1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
class TicketsController < ApplicationController
respond_to :html, :json
#has_scope :open, :type => boolean
before_filter :authorize, :only => [:index]
before_filter :fetch_ticket, :only => [:show, :update, :destroy] # don't now have an edit method
before_filter :set_title
def new
@ticket = Ticket.new
@ticket.comments.build
end
def create
@ticket = Ticket.new(params[:ticket])
@ticket.comments.last.posted_by = (logged_in? ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
@ticket.created_by = current_user.id if logged_in?
@ticket.email = current_user.email_address if logged_in? and current_user.email_address
if @ticket.save
flash[:notice] = t(:thing_was_successfully_created, :thing => t(:ticket))
end
# cannot set this until ticket has been saved, as @ticket.id will not be set
if !logged_in? and flash[:notice]
flash[:notice] += " " + t(:access_ticket_text, :full_url => ticket_url(@ticket.id))
end
respond_with(@ticket)
end
def show
@comment = TicketComment.new
if !@ticket
redirect_to tickets_path, :alert => t(:no_such_thing, :thing => t(:ticket))
return
end
end
def update
if params[:commit] == t(:close)
@ticket.is_open = false
@ticket.save
redirect_to tickets_path
elsif params[:commit] == t(:open)
@ticket.is_open = true
@ticket.save
redirect_to @ticket
else
@ticket.attributes = cleanup_ticket_params(params[:ticket])
if params[:commit] == t(:reply_and_close)
@ticket.close
should_redirect = true
else
should_redirect = !logged_in?
end
if @ticket.comments_changed?
@ticket.comments.last.posted_by = (current_user ? current_user.id : nil)
end
if @ticket.changed?
if @ticket.save
flash[:notice] = t(:changes_saved)
if should_redirect
redirect_to tickets_path
else
redirect_to @ticket
end
else
respond_with @ticket
end
else
redirect_to @ticket
end
end
end
def index
@all_tickets = Ticket.for_user(current_user, params, admin?) #for tests, useful to have as separate variable
@tickets = @all_tickets.page(params[:page]).per(APP_CONFIG[:pagination_size])
end
def destroy
# should we allow non-admins to delete their own tickets? i don't think necessary.
@ticket.destroy if admin?
redirect_to tickets_path
end
protected
def set_title
@title = t(:tickets)
end
private
# unset comments hash if no new comment was typed
def cleanup_ticket_params(ticket)
if ticket && ticket[:comments_attributes]
if ticket[:comments_attributes].values.first[:body].blank?
ticket[:comments_attributes] = nil
end
end
return ticket
end
def ticket_access?
@ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
end
def fetch_ticket
@ticket = Ticket.find(params[:id])
if !@ticket and admin?
redirect_to tickets_path, :alert => t(:no_such_thing, :thing => 'ticket')
return
end
access_denied unless ticket_access?
end
end
|
