From fb1c8e60335fefc55191eee16d83f53d2e9a2031 Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Fri, 2 Nov 2012 15:10:45 -0700
Subject: Some rough functionality for tickets, like showing ticket list for
 admins, and initial way to close tickets.

---
 help/app/controllers/tickets_controller.rb         | 67 ++++++++++++++++------
 help/app/models/ticket.rb                          |  4 +-
 help/app/views/tickets/index.html.haml             |  2 +-
 help/app/views/tickets/show.html.haml              |  9 ++-
 .../controller_extension/authentication.rb         |  3 +-
 5 files changed, 61 insertions(+), 24 deletions(-)

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4684a40..4130ee6 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -33,25 +33,32 @@ class TicketsController < ApplicationController
 
   def show
     @ticket = Ticket.find(params[:id])
+    ticket_access_denied?
     # @ticket.comments.build
     # build ticket comments?
   end
   
   def update
-    @ticket = Ticket.find(params[:id])
-    @ticket.attributes = params[:ticket]
     
-    # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
-    @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    @ticket = Ticket.find(params[:id])
+    if !ticket_access_denied?
 
-    if @ticket.save
-      flash[:notice] = 'Ticket was successfully updated.'
-      respond_with @ticket
-    else
-      #redirect_to [:show, @ticket] #
-      flash[:alert] = 'Ticket has not been changed'
-      redirect_to @ticket
-      #respond_with(@ticket) # why does this go to edit?? redirect???
+      #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
+      @ticket.is_open = params[:ticket][:is_open]
+      if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
+        @ticket.attributes = params[:ticket]
+      end
+      # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
+      @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+      if @ticket.save
+        flash[:notice] = 'Ticket was successfully updated.'
+        respond_with @ticket
+      else
+        #redirect_to [:show, @ticket] #
+        flash[:alert] = 'Ticket has not been changed'
+        redirect_to @ticket
+        #respond_with(@ticket) # why does this go to edit?? redirect???
+      end
     end
   end
 
@@ -59,18 +66,42 @@ class TicketsController < ApplicationController
     # @tickets = Ticket.by_title #not actually what we will want
     #we'll want only tickets that this user can access
     # @tickets = Ticket.by_is_open.key(params[:status])
-    if params[:status] == 'open'
-      @tickets = Ticket.by_is_open.key(true)
-    elsif params[:status] == 'closed'
-      @tickets = Ticket.by_is_open.key(false)
+
+    #below is obviously too messy and not what we want, but wanted to get basic functionality there
+    if admin?
+      if params[:status] == 'open'
+        @tickets = Ticket.by_is_open.key(true)
+      elsif params[:status] == 'closed'
+        @tickets = Ticket.by_is_open.key(false)
+      else
+        @tickets = Ticket.all
+      end
+    elsif logged_in?
+      if params[:status] == 'open'
+        @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
+      elsif params[:status] == 'closed'
+        @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
+      else
+        @tickets = Ticket.by_created_by.key(current_user.id).all
+      end
     else
-      @tickets = Ticket.all
-    end
+      access_denied
+    end      
+
     respond_with(@tickets) 
   end
 
   private
   
+  def ticket_access_denied?
+    # TODO---we will allow unauthenticated users to view tickets with a code
+    if !admin? and current_user.id != @ticket.created_by
+      @ticket = nil
+      access_denied
+    end
+   
+  end
+
   # not using now, as we are using comment_attributes= from the Ticket model
 =begin
   def add_comment
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index 0407012..6301e9e 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -38,6 +38,9 @@ class Ticket < CouchRest::Model::Base
   design do
     view :by_title
     view :by_is_open
+    view :by_created_by
+    view :by_is_open_and_created_by
+
   end
 
   validates :title, :presence => true
@@ -78,7 +81,6 @@ class Ticket < CouchRest::Model::Base
   end
 
   def comments_attributes=(attributes)
-
     comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
     #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
     # what about: comment.posted_by = self.updated_by  (will need to add ticket.updated_by)
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 1f46433..dff39ce 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,4 +1,4 @@
-%h2 tickets index (just as space)
+%h1 tickets index (just as space)
 Create a 
 = link_to "new ticket", new_ticket_path
 = # below shouldn't be unless logged in
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..3fb1d34 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,10 +1,10 @@
+%h1 tickets show (just as space)
+%h1 tickets show (just as space)
 - if flash[:notice]
   =flash[:notice]
 - if flash[:alert]
   =flash[:alert]
 %h2= @ticket.title
-is open?
-= @ticket.is_open
 - if @ticket.code
   code:
   = @ticket.code
@@ -22,5 +22,8 @@ is open?
   = f.simple_fields_for :comments, TicketComment.new do |c|
     = c.input :body, :label => 'Comment', :as => :text
   = #render :partial => 'new_comment'
-  = f.button :submit
+  = f.label :is_open
+  = f.select :is_open, [true, false]
+  = f.button :submit # have button to close
+  = # want to ahve button to close
   = link_to t(:cancel), tickets_path, :class => :btn
\ No newline at end of file
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index c3342f3..ebd80b0 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -20,7 +20,8 @@ module ControllerExtension::Authentication
   end
 
   def access_denied
-    redirect_to login_url, :alert => "Not authorized"
+    redirect_to login_url, :alert => "Not authorized" if !logged_in?
+    redirect_to root_url, :alert => "Not authorized"
   end
 
   def admin?
-- 
cgit v1.2.3