From 83681dfe050ce2ae74d5d1ca451d495d48f029ba Mon Sep 17 00:00:00 2001
From: jessib <jessib@riseup.net>
Date: Mon, 12 Aug 2013 12:00:11 -0700
Subject: Per ISEC informational issue, manually set the private property only
 in cases where it is an admin who set it.

---
 help/app/controllers/tickets_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'help/app/controllers')

diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 094612c..b8d2c09 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -18,6 +18,7 @@ class TicketsController < ApplicationController
     @ticket = Ticket.new(params[:ticket])
 
     @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
+    @ticket.comments.last.private = true if admin? and @ticket.comments.last.private
     @ticket.created_by = current_user.id if logged_in?
     @ticket.email = current_user.email_address if logged_in? and current_user.email_address
 
@@ -58,6 +59,7 @@ class TicketsController < ApplicationController
 
       if @ticket.comments_changed?
         @ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
+        @ticket.comments.last.private = true if admin? and @ticket.comments.last.private
       end
 
       if @ticket.changed?
-- 
cgit v1.2.3