diff --git a/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js b/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js index 58287b7c..b6ecaf11 100644 --- a/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js +++ b/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js @@ -14,7 +14,7 @@ class AdminPanelSearchTickets extends React.Component { return (
- {(this.props.error) ? {i18n('ERROR_RETRIEVING_TICKETS')} : } + {(this.props.error) ? {i18n('ERROR_RETRIEVING_TICKETS')} : }
); } diff --git a/client/src/data/languages/en.js b/client/src/data/languages/en.js index 75ef6f8c..a8380b5b 100644 --- a/client/src/data/languages/en.js +++ b/client/src/data/languages/en.js @@ -363,6 +363,7 @@ export default { 'NO_PERMISSION': 'You\'ve no permission to access to this page.', 'INVALID_USER': 'User id is invalid', 'INVALID_TITLE': 'invalid title', + 'INVALID_NAME': 'invalid name', 'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.', 'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.', 'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.', diff --git a/client/src/lib-app/validations/length-validator.js b/client/src/lib-app/validations/length-validator.js index 3b120e07..f8e2a45a 100644 --- a/client/src/lib-app/validations/length-validator.js +++ b/client/src/lib-app/validations/length-validator.js @@ -1,4 +1,5 @@ import Validator from 'lib-app/validations/validator'; +import _ from 'lodash'; class LengthValidator extends Validator { constructor(length, errorKey = 'INVALID_VALUE', validator = null) { @@ -12,8 +13,10 @@ class LengthValidator extends Validator { let div = document.createElement("div"); div.innerHTML = value; let text = div.textContent || div.innerText || ""; - - if (text.length < this.minlength) return this.getError(this.errorKey); + if(_.every(text, c => c === " ")) { + text = text.replace(/\s/g, ''); + } + if(text.length < this.minlength) return this.getError(this.errorKey); } } diff --git a/client/src/lib-app/validations/space-validator.js b/client/src/lib-app/validations/space-validator.js new file mode 100644 index 00000000..447de4f3 --- /dev/null +++ b/client/src/lib-app/validations/space-validator.js @@ -0,0 +1,19 @@ +import Validator from 'lib-app/validations/validator'; + +class SpaceValidator extends Validator { + constructor(errorKey = 'INVALID_VALUE', validator = null) { + super(validator); + + this.errorKey = errorKey; + } + + validate(value = '', form = {}) { + let div = document.createElement("div"); + div.innerHTML = value; + let text = div.textContent || div.innerText || ""; + + if (text.replace(/\s/g, '').length < 1) return this.getError(this.errorKey); + } +} + +export default SpaceValidator; diff --git a/client/src/lib-app/validations/validator-factory.js b/client/src/lib-app/validations/validator-factory.js index c84278f6..7e9242d0 100644 --- a/client/src/lib-app/validations/validator-factory.js +++ b/client/src/lib-app/validations/validator-factory.js @@ -4,13 +4,14 @@ import RepeatPasswordValidator from 'lib-app/validations/repeat-password-validat import LengthValidator from 'lib-app/validations/length-validator'; import ListValidator from 'lib-app/validations/list-validator'; import ImageSizeValidator from 'lib-app/validations/image-size-validator'; +import SpaceValidator from './space-validator'; let validators = { 'DEFAULT': new Validator(), 'NAME': new LengthValidator(2, 'ERROR_NAME'), 'TITLE': new LengthValidator(1, 'ERROR_TITLE'), 'EMAIL': new EmailValidator(), - 'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(10, 'ERROR_CONTENT_SHORT')), + 'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(1, 'ERROR_CONTENT_SHORT')), 'PASSWORD': new LengthValidator(6, 'ERROR_PASSWORD'), 'REPEAT_PASSWORD': new RepeatPasswordValidator(), 'URL': new LengthValidator(5, 'ERROR_URL'), diff --git a/server/controllers/article/add-topic.php b/server/controllers/article/add-topic.php index 4f7abdcc..8c0fc90a 100755 --- a/server/controllers/article/add-topic.php +++ b/server/controllers/article/add-topic.php @@ -36,9 +36,9 @@ class AddTopicController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), - 