opensupports/server/controllers/ticket/edit-comment.php

<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);

/**
 * @api {post} /ticket/edit-comment Edit a comment
 * @apiVersion 4.10.0
 *
 * @apiName Edit comment
 *
 * @apiGroup Ticket
 *
 * @apiDescription This path edits a comment.
 *
 * @apiPermission user
 *
 * @apiParam {String} content The new content of the comment.
 * @apiParam {Number} ticketEventId The id of the ticket event.
 * @apiParam {Number} ticketNumber The number of the ticket.
 *
 * @apiUse NO_PERMISSION
 * @apiUse INVALID_CONTENT
 * @apiUse INVALID_TICKET
 * @apiUse INVALID_TICKET_EVENT
 * @apiUse TICKET_CONTENT_CANNOT_BE_EDITED
 *
 * @apiSuccess {Object} data Empty object
 *
 */

class EditCommentController extends Controller {
    const PATH = '/edit-comment';
    const METHOD = 'POST';

    public function validations() {
        return [
            'permission' => 'user',
            'requestData' => [
                'content' => [
                    'validation' => DataValidator::content(),
                    'error' => ERRORS::INVALID_CONTENT
                ],
                'ticketNumber' => [
                    'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()),
                    'error' => ERRORS::INVALID_TICKET
                ]
            ]
        ];
    }

    public function handler() {
        $user = Controller::getLoggedUser();
        $newcontent = Controller::request('content', true);
        $ticketNumberLog = null;
        $ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));

        if(!$ticketevent->isNull()) {
            $ticket = Ticket::getDataStore($ticketevent->ticketId);
        } else {
            $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
        }

        if(!Controller::isStaffLogged() &&  $user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        if (!$ticketevent->isNull()) {
            if($user->id !== $ticketevent->authorUserId) {
                throw new RequestException(ERRORS::NO_PERMISSION);
            }
        } else if ($user->id !== $ticket->authorId) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        if(Controller::isStaffLogged() && !$user->canManageTicket($ticket)) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        if(!$ticketevent->isNull()) {
            if($ticketevent->type !== "COMMENT" || $ticket->closed || $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketevent->id) {
                throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
            }
        } else if(sizeof($ticket->getEventsOfType("COMMENT"))) {
            throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED);
        }

        if(!$ticketevent->isNull()){
            $ticketNumber = Ticket::getTicket($ticketevent->ticketId)->ticketNumber;

            $ticketevent->content = $newcontent;
            $ticketevent->editedContent = true;
            $ticketevent->store();
        } else {
            $ticketNumber = $ticket->ticketNumber;

            $ticket->content = $newcontent;
            $ticket->editedContent = true;
            $ticket->store();
        }

        Log::createLog('EDIT_COMMENT', $ticketNumber);

        Response::respondSuccess();
    }
}
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`<?php`
			`use Respect\Validation\Validator as DataValidator;`
			`DataValidator::with('CustomValidations', true);`

			`/**`
			`* @api {post} /ticket/edit-comment Edit a comment`
Updates to 4.10.0 (#1061) * change 4.9 to 4.10 * new translations 2021-10-19 03:06:20 +02:00			`* @apiVersion 4.10.0`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`*`
			`* @apiName Edit comment`
			`*`
			`* @apiGroup Ticket`
			`*`
Fix lack of sanitization for path ticket/edit-comment 2019-10-10 21:03:44 +02:00			`* @apiDescription This path edits a comment.`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`*`
			`* @apiPermission user`
			`*`
			`* @apiParam {String} content The new content of the comment.`
			`* @apiParam {Number} ticketEventId The id of the ticket event.`
Fix lack of sanitization for path ticket/edit-comment 2019-10-10 21:03:44 +02:00			`* @apiParam {Number} ticketNumber The number of the ticket.`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`*`
			`* @apiUse NO_PERMISSION`
Fix lack of sanitization for path ticket/edit-comment 2019-10-10 21:03:44 +02:00			`* @apiUse INVALID_CONTENT`
Fix edit ticket comment (#1107) * Fix edit ticket comment * Add some docs comments * Change some test names 2021-12-03 01:35:37 +01:00			`* @apiUse INVALID_TICKET`
			`* @apiUse INVALID_TICKET_EVENT`
			`* @apiUse TICKET_CONTENT_CANNOT_BE_EDITED`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`*`
			`* @apiSuccess {Object} data Empty object`
			`*`
			`*/`

			`class EditCommentController extends Controller {`
			`const PATH = '/edit-comment';`
			`const METHOD = 'POST';`

