tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/opensupports/opensupports into lautaro

This commit is contained in:
LautaroCesso 2020-04-16 11:07:34 -03:00
parent 954fc27c54 33bf2c42dd
commit 212bf0b1d0
9 changed files with 226 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/article/add-topic.php
View File

@ -4,7 +4,7 @@ DataValidator::with('CustomValidations', true);
/**
* @api {post} /article/add-topic Add topic
* @apiVersion 4.6.0
* @apiVersion 4.6.1
*
* @apiName Add topic
*

1
server/controllers/ticket.php
View File

@ -25,5 +25,6 @@ $ticketControllers->addController(new GetTagsController);
$ticketControllers->addController(new AddTagController);
$ticketControllers->addController(new RemoveTagController);
$ticketControllers->addController(new SearchController);
$ticketControllers->addController(new GetAuthorsController);
$ticketControllers->finalize();

104
server/controllers/ticket/get-authors.php Normal file
View File

@ -0,0 +1,104 @@
<?php
use Respect\Validation\Validator as DataValidator;
use RedBeanPHP\Facade as RedBean;
DataValidator::with('CustomValidations', true);
/**
* @api {post} /ticket/get-authors Get authors of tickets
* @apiVersion 4.6.1
*
* @apiName Get authors
*
* @apiGroup Ticket
*
* @apiDescription This path returns all the authors that match with the query.
*
* @apiPermission staff1
*
*
* @apiParam {String} query A string to find into a ticket to make a custom search.
* @apiParam {Object[]} blackList A array of objects {id,staff} with id and boolean to eliminate the authors of the new list.
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_QUERY
*
* @apiSuccess {Object} data Empty object
*
*/
class GetAuthorsController extends Controller {
const PATH = '/get-authors';
const METHOD = 'POST';
public function validations() {
return [
'permission' => 'staff_1',
'requestData' => [
'query' => [
'validation' => DataValidator::oneOf(DataValidator::stringType(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY
],
'blackList' => [
'validation' => DataValidator::oneOf(DataValidator::validAuthorsBlackList(),DataValidator::nullType()),
'error' => ERRORS::INVALID_BLACK_LIST
]
]
];
}
public function handler() {
$query = Controller::request('query');
$authorsQuery = "SELECT id,name,level FROM staff " . $this->generateAuthorsIdQuery($query) . " LIMIT 10";
$authorsMatch = RedBean::getAll($authorsQuery, [':query' => "%" .$query . "%",':queryAtBeginning' => $query . "%"] );
$authors = [];
foreach($authorsMatch as $authorMatch) {
if($authorMatch['level'] >=1 && $authorMatch['level'] <= 3){
$author = Staff::getDataStore($authorMatch['id']*1);
} else {
$author = User::getDataStore($authorMatch['id']*1);
}
array_push($authors, $author->toArray());
}
Response::respondSuccess([
'authors' => $authors
]);
}
public function generateAuthorsIdQuery($query) {
if ($query){
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :queryAtBeginning) THEN 1 ELSE 2 END ASC ";
} else {
return "WHERE 1=1 ". $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE 1=1". $this->generateUserBlackListQuery() ." ORDER BY id";
}
}
public function generateStaffBlackListQuery(){
$StaffBlackList = $this->getBlackListFiltered();
return $this->generateBlackListQuery($StaffBlackList);
}
public function generateUserBlackListQuery(){
$UserBlackList = $this->getBlackListFiltered(0);
return $this->generateBlackListQuery($UserBlackList);
}
public function generateBlackListQuery($idList){
$text = "";
foreach ($idList as $id) {
$text .= " AND id != " . $id;
}
return $text;
}
public function getBlackListFiltered($staff = 1){
$blackList = json_decode(Controller::request('blackList'));
$idList = [];
if($blackList){
foreach ($blackList as $item) {
if($staff == $item->staff) array_push($idList, $item->id);
}
}
return $idList;
}
}

9
server/controllers/ticket/search.php
View File

@ -134,10 +134,9 @@ class SearchController extends Controller {
$query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%"])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%"]);
$ticketList = [];
foreach ($ticketIdList as $item) {
$ticket = Ticket::getDataStore($item['id']);
array_push($ticketList, $ticket->toArray());
@ -410,8 +409,8 @@ class SearchController extends Controller {
$ticketEventTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticketevent';");
if($querysearch !== null){
$ticketeventOrder = ( $ticketEventTableExists ? " CASE WHEN (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) THEN ticketevent.content END desc," : "");
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN ticket.ticket_number END desc,CASE WHEN (ticket.title LIKE :query) THEN ticket.title END desc, CASE WHEN ( ticket.content LIKE :query) THEN ticket.content END desc," . $ticketeventOrder ;
$ticketeventOrder = ( $ticketEventTableExists ? " WHEN (ticketevent.content LIKE :query) THEN 5 " : "");
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :queryAtBeginning) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
}
}