'error' => ERRORS::INVALID_NAME - ] + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_TITLE + ], ] ]; } diff --git a/server/controllers/article/add.php b/server/controllers/article/add.php index 09b87996..7c4e0b43 100755 --- a/server/controllers/article/add.php +++ b/server/controllers/article/add.php @@ -40,11 +40,11 @@ class AddArticleController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'title' => [ - 'validation' => DataValidator::length(1, 100), + 'validation' => DataValidator::notBlank()->length(1, 100), 'error' => ERRORS::INVALID_NAME ], 'content' => [ - 'validation' => DataValidator::length(10), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'topicId' => [ diff --git a/server/controllers/article/edit-topic.php b/server/controllers/article/edit-topic.php index 124bca55..7a789556 100755 --- a/server/controllers/article/edit-topic.php +++ b/server/controllers/article/edit-topic.php @@ -38,7 +38,12 @@ class EditTopicController extends Controller { 'topicId' => [ 'validation' => DataValidator::dataStoreId('topic'), 'error' => ERRORS::INVALID_TOPIC - ] + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME + ], + ] ]; } diff --git a/server/controllers/article/edit.php b/server/controllers/article/edit.php index 11883156..d15ab96e 100755 --- a/server/controllers/article/edit.php +++ b/server/controllers/article/edit.php @@ -41,7 +41,15 @@ class EditArticleController extends Controller { 'articleId' => [ 'validation' => DataValidator::dataStoreId('article'), 'error' => ERRORS::INVALID_TOPIC - ] + ], + 'title' => [ + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()), + 'error' => ERRORS::INVALID_TITLE + ], + 'content' => [ + 'validation' => DataValidator::oneOf(DataValidator::content(),DataValidator::nullType()), + 'error' => ERRORS::INVALID_CONTENT + ], ] ]; } diff --git a/server/controllers/staff/edit.php b/server/controllers/staff/edit.php index 2b98ecf2..ad314685 100755 --- a/server/controllers/staff/edit.php +++ b/server/controllers/staff/edit.php @@ -42,7 +42,7 @@ class EditStaffController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::oneOf(DataValidator::length(5, 200), DataValidator::falseVal()), + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 200), DataValidator::falseVal()), 'error' => ERRORS::INVALID_PASSWORD ], 'level' => [ diff --git a/server/controllers/staff/get-all-tickets.php b/server/controllers/staff/get-all-tickets.php index 85548cf3..8f615d9a 100755 --- a/server/controllers/staff/get-all-tickets.php +++ b/server/controllers/staff/get-all-tickets.php @@ -64,7 +64,7 @@ class GetAllTicketsStaffController extends Controller { $query .= $this->getStaffDepartmentsQueryFilter(); $query .= $this->getClosedFilter(); $query .= "ORDER BY CASE WHEN (title LIKE ?) THEN 1 ELSE 2 END ASC, id DESC LIMIT 10 OFFSET " . (($page-1)*10); - + return Ticket::find($query, [ Controller::request('query') . '%', '%' . Controller::request('query') . '%', diff --git a/server/controllers/staff/invite.php b/server/controllers/staff/invite.php index 0fdeb6c7..7bd46762 100755 --- a/server/controllers/staff/invite.php +++ b/server/controllers/staff/invite.php @@ -47,7 +47,7 @@ class InviteStaffController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ diff --git a/server/controllers/staff/search-tickets.php b/server/controllers/staff/search-tickets.php index f49f4015..caaaed66 100755 --- a/server/controllers/staff/search-tickets.php +++ b/server/controllers/staff/search-tickets.php @@ -35,7 +35,7 @@ class SearchTicketStaffController extends Controller { 'permission' => 'staff_1', 'requestData' => [ 'query' => [ - 'validation' => DataValidator::length(1), + 'validation' => DataValidator::notBlank()->length(1), 'error' => ERRORS::INVALID_QUERY ], 'page' => [ diff --git a/server/controllers/system/add-api-key.php b/server/controllers/system/add-api-key.php index 18c3dce4..f2dfb6bd 100755 --- a/server/controllers/system/add-api-key.php +++ b/server/controllers/system/add-api-key.php @@ -34,7 +34,7 @@ class AddAPIKeyController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55)->alnum(), + 