From 0174233a24a513507814b2cb92d8fd76671cffe4 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Wed, 8 Jan 2020 10:09:35 -0300 Subject: [PATCH] edit title for system without users --- client/src/data/languages/en.js | 3 +- server/controllers/ticket/edit-comment.php | 47 ++++++++++++++++------ server/controllers/ticket/edit-title.php | 47 ++++++++++++++++------ 3 files changed, 70 insertions(+), 27 deletions(-) diff --git a/client/src/data/languages/en.js b/client/src/data/languages/en.js index 92ca10cf..c1839ae1 100644 --- a/client/src/data/languages/en.js +++ b/client/src/data/languages/en.js @@ -234,7 +234,7 @@ export default { 'ACTIVITY_DEPARTMENT_CHANGED': 'changed department of ticket', 'ACTIVITY_PRIORITY_CHANGED': 'changed priority of ticket', 'ACTIVITY_EDIT_COMMENT': 'edited a comment of ticket', - + 'ACTIVITY_EDIT_TITLE': 'edited title of ticket', 'ACTIVITY_EDIT_SETTINGS': 'edited settings', 'ACTIVITY_SIGNUP': 'signed up', 'ACTIVITY_INVITE': 'invited user', @@ -361,6 +361,7 @@ export default { 'TICKET_COMMENT_ERROR': 'An error occurred while trying to add the comment.', 'NO_PERMISSION': 'You\'ve no permission to access to this page.', 'INVALID_USER': 'User id is invalid', + 'INVALID_TITLE': 'invalid title', 'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.', 'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.', 'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.', diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php index 84a980ca..a0ffe1bf 100644 --- a/server/controllers/ticket/edit-comment.php +++ b/server/controllers/ticket/edit-comment.php @@ -20,6 +20,7 @@ DataValidator::with('CustomValidations', true); * * @apiUse NO_PERMISSION * @apiUse INVALID_CONTENT + * @apiUse INVALID_TOKEN * * @apiSuccess {Object} data Empty object * @@ -30,19 +31,39 @@ class EditCommentController extends Controller { const METHOD = 'POST'; public function validations() { - return [ - 'permission' => 'user', - 'requestData' => [ - 'content' => [ - 'validation' => DataValidator::length(10, 5000), - 'error' => ERRORS::INVALID_CONTENT - ], - 'ticketNumber' => [ - 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()), - 'error' => ERRORS::INVALID_TICKET + if(Controller::isUserSystemEnabled()){ + return [ + 'permission' => 'user', + 'requestData' => [ + 'content' => [ + 'validation' => DataValidator::length(10, 5000), + 'error' => ERRORS::INVALID_CONTENT + ], + 'ticketNumber' => [ + 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()), + 'error' => ERRORS::INVALID_TICKET + ] ] - ] - ]; + ]; + } else { + return [ + 'permission' => 'any', + 'requestData' => [ + 'content' => [ + 'validation' => DataValidator::length(10, 5000), + 'error' => ERRORS::INVALID_CONTENT + ], + 'ticketNumber' => [ + 'validation' => DataValidator::oneOf(DataValidator::validTicketNumber(),DataValidator::nullType()), + 'error' => ERRORS::INVALID_TICKET + ], + 'csrf_token' => [ + 'validation' => DataValidator::equals(Session::getInstance()->getToken()), + 'error' => ERRORS::INVALID_TOKEN + ] + ] + ]; + } } public function handler() { @@ -53,7 +74,7 @@ class EditCommentController extends Controller { $ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId')); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); - if(!Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){ + if(Controller::isUserSystemEnabled() && !Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){ throw new RequestException(ERRORS::NO_PERMISSION); } diff --git a/server/controllers/ticket/edit-title.php b/server/controllers/ticket/edit-title.php index 84450141..f407d28d 100644 --- a/server/controllers/ticket/edit-title.php +++ b/server/controllers/ticket/edit-title.php @@ -19,6 +19,7 @@ DataValidator::with('CustomValidations', true); * * @apiUse NO_PERMISSION * @apiUse INVALID_TITLE + * @apiUse INVALID_TOKEN * * @apiSuccess {Object} data Empty object * @@ -29,19 +30,39 @@ class EditTitleController extends Controller { const METHOD = 'POST'; public function validations() { - return [ - 'permission' => 'user', - 'requestData' => [ - 'title' => [ - 'validation' => DataValidator::length(1, 200), - 'error' => ERRORS::INVALID_TITLE - ], - 'ticketNumber' => [ - 'validation' => DataValidator::validTicketNumber(), - 'error' => ERRORS::INVALID_TICKET + if(Controller::isUserSystemEnabled()){ + return [ + 'permission' => 'user', + 'requestData' => [ + 'title' => [ + 'validation' => DataValidator::length(1, 200), + 'error' => ERRORS::INVALID_TITLE + ], + 'ticketNumber' => [ + 'validation' => DataValidator::validTicketNumber(), + 'error' => ERRORS::INVALID_TICKET + ] ] - ] - ]; + ]; + } else { + return [ + 'permission' => 'any', + 'requestData' => [ + 'title' => [ + 'validation' => DataValidator::length(1, 200), + 'error' => ERRORS::INVALID_TITLE + ], + 'ticketNumber' => [ + 'validation' => DataValidator::validTicketNumber(), + 'error' => ERRORS::INVALID_TICKET + ], + 'csrf_token' => [ + 'validation' => DataValidator::equals(Session::getInstance()->getToken()), + 'error' => ERRORS::INVALID_TOKEN + ] + ] + ]; + } } public function handler() { @@ -49,7 +70,7 @@ class EditTitleController extends Controller { $newtitle = Controller::request('title'); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); - if(!$user->canManageTicket($ticket)) { + if(Controller::isUserSystemEnabled() && !$user->canManageTicket($ticket)) { throw new RequestException(ERRORS::NO_PERMISSION); }