4 files changed, 195 insertions, 51 deletions

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4c7415b..2f26d24 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -3,6 +3,8 @@ class TicketsController < ApplicationController
   respond_to :html #, :json
   #has_scope :open, :type => boolean
 
+  before_filter :set_strings
+
   def new
     @ticket = Ticket.new
     @ticket.comments.build
@@ -10,15 +12,17 @@ class TicketsController < ApplicationController
 
   def create
     @ticket = Ticket.new(params[:ticket])
-    if current_user
+    if logged_in?
       @ticket.created_by = current_user.id
       @ticket.email = current_user.email if current_user.email
       @ticket.comments.last.posted_by = current_user.id
     else 
       @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
     end
-
     flash[:notice] = 'Ticket was successfully created.' if @ticket.save
+    if !logged_in?
+      flash[:notice] = flash[:notice] + ' You can later access this ticket at the url ' + request.protocol + request.host_with_port + ticket_path(@ticket.id) + '. You might want to bookmark this page to find it again. Anybody with this URL will be able to access this ticket, so if you are on a shared computer you might want to remove it from the browser history' #todo
+    end
     respond_with(@ticket)
 
   end
@@ -33,34 +37,111 @@ class TicketsController < ApplicationController
 
   def show
     @ticket = Ticket.find(params[:id])
+    if !@ticket
+      redirect_to tickets_path, :alert => "No such ticket"
+      return
+    end
+    ticket_access_denied? #authorize_ticket_access
     # @ticket.comments.build
     # build ticket comments?
   end
   
   def update
     @ticket = Ticket.find(params[:id])
-    @ticket.attributes = params[:ticket]
-    
-    @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
 
-    if @ticket.save
-      flash[:notice] = 'Ticket was successfully updated.'
-      respond_with @ticket
-    else
-      #redirect_to [:show, @ticket] #
-      flash[:alert] = 'Ticket has not been changed'
-      redirect_to @ticket
-      #respond_with(@ticket) # why does this go to edit?? redirect???
+    if !ticket_access_denied?
+      if status = params[:change_status] #close or open button was pressed
+        @ticket.close if params[:change_status] == 'close'
+        @ticket.reopen if params[:change_status] == 'open'
+      else   
+        params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
+        @ticket.attributes = params[:ticket] #this will call comments_attributes=       
+        # @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection
+        @ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection
+        
+        # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
+        @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+      end
+      if @ticket.changed? and @ticket.save
+        flash[:notice] = 'Ticket was successfully updated.'
+        if @ticket.is_open
+          respond_with @ticket
+        else #for closed tickets, redirect to index.
+          redirect_to tickets_path
+        end
+      else
+        #redirect_to [:show, @ticket] #
+        flash[:alert] = 'Ticket has not been changed'
+        redirect_to @ticket
+        #respond_with(@ticket) # why does this go to edit?? redirect???
+      end
     end
   end
 
   def index
-    # @tickets = Ticket.by_title #not actually what we will want
-    respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access
+    #TODO: we will need pagination
+
+    if admin?
+      if params[:admin_status] == 'mine'
+        @tickets = tickets_by_admin(current_user.id)
+      elsif params[:open_status] == 'open'
+        @tickets = Ticket.by_is_open.key(true)
+      elsif params[:open_status] == 'closed'
+        @tickets = Ticket.by_is_open.key(false)
+      else 
+        @tickets = Ticket.all
+      end
+    elsif logged_in?
+      #TODO---if, when logged in, user accessed unauthenticated ticket, then seems okay to list it in their list of tickets. Thus, include all tickets that the user has posted to, not just those that they created.
+      if params[:open_status] == 'open'
+        @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+      elsif params[:open_status] == 'closed'
+        @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+      else
+        @tickets = Ticket.by_created_by.key(current_user.id).all
+      end
+    else
+      access_denied
+      return
+    end      
+
+    respond_with(@tickets) 
+  end
+
+  def destroy
+    @ticket = Ticket.find(params[:id])
+    @ticket.destroy if admin?
+    redirect_to tickets_path
   end
 