'validation' => DataValidator::notBlank()->length(2, 55)->alnum(), 'error' => ERRORS::INVALID_NAME ], 'type' => [ diff --git a/server/controllers/system/add-custom-field.php b/server/controllers/system/add-custom-field.php index 1babb45e..80369656 100644 --- a/server/controllers/system/add-custom-field.php +++ b/server/controllers/system/add-custom-field.php @@ -37,9 +37,13 @@ class AddCustomFieldController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ], + 'description' => [ + 'validation' => DataValidator::notBlank()->length(2, 100), + 'error' => ERRORS::INVALID_DESCRIPTION + ], 'type' => [ 'validation' => DataValidator::oneOf( DataValidator::equals('text'), diff --git a/server/controllers/system/add-department.php b/server/controllers/system/add-department.php index 28a21b6a..8a63f6b8 100755 --- a/server/controllers/system/add-department.php +++ b/server/controllers/system/add-department.php @@ -31,7 +31,7 @@ class AddDepartmentController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ] ] diff --git a/server/controllers/system/delete-api-key.php b/server/controllers/system/delete-api-key.php index 9acb0797..129c2b43 100755 --- a/server/controllers/system/delete-api-key.php +++ b/server/controllers/system/delete-api-key.php @@ -31,7 +31,7 @@ class DeleteAPIKeyController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ] ] diff --git a/server/controllers/system/edit-department.php b/server/controllers/system/edit-department.php index c2ad1db3..b5943dd6 100755 --- a/server/controllers/system/edit-department.php +++ b/server/controllers/system/edit-department.php @@ -37,7 +37,11 @@ class EditDepartmentController extends Controller { 'departmentId' => [ 'validation' => DataValidator::dataStoreId('department'), 'error' => ERRORS::INVALID_DEPARTMENT - ] + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME + ], ] ]; } diff --git a/server/controllers/system/edit-mail-template.php b/server/controllers/system/edit-mail-template.php index 2d053bee..c9721fe1 100755 --- a/server/controllers/system/edit-mail-template.php +++ b/server/controllers/system/edit-mail-template.php @@ -46,15 +46,15 @@ class EditMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2,2), 'error' => ERRORS::INVALID_LANGUAGE ], 'subject' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_SUBJECT ], ] diff --git a/server/controllers/system/email-polling.php b/server/controllers/system/email-polling.php index f4ae3c0c..092da5e3 100755 --- a/server/controllers/system/email-polling.php +++ b/server/controllers/system/email-polling.php @@ -12,7 +12,7 @@ class EmailPollingController extends Controller { 'permission' => 'any', 'requestData' => [ 'token' => [ - 'validation' => DataValidator::length(1, 200), + 'validation' => DataValidator::notBlank()->length(1, 200), 'error' => ERRORS::INVALID_TOKEN ] ] diff --git a/server/controllers/system/get-mail-template.php b/server/controllers/system/get-mail-template.php index 8d889fd7..1a916f6f 100755 --- a/server/controllers/system/get-mail-template.php +++ b/server/controllers/system/get-mail-template.php @@ -31,11 +31,11 @@ class GetMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2, 2), 'error' => ERRORS::INVALID_LANGUAGE ], ] diff --git a/server/controllers/system/init-admin.php b/server/controllers/system/init-admin.php index 00c8cf37..889024a0 100755 --- a/server/controllers/system/init-admin.php +++ b/server/controllers/system/init-admin.php @@ -36,7 +36,7 @@ class InitAdminController extends Controller { 'permission' => 'any', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ @@ -44,7 +44,7 @@ class InitAdminController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ], ] diff --git a/server/controllers/system/recover-mail-template.php b/server/controllers/system/recover-mail-template.php index ed8f87b2..f0feec63 100755 --- a/server/controllers/system/recover-mail-template.php +++ b/server/controllers/system/recover-mail-template.php @@ -33,11 +33,11 @@ class RecoverMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2, 2), 'error' => ERRORS::INVALID_LANGUAGE ], ] diff --git a/server/controllers/ticket/add-custom-response.php