tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-31 01:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

[DEV-340] Refactor edit ticket comment no permission validations (#1207)

Browse Source 
* Refactor edit ticket comment no permission validations

* Refactor edit comment path
This commit is contained in:
LautaroCesso 2022-05-16 17:36:06 -03:00 committed by GitHub
parent 713a5b5ee1
commit 0ecf88237f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
server/controllers/ticket/edit-comment.php
View File

@ -53,29 +53,17 @@ class EditCommentController extends Controller {
$newcontent = Controller::request('content', true); $newcontent = Controller::request('content', true);
$ticketNumberLog = null; $ticketNumberLog = null;
$ticketEvent = Ticketevent::getTicketEvent(Controller::request('ticketEventId')); $ticketEvent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
$commentAuthor = null;
if(!$ticketEvent->isNull()) { if(!$ticketEvent->isNull()) {
$ticket = Ticket::getDataStore($ticketEvent->ticketId); $ticket = Ticket::getDataStore($ticketEvent->ticketId);
$commentAuthor = $ticketEvent->toArray()["author"];
} else { } else {
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
$commentAuthor = $ticket->toArray()["author"];
} }
if (!$ticketEvent->isNull()) { if((!!$user->toArray()["isStaff"] !== !!$commentAuthor["staff"]) || ($user->id !== $commentAuthor["id"])) {
$ticketEventArray = $ticketEvent->toArray();
$userArray = $user->toArray();
if($user->id !== $ticketEventArray["author"]["id"] && $user->id !== $ticket->authorId) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
if((!!$userArray["isStaff"] === !!$ticketEventArray["author"]["staff"]) && ($user->id !== $ticketEventArray["author"]["id"])) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
if (!!$userArray["isStaff"] !== !!$ticketEventArray["author"]["staff"]) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
} else if ($user->id !== $ticket->authorId) {
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }