fix bug 115/166

2025-07-27 15:54:23 +02:00 · 2018-03-09 15:17:28 -03:00 · 2018-03-09 15:17:28 -03:00 · 30fdb384f3
commit 30fdb384f3
parent d26d511ebd
7 changed files with 31 additions and 23 deletions
--- a/server/controllers/staff/assign-ticket.php
+++ b/server/controllers/staff/assign-ticket.php
@ -50,12 +50,12 @@ class AssignStaffController extends Controller {
        $this->ticket = Ticket::getByTicketNumber($ticketNumber);

        if($this->ticket->owner) {
-            Response::respondError(ERRORS::TICKET_ALREADY_ASSIGNED);
+            throw new Exception(ERRORS::TICKET_ALREADY_ASSIGNED);
            return;
        }

        if(!$this->ticketHasStaffDepartment())  {
-            Response::respondError(ERRORS::INVALID_DEPARTMENT);
+            throw new Exception(ERRORS::INVALID_DEPARTMENT);
        } else {
            $this->user->sharedTicketList->add($this->ticket);
            $this->ticket->owner = $this->user;
--- a/server/controllers/staff/un-assign-ticket.php
+++ b/server/controllers/staff/un-assign-ticket.php
@ -44,7 +44,7 @@ class UnAssignStaffController extends Controller {
        $user = Controller::getLoggedUser();
        $ticket = Ticket::getByTicketNumber($ticketNumber);

-        if($ticket->owner && $ticket->owner->id == $user->id) {
+        if($ticket->owner && $ticket->owner->id === $user->id || $user->level !== 1) {
            $user->sharedTicketList->remove($ticket);
            $user->store();

@ -61,7 +61,7 @@ class UnAssignStaffController extends Controller {
            $ticket->store();
            Response::respondSuccess();
        } else {
-            Response::respondError(ERRORS::NO_PERMISSION);
+            throw new Exception(ERRORS::NO_PERMISSION);
            return;
        }
    }
--- a/server/controllers/system/edit-settings.php
+++ b/server/controllers/system/edit-settings.php
@ -73,6 +73,10 @@ class EditSettingsController extends Controller {
        $allowed = json_decode(Controller::request('allowedLanguages'));
        $supported = json_decode(Controller::request('supportedLanguages'));

+        if (array_diff($supported, $allowed)) {
+            throw new Exception(ERRORS::INVALID_SUPPORTED_LANGUAGES);
+        }
+
        foreach(Language::LANGUAGES as $languageCode) {
            $language = Language::getDataStore($languageCode, 'code');

--- a/server/controllers/ticket/change-department.php
+++ b/server/controllers/ticket/change-department.php
@ -52,8 +52,8 @@ class ChangeDepartmentController extends Controller {
        $department = Department::getDataStore($departmentId);
        $user = Controller::getLoggedUser();

-        if($ticket->owner && $ticket->owner->id !== $user->id){
-            Response::respondError(ERRORS::NO_PERMISSION);
+        if($ticket->owner && $ticket->owner->id !== $user->id || $user->level === 1){
+            throw new Exception(ERRORS::NO_PERMISSION);
            return;
        }

--- a/server/data/ERRORS.php
+++ b/server/data/ERRORS.php
@ -194,6 +194,7 @@ class ERRORS {
    const INVALID_CAPTCHA = 'INVALID_CAPTCHA';
    const INVALID_TICKET_EVENT = 'INVALID_TICKET_EVENT';
    const INVALID_LANGUAGE = 'INVALID_LANGUAGE';
+    const INVALID_SUPPORTED_LANGUAGES = 'INVALID_SUPPORTED_LANGUAGES';
    const TICKET_ALREADY_ASSIGNED = 'TICKET_ALREADY_ASSIGNED';
    const INVALID_PRIORITY = 'INVALID_PRIORITY';
    const INVALID_PAGE = 'INVALID_PAGE';
--- a/tests/staff/un-assign-ticket.rb
+++ b/tests/staff/un-assign-ticket.rb
@ -28,15 +28,4 @@ describe '/staff/un-assign-ticket' do
        (staff_ticket).should.equal(nil)
    end

-    it 'should fail if ticket is not  yours' do
-        ticket = $database.getRow('ticket', 1 , 'id')
-        result = request('/staff/un-assign-ticket', {
-            ticketNumber: ticket['ticket_number'],
-            csrf_userid: $csrf_userid,
-            csrf_token: $csrf_token
-        })
-
-        (result['status']).should.equal('fail')
-        (result['message']).should.equal('NO_PERMISSION')
-    end
 end
--- a/tests/system/edit-settings.rb
+++ b/tests/system/edit-settings.rb
@ -37,6 +37,20 @@ describe'system/edit-settings' do

        request('/user/logout')
    end
+    it 'should fail if supported languages are invalid' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result= request('/system/edit-settings', {
+            "csrf_userid" => $csrf_userid,
+            "csrf_token" => $csrf_token,
+            "supportedLanguages" => '["en", "pt", "jp", "ru", "de"]',
+            "allowedLanguages" => '["en", "pt", "jp", "ru"]'
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_SUPPORTED_LANGUAGES')
+    end
    it 'should change allowed and supported languages' do
        request('/user/logout')
        Scripts.login($staff[:email], $staff[:password], true)
@ -45,7 +59,7 @@ describe'system/edit-settings' do
            "csrf_userid" => $csrf_userid,
            "csrf_token" => $csrf_token,
            "supportedLanguages" => '["en", "pt", "jp", "ru"]',
-            "allowedLanguages" => '["en","pt", "jp", "ru", "de"]'
+            "allowedLanguages" => '["en", "pt", "jp", "ru", "de"]'
        })

        (result['status']).should.equal('success')