tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #715 from guillegiu/master 

Fix bugs for 4.6.1
This commit is contained in:
Guillermo Giuliana 2020-02-05 16:48:58 -03:00 committed by GitHub
parent c941a4792d aedae876d6
commit 5b1d3d8b50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 224 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/src/app/admin/panel/tickets/admin-panel-search-tickets.js
View File

@ -14,7 +14,7 @@ class AdminPanelSearchTickets extends React.Component {
return (
<div className="admin-panel-all-tickets">
<Header title={this.getList().title} description={i18n('SEARCH_TICKETS_DESCRIPTION')} />
{(this.props.error) ? <Message type="error">{i18n('ERROR_RETRIEVING_TICKETS')}</Message> : <TicketQueryList customList ={this.getList().filters}/>}
{(this.props.error) ? <Message type="error">{i18n('ERROR_RETRIEVING_TICKETS')}</Message> : <TicketQueryList customList ={this.getList()}/>}
</div>
);
}

1
client/src/data/languages/en.js
View File

@ -363,6 +363,7 @@ export default {
'NO_PERMISSION': 'You\'ve no permission to access to this page.',
'INVALID_USER': 'User id is invalid',
'INVALID_TITLE': 'invalid title',
'INVALID_NAME': 'invalid name',
'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.',
'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.',
'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.',

7
client/src/lib-app/validations/length-validator.js
View File

@ -1,4 +1,5 @@
import Validator from 'lib-app/validations/validator';
import _ from 'lodash';
class LengthValidator extends Validator {
constructor(length, errorKey = 'INVALID_VALUE', validator = null) {
@ -12,8 +13,10 @@ class LengthValidator extends Validator {
let div = document.createElement("div");
div.innerHTML = value;
let text = div.textContent || div.innerText || "";
if (text.length < this.minlength) return this.getError(this.errorKey);
if(_.every(text, c => c === " ")) {
text = text.replace(/\s/g, '');
}
if(text.length < this.minlength) return this.getError(this.errorKey);
}
}

19
client/src/lib-app/validations/space-validator.js Normal file
View File

@ -0,0 +1,19 @@
import Validator from 'lib-app/validations/validator';
class SpaceValidator extends Validator {
constructor(errorKey = 'INVALID_VALUE', validator = null) {
super(validator);
this.errorKey = errorKey;
}
validate(value = '', form = {}) {
let div = document.createElement("div");
div.innerHTML = value;
let text = div.textContent || div.innerText || "";
if (text.replace(/\s/g, '').length < 1) return this.getError(this.errorKey);
}
}
export default SpaceValidator;

3
client/src/lib-app/validations/validator-factory.js
View File

@ -4,13 +4,14 @@ import RepeatPasswordValidator from 'lib-app/validations/repeat-password-validat
import LengthValidator from 'lib-app/validations/length-validator';
import ListValidator from 'lib-app/validations/list-validator';
import ImageSizeValidator from 'lib-app/validations/image-size-validator';
import SpaceValidator from './space-validator';
let validators = {
'DEFAULT': new Validator(),
'NAME': new LengthValidator(2, 'ERROR_NAME'),
'TITLE': new LengthValidator(1, 'ERROR_TITLE'),
'EMAIL': new EmailValidator(),
'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(10, 'ERROR_CONTENT_SHORT')),
'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(1, 'ERROR_CONTENT_SHORT')),
'PASSWORD': new LengthValidator(6, 'ERROR_PASSWORD'),
'REPEAT_PASSWORD': new RepeatPasswordValidator(),
'URL': new LengthValidator(5, 'ERROR_URL'),

6
server/controllers/article/add-topic.php
View File

@ -36,9 +36,9 @@ class AddTopicController extends Controller {
'permission' => 'staff_2',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 100),
'error' => ERRORS::INVALID_NAME
]
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_TITLE
],
]
];
}

4
server/controllers/article/add.php
View File

@ -40,11 +40,11 @@ class AddArticleController extends Controller {
'permission' => 'staff_2',
'requestData' => [
'title' => [
'validation' => DataValidator::length(1, 100),
'validation' => DataValidator::notBlank()->length(1, 100),
'error' => ERRORS::INVALID_NAME
],
'content' => [
'validation' => DataValidator::length(10),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'topicId' => [

