From 83681dfe050ce2ae74d5d1ca451d495d48f029ba Mon Sep 17 00:00:00 2001 From: jessib Date: Mon, 12 Aug 2013 12:00:11 -0700 Subject: Per ISEC informational issue, manually set the private property only in cases where it is an admin who set it. --- help/app/controllers/tickets_controller.rb | 2 ++ help/app/models/ticket_comment.rb | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'help') diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index 094612c..b8d2c09 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -18,6 +18,7 @@ class TicketsController < ApplicationController @ticket = Ticket.new(params[:ticket]) @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. + @ticket.comments.last.private = true if admin? and @ticket.comments.last.private @ticket.created_by = current_user.id if logged_in? @ticket.email = current_user.email_address if logged_in? and current_user.email_address @@ -58,6 +59,7 @@ class TicketsController < ApplicationController if @ticket.comments_changed? @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) + @ticket.comments.last.private = true if admin? and @ticket.comments.last.private end if @ticket.changed? diff --git a/help/app/models/ticket_comment.rb b/help/app/models/ticket_comment.rb index 1df7eec..13bea2b 100644 --- a/help/app/models/ticket_comment.rb +++ b/help/app/models/ticket_comment.rb @@ -7,7 +7,7 @@ class TicketComment property :posted_at, Time#, :protected => true #property :posted_verified, TrueClass, :protected => true #should be true if current_user is set when the comment is created property :body, String - property :private, TrueClass # private comments are only viewable by admins + property :private, TrueClass # private comments are only viewable by admins #this is checked when set, to make sure it was set by an admin # ? timestamps! validates :body, :presence => true -- cgit v1.2.3 From 53cd653ade859ec240d14981c4e9f85cc62cd6fd Mon Sep 17 00:00:00 2001 From: jessib Date: Tue, 13 Aug 2013 10:12:43 -0700 Subject: Fix this, so the comment will get set to false in cases where the user isn't an admin. --- help/app/controllers/tickets_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'help') diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb index b8d2c09..a03ef22 100644 --- a/help/app/controllers/tickets_controller.rb +++ b/help/app/controllers/tickets_controller.rb @@ -18,7 +18,7 @@ class TicketsController < ApplicationController @ticket = Ticket.new(params[:ticket]) @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it. - @ticket.comments.last.private = true if admin? and @ticket.comments.last.private + @ticket.comments.last.private = false unless admin? @ticket.created_by = current_user.id if logged_in? @ticket.email = current_user.email_address if logged_in? and current_user.email_address @@ -59,7 +59,7 @@ class TicketsController < ApplicationController if @ticket.comments_changed? @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) - @ticket.comments.last.private = true if admin? and @ticket.comments.last.private + @ticket.comments.last.private = false unless admin? end if @ticket.changed? -- cgit v1.2.3