1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
class TicketsController < ApplicationController
respond_to :html #, :json
#has_scope :open, :type => boolean
before_filter :set_strings
before_filter :authorize, :only => [:index]
def new
@ticket = Ticket.new
@ticket.comments.build
end
def create
@ticket = Ticket.new(params[:ticket])
if logged_in?
@ticket.created_by = current_user.id
@ticket.email = current_user.email if current_user.email
@ticket.comments.last.posted_by = current_user.id
else
@ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
end
flash[:notice] = 'Ticket was successfully created.' if @ticket.save
if !logged_in?
flash[:notice] = flash[:notice] + ' You can later access this ticket at the url ' + request.protocol + request.host_with_port + ticket_path(@ticket.id) + '. You might want to bookmark this page to find it again. Anybody with this URL will be able to access this ticket, so if you are on a shared computer you might want to remove it from the browser history' #todo
end
respond_with(@ticket)
end
=begin
def edit
@ticket = Ticket.find(params[:id])
@ticket.comments.build
# build ticket comments?
end
=end
def show
@ticket = Ticket.find(params[:id])
if !@ticket
redirect_to tickets_path, :alert => "No such ticket"
return
end
ticket_access_denied? #authorize_ticket_access
# @ticket.comments.build
# build ticket comments?
end
def update
@ticket = Ticket.find(params[:id])
if !ticket_access_denied?
if status = params[:change_status] #close or open button was pressed
@ticket.close if params[:change_status] == 'close'
@ticket.reopen if params[:change_status] == 'open'
else
params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
@ticket.attributes = params[:ticket] #this will call comments_attributes=
# @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection
@ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection
# what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
end
if @ticket.changed? and @ticket.save
flash[:notice] = 'Ticket was successfully updated.'
if @ticket.is_open
respond_with @ticket
else #for closed tickets, redirect to index.
redirect_to tickets_path
end
else
#redirect_to [:show, @ticket] #
flash[:alert] = 'Ticket has not been changed'
redirect_to @ticket
#respond_with(@ticket) # why does this go to edit?? redirect???
end
end
end
def index
#TODO: we will need pagination
@all_tickets = Ticket.for_user(current_user, params, admin?) #for tests, useful to have as separate variable
#below works if @tickets is a CouchRest::Model::Designs::View, but not if it is an Array
@tickets = @all_tickets.page(params[:page]).per(10) #TEST
#respond_with(@tickets)
end
def destroy
@ticket = Ticket.find(params[:id])
@ticket.destroy if admin?
redirect_to tickets_path
end
private
def ticket_access?
@ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
end
def ticket_access_denied?
access_denied unless ticket_access?
end
def set_strings
@post_reply_str = 'Post reply' #t :post_reply
@reply_close_str = 'Reply and close' #t :reply_and_close
end
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment
comment = TicketComment.new(params[:comment])
comment.posted_by = User.current.id if User.current #could be nil
comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model
@ticket.comments << comment
end
=end
end
|