket] # - flash[:alert] = 'Ticket has not been changed' - redirect_to @ticket - #respond_with(@ticket) # why does this go to edit?? redirect??? + #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone. + @ticket.is_open = params[:ticket][:is_open] + if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed? + @ticket.attributes = params[:ticket] + end + # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work? + @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it. + if @ticket.save + flash[:notice] = 'Ticket was successfully updated.' + respond_with @ticket + else + #redirect_to [:show, @ticket] # + flash[:alert] = 'Ticket has not been changed' + redirect_to @ticket + #respond_with(@ticket) # why does this go to edit?? redirect??? + end end end def index # @tickets = Ticket.by_title #not actually what we will want - respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access + #we'll want only tickets that this user can access + # @tickets = Ticket.by_is_open.key(params[:status]) + + #below is obviously too messy and not what we want, but wanted to get basic functionality there + if admin? + if params[:status] == 'open' + @tickets = Ticket.by_is_open.key(true) + elsif params[:status] == 'closed' + @tickets = Ticket.by_is_open.key(false) + else + @tickets = Ticket.all + end + elsif logged_in? + if params[:status] == 'open' + @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all + elsif params[:status] == 'closed' + @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all + else + @tickets = Ticket.by_created_by.key(current_user.id).all + end + else + access_denied + end + + respond_with(@tickets) end private + def ticket_access_denied? + # TODO---we will allow unauthenticated users to view tickets with a code + if !admin? and current_user.id != @ticket.created_by + @ticket = nil + access_denied + end + + end + # not using now, as we are using comment_attributes= from the Ticket model =begin def add_comment |