opensupports/server/controllers/ticket/comment.php

<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);

/**
 * @api {post} /ticket/comment Comment ticket
 * @apiVersion 4.5.0
 *
 * @apiName Comment ticket
 *
 * @apiGroup Ticket
 *
 * @apiDescription This path comments a ticket.
 *
 * @apiPermission user
 *
 * @apiParam {String} content Content of the comment.
 * @apiParam {Number} ticketNumber The number of the ticket to comment.
 * @apiParam {Boolean} private Indicates if the comment is not shown to users.
 * @apiParam {Number} images The number of images in the content
 * @apiParam image_i The image file of index `i` (mutiple params accepted)
 * @apiParam file The file you with to upload.
 *
 * @apiUse NO_PERMISSION
 * @apiUse INVALID_CONTENT
 * @apiUse INVALID_TICKET
 * @apiUse INVALID_TOKEN
 * @apiUse INVALID_FILE
 *
 * @apiSuccess {Object} data Empty object
 *
 */

class CommentController extends Controller {
    const PATH = '/comment';
    const METHOD = 'POST';

    private $ticket;
    private $content;
    private $session;

    public function validations() {
        $this->session = Session::getInstance();

        if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
            return [
                'permission' => 'user',
                'requestData' => [
                    'content' => [
                        'validation' => DataValidator::length(20, 5000),
                        'error' => ERRORS::INVALID_CONTENT
                    ],
                    'ticketNumber' => [
                        'validation' => DataValidator::validTicketNumber(),
                        'error' => ERRORS::INVALID_TICKET
                    ]
                ]
            ];
        } else {
            return [
                'permission' => 'any',
                'requestData' => [
                    'content' => [
                        'validation' => DataValidator::length(20, 5000),
                        'error' => ERRORS::INVALID_CONTENT
                    ],
                    'ticketNumber' => [
                        'validation' => DataValidator::equals($this->session->getTicketNumber()),
                        'error' => ERRORS::INVALID_TICKET
                    ],
                    'csrf_token' => [
                        'validation' => DataValidator::equals($this->session->getToken()),
                        'error' => ERRORS::INVALID_TOKEN
                    ]
                ]
            ];
        }
    }

    public function handler() {
        $this->requestData();
        $this->user = Controller::getLoggedUser();
        $ticketAuthor = $this->ticket->authorToArray();
        $isAuthor = $this->ticket->isAuthor($this->user) || $this->session->isTicketSession();
        $isOwner = $this->ticket->isOwner($this->user);

        if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        $this->storeComment();

        if($isAuthor && $this->ticket->owner) {
            $this->sendMail([
                'email' => $this->ticket->owner->email,
                'name' => $this->ticket->owner->name,
                'staff' => true
            ]);
        } else if($isOwner && !Controller::request('private')) {
            $this->sendMail($ticketAuthor);
        }

        Log::createLog('COMMENT', $this->ticket->ticketNumber);

        Response::respondSuccess();
    }

    private function requestData() {
        $ticketNumber = Controller::request('ticketNumber');
        $this->ticket = Ticket::getByTicketNumber($ticketNumber);
        $this->content = Controller::request('content', true);
    }

    private function storeComment() {
        $fileUploader = FileUploader::getInstance();
        $fileUploader->setPermission(FileManager::PERMISSION_TICKET, $this->ticket->ticketNumber);
        $imagePaths = $this->uploadImages(Controller::isStaffLogged());
        $fileUploader = $this->uploadFile(Controller::isStaffLogged());

        $comment = Ticketevent::getEvent(Ticketevent::COMMENT);
        $comment->setProperties(array(
            'content' => $this->replaceWithImagePaths($imagePaths, $this->content),
            'file' => ($fileUploader instanceof FileUploader) ? $fileUploader->getFileName() : null,
            'date' => Date::getCurrentDate(),
            'private' => (Controller::isStaffLogged() && Controller::request('private')) ? 1 : 0
        ));

        if(Controller::isStaffLogged()) {
            $this->ticket->unread = !$this->ticket->isAuthor($this->user);
            $this->ticket->unreadStaff = !$this->ticket->isOwner($this->user);
            $comment->authorStaff = $this->user;
        } else if(Controller::isUserSystemEnabled()) {
            $this->ticket->unreadStaff = true;
            $comment->authorUser = $this->user;
        }