7
server/controllers/article/edit-topic.php
View File

@ -38,7 +38,12 @@ class EditTopicController extends Controller {
'topicId' => [
'validation' => DataValidator::dataStoreId('topic'),
'error' => ERRORS::INVALID_TOPIC
]
],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
],
]
];
}

10
server/controllers/article/edit.php
View File

@ -41,7 +41,15 @@ class EditArticleController extends Controller {
'articleId' => [
'validation' => DataValidator::dataStoreId('article'),
'error' => ERRORS::INVALID_TOPIC
]
],
'title' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()),
'error' => ERRORS::INVALID_TITLE
],
'content' => [
'validation' => DataValidator::oneOf(DataValidator::content(),DataValidator::nullType()),
'error' => ERRORS::INVALID_CONTENT
],
]
];
}

2
server/controllers/staff/edit.php
View File

@ -42,7 +42,7 @@ class EditStaffController extends Controller {
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
'validation' => DataValidator::oneOf(DataValidator::length(5, 200), DataValidator::falseVal()),
'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 200), DataValidator::falseVal()),
'error' => ERRORS::INVALID_PASSWORD
],
'level' => [

2
server/controllers/staff/get-all-tickets.php
View File

@ -64,7 +64,7 @@ class GetAllTicketsStaffController extends Controller {
$query .= $this->getStaffDepartmentsQueryFilter();
$query .= $this->getClosedFilter();
$query .= "ORDER BY CASE WHEN (title LIKE ?) THEN 1 ELSE 2 END ASC, id DESC LIMIT 10 OFFSET " . (($page-1)*10);
return Ticket::find($query, [
Controller::request('query') . '%',
'%' . Controller::request('query') . '%',

2
server/controllers/staff/invite.php
View File

@ -47,7 +47,7 @@ class InviteStaffController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
],
'email' => [

2
server/controllers/staff/search-tickets.php
View File

@ -35,7 +35,7 @@ class SearchTicketStaffController extends Controller {
'permission' => 'staff_1',
'requestData' => [
'query' => [
'validation' => DataValidator::length(1),
'validation' => DataValidator::notBlank()->length(1),
'error' => ERRORS::INVALID_QUERY
],
'page' => [

2
server/controllers/system/add-api-key.php
View File

@ -34,7 +34,7 @@ class AddAPIKeyController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55)->alnum(),
'validation' => DataValidator::notBlank()->length(2, 55)->alnum(),
'error' => ERRORS::INVALID_NAME
],
'type' => [

6
server/controllers/system/add-custom-field.php
View File

@ -37,9 +37,13 @@ class AddCustomFieldController extends Controller {
'permission' => 'staff_2',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 100),
'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME
],
'description' => [
'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_DESCRIPTION
],
'type' => [
'validation' => DataValidator::oneOf(
DataValidator::equals('text'),

2
server/controllers/system/add-department.php
View File

@ -31,7 +31,7 @@ class AddDepartmentController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 100),
'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME
]
]

2
server/controllers/system/delete-api-key.php
View File

@ -31,7 +31,7 @@ class DeleteAPIKeyController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
]
]

6
server/controllers/system/edit-department.php
View File

@ -37,7 +37,11 @@ class EditDepartmentController extends Controller {
'departmentId' => [
'validation' => DataValidator::dataStoreId('department'),
'error' => ERRORS::INVALID_DEPARTMENT
]
],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
],
]
];
}

6
server/controllers/system/edit-mail-template.php
View File

@ -46,15 +46,15 @@ class EditMailTemplateController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'template' => [
'validation' => DataValidator::length(4),
'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE
],
'language' => [
'validation' => DataValidator::length(2, 2),
'validation' => DataValidator::notBlank()->length(2,2),
'error' => ERRORS::INVALID_LANGUAGE
],
'subject' => [
'validation' => DataValidator::length(4),
'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_SUBJECT
],
]

2
server/controllers/system/email-polling.php
View File

@ -12,7 +12,7 @@ class EmailPollingController extends Controller {
'permission' => 'any',
'requestData' => [
'token' => [
'validation' => DataValidator::length(1, 200),
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_TOKEN
]
]