   private
   
+  def ticket_access?
+    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) 
+  end
+
+  def ticket_access_denied?
+    access_denied unless ticket_access?
+  end
+
+  def tickets_by_admin(id=current_user.id)
+    admin_tickets = []
+    tickets = Ticket.all
+    tickets.each do |ticket|
+      ticket.comments.each do |comment| 
+        if comment.posted_by == id and (params[:open_status] != 'open' or ticket.is_open) and (params[:open_status] != 'closed' or !ticket.is_open) #limit based on whether the ticket is open if open_status is set to open or closed
+          admin_tickets << ticket
+          break
+        end 
+      end
+    end
+    admin_tickets
+  end
+
+  def set_strings
+    @post_reply_str = 'Post reply' #t :post_reply
+    @reply_close_str = 'Reply and close' #t :reply_and_close
+  end
   # not using now, as we are using comment_attributes= from the Ticket model
 =begin
   def add_comment
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index f38fed2..3b66fe4 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -23,20 +23,24 @@ class Ticket < CouchRest::Model::Base
   
   #property :user_verified, TrueClass, :default => false #will be true exactly when user is set
   #admins
-  property :code, String, :protected => true # only should be set if created_by is nil
+  #property :code, String, :protected => true # only should be set if created_by is nil #instead we will just use couchdb ID
   property :is_open, TrueClass, :default => true
   property :comments, [TicketComment]
 
   timestamps!
   
   #before_validation :set_created_by, :set_code, :set_email, :on => :create
-  before_validation :set_code, :set_email, :on => :create
+  before_validation :set_email, :on => :create
 
 
   #named_scope :open, :conditions => {:is_open => true} #??
 
   design do
     view :by_title
+    view :by_is_open
+    view :by_created_by
+    view :by_is_open_and_created_by
+
   end
 
   validates :title, :presence => true
@@ -55,10 +59,12 @@ class Ticket < CouchRest::Model::Base
     !!created_by
   end
 
-  def set_code
+=begin
+  def set_code #let's not use this---can use same show url
     # ruby 1.9 provides url-safe option---this is not necessarily url-safe
     self.code = SecureRandom.hex(8) if !is_creator_validated?
   end
+=end
 
 
   def set_email
@@ -66,23 +72,38 @@ class Ticket < CouchRest::Model::Base
     # in controller set to be current users email if that exists
   end
 
+  #not saving with close and reopen, as we will save in update when they are called.
   def close
     self.is_open = false
-    save
+    #save
   end
 
   def reopen
     self.is_open = true
-    save
+    #save
   end
 
-  def comments_attributes=(attributes)
+  def commenters 
+    commenters = []
+    self.comments.each do |comment|
+      if comment.posted_by
+        user = User.find(comment.posted_by) 
+        commenters << user.login if user and !commenters.include?(user.login)
+      else
+        commenters << 'unauthenticated user' if !commenters.include?('unauthenticated user') #todo don't hardcode string 'unauthenticated user' 
+      end
+    end
+    commenters.join(', ')
+  end
 
-    comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
-    #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
-    comment.posted_at = Time.now
-    comments << comment
-    
+  def comments_attributes=(attributes)
+    if attributes # could be empty as we will empty if nothing was typed in
+      comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
+      #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
+      # what about: comment.posted_by = self.updated_by  (will need to add ticket.updated_by)
+      comment.posted_at = Time.now
+      comments << comment
+    end
   end
 