        $this->ticket->addEvent($comment);
        $this->ticket->store();
    }

    private function sendMail($recipient) {
        $mailSender = MailSender::getInstance();

        $email = $recipient['email'];
        $name = $recipient['name'];
        $isStaff = array_key_exists('staff', $recipient) && $recipient['staff'];

        $url = Setting::getSetting('url')->getValue();

        if(!Controller::isUserSystemEnabled() && !$isStaff) {
          $url .= '/check-ticket/' . $this->ticket->ticketNumber;
          $url .= '/' . $email;
        }

        $mailSender->setTemplate(MailTemplate::TICKET_RESPONDED, [
          'to' => $email,
          'name' => $name,
          'title' => $this->ticket->title,
          'ticketNumber' => $this->ticket->ticketNumber,
          'content' => $this->content,
          'url' => $url
        ]);

        $mailSender->send();
    }
}
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`<?php`
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`use Respect\Validation\Validator as DataValidator;`
			`DataValidator::with('CustomValidations', true);`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`/**`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @api {post} /ticket/comment Comment ticket`
release v4.5.0 2019-10-08 01:21:43 +02:00			`* @apiVersion 4.5.0`
WIP 2018-06-04 23:04:03 +02:00			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiName Comment ticket`
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`*`
			`* @apiGroup Ticket`
			`*`
Ivan - Update controller documentations 2017-05-12 06:58:40 +02:00			`* @apiDescription This path comments a ticket.`
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`*`
			`* @apiPermission user`
			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiParam {String} content Content of the comment.`
			`* @apiParam {Number} ticketNumber The number of the ticket to comment.`
feature #174 2018-09-28 02:19:34 +02:00			`* @apiParam {Boolean} private Indicates if the comment is not shown to users.`
Update API documentation 2018-09-20 22:19:47 +02:00			`* @apiParam {Number} images The number of images in the content`
			* @apiParam image_i The image file of index `i` (mutiple params accepted)
			`* @apiParam file The file you with to upload.`
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`*`
Guillermo - things [skip ci] 2017-04-21 08:09:24 +02:00			`* @apiUse NO_PERMISSION`
			`* @apiUse INVALID_CONTENT`
			`* @apiUse INVALID_TICKET`
Guillermo - Issue #30 2017-06-13 06:03:06 +02:00			`* @apiUse INVALID_TOKEN`
Update API documentation 2018-09-20 22:19:47 +02:00			`* @apiUse INVALID_FILE`
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`*`
WIP 2018-06-04 23:04:03 +02:00			`* @apiSuccess {Object} data Empty object`
Guillermo - data ticket [skip ci] 2017-04-17 04:59:11 +02:00			`*`
			`*/`

