| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 | class TicketsController < ApplicationController
  respond_to :html, :json
  #has_scope :open, :type => boolean
  before_filter :set_strings
  before_filter :authorize, :only => [:index]
  before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
  def new
    @ticket = Ticket.new
    @ticket.comments.build
  end
  def create
    @ticket = Ticket.new(params[:ticket])
    @ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
    @ticket.created_by = current_user.id if logged_in?
    @ticket.email = current_user.email if logged_in? and current_user.email
    flash[:notice] = 'Ticket was successfully created.' if @ticket.save
    # cannot set this until ticket has been saved, as @ticket.id will not be set
    flash[:notice] += " " + t(:access_ticket_text, :full_url => ticket_url(@ticket.id)) if !logged_in? and flash[:notice]
    respond_with(@ticket)
  end
=begin
  def edit
    @ticket.comments.build
    # build ticket comments?
  end
=end
  def show
    @comment = TicketComment.new
    if !@ticket
      redirect_to tickets_path, :alert => "No such ticket"
      return
    end
  end
  def update
    if params[:post] #currently changes to title or is_open status
      @ticket.attributes = params[:post]
      # TODO: do we want to keep the history of title changes? one possibility was adding a comment that said something like 'user changed the title from a to b'
    else
      params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
      @ticket.attributes = params[:ticket] #this will call comments_attributes=
      @ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection
      # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
      @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
    end
    if @ticket.changed? and @ticket.save
      flash[:notice] = 'Ticket was successfully updated.'
      if @ticket.is_open || !logged_in?
        respond_with @ticket
      else #for closed tickets with authenticated users, redirect to index.
        redirect_to tickets_path
      end
    else
      #redirect_to [:show, @ticket] #
      flash[:alert] = 'Ticket has not been changed'
      redirect_to @ticket
      #respond_with(@ticket) # why does this go to edit?? redirect???
    end
  end
  def index
    @all_tickets = Ticket.for_user(current_user, params, admin?) #for tests, useful to have as separate variable
    @tickets = @all_tickets.page(params[:page]).per(10)
  end
  def destroy
    # should we allow non-admins to delete their own tickets? i don't think necessary.
    @ticket.destroy if admin?
    redirect_to tickets_path
  end
  private
  def ticket_access?
    @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
  end
  def set_strings
    @post_reply_str = 'Post reply' #t :post_reply
    @reply_close_str = 'Reply and close' #t :reply_and_close
  end
  def fetch_ticket
    @ticket = Ticket.find(params[:id])
    if !@ticket and admin?
      redirect_to tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
      return
    end
    access_denied unless ticket_access?
  end
  # not using now, as we are using comment_attributes= from the Ticket model
=begin
  def add_comment
    comment = TicketComment.new(params[:comment])
    comment.posted_by = User.current.id if User.current #could be nil
    comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model
    @ticket.comments << comment
  end
=end
end
 |