4
server/controllers/system/get-mail-template.php
View File

@ -31,11 +31,11 @@ class GetMailTemplateController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'template' => [
'validation' => DataValidator::length(4),
'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE
],
'language' => [
'validation' => DataValidator::length(2, 2),
'validation' => DataValidator::notBlank()->length(2, 2),
'error' => ERRORS::INVALID_LANGUAGE
],
]

4
server/controllers/system/init-admin.php
View File

@ -36,7 +36,7 @@ class InitAdminController extends Controller {
'permission' => 'any',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
],
'email' => [
@ -44,7 +44,7 @@ class InitAdminController extends Controller {
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
'validation' => DataValidator::length(5, 200),
'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD
],
]

4
server/controllers/system/recover-mail-template.php
View File

@ -33,11 +33,11 @@ class RecoverMailTemplateController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'template' => [
'validation' => DataValidator::length(4),
'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE
],
'language' => [
'validation' => DataValidator::length(2, 2),
'validation' => DataValidator::notBlank()->length(2, 2),
'error' => ERRORS::INVALID_LANGUAGE
],
]

4
server/controllers/ticket/add-custom-response.php
View File

@ -36,11 +36,11 @@ class AddCustomResponseController extends Controller {
'permission' => 'staff_2',
'requestData' => [
'name' => [
'validation' => DataValidator::length(5, 100),
'validation' => DataValidator::notBlank()->length(5, 100),
'error' => ERRORS::INVALID_NAME
],
'content' => [
'validation' => DataValidator::length(20, 500),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'language' => [

7
server/controllers/ticket/comment.php
View File

@ -47,7 +47,7 @@ class CommentController extends Controller {
'permission' => 'user',
'requestData' => [
'content' => [
'validation' => DataValidator::length(20, 5000),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'ticketNumber' => [
@ -61,7 +61,7 @@ class CommentController extends Controller {
'permission' => 'any',
'requestData' => [
'content' => [
'validation' => DataValidator::length(20, 5000),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'ticketNumber' => [
@ -83,11 +83,10 @@ class CommentController extends Controller {
$isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user);
$isOwner = $this->ticket->isOwner($this->user);
$private = Controller::request('private');
if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){
throw new RequestException(ERRORS::NO_PERMISSION);
}
if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}

2
server/controllers/ticket/create-tag.php
View File

@ -34,7 +34,7 @@ class CreateTagController extends Controller {
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 100),
'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME
],
'color' => [

6
server/controllers/ticket/create.php
View File

@ -54,11 +54,11 @@ class CreateController extends Controller {
'permission' => 'user',
'requestData' => [
'title' => [
'validation' => DataValidator::length(1, 200),
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_TITLE
],
'content' => [
'validation' => DataValidator::length(10, 5000),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'departmentId' => [
@ -83,7 +83,7 @@ class CreateController extends Controller {
'error' => ERRORS::INVALID_EMAIL
];
$validations['requestData']['name'] = [
'validation' => DataValidator::length(2, 40),
'validation' => DataValidator::notBlank()->length(2, 40),
'error' => ERRORS::INVALID_NAME
];
}

4
server/controllers/ticket/edit-comment.php
View File

@ -36,7 +36,7 @@ class EditCommentController extends Controller {
'permission' => 'user',
'requestData' => [
'content' => [
'validation' => DataValidator::length(10, 5000),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'ticketNumber' => [
@ -50,7 +50,7 @@ class EditCommentController extends Controller {
'permission' => 'any',
'requestData' => [
'content' => [
'validation' => DataValidator::length(10, 5000),
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'ticketNumber' => [

10
server/controllers/ticket/edit-custom-response.php
View File

@ -37,7 +37,15 @@ class EditCustomResponseController extends Controller {
'id' => [
'validation' => DataValidator::dataStoreId('customresponse'),
'error' => ERRORS::INVALID_NAME
]
],
'content' => [
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'name' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()),
'error' => ERRORS::INVALID_NAME
],
]
];
}

4
server/controllers/ticket/edit-tag.php
View File

@ -41,6 +41,10 @@ class EditTagController extends Controller {
'color' => [
'validation' => DataValidator::hexRgbColor()->startsWith('#'),
'error' => ERRORS::INVALID_COLOR
],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
]
]
];

