1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
class TicketsController < ApplicationController
respond_to :html #, :json
#has_scope :open, :type => boolean
def new
@ticket = Ticket.new
@ticket.comments.build
end
def create
@ticket = Ticket.new(params[:ticket])
if current_user
@ticket.created_by = current_user.id
@ticket.email = current_user.email if current_user.email
@ticket.comments.last.posted_by = current_user.id
else
@ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
end
flash[:notice] = 'Ticket was successfully created.' if @ticket.save
respond_with(@ticket)
end
=begin
def edit
@ticket = Ticket.find(params[:id])
@ticket.comments.build
# build ticket comments?
end
=end
def show
@ticket = Ticket.find(params[:id])
ticket_access_denied?
# @ticket.comments.build
# build ticket comments?
end
def update
@ticket = Ticket.find(params[:id])
if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated
#below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
@ticket.is_open = params[:ticket][:is_open]
if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
@ticket.attributes = params[:ticket]
end
# what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
if @ticket.save
flash[:notice] = 'Ticket was successfully updated.'
respond_with @ticket
else
#redirect_to [:show, @ticket] #
flash[:alert] = 'Ticket has not been changed'
redirect_to @ticket
#respond_with(@ticket) # why does this go to edit?? redirect???
end
end
end
def index
# @tickets = Ticket.by_title #not actually what we will want
#we'll want only tickets that this user can access
# @tickets = Ticket.by_is_open.key(params[:status])
#below is obviously too messy and not what we want, but wanted to get basic functionality there
if admin?
if params[:status] == 'open'
@tickets = Ticket.by_is_open.key(true)
elsif params[:status] == 'closed'
@tickets = Ticket.by_is_open.key(false)
else
@tickets = Ticket.all
end
elsif logged_in?
if params[:status] == 'open'
@tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
elsif params[:status] == 'closed'
@tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
else
@tickets = Ticket.by_created_by.key(current_user.id).all
end
else
access_denied
end
respond_with(@tickets)
end
private
def ticket_access_denied?
# allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
@ticket = nil
access_denied
end
end
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment
comment = TicketComment.new(params[:comment])
comment.posted_by = User.current.id if User.current #could be nil
comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model
@ticket.comments << comment
end
=end
end
|
