From 33ddbd972d96bd9d1ddafebdc6bb6ce55447bb94 Mon Sep 17 00:00:00 2001 From: Kallys Date: Mon, 12 Jun 2017 12:22:31 +0200 Subject: [PATCH] Fix review comments --- server/controllers/ticket/close.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/server/controllers/ticket/close.php b/server/controllers/ticket/close.php index 70a84b3a..2db5b12e 100755 --- a/server/controllers/ticket/close.php +++ b/server/controllers/ticket/close.php @@ -18,7 +18,7 @@ DataValidator::with('CustomValidations', true); * * @apiUse NO_PERMISSION * @apiUse INVALID_TICKET - * + * * @apiSuccess {Object} data Empty object * */ @@ -52,8 +52,7 @@ class CloseController extends Controller { ], 'csrf_token' => [ 'validation' => DataValidator::equals($session->getToken()), - 'error' => Controller::request('csrf_token') . ' != ' . $session->getToken() - + 'error' => ERRORS::INVALID_TOKEN ] ] ]; @@ -76,18 +75,17 @@ class CloseController extends Controller { $this->sendMail(); Log::createLog('CLOSE', $this->ticket->ticketNumber); - + Response::respondSuccess(); } private function shouldDenyPermission() { - if(Controller::isUserSystemEnabled() || Controller::isStaffLogged()) { - $user = Controller::getLoggedUser(); - - return (!Controller::isStaffLogged() && $this->ticket->author->id !== $user->id) || - (Controller::isStaffLogged() && $this->ticket->owner && $this->ticket->owner->id !== $user->id); + if(Controller::isStaffLogged()) { + return $this->ticket->owner && $this->ticket->owner->id !== Controller::getLoggedUser()->id; + } else if(Controller::isUserSystemEnabled()) { + return $this->ticket->author->id !== Controller::getLoggedUser()->id; } else { - return $this->ticket->ticket_number != Session::getInstance()->getTicketNumber(); + return false; } }