90
server/controllers/ticket/search.php
View File

@ -95,6 +95,10 @@ class SearchController extends Controller {
'validation' => DataValidator::oneOf(DataValidator::in(['0','1']),DataValidator::nullType()),
'error' => ERRORS::INVALID_ASSIGNED_FILTER
],
'query' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY_FILTER
],
'orderBy' => [
'validation' => DataValidator::oneOf(DataValidator::validOrderBy(),DataValidator::nullType()),
'error' => ERRORS::INVALID_ORDER_BY
@ -104,6 +108,12 @@ class SearchController extends Controller {
}
public function handler() {
$allowedDepartmentsId = [];
foreach (Controller::getLoggedUser()->sharedDepartmentList->toArray() as $department) {
array_push($allowedDepartmentsId,$department['id']);
}
$inputs = [
'closed' => Controller::request('closed'),
'tags' => json_decode(Controller::request('tags')),
@ -117,14 +127,14 @@ class SearchController extends Controller {
'query' => Controller::request('query'),
'orderBy' => json_decode(Controller::request('orderBy'),true),
'page' => Controller::request('page'),
'allowedDepartments' => Controller::getLoggedUser()->sharedDepartmentList->toArray(),
'allowedDepartments' => $allowedDepartmentsId,
'staffId' => Controller::getLoggedUser()->id
];
$query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)'];
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%"])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]);
$ticketList = [];
@ -133,7 +143,6 @@ class SearchController extends Controller {
array_push($ticketList, $ticket->toArray());
}
$ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';");
if($ticketTableExists){
Response::respondSuccess([
'tickets' => $ticketList,
@ -254,13 +263,29 @@ class SearchController extends Controller {
}
}
private function setDepartmentFilter($departments,$allowedDepartments, $idStaff, &$filters){
private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){
if ($filters != "") $filters .= " and ";
$validDepartments = $this->generateValidDepartmentList($departments, $allowedDepartments);
if (!$requestedDepartments) $requestedDepartments = [];
$requestedOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments);
$requestedNotOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments);
$first = TRUE;
if($validDepartments){
foreach($validDepartments as $department) {
if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){
foreach($myDepartments as $department) {
if($first){
$filters .= " ( ";
$first = FALSE;
} else {
$filters .= " or ";
}
$filters .= "ticket.department_id = " . $department;
}
$filters .= ")";
}
if($requestedOwnedDepartments){
foreach($requestedOwnedDepartments as $department) {
if($first){
$filters .= " ( ";
$first = FALSE;
@ -269,11 +294,24 @@ class SearchController extends Controller {
}
$filters .= "ticket.department_id = " . $department;
}
$filters .= " or ";
}else{
$filters .= "(";
}
$filters .= "ticket.author_staff_id = " . $idStaff . ")";
if($requestedNotOwnedDepartments){
if($requestedOwnedDepartments) $filters .= " or ";
$filters .= "(ticket.author_staff_id = " . $idStaff . " and ";
$first = TRUE;
foreach($requestedNotOwnedDepartments as $department) {
if($first){
$filters .= " ( ";
$first = FALSE;
} else {
$filters .= " or ";
}
$filters .= "ticket.department_id = " . $department;
}
$filters .= "))";
}
if($requestedOwnedDepartments) $filters .= " )";
}
private function setAuthorFilter($authors, &$filters){
@ -338,21 +376,21 @@ class SearchController extends Controller {
$filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )";
};
}
private function getRequestedOwnedDepartments($requestedDepartments, $myDepartments){
$requestedOwnedDepartments = [];
$requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments)));
return $requestedOwnedDepartments;
}
private function generateValidDepartmentList($departments, $allowedDepartments){
$result = [];
$managedDepartments = [];
if($departments == null) $departments = [];
foreach ($allowedDepartments as $department) {
array_push($managedDepartments,$department['id']);
}
$result = array_intersect($departments,$managedDepartments);
if(empty($result)) $result = $managedDepartments;
$result = array_unique($result);
return $result;
private function getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments){
$requestedNotOwnedDepartments = [];
$requestedOwnedDepartments = [];
$requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments)));
$requestedNotOwnedDepartments = array_values(array_diff($requestedDepartments, $requestedOwnedDepartments));
return $requestedNotOwnedDepartments;
}
//ORDER

2
server/controllers/user/edit-password.php
View File

@ -33,7 +33,7 @@ class EditPassword extends Controller {
'permission' => 'user',
'requestData' => [
'newPassword' => [
'validation' => DataValidator::length(5, 200),
'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD
]
]

