staff allow manage ticket feature

2025-07-28 08:14:25 +02:00 · 2019-07-04 20:22:38 -03:00 · 2019-07-04 20:22:38 -03:00 · 53e88a78f7
commit 53e88a78f7
parent b495b83a93
15 changed files with 75 additions and 75 deletions
--- a/client/src/app-components/activity-row.js
+++ b/client/src/app-components/activity-row.js
@ -19,6 +19,7 @@ class ActivityRow extends React.Component {
            'RE_OPEN',
            'DEPARTMENT_CHANGED',
            'PRIORITY_CHANGED',
            'EDIT_COMMENT',
            'EDIT_SETTINGS',
            'SIGNUP',
--- a/client/src/app-components/ticket-event.scss
+++ b/client/src/app-components/ticket-event.scss
@ -98,19 +98,23 @@
            text-align: left;
            position:relative;
            &:hover {
                .ticket-event__comment-content__edit {
                    color: grey;
                    cursor:pointer;
                }
            }
            img {
                max-width:100%;
            }
            &__edit {
                position:absolute;
                top: 3px;
                right: 9px;
                align-self: right;
                color:white;
                :hover {
                    color: grey;
                    cursor:pointer;
                }
            }
        }
    }
--- a/server/controllers/staff/assign-ticket.php
+++ b/server/controllers/staff/assign-ticket.php
@ -49,6 +49,7 @@ class AssignStaffController extends Controller {
        $ticketNumber = Controller::request('ticketNumber');
        $staffId = Controller::request('staffId');
        $this->ticket = Ticket::getByTicketNumber($ticketNumber);
        $user = Controller::getLoggedUser();
        if($staffId) {
            $this->staffToAssign = Staff::getDataStore($staffId, 'id');
@ -68,8 +69,8 @@ class AssignStaffController extends Controller {
            throw new RequestException(ERRORS::TICKET_ALREADY_ASSIGNED);
        }
-        if(!$this->ticketHasStaffDepartment())  {
+        if(!$user->canManageTicket($this->ticket)) {
-            throw new RequestException(ERRORS::INVALID_DEPARTMENT);
+            throw new RequestException(ERRORS::NO_PERMISSION);
        } else {
            $this->staffToAssign->sharedTicketList->add($this->ticket);
            $this->ticket->owner = $this->staffToAssign;
@ -90,15 +91,4 @@ class AssignStaffController extends Controller {
    }
    public function ticketHasStaffDepartment() {
        $departmentMatch = false;
        foreach ($this->staffToAssign->sharedDepartmentList as $department) {
            if($this->ticket->department->id === $department->id) {
                $departmentMatch = true;
            }
        }
        return $departmentMatch;
    }
 }
--- a/server/controllers/staff/un-assign-ticket.php
+++ b/server/controllers/staff/un-assign-ticket.php
@ -51,6 +51,10 @@ class UnAssignStaffController extends Controller {
        $ticket = Ticket::getByTicketNumber($ticketNumber);
        $owner = $ticket->owner;
        if(!$user->canManageTicket($ticket)) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }
        if($owner && ($ticket->isOwner($user) || $user->level > 2)) {
            if(!$ticket->isAuthor($owner)) {
                $owner->sharedTicketList->remove($ticket);
--- a/server/controllers/ticket/add-tag.php
+++ b/server/controllers/ticket/add-tag.php
@ -50,6 +50,9 @@ class AddTagController extends Controller {
        $tagId = Controller::request('tagId');
        $tag = Tag::getDataStore($tagId);
        $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
        $user = Controller::getLoggedUser();
        if(!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        if ($ticket->sharedTagList->includesId($tagId)) throw new RequestException(ERRORS::TAG_EXISTS);
--- a/server/controllers/ticket/change-department.php
+++ b/server/controllers/ticket/change-department.php
@ -56,6 +56,8 @@ class ChangeDepartmentController extends Controller {
            throw new Exception(ERRORS::NO_PERMISSION);
        }
        if (!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        if($ticket->owner && $ticket->owner->id !== $user->id && $user->level == 1){
            throw new RequestException(ERRORS::NO_PERMISSION);
        }
--- a/server/controllers/ticket/change-priority.php
+++ b/server/controllers/ticket/change-priority.php
@ -50,6 +50,9 @@ class ChangePriorityController extends Controller {
        $ticket = Ticket::getByTicketNumber($ticketNumber);
        $user = Controller::getLoggedUser();
        if (!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        if($ticket->owner && $user->id === $ticket->owner->id) {
            $ticket->priority = $priority;
            $ticket->unread = !$ticket->isAuthor($user);
--- a/server/controllers/ticket/close.php
+++ b/server/controllers/ticket/close.php
@ -70,6 +70,12 @@ class CloseController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }
        if(Controller::isStaffLogged()){
            $user = Controller::getLoggedUser();
            if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        }
        $this->markAsUnread();
        $this->addCloseEvent();
        $this->ticket->closed = true;
--- a/server/controllers/ticket/comment.php
+++ b/server/controllers/ticket/comment.php
@ -81,11 +81,18 @@ class CommentController extends Controller {
        $ticketAuthor = $this->ticket->authorToArray();
        $isAuthor = $this->ticket->isAuthor(Controller::getLoggedUser()) || Session::getInstance()->isTicketSession();
        $isOwner = $this->ticket->isOwner(Controller::getLoggedUser());