[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`class CommentController extends Controller {`
			`const PATH = '/comment';`
Ivan - Update backend methods [skip ci] 2017-02-08 19:09:15 +01:00			`const METHOD = 'POST';`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`private $ticket;`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`private $content;`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`private $session;`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00
Ivan - Fix master phpunit build: Add validations to comment 2016-07-08 09:46:28 +02:00			`public function validations() {`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`$this->session = Session::getInstance();`
Ivan - Add token ticket for backend [skip ci] 2017-01-21 05:17:28 +01:00
Ivan - Add new logo, fix user system disabled architecture [skip ci] 2017-03-04 01:39:59 +01:00			`if (Controller::isUserSystemEnabled() \|\| Controller::isStaffLogged()) {`
			`return [`
			`'permission' => 'user',`
			`'requestData' => [`
			`'content' => [`
			`'validation' => DataValidator::length(20, 5000),`
			`'error' => ERRORS::INVALID_CONTENT`
			`],`
			`'ticketNumber' => [`
			`'validation' => DataValidator::validTicketNumber(),`
			`'error' => ERRORS::INVALID_TICKET`
			`]`
			`]`
Ivan - Add token ticket for backend [skip ci] 2017-01-21 05:17:28 +01:00			`];`
Ivan - Add new logo, fix user system disabled architecture [skip ci] 2017-03-04 01:39:59 +01:00			`} else {`
			`return [`
			`'permission' => 'any',`
			`'requestData' => [`
			`'content' => [`
			`'validation' => DataValidator::length(20, 5000),`
			`'error' => ERRORS::INVALID_CONTENT`
			`],`
			`'ticketNumber' => [`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`'validation' => DataValidator::equals($this->session->getTicketNumber()),`
Ivan - Add new logo, fix user system disabled architecture [skip ci] 2017-03-04 01:39:59 +01:00			`'error' => ERRORS::INVALID_TICKET`
			`],`
			`'csrf_token' => [`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`'validation' => DataValidator::equals($this->session->getToken()),`
Guillermo - Issue #30 2017-06-13 06:03:06 +02:00			`'error' => ERRORS::INVALID_TOKEN`
Ivan - Add new logo, fix user system disabled architecture [skip ci] 2017-03-04 01:39:59 +01:00			`]`
			`]`
Guillermo - disable-user-system [skip ci] 2017-01-16 20:07:53 +01:00			`];`
			`}`
Ivan - Fix master phpunit build: Add validations to comment 2016-07-08 09:46:28 +02:00			`}`

[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`public function handler() {`
Ivan - Update ownCommentList logic for tickets [skip ci] 2016-07-04 02:32:34 +02:00			`$this->requestData();`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`$this->user = Controller::getLoggedUser();`
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`$ticketAuthor = $this->ticket->authorToArray();`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`$isAuthor = $this->ticket->isAuthor($this->user) \|\| $this->session->isTicketSession();`
			`$isOwner = $this->ticket->isOwner($this->user);`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00
Allows all staff members in charge of the department of a ticket to manage it (change its department, priority, comment on it, etc.) 2019-07-12 00:42:09 +02:00			`if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){`
Use own exception class 2018-11-20 23:41:00 +01:00			`throw new RequestException(ERRORS::NO_PERMISSION);`
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`}`
Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) {`
tests ruby 2019-09-20 21:58:21 +02:00			`throw new RequestException(ERRORS::NO_PERMISSION);`
staff allow manage ticket feature 2019-07-05 01:22:38 +02:00			`}`

Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`$this->storeComment();`
WIP 2018-06-04 23:04:03 +02:00
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`if($isAuthor && $this->ticket->owner) {`
wip 2019-01-19 00:58:30 +01:00			`$this->sendMail([`
			`'email' => $this->ticket->owner->email,`
			`'name' => $this->ticket->owner->name,`
			`'staff' => true`
			`]);`
Improves code according to Ivan's comments 2019-11-14 15:34:20 +01:00			`} else if($isOwner && !Controller::request('private')) {`
			`$this->sendMail($ticketAuthor);`
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`}`
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00
			`Log::createLog('COMMENT', $this->ticket->ticketNumber);`

			`Response::respondSuccess();`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`}`