2
server/controllers/user/invite.php
View File

@ -45,7 +45,7 @@ class InviteUserController extends Controller {
'permission' => 'staff_1',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
],
'email' => [

2
server/controllers/user/recover-password.php
View File

@ -48,7 +48,7 @@ class RecoverPasswordController extends Controller {
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
'validation' => DataValidator::length(5, 200),
'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD
]
]

4
server/controllers/user/signup.php
View File

@ -56,7 +56,7 @@ class SignUpController extends Controller {
'permission' => 'any',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME
],
'email' => [
@ -64,7 +64,7 @@ class SignUpController extends Controller {
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
'validation' => DataValidator::length(5, 200),
'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD
]
]

10
server/data/ERRORS.php
View File

@ -39,6 +39,10 @@
* @apiDefine INVALID_NAME
* @apiError {String} INVALID_NAME The name is invalid, probably too short.
*/
/**
* @apiDefine INVALID_DESCRIPTION
* @apiError {String} INVALID_DESCRIPTION The description is invalid.
*/
/**
* @apiDefine INVALID_SETTING
* @apiError {String} INVALID_SETTING The setting are invalid.
@ -127,6 +131,10 @@
* @apiDefine INVALID_ASSIGNED_FILTER
* @apiError {String} INVALID_ASSIGNED_FILTER The assigned filter is invalid.
*/
/**
* @apiDefine INVALID_QUERY_FILTER
* @apiError {String} INVALID_QUERY_FILTER The query filter is invalid.
*/
/**
* @apiDefine INVALID_ORDER_BY
* @apiError {String} INVALID_ORDER_BY The order-by is invalid.
@ -307,6 +315,7 @@ class ERRORS {
const INVALID_EMAIL = 'INVALID_EMAIL';
const INVALID_PASSWORD = 'INVALID_PASSWORD';
const INVALID_NAME = 'INVALID_NAME';
const INVALID_DESCRIPTION = 'INVALID_DESCRIPTION';
const INVALID_SETTING = 'INVALID_SETTING';
const INVALID_DEPARTMENT = 'INVALID_DEPARTMENT';
const INVALID_TICKET = 'INVALID_TICKET';
@ -330,6 +339,7 @@ class ERRORS {
const INVALID_AUTHOR_FILTER = 'INVALID_AUTHOR_FILTER';
const INVALID_OWNER_FILTER = 'INVALID_OWNER_FILTER';
const INVALID_ASSIGNED_FILTER = 'INVALID_ASSIGNED_FILTER';
const INVALID_QUERY_FILTER = 'INVALID_QUERY_FILTER';
const INVALID_ORDER_BY = 'INVALID_ORDER_BY';
const INVALID_TOPIC = 'INVALID_TOPIC';
const INVALID_SEARCH = 'INVALID_SEARCH';

15
server/libs/validations/content.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class Content extends AbstractRule {
public function validate($content) {
$content = str_replace(" ",'',preg_replace("/<\s*[^>]*>/",'',$content));
if($content == '') return false;
if(strlen($content) > 10000) return false;
return true;
}
}

27
server/tests/controllers/ticket/searchTest.php
View File

@ -209,7 +209,7 @@ class SearchControllerTest extends TestCase {
]
]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id'
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id'
);
$this->assertEquals(
@ -228,12 +228,12 @@ class SearchControllerTest extends TestCase {
]
]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.author_staff_id = 1) GROUP BY ticket.id'
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 ) GROUP BY ticket.id'
);
$this->assertEquals(
$this->searchController->getSQLQuery([
'departments' => [1,2,3],
'departments' => [1,2,3,4],
'staffId' => 1,
'allowedDepartments' => [
[
@ -241,13 +241,26 @@ class SearchControllerTest extends TestCase {
],
[
'id' => 1
],
[
'id' => 3
]
]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id'
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or (ticket.author_staff_id = 1 and ( ticket.department_id = 3 or ticket.department_id = 4)) ) GROUP BY ticket.id'
);
$this->assertEquals(
$this->searchController->getSQLQuery([
'departments' => [2],
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 5
],
[
'id' => 6
]
]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.author_staff_id = 1 and ( ticket.department_id = 2)) GROUP BY ticket.id'
);
}

