diff options
Diffstat (limited to 'help')
-rw-r--r-- | help/app/controllers/tickets_controller.rb | 30 | ||||
-rw-r--r-- | help/app/views/tickets/show.html.haml | 3 | ||||
-rw-r--r-- | help/config/routes.rb | 2 |
3 files changed, 21 insertions, 14 deletions
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 4f5c427..ced9569 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -39,17 +39,17 @@ class TicketsController < ApplicationController def show @ticket = Ticket.find(params[:id]) - ticket_access_denied? - redirect_to root_url, :alert => "No such ticket" if !@ticket + redirect_to tickets_path, :alert => "No such ticket" if !@ticket + authorize_ticket_access # @ticket.comments.build # build ticket comments? end def update - - @ticket = Ticket.find(params[:id]) - if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated + @ticket = Ticket.find(params[:id]) + + if ticket_access? params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed @ticket.attributes = params[:ticket] #this will call comments_attributes= @@ -100,16 +100,20 @@ class TicketsController < ApplicationController respond_with(@tickets) end + def destroy + @ticket = Ticket.find(params[:id]) + @ticket.destroy if admin? + redirect_to tickets_path + end + private - - def ticket_access_denied? - # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket - if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by) - @ticket = nil - access_denied - end - + def ticket_access? + @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by)) + end + + def authorize_ticket_access + access_denied unless ticket_access? end # not using now, as we are using comment_attributes= from the Ticket model diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml index 132d50f..eaa3356 100644 --- a/help/app/views/tickets/show.html.haml +++ b/help/app/views/tickets/show.html.haml @@ -23,6 +23,9 @@ = f.select :is_open, [true, false] = f.button :submit, @post_reply_str = f.button :submit, @reply_close_str + = #link_to t(:destroy), ticket_path, :confirm => 'are you sure?', :method => :delete, :class => :btn if admin? # for link_to to work with delete, need to figure out jquery interaction correctly. see http://stackoverflow.com/questions/3774925/delete-link-sends-get-instead-of-delete-in-rails-3-view etc.. + = button_to 'destroy', ticket_path, :confirm => 'are you sure?', :method => :delete if admin? #TODO---confirmation not working + = # button_to("test destroy", {}, {:onclick => "return confirm('Are you sure?')", :method => :delete, :remote => true}) #this works but is ugly = # TODO want to have button to close = # TODO if admin, have button to delete = link_to t(:cancel), tickets_path, :class => :btn diff --git a/help/config/routes.rb b/help/config/routes.rb index 5e57e02..86a9201 100644 --- a/help/config/routes.rb +++ b/help/config/routes.rb @@ -1,5 +1,5 @@ Rails.application.routes.draw do - resources :tickets, :only => [:new, :create, :index, :show, :update] + resources :tickets, :only => [:new, :create, :index, :show, :update, :destroy] #resources :ticket, :only => [:show] end |