 =begin
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 6db2140..95b65c0 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,10 +1,39 @@
-%h2 tickets index (just as space)
+%h1 tickets index (just as space)
+%h1 tickets index (just as space)
+%h1 tickets index (just as space)
+
 Create a 
 = link_to "new ticket", new_ticket_path
-= # below shouldn't be unless logged in
-%h2 Tickets
-= # want to have selection option to see tickets, that are open, closed or all
-- @tickets.each do |ticket|
-  %p
-  = link_to ticket.title, ticket
-= #render(:partial => "ticket", :collection => @tickets)
+
+= #%div{"data-pjax-container" => ""} # not sure how to get this working right
+.row
+  .span2
+    - if admin?
+      %h4 whose tickets    
+      %ul.nav.nav-pills
+        %li{:class => ("active" if params[:admin_status] == 'mine')}
+          = link_to 'only tickets i admin', {:admin_status => 'mine', :open_status => params[:open_status]}
+        %li{:class => ("active" if params[:admin_status] != 'mine')} 
+          = link_to 'all', {:admin_status => 'all', :open_status => params[:open_status]}
+  .span10
+    %ul.nav.nav-tabs
+      %li{:class => ("active" if params[:open_status] != 'closed' and params[:open_status] != 'all')}
+        = link_to 'open issues', {:open_status => 'open', :admin_status => params[:admin_status]}
+      %li{:class => ("active" if params[:open_status] == 'closed')}
+        = link_to 'closed issues', {:open_status => 'closed', :admin_status => params[:admin_status]}
+        = #%a{:href => "#"} closed issue
+      %li{:class => ("active" if params[:open_status] == 'all')}
+        = link_to 'open & closed issues', {:open_status => 'all', :admin_status => params[:admin_status]}
+
+    - @tickets.each do |ticket|
+      %p
+      = link_to ticket.title, ticket
+      comments by:
+      = ticket.commenters 
+
+
+%div{"data-pjax-container" => ""}
+  / PJAX updates will go here
+  hmmm
+
+
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..9b12f34 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,26 +1,39 @@
-- if flash[:notice]
-  =flash[:notice]
-- if flash[:alert]
-  =flash[:alert]
+%h1 tickets show (just as space for firefox)
+%h1 tickets show (just as space for firefox)
 %h2= @ticket.title
-is open?
-= @ticket.is_open
-- if @ticket.code
-  code:
-  = @ticket.code
 - if @ticket.email
   email:
   = @ticket.email
-- if User.find(@ticket.created_by)
-  Created by
-  = User.find(@ticket.created_by).login 
-- else
-  Unauthenticated ticket creator
+%li
+  - if User.find(@ticket.created_by)
+    Created by
+    = User.find(@ticket.created_by).login 
+  - else
+    Unauthenticated ticket creator
+%li
+  = "status:" 
+  - if @ticket.is_open
+    = 'open'
+    = #link_to 'close', ticket_path, :method => :put
+    = #button_to 'close', ticket_path, :method => :put
+    = button_to 'close', {:change_status => :close}, :method => :put
+  - else 
+    = 'closed'
+    = button_to 'open', {:change_status => :open}, :method => :put
 = render(:partial => "comment", :collection => @ticket.comments)
+= #render @ticket.comments should work if view is in /app/views/comments/_comment
 
-= simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test
+= simple_form_for(@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test
   = f.simple_fields_for :comments, TicketComment.new do |c|
     = c.input :body, :label => 'Comment', :as => :text
   = #render :partial => 'new_comment'
-  = f.button :submit
-  = link_to t(:cancel), tickets_path, :class => :btn
\ No newline at end of file
+  = #f.label :is_open
+  = #f.select :is_open, [true, false] #remove
+  = f.button :submit, @post_reply_str
+  - if @ticket.is_open
+    = f.button :submit, @reply_close_str
+= #link_to t(:destroy), ticket_path,  :confirm => 'are you sure?', :method => :delete, :class => :btn if admin? # for link_to to work with delete, need to figure out jquery interaction correctly. see  http://stackoverflow.com/questions/3774925/delete-link-sends-get-instead-of-delete-in-rails-3-view etc..
+= button_to 'destroy', ticket_path, :confirm => 'are you sure?', :method => :delete  if admin?
+= # TODO want to have button to close
+= # TODO if admin, have  button to delete
+= link_to t(:cancel), tickets_path, :class => :btn