4
tests/system/custom-fields.rb
View File

@ -121,7 +121,7 @@ describe 'Custom fields' do
it 'should success and shows all custom fields' do
Scripts.createTextCustomField('mocktextfield1','description number 1')
Scripts.createTextCustomField('mocktextfield2','description number 2')
Scripts.createTextCustomField('mocktextfield3',nil)
Scripts.createTextCustomField('mocktextfield3','description number 3')
result = request('/system/get-custom-fields', {
csrf_userid: $csrf_userid,
@ -147,7 +147,7 @@ describe 'Custom fields' do
result['data'][2]['description'].should.equal('description number 2')
result['data'][3]['name'].should.equal('mocktextfield3')
result['data'][3]['type'].should.equal('text')
result['data'][3]['description'].should.equal('')
result['data'][3]['description'].should.equal('description number 3')
end
end

4
tests/system/disable-user-system.rb
View File

@ -19,7 +19,7 @@ describe'system/disable-user-system' do
numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
(numberOftickets.num_rows).should.equal(52)
(numberOftickets.num_rows).should.equal(53)
request('/user/logout')
@ -220,7 +220,7 @@ describe'system/disable-user-system' do
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
(numberOftickets.num_rows).should.equal(55)
(numberOftickets.num_rows).should.equal(56)
end
it 'should not enable the user system' do

27
tests/ticket/comment.rb
View File

@ -18,33 +18,6 @@ describe '/ticket/comment/' do
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if content is too short' do
result = request('/ticket/comment', {
content: 'Test',
ticketNumber: @ticketNumber,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CONTENT')
end
it 'should fail if content is very long' do
long_text = ''
6000.times {long_text << 'a'}
result = request('/ticket/comment', {
content: long_text,
ticketNumber: @ticketNumber,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CONTENT')
end
it 'should fail if ticket does not exist' do
result = request('/ticket/comment', {
content: 'some comment content',

15
tests/ticket/create.rb
View File

@ -32,7 +32,7 @@ describe '/ticket/create' do
(result['message']).should.equal('INVALID_TITLE')
end
it 'should fail if content is too short' do
it 'should craete ticket with a short content' do
result = request('/ticket/create', {
title: 'Winter is coming',
content: 'Test',
@ -42,13 +42,12 @@ describe '/ticket/create' do
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CONTENT')
(result['status']).should.equal('success')
end
it 'should fail if content is very long' do
it 'should fail if the ticket has a very large content' do
long_text = ''
6000.times {long_text << 'a'}
10001.times {long_text << 'a'}
result = request('/ticket/create',{
title: 'Winter is coming',
@ -114,7 +113,7 @@ describe '/ticket/create' do
Scripts.login('creator@os4.com','creator')
result = request('/ticket/create', {
title: 'Winter is coming',
title: 'Winter is coming!',
content: 'The north remembers',
departmentId: 1,
language: 'en',
@ -124,7 +123,7 @@ describe '/ticket/create' do
(result['status']).should.equal('success')
ticket = $database.getRow('ticket','Winter is coming','title')
ticket = $database.getRow('ticket','Winter is coming!','title')
(ticket['content']).should.equal('The north remembers')
(ticket['unread']).should.equal('0')
(ticket['closed']).should.equal('0')
@ -168,7 +167,7 @@ describe '/ticket/create' do
ticket_number_gap = $database.getRow('setting', 'ticket-gap', 'name')['value'].to_i
ticket0 = $database.getRow('ticket','Winter is coming','title')['ticket_number'].to_i
ticket0 = $database.getRow('ticket','Winter is coming!','title')['ticket_number'].to_i
ticket1 = $database.getRow('ticket','Winter is coming1','title')['ticket_number'].to_i
ticket2 = $database.getRow('ticket','Winter is coming2','title')['ticket_number'].to_i
ticket3 = $database.getRow('ticket','Winter is coming3','title')['ticket_number'].to_i

1
tests/ticket/custom-response.rb
View File

@ -34,7 +34,6 @@ describe 'CustomResponses' do
})
customResponse = $database.getRow('customresponse', 1)
(result['status']).should.equal('success')
(customResponse['name']).should.equal('Some common problem')
(customResponse['content']).should.equal('this is the content of a custom response for a common problem 2')