        $user = Controller::getLoggedUser();
        if((Controller::isUserSystemEnabled() || Controller::isStaffLogged()) && !$isOwner && !$isAuthor) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }
        if(Controller::isStaffLogged()){
            if(!$user->canManageTicket($this->ticket)) {
                throw new RequestException(ERRORS::NO_PERMISSION);
            }
        }
        $this->storeComment();
        if($isAuthor && $this->ticket->owner) {
--- a/server/controllers/ticket/edit-comment.php
+++ b/server/controllers/ticket/edit-comment.php
@ -44,6 +44,7 @@ class EditCommentController extends Controller {
    public function handler() {
        $user = Controller::getLoggedUser();
        $newcontent = Controller::request('content');
        $ticketNumberLog = null;
        $ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
        $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
@ -52,16 +53,31 @@ class EditCommentController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }
        if(Controller::isStaffLogged()){
            if(!$ticketevent->isNull()){
                $ticket = $ticketevent->ticket;
            }
            if(!$user->canManageTicket($ticket)) {
                throw new RequestException(ERRORS::NO_PERMISSION);
            }
        }
        if(!$ticketevent->isNull()){
            $ticketNumber = Ticket::getTicket($ticketevent->ticketId)->ticketNumber;
            $ticketevent->content = $newcontent;
            $ticketevent->editedContent = true;
            $ticketevent->store();
        }else{
            $ticketNumber = $ticket->ticketNumber;
            $ticket->content = $newcontent;
            $ticket->editedContent = true;
            $ticket->store();
        }
        Log::createLog('EDIT_COMMENT', $ticketNumber);
        Response::respondSuccess();
    }
--- a/server/controllers/ticket/re-open.php
+++ b/server/controllers/ticket/re-open.php
@ -43,9 +43,10 @@ class ReOpenController extends Controller {
    public function handler() {
        $this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
-        if($this->shouldDenyPermission()) {
+        if(Controller::isStaffLogged()){
-            throw new RequestException(ERRORS::NO_PERMISSION);
+            $user = Controller::getLoggedUser();
-            return;
+
            if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        }
        $this->markAsUnread();
@ -59,19 +60,6 @@ class ReOpenController extends Controller {
        Response::respondSuccess();
    }
    private function shouldDenyPermission() {
        $user = Controller::getLoggedUser();
        return !(
            $this->ticket->isAuthor($user) ||
            (
                Controller::isStaffLogged() &&
                $user->sharedDepartmentList->includesId($this->ticket->department->id)
            )
        );
    }
    private function markAsUnread() {
        if(Controller::isStaffLogged()) {
            $this->ticket->unread = true;
--- a/server/controllers/ticket/remove-tag.php
+++ b/server/controllers/ticket/remove-tag.php
@ -49,6 +49,9 @@ class RemoveTagController extends Controller {
        $tagId = Controller::request('tagId');
        $tag = Tag::getDataStore($tagId);
        $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
        $user = Controller::getLoggedUser();
        if (!$user->canManageTicket($ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
        if (!$ticket->sharedTagList->includesId($tagId)) throw new RequestException(ERRORS::INVALID_TAG);
--- a/server/models/Log.php
+++ b/server/models/Log.php
@ -50,7 +50,9 @@ class Log extends DataStore {
    public function toArray() {
        $author = ($this->authorUser instanceof User) ? $this->authorUser : $this->authorStaff;
-        
+        if(!$author){
            throw new Exception($this->id);
        }
        return [
            'type' => $this->type,
            'to' => $this->to,
--- a/server/models/Staff.php
+++ b/server/models/Staff.php
@ -49,6 +49,10 @@ class Staff extends DataStore {
        return parent::getDataStore($value, $property);
    }
    public function canManageTicket(Ticket $ticket){
        return $this->sharedDepartmentList->includesId($ticket->departmentId);
    }
    public function toArray() {
        return [
            'id' => $this->id,
--- a/tests/ticket/change-department.rb
+++ b/tests/ticket/change-department.rb
@ -45,37 +45,4 @@ describe '/ticket/change-department' do
        (lastLog['type']).should.equal('DEPARTMENT_CHANGED')
    end
    it 'should unassing ticket if staff does not server new department' do
      ticket = $database.getRow('ticket', 1 , 'id')
      request('/staff/edit', {
          csrf_userid: $csrf_userid,
          csrf_token: $csrf_token,
          departments: '[1, 2]',
          staffId: 1
      })
      result = request('/ticket/change-department', {
          ticketNumber: ticket['ticket_number'],
          departmentId: 3,
          csrf_userid: $csrf_userid,
          csrf_token: $csrf_token
      })
      (result['status']).should.equal('success')
      ticket = $database.getRow('ticket', 1 , 'id')
      (ticket['unread']).should.equal('1')
      (ticket['department_id']).should.equal('3')
      (ticket['owner_id']).should.equal(nil)
      lastLog = $database.getLastRow('log')
      (lastLog['type']).should.equal('DEPARTMENT_CHANGED')
      request('/staff/edit', {
          csrf_userid: $csrf_userid,
          csrf_token: $csrf_token,
          departments: '[1, 2, 3]',
          staffId: 1
      })
    end
 end