b/server/controllers/ticket/add-custom-response.php index 150aeb1a..db01fa12 100755 --- a/server/controllers/ticket/add-custom-response.php +++ b/server/controllers/ticket/add-custom-response.php @@ -36,11 +36,11 @@ class AddCustomResponseController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(5, 100), + 'validation' => DataValidator::notBlank()->length(5, 100), 'error' => ERRORS::INVALID_NAME ], 'content' => [ - 'validation' => DataValidator::length(20, 500), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'language' => [ diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index be337dfa..63dcf66c 100755 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -47,7 +47,7 @@ class CommentController extends Controller { 'permission' => 'user', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(20, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -61,7 +61,7 @@ class CommentController extends Controller { 'permission' => 'any', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(20, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -83,11 +83,10 @@ class CommentController extends Controller { $isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user); $isOwner = $this->ticket->isOwner($this->user); $private = Controller::request('private'); - if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){ throw new RequestException(ERRORS::NO_PERMISSION); } - + if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) { throw new RequestException(ERRORS::NO_PERMISSION); } diff --git a/server/controllers/ticket/create-tag.php b/server/controllers/ticket/create-tag.php index 5974ef12..0dd53239 100644 --- a/server/controllers/ticket/create-tag.php +++ b/server/controllers/ticket/create-tag.php @@ -34,7 +34,7 @@ class CreateTagController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ], 'color' => [ diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index b5493767..695138d2 100755 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -54,11 +54,11 @@ class CreateController extends Controller { 'permission' => 'user', 'requestData' => [ 'title' => [ - 'validation' => DataValidator::length(1, 200), + 'validation' => DataValidator::notBlank()->length(1, 200), 'error' => ERRORS::INVALID_TITLE ], 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'departmentId' => [ @@ -83,7 +83,7 @@ class CreateController extends Controller { 'error' => ERRORS::INVALID_EMAIL ]; $validations['requestData']['name'] = [ - 'validation' => DataValidator::length(2, 40), + 'validation' => DataValidator::notBlank()->length(2, 40), 'error' => ERRORS::INVALID_NAME ]; } diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php index 7c9248ed..dd82c841 100644 --- a/server/controllers/ticket/edit-comment.php +++ b/server/controllers/ticket/edit-comment.php @@ -36,7 +36,7 @@ class EditCommentController extends Controller { 'permission' => 'user', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -50,7 +50,7 @@ class EditCommentController extends Controller { 'permission' => 'any', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ diff --git a/server/controllers/ticket/edit-custom-response.php b/server/controllers/ticket/edit-custom-response.php index 3d430e34..259a2467 100755 --- a/server/controllers/ticket/edit-custom-response.php +++ b/server/controllers/ticket/edit-custom-response.php @@ -37,7 +37,15 @@ class EditCustomResponseController extends Controller { 'id' => [ 'validation' => DataValidator::dataStoreId('customresponse'), 'error' => ERRORS::INVALID_NAME - ] + ], + 'content' => [ + 'validation' => DataValidator::content(), + 'error' => ERRORS::INVALID_CONTENT + ], + 'name' => [ + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()), + 'error' => ERRORS::INVALID_NAME + ], ] ]; } diff --git a/server/controllers/ticket/edit-tag.php b/server/controllers/ticket/edit-tag.php index c90eac0b..2be11cce 100644 --- a/server/controllers/ticket/edit-tag.php +++ b/server/controllers/ticket/edit-tag.php @@ -41,6 +41,10 @@ class EditTagController extends Controller { 'color' => [ 'validation' => DataValidator::hexRgbColor()->startsWith('#'), 