			`public function validations() {`
Mandatory Login BE and Ruby tests (#757) * Mandatory Login BE and Ruby tests * registration handle and remove user-system setting * create specific paths to mandatory login changing * BE logic not allow turn off mandatory login without registratrion * fix github issues * Delete config['user-system-enabled']. * Add some tabulations. * Create MandatoryLoginReducer. * Replace 'user-system' to 'mandatory-login'. * Replace user-system toggle to mandatory-login checbox. * Add some button in the header. * Change onChange function mandatory login name. * Disabled checkbox when you should not change it. * Delete consolelog and some irrelevant lines. * Change name of mandatory login reducer. * Change style button in install step 1 * Change style button in install step 2 * Fix loading bug in submmit button. * Change style button in install step 5 * Change style button in install step 6 * Delete UserSystemEnabled in ticket viewer component. * Delete UserSystemEnabled in some files. * Delete onRetriveFail function in main view ticket page. * Replace user-system-enabled to mandatory-login in some files. * replace user-system-enabled to mandatory-login in install steps. * Fix style in dashboard-[Ccreate-ticket-page and dashboard-list-article-page. * Fix mandatory login issues Co-authored-by: LautaroCesso <lautaro_cesso@hotmail.com> Co-authored-by: Ivan Diaz <ivan@opensupports.com> 2020-05-13 00:22:51 +02:00			`return [`
			`'permission' => 'user',`
			`'requestData' => [`
			`'content' => [`
			`'validation' => DataValidator::content(),`
			`'error' => ERRORS::INVALID_CONTENT`
			`],`
			`'ticketNumber' => [`
			`'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()),`
			`'error' => ERRORS::INVALID_TICKET`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`]`
Mandatory Login BE and Ruby tests (#757) * Mandatory Login BE and Ruby tests * registration handle and remove user-system setting * create specific paths to mandatory login changing * BE logic not allow turn off mandatory login without registratrion * fix github issues * Delete config['user-system-enabled']. * Add some tabulations. * Create MandatoryLoginReducer. * Replace 'user-system' to 'mandatory-login'. * Replace user-system toggle to mandatory-login checbox. * Add some button in the header. * Change onChange function mandatory login name. * Disabled checkbox when you should not change it. * Delete consolelog and some irrelevant lines. * Change name of mandatory login reducer. * Change style button in install step 1 * Change style button in install step 2 * Fix loading bug in submmit button. * Change style button in install step 5 * Change style button in install step 6 * Delete UserSystemEnabled in ticket viewer component. * Delete UserSystemEnabled in some files. * Delete onRetriveFail function in main view ticket page. * Replace user-system-enabled to mandatory-login in some files. * replace user-system-enabled to mandatory-login in install steps. * Fix style in dashboard-[Ccreate-ticket-page and dashboard-list-article-page. * Fix mandatory login issues Co-authored-by: LautaroCesso <lautaro_cesso@hotmail.com> Co-authored-by: Ivan Diaz <ivan@opensupports.com> 2020-05-13 00:22:51 +02:00			`]`
			`];`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`}`

			`public function handler() {`
			`$user = Controller::getLoggedUser();`
Fix lack of sanitization for path ticket/edit-comment 2019-10-10 21:03:44 +02:00			`$newcontent = Controller::request('content', true);`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`$ticketNumberLog = null;`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`$ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));`

[DEV-162] Fix ticket comment issues (#1081) * Fix bug in UI * Fix bug in backend * Fix some issues * Improve coding * Improve coding 2021-11-26 21:37:33 +01:00			`if(!$ticketevent->isNull()) {`
			`$ticket = Ticket::getDataStore($ticketevent->ticketId);`
			`} else {`
			`$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));`
			`}`

			`if(!Controller::isStaffLogged() && $user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId) {`
edit comment ticket feature 2019-06-27 03:04:56 +02:00			`throw new RequestException(ERRORS::NO_PERMISSION);`
			`}`

Fix edit ticket comment (#1107) * Fix edit ticket comment * Add some docs comments * Change some test names 2021-12-03 01:35:37 +01:00			`if (!$ticketevent->isNull()) {`
			`if($user->id !== $ticketevent->authorUserId) {`
			`throw new RequestException(ERRORS::NO_PERMISSION);`
			`}`
			`} else if ($user->id !== $ticket->authorId) {`
			`throw new RequestException(ERRORS::NO_PERMISSION);`
			`}`

[DEV-162] Fix ticket comment issues (#1081) * Fix bug in UI * Fix bug in backend * Fix some issues * Improve coding * Improve coding 2021-11-26 21:37:33 +01:00			`if(Controller::isStaffLogged() && !$user->canManageTicket($ticket)) {`
			`throw new RequestException(ERRORS::NO_PERMISSION);`
			`}`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00
[DEV-162] Fix ticket comment issues (#1081) * Fix bug in UI * Fix bug in backend * Fix some issues * Improve coding * Improve coding 2021-11-26 21:37:33 +01:00			`if(!$ticketevent->isNull()) {`
			`if($ticketevent->type !== "COMMENT" \|\| $ticket->closed \|\| $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketevent->id) {`
			`throw new RequestException(ERRORS::INVALID_TICKET_EVENT);`
			`}`
Fix edit ticket comment (#1107) * Fix edit ticket comment * Add some docs comments * Change some test names 2021-12-03 01:35:37 +01:00			`} else if(sizeof($ticket->getEventsOfType("COMMENT"))) {`
			`throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED);`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`}`

edit comment ticket feature 2019-06-27 03:04:56 +02:00			`if(!$ticketevent->isNull()){`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`$ticketNumber = Ticket::getTicket($ticketevent->ticketId)->ticketNumber;`

edit comment ticket feature 2019-06-27 03:04:56 +02:00			`$ticketevent->content = $newcontent;`
			`$ticketevent->editedContent = true;`
			`$ticketevent->store();`
Fix lack of sanitization for path ticket/edit-comment 2019-10-10 21:03:44 +02:00			`} else {`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`$ticketNumber = $ticket->ticketNumber;`

edit comment ticket feature 2019-06-27 03:04:56 +02:00			`$ticket->content = $newcontent;`
			`$ticket->editedContent = true;`
			`$ticket->store();`
			`}`

staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`Log::createLog('EDIT_COMMENT', $ticketNumber);`

edit comment ticket feature 2019-06-27 03:04:56 +02:00			`Response::respondSuccess();`
			`}`
			`}`