summaryrefslogtreecommitdiff
path: root/help
diff options
context:
space:
mode:
Diffstat (limited to 'help')
-rw-r--r--help/app/controllers/tickets_controller.rb30
-rw-r--r--help/app/views/tickets/show.html.haml3
-rw-r--r--help/config/routes.rb2
3 files changed, 21 insertions, 14 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4f5c427..ced9569 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -39,17 +39,17 @@ class TicketsController < ApplicationController
def show
@ticket = Ticket.find(params[:id])
- ticket_access_denied?
- redirect_to root_url, :alert => "No such ticket" if !@ticket
+ redirect_to tickets_path, :alert => "No such ticket" if !@ticket
+ authorize_ticket_access
# @ticket.comments.build
# build ticket comments?
end
def update
-
- @ticket = Ticket.find(params[:id])
- if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated
+ @ticket = Ticket.find(params[:id])
+
+ if ticket_access?
params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
@ticket.attributes = params[:ticket] #this will call comments_attributes=
@@ -100,16 +100,20 @@ class TicketsController < ApplicationController
respond_with(@tickets)
end
+ def destroy
+ @ticket = Ticket.find(params[:id])
+ @ticket.destroy if admin?
+ redirect_to tickets_path
+ end
+
private
-
- def ticket_access_denied?
- # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
- if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
- @ticket = nil
- access_denied
- end
-
+ def ticket_access?
+ @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
+ end
+
+ def authorize_ticket_access
+ access_denied unless ticket_access?
end
# not using now, as we are using comment_attributes= from the Ticket model
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index 132d50f..eaa3356 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -23,6 +23,9 @@
= f.select :is_open, [true, false]
= f.button :submit, @post_reply_str
= f.button :submit, @reply_close_str
+ = #link_to t(:destroy), ticket_path, :confirm => 'are you sure?', :method => :delete, :class => :btn if admin? # for link_to to work with delete, need to figure out jquery interaction correctly. see http://stackoverflow.com/questions/3774925/delete-link-sends-get-instead-of-delete-in-rails-3-view etc..
+ = button_to 'destroy', ticket_path, :confirm => 'are you sure?', :method => :delete if admin? #TODO---confirmation not working
+ = # button_to("test destroy", {}, {:onclick => "return confirm('Are you sure?')", :method => :delete, :remote => true}) #this works but is ugly
= # TODO want to have button to close
= # TODO if admin, have button to delete
= link_to t(:cancel), tickets_path, :class => :btn
diff --git a/help/config/routes.rb b/help/config/routes.rb
index 5e57e02..86a9201 100644
--- a/help/config/routes.rb
+++ b/help/config/routes.rb
@@ -1,5 +1,5 @@
Rails.application.routes.draw do
- resources :tickets, :only => [:new, :create, :index, :show, :update]
+ resources :tickets, :only => [:new, :create, :index, :show, :update, :destroy]
#resources :ticket, :only => [:show]
end