'error' => ERRORS::INVALID_COLOR + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME ] ] ]; diff --git a/server/controllers/ticket/search.php b/server/controllers/ticket/search.php index 6a0cf035..6c58c4a9 100644 --- a/server/controllers/ticket/search.php +++ b/server/controllers/ticket/search.php @@ -95,6 +95,10 @@ class SearchController extends Controller { 'validation' => DataValidator::oneOf(DataValidator::in(['0','1']),DataValidator::nullType()), 'error' => ERRORS::INVALID_ASSIGNED_FILTER ], + 'query' => [ + 'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()), + 'error' => ERRORS::INVALID_QUERY_FILTER + ], 'orderBy' => [ 'validation' => DataValidator::oneOf(DataValidator::validOrderBy(),DataValidator::nullType()), 'error' => ERRORS::INVALID_ORDER_BY @@ -104,6 +108,12 @@ class SearchController extends Controller { } public function handler() { + + $allowedDepartmentsId = []; + foreach (Controller::getLoggedUser()->sharedDepartmentList->toArray() as $department) { + array_push($allowedDepartmentsId,$department['id']); + } + $inputs = [ 'closed' => Controller::request('closed'), 'tags' => json_decode(Controller::request('tags')), @@ -117,14 +127,14 @@ class SearchController extends Controller { 'query' => Controller::request('query'), 'orderBy' => json_decode(Controller::request('orderBy'),true), 'page' => Controller::request('page'), - 'allowedDepartments' => Controller::getLoggedUser()->sharedDepartmentList->toArray(), + 'allowedDepartments' => $allowedDepartmentsId, 'staffId' => Controller::getLoggedUser()->id ]; $query = $this->getSQLQuery($inputs); $queryWithOrder = $this->getSQLQueryWithOrder($inputs); - $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)']; + $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%"])[0]['COUNT(*)']; $ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]); $ticketList = []; @@ -133,7 +143,6 @@ class SearchController extends Controller { array_push($ticketList, $ticket->toArray()); } $ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';"); - if($ticketTableExists){ Response::respondSuccess([ 'tickets' => $ticketList, @@ -254,13 +263,29 @@ class SearchController extends Controller { } } - private function setDepartmentFilter($departments,$allowedDepartments, $idStaff, &$filters){ + private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){ if ($filters != "") $filters .= " and "; - - $validDepartments = $this->generateValidDepartmentList($departments, $allowedDepartments); + if (!$requestedDepartments) $requestedDepartments = []; + + $requestedOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments); + $requestedNotOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments); $first = TRUE; - if($validDepartments){ - foreach($validDepartments as $department) { + + if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){ + foreach($myDepartments as $department) { + if($first){ + $filters .= " ( "; + $first = FALSE; + } else { + $filters .= " or "; + } + $filters .= "ticket.department_id = " . $department; + } + $filters .= ")"; + } + + if($requestedOwnedDepartments){ + foreach($requestedOwnedDepartments as $department) { if($first){ $filters .= " ( "; $first = FALSE; @@ -269,11 +294,24 @@ class SearchController extends Controller { } $filters .= "ticket.department_id = " . $department; } - $filters .= " or "; - }else{ - $filters .= "("; } - $filters .= "ticket.author_staff_id = " . $idStaff . ")"; + + if($requestedNotOwnedDepartments){ + if($requestedOwnedDepartments) $filters .= " or "; + $filters .= "(ticket.author_staff_id = " . $idStaff . " and "; + $first = TRUE; + foreach($requestedNotOwnedDepartments as $department) { + if($first){ + $filters .= " ( "; + $first = FALSE; + } else { + $filters .= " or "; + } + $filters .= "ticket.department_id = " . $department; + } + $filters .= "))"; + } + if($requestedOwnedDepartments) $filters .