1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
class TicketsController < ApplicationController
respond_to :html, :json
#has_scope :open, :type => boolean
before_filter :authorize, :only => [:index]
before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
before_filter :set_title
def new
@ticket = Ticket.new
@ticket.comments.build
end
def create
@ticket = Ticket.new(params[:ticket])
@ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
@ticket.created_by = current_user.id if logged_in?
@ticket.email = current_user.email_address if logged_in? and current_user.email_address
if @ticket.save
flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
end
# cannot set this until ticket has been saved, as @ticket.id will not be set
if !logged_in? and flash[:notice]
flash[:notice] += " " + t(:access_ticket_text, :full_url => ticket_url(@ticket.id))
end
respond_with(@ticket)
end
def show
@comment = TicketComment.new
if !@ticket
redirect_to tickets_path, :alert => t(:no_such_thing, :thing => t(:ticket))
return
end
end
def update
if params[:commit] == t(:close)
@ticket.is_open = false
@ticket.save
redirect_to_tickets
elsif params[:commit] == t(:open)
@ticket.is_open = true
@ticket.save
redirect_to @ticket
elsif params[:commit] == t(:cancel)
redirect_to_tickets
else
@ticket.attributes = cleanup_ticket_params(params[:ticket])
if params[:commit] == t(:reply_and_close)
@ticket.close
end
if @ticket.comments_changed?
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
end
if @ticket.changed?
if @ticket.save
flash[:notice] = t(:changes_saved)
redirect_to_tickets
else
respond_with @ticket
end
else
redirect_to @ticket
end
end
end
def index
@all_tickets = Ticket.for_user(current_user, params, admin?) #for tests, useful to have as separate variable
@tickets = @all_tickets.page(params[:page]).per(APP_CONFIG[:pagination_size])
end
def destroy
# should we allow non-admins to delete their own tickets? i don't think necessary.
@ticket.destroy if admin?
redirect_to tickets_path
end
protected
def set_title
@title = t(:tickets)
end
private
#
# redirects to ticket index, if appropriate.
# otherwise, just redirects to @ticket
#
def redirect_to_tickets
if logged_in?
if params[:commit] == t(:reply_and_close)
redirect_to tickets_url
else
redirect_to @ticket
end
else
# if we are not logged in, there is no index to view
redirect_to @ticket
end
end
# unset comments hash if no new comment was typed
def cleanup_ticket_params(ticket)
if ticket && ticket[:comments_attributes]
if ticket[:comments_attributes].values.first[:body].blank?
ticket[:comments_attributes] = nil
end
end
return ticket
end
def ticket_access?
@ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
end
def fetch_ticket
@ticket = Ticket.find(params[:id])
if !@ticket and admin?
redirect_to tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
return
end
access_denied unless ticket_access?
end
end
|
