From 0ecf88237f8e165e39352d67a47203a2671ad228 Mon Sep 17 00:00:00 2001 From: LautaroCesso <59095036+LautaroCesso@users.noreply.github.com> Date: Mon, 16 May 2022 17:36:06 -0300 Subject: [PATCH] [DEV-340] Refactor edit ticket comment no permission validations (#1207) * Refactor edit ticket comment no permission validations * Refactor edit comment path --- server/controllers/ticket/edit-comment.php | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php index 3c11b18b..36dd85aa 100644 --- a/server/controllers/ticket/edit-comment.php +++ b/server/controllers/ticket/edit-comment.php @@ -53,29 +53,17 @@ class EditCommentController extends Controller { $newcontent = Controller::request('content', true); $ticketNumberLog = null; $ticketEvent = Ticketevent::getTicketEvent(Controller::request('ticketEventId')); + $commentAuthor = null; if(!$ticketEvent->isNull()) { $ticket = Ticket::getDataStore($ticketEvent->ticketId); + $commentAuthor = $ticketEvent->toArray()["author"]; } else { $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); + $commentAuthor = $ticket->toArray()["author"]; } - if (!$ticketEvent->isNull()) { - $ticketEventArray = $ticketEvent->toArray(); - $userArray = $user->toArray(); - - if($user->id !== $ticketEventArray["author"]["id"] && $user->id !== $ticket->authorId) { - throw new RequestException(ERRORS::NO_PERMISSION); - } - - if((!!$userArray["isStaff"] === !!$ticketEventArray["author"]["staff"]) && ($user->id !== $ticketEventArray["author"]["id"])) { - throw new RequestException(ERRORS::NO_PERMISSION); - } - - if (!!$userArray["isStaff"] !== !!$ticketEventArray["author"]["staff"]) { - throw new RequestException(ERRORS::NO_PERMISSION); - } - } else if ($user->id !== $ticket->authorId) { + if((!!$user->toArray()["isStaff"] !== !!$commentAuthor["staff"]) || ($user->id !== $commentAuthor["id"])) { throw new RequestException(ERRORS::NO_PERMISSION); }