Ivan - Update ownCommentList logic for tickets [skip ci] 2016-07-04 02:32:34 +02:00			`private function requestData() {`
Ivan - Backend - Create /user/get path [skip ci] 2016-09-09 05:38:58 +02:00			`$ticketNumber = Controller::request('ticketNumber');`
			`$this->ticket = Ticket::getByTicketNumber($ticketNumber);`
Ivan - Add XSS protection backend [skip ci] 2017-03-02 06:56:42 +01:00			`$this->content = Controller::request('content', true);`
Ivan - Update ownCommentList logic for tickets [skip ci] 2016-07-04 02:32:34 +02:00			`}`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00
Ivan - Update ownCommentList logic for tickets [skip ci] 2016-07-04 02:32:34 +02:00			`private function storeComment() {`
Fix TextEditor, improve image uploading 2018-09-14 06:14:15 +02:00			`$fileUploader = FileUploader::getInstance();`
			`$fileUploader->setPermission(FileManager::PERMISSION_TICKET, $this->ticket->ticketNumber);`
Update API documentation 2018-09-20 22:19:47 +02:00			`$imagePaths = $this->uploadImages(Controller::isStaffLogged());`
			`$fileUploader = $this->uploadFile(Controller::isStaffLogged());`
Guillermo - disable-user-system [skip ci] 2017-01-16 22:04:26 +01:00
Ivan - Add events to backend [skip ci] 2016-09-29 19:34:20 +02:00			`$comment = Ticketevent::getEvent(Ticketevent::COMMENT);`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`$comment->setProperties(array(`
Fix TextEditor, improve image uploading 2018-09-14 06:14:15 +02:00			`'content' => $this->replaceWithImagePaths($imagePaths, $this->content),`
Guillermo - disable-user-system [skip ci] 2017-01-16 22:04:26 +01:00			`'file' => ($fileUploader instanceof FileUploader) ? $fileUploader->getFileName() : null,`
feature #174 2018-09-28 02:19:34 +02:00			`'date' => Date::getCurrentDate(),`
			`'private' => (Controller::isStaffLogged() && Controller::request('private')) ? 1 : 0`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`));`

Ivan - Add events to backend [skip ci] 2016-09-29 19:34:20 +02:00			`if(Controller::isStaffLogged()) {`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`$this->ticket->unread = !$this->ticket->isAuthor($this->user);`
			`$this->ticket->unreadStaff = !$this->ticket->isOwner($this->user);`
			`$comment->authorStaff = $this->user;`
Guillermo - disable-user-system [skip ci] 2017-01-16 20:07:53 +01:00			`} else if(Controller::isUserSystemEnabled()) {`
Guillermo - Ticket-seen [skip ci] 2016-10-21 21:12:17 +02:00			`$this->ticket->unreadStaff = true;`
Makes users able to comment on tickets when there is no user system, and fixes logs 2019-11-07 19:27:26 +01:00			`$comment->authorUser = $this->user;`
Ivan - Add events to backend [skip ci] 2016-09-29 19:34:20 +02:00			`}`
Ivan - Add new logo, fix user system disabled architecture [skip ci] 2017-03-04 01:39:59 +01:00
Ivan - Create Ticket::addEvent function [skip ci] 2016-09-29 19:46:31 +02:00			`$this->ticket->addEvent($comment);`
Ivan - Add ruby api testing for comment/create 2016-08-04 20:18:29 +02:00			`$this->ticket->store();`
[Ivan Diaz] - Ticket comment WIP [skip ci] 2016-06-30 23:03:17 +02:00			`}`
Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`private function sendMail($recipient) {`
Ivan - Avoid verification if smtp is not set. Implement singleton pattern in MailSender class 2017-06-05 16:41:52 +02:00			`$mailSender = MailSender::getInstance();`
Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00
Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`$email = $recipient['email'];`
			`$name = $recipient['name'];`
Fix issues with no user system 2018-10-06 04:54:49 +02:00			`$isStaff = array_key_exists('staff', $recipient) && $recipient['staff'];`
Ivan - Fix comment bug #27 2017-06-25 11:07:14 +02:00
WIP 2018-06-04 23:04:03 +02:00			`$url = Setting::getSetting('url')->getValue();`

Allow tickets to be created by staff members #175 2018-07-17 06:17:49 +02:00			`if(!Controller::isUserSystemEnabled() && !$isStaff) {`
WIP 2018-06-04 23:04:03 +02:00			`$url .= '/check-ticket/' . $this->ticket->ticketNumber;`
			`$url .= '/' . $email;`
			`}`

Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00			`$mailSender->setTemplate(MailTemplate::TICKET_RESPONDED, [`
fix test ruby 2019-07-02 01:38:34 +02:00			`'to' => $email,`
			`'name' => $name,`
			`'title' => $this->ticket->title,`
			`'ticketNumber' => $this->ticket->ticketNumber,`
			`'content' => $this->content,`
			`'url' => $url`
Ivan - Add all mail templates [skip ci] 2017-03-17 00:00:21 +01:00			`]);`

			`$mailSender->send();`
			`}`
WIP 2018-06-04 23:04:03 +02:00			`}`