5
server/data/ERRORS.php
View File

@ -95,6 +95,10 @@
* @apiDefine INVALID_QUERY
* @apiError {String} INVALID_QUERY The query is invalid.
*/
/**
* @apiDefine INVALID_BLACK_LIST
* @apiError {String} INVALID_BLACK_LIST The black list is invalid.
*/
/**
* @apiDefine INVALID_TAG_FILTER
* @apiError {String} INVALID_TAG_FILTER The tag filter is invalid.
@ -330,6 +334,7 @@ class ERRORS {
const INVALID_PRIORITY = 'INVALID_PRIORITY';
const INVALID_PAGE = 'INVALID_PAGE';
const INVALID_QUERY = 'INVALID_QUERY';
const INVALID_BLACK_LIST = 'INVALID_BLACK_LIST';
const INVALID_TAG_FILTER = 'INVALID_TAG_FILTER';
const INVALID_CLOSED_FILTER = 'INVALID_CLOSED_FILTER';
const INVALID_UNREAD_STAFF_FILTER = 'INVALID_UNREAD_STAFF_FILTER';

20
server/libs/validations/validAuthorsBlackList.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class ValidAuthorsBlackList extends AbstractRule {
public function validate($blackList) {
if(is_array(json_decode($blackList))){
foreach (json_decode($blackList) as $item) {
if(!$item->id || !$item->staff) return false;
if($item->staff != 0 && $item->staff != 1) return false;
if(!is_numeric($item->id)) return false;
}
return true;
}
return false;
}
}

44
server/tests/controllers/ticket/searchTest.php
View File

@ -197,17 +197,7 @@ class SearchControllerTest extends TestCase {
$this->searchController->getSQLQuery([
'departments' => null,
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 2
],
[
'id' => 1
],
[
'id' => 3
]
]
'allowedDepartments' => [2,1,3]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id'
);
@ -216,17 +206,7 @@ class SearchControllerTest extends TestCase {
$this->searchController->getSQLQuery([
'departments' => [1],
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 2
],
[
'id' => 1
],
[
'id' => 3
]
]
'allowedDepartments' => [2,1,3]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 ) GROUP BY ticket.id'
);
@ -235,14 +215,7 @@ class SearchControllerTest extends TestCase {
$this->searchController->getSQLQuery([
'departments' => [1,2,3,4],
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 2
],
[
'id' => 1
]
]
'allowedDepartments' => [2,1]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or (ticket.author_staff_id = 1 and ( ticket.department_id = 3 or ticket.department_id = 4)) ) GROUP BY ticket.id'
);
@ -251,14 +224,7 @@ class SearchControllerTest extends TestCase {
$this->searchController->getSQLQuery([
'departments' => [2],
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 5
],
[
'id' => 6
]
]
'allowedDepartments' => [5,6]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.author_staff_id = 1 and ( ticket.department_id = 2)) GROUP BY ticket.id'
);
@ -317,7 +283,7 @@ class SearchControllerTest extends TestCase {
'page' => 1,
'query' => 'stark'
]),
"SELECT ticket.id FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) ) GROUP BY ticket.id ORDER BY CASE WHEN (ticket.ticket_number LIKE :query) THEN ticket.ticket_number END desc,CASE WHEN (ticket.title LIKE :query) THEN ticket.title END desc, CASE WHEN ( ticket.content LIKE :query) THEN ticket.content END desc, CASE WHEN (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) THEN ticketevent.content END desc,ticket.closed asc, ticket.owner_id asc, ticket.unread_staff asc, ticket.priority desc, ticket.date desc LIMIT 10 OFFSET 0"
"SELECT ticket.id FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query or (ticketevent.type = 'COMMENT' and ticketevent.content LIKE :query) ) GROUP BY ticket.id ORDER BY CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :query2) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 WHEN (ticketevent.content LIKE :query) THEN 5 END asc, ticket.closed asc, ticket.owner_id asc, ticket.unread_staff asc, ticket.priority desc, ticket.date desc LIMIT 10 OFFSET 0"
);
$this->assertEquals(

1
tests/init.rb
View File

@ -72,6 +72,7 @@ require './ticket/delete-tag.rb'
require './ticket/edit-comment.rb'
require './ticket/edit-title.rb'
require './system/custom-fields.rb'
require './ticket/get-authors.rb'
require './system/disable-user-system.rb'
require './ticket/search.rb'
# require './system/get-stats.rb'

84
tests/ticket/get-authors.rb Normal file
View File

@ -0,0 +1,84 @@
describe '/ticket/get-authors/' do
it 'should fail if a user is loged' do
request('/user/logout')
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if blackList is invalid' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser(email = 'eemilia@jobs.com', password = 'custompassword', name = 'eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':2,'id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':'level two','id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':1,'id':'four'}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
end
it 'should return the correct authors' do
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(2)
(result['data']['authors'][0]['name']).should.equal('Emilia Clarke')
(result['data']['authors'][1]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia',
blackList: '[{"staff":1,"id":1}]'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(1)
(result['data']['authors'][0]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: '',
})
(result['status']).should.equal('success')
end
end