summaryrefslogtreecommitdiff
path: root/help/app/controllers/tickets_controller.rb
blob: a9e0bd49c868545af5fc34b54d8f380e94380a06 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
class TicketsController < ApplicationController

  respond_to :html #, :json
  #has_scope :open, :type => boolean

  def new
    @ticket = Ticket.new
    @ticket.comments.build
  end

  def create
    @ticket = Ticket.new(params[:ticket])
    if current_user
      @ticket.created_by = current_user.id
      @ticket.email = current_user.email if current_user.email
      @ticket.comments.last.posted_by = current_user.id
    else 
      @ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
    end

    flash[:notice] = 'Ticket was successfully created.' if @ticket.save
    respond_with(@ticket)

  end

=begin
  def edit
    @ticket = Ticket.find(params[:id])
    @ticket.comments.build
    # build ticket comments?
  end
=end

  def show
    @ticket = Ticket.find(params[:id])
    ticket_access_denied?
    # @ticket.comments.build
    # build ticket comments?
  end
  
  def update
    
    @ticket = Ticket.find(params[:id])
    if !ticket_access_denied? #can update w/out logging in if the ticket was created unauthenticated

      #below is excessively complicated. issue is that we don't need a new comment if we have changed anything else (currently, is_open is the only other thing to change.) However, if we don't change anything else, then we want to try to add a new comment (and possibly fail.) Likely this should all be redone.
      @ticket.is_open = params[:ticket][:is_open]
      if !params[:ticket][:comments_attributes].values.first[:body].blank? or !@ticket.changed?
        @ticket.attributes = params[:ticket]
      end
      # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by. will @tickets.comments_changed? work?
      @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
      if @ticket.save
        flash[:notice] = 'Ticket was successfully updated.'
        respond_with @ticket
      else
        #redirect_to [:show, @ticket] #
        flash[:alert] = 'Ticket has not been changed'
        redirect_to @ticket
        #respond_with(@ticket) # why does this go to edit?? redirect???
      end
    end
  end

  def index
    # @tickets = Ticket.by_title #not actually what we will want
    #we'll want only tickets that this user can access
    # @tickets = Ticket.by_is_open.key(params[:status])

    #below is obviously too messy and not what we want, but wanted to get basic functionality there
    if admin?
      if params[:status] == 'open'
        @tickets = Ticket.by_is_open.key(true)
      elsif params[:status] == 'closed'
        @tickets = Ticket.by_is_open.key(false)
      else
        @tickets = Ticket.all
      end
    elsif logged_in?
      if params[:status] == 'open'
        @tickets = Ticket.by_is_open_and_created_by.key([true, current_user.id]).all
      elsif params[:status] == 'closed'
        @tickets = Ticket.by_is_open_and_created_by.key([false, current_user.id]).all
      else
        @tickets = Ticket.by_created_by.key(current_user.id).all
      end
    else
      access_denied
    end      

    respond_with(@tickets) 
  end

  private
  
  
  def ticket_access_denied?
    # allow access if user is admin, the ticket was created without unauthentication (thus anybody with URL can access ticket where created_by is nil), or if there is a non-admin user and they created the ticket
    if !admin? and @ticket.created_by and (!current_user or current_user.id != @ticket.created_by)
      @ticket = nil
      access_denied
    end
   
  end

  # not using now, as we are using comment_attributes= from the Ticket model
=begin
  def add_comment
    comment = TicketComment.new(params[:comment])
    comment.posted_by = User.current.id if User.current #could be nil
    comment.posted_at = Time.now # TODO: it seems strange to have this here, and not in model
    @ticket.comments << comment
  end
=end
end