= " )"; } private function setAuthorFilter($authors, &$filters){ @@ -338,21 +376,21 @@ class SearchController extends Controller { $filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )"; }; } + + private function getRequestedOwnedDepartments($requestedDepartments, $myDepartments){ + $requestedOwnedDepartments = []; + $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments))); + + return $requestedOwnedDepartments; + } - private function generateValidDepartmentList($departments, $allowedDepartments){ - $result = []; - $managedDepartments = []; - if($departments == null) $departments = []; - foreach ($allowedDepartments as $department) { - array_push($managedDepartments,$department['id']); - } - $result = array_intersect($departments,$managedDepartments); - - if(empty($result)) $result = $managedDepartments; - - $result = array_unique($result); - - return $result; + private function getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments){ + $requestedNotOwnedDepartments = []; + $requestedOwnedDepartments = []; + $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments))); + $requestedNotOwnedDepartments = array_values(array_diff($requestedDepartments, $requestedOwnedDepartments)); + + return $requestedNotOwnedDepartments; } //ORDER diff --git a/server/controllers/user/edit-password.php b/server/controllers/user/edit-password.php index 874c575d..35e5e9a1 100755 --- a/server/controllers/user/edit-password.php +++ b/server/controllers/user/edit-password.php @@ -33,7 +33,7 @@ class EditPassword extends Controller { 'permission' => 'user', 'requestData' => [ 'newPassword' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/controllers/user/invite.php b/server/controllers/user/invite.php index 18d31c3d..ad7c0d11 100755 --- a/server/controllers/user/invite.php +++ b/server/controllers/user/invite.php @@ -45,7 +45,7 @@ class InviteUserController extends Controller { 'permission' => 'staff_1', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ diff --git a/server/controllers/user/recover-password.php b/server/controllers/user/recover-password.php index 8fe431a6..f419fd41 100755 --- a/server/controllers/user/recover-password.php +++ b/server/controllers/user/recover-password.php @@ -48,7 +48,7 @@ class RecoverPasswordController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php index aa8c663f..63c278dd 100755 --- a/server/controllers/user/signup.php +++ b/server/controllers/user/signup.php @@ -56,7 +56,7 @@ class SignUpController extends Controller { 'permission' => 'any', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ @@ -64,7 +64,7 @@ class SignUpController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index d970ad21..7577e562 100755 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -39,6 +39,10 @@ * @apiDefine INVALID_NAME * @apiError {String} INVALID_NAME The name is invalid, probably too short. */ +/** + * @apiDefine INVALID_DESCRIPTION + * @apiError {String} INVALID_DESCRIPTION The description is invalid. + */ /** * @apiDefine INVALID_SETTING * @apiError {String} INVALID_SETTING The setting are invalid. @@ -127,6 +131,10 @@ * @apiDefine INVALID_ASSIGNED_FILTER * @apiError {String} INVALID_ASSIGNED_FILTER The assigned filter is invalid. */ +/** + * @apiDefine INVALID_QUERY_FILTER + * @apiError {String} INVALID_QUERY_FILTER The query filter is invalid. + */ /** * @apiDefine INVALID_ORDER_BY * @apiError {String} INVALID_ORDER_BY The order-by is invalid. @@ -307,6 +315,7 @@ class ERRORS { const INVALID_EMAIL = 'INVALID_EMAIL'; const INVALID_PASSWORD = 'INVALID_PASSWORD'; const INVALID_NAME = 'INVALID_NAME'; + const INVALID_DESCRIPTION = 'INVALID_DESCRIPTION'; const INVALID_SETTING = 'INVALID_SETTING'; const INVALID_DEPARTMENT = 'INVALID_DEPARTMENT'; const INVALID_TICKET = 'INVALID_TICKET'; @@ -330,6 +339,7 @@ class ERRORS { const INVALID_AUTHOR_FILTER = 'INVALID_AUTHOR_FILTER'; const INVALID_OWNER_FILTER = 'INVALID_OWNER_FILTER'; const INVALID_ASSIGNED_FILTER = 'INVALID_ASSIGNED_FILTER'; + const INVALID_QUERY_FILTER = 'INVALID_QUERY_FILTER'; const INVALID_ORDER_BY = 'INVALID_ORDER_BY'; const INVALID_TOPIC = 'INVALID_TOPIC'; const INVALID_SEARCH = 'INVALID_SEARCH'; diff --git a/server/libs/validations/content.php b/server/libs/validations/content.php new file mode 100644 index 00000000..afc09d44 --- /dev/null +++ b/server/libs/validations/content.php @@ -0,0 +1,15 @@ +]*>/",'',$content)); + + if($content == '') return false; + if(strlen($content) > 10000) return false; + return true; + } +} \ No newline at end of file diff --git a/server/tests/controllers/ticket/searchTest.php b/server/tests/controllers/ticket/searchTest.php index a49b3fb3..b5fc92d8 100644 --- a/server/tests/controllers/ticket/searchTest.php +++ b/server/tests/controllers/ticket/searchTest.php @@ -209,7 +209,7 @@ class SearchControllerTest extends TestCase { ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id' ); $this->assertEquals( @@ -228,12 +228,12 @@ class SearchControllerTest extends TestCase { ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 ) GROUP BY ticket.id' ); $this->assertEquals( $this->searchController->getSQLQuery([ - 'departments' => [1,2,3], + 'departments' => [1,2,3,4], 'staffId' => 1, 'allowedDepartments' => [ [ @@ -241,13 +241,26 @@ class SearchControllerTest extends TestCase { ], [ 'id' => 1 - ], - [ - 'id' => 3 ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or (ticket.author_staff_id = 1 and ( ticket.department_id = 3 or ticket.department_id = 4)) ) GROUP BY ticket.id' + ); + + $this->assertEquals( + $this->searchController->getSQLQuery([ + 'departments' => [2], + 'staffId' => 1, + 'allowedDepartments' => [ + [ + 'id' => 5 + ], + [ + 'id' => 6 + ] + ] + ]), + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.author_staff_id = 1 and ( ticket.department_id = 2)) GROUP BY ticket.id' ); } diff --git a/tests/system/custom-fields.rb b/tests/system/custom-fields.rb index 9a09decf..acce982b 100644 --- a/tests/system/custom-fields.rb +++ b/tests/system/custom-fields.rb @@ -121,7 +121,7 @@ describe 'Custom fields' do it 'should success and shows all custom fields' do Scripts.createTextCustomField('mocktextfield1','description number 1') Scripts.createTextCustomField('mocktextfield2','description number 2') - Scripts.createTextCustomField('mocktextfield3',nil) + Scripts.createTextCustomField('mocktextfield3','description number 3') result = request('/system/get-custom-fields', { csrf_userid: $csrf_userid, @@ -147,7 +147,7 @@ describe 'Custom fields' do result['data'][2]['description'].should.equal('description number 2') result['data'][3]['name'].should.equal('mocktextfield3') result['data'][3]['type'].should.equal('text') - result['data'][3]['description'].should.equal('') + result['data'][3]['description'].should.equal('description number 3') end end diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb index 9550c0df..f0dd5f21 100644 --- a/tests/system/disable-user-system.rb +++ b/tests/system/disable-user-system.rb @@ -19,7 +19,7 @@ describe'system/disable-user-system' do numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") - (numberOftickets.num_rows).should.equal(52) + (numberOftickets.num_rows).should.equal(53) request('/user/logout') @@ -220,7 +220,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) - (numberOftickets.num_rows).should.equal(55) + (numberOftickets.num_rows).should.equal(56) end it 'should not enable the user system' do diff --git a/tests/ticket/comment.rb b/tests/ticket/comment.rb index c5de7fc6..0eb9726f 100644 --- a/tests/ticket/comment.rb +++ b/tests/ticket/comment.rb @@ -18,33 +18,6 @@ describe '/ticket/comment/' do (result['message']).should.equal('NO_PERMISSION') end - it 'should fail if content is too short' do - result = request('/ticket/comment', { - content: 'Test', - ticketNumber: @ticketNumber, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') - end - - it 'should fail if content is very long' do - long_text = '' - 6000.times {long_text << 'a'} - - result = request('/ticket/comment', { - content: long_text, - ticketNumber: @ticketNumber, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') - end - it 'should fail if ticket does not exist' do result = request('/ticket/comment', { content: 'some comment content', diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index 9632c86b..9429e174 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -32,7 +32,7 @@ describe '/ticket/create' do (result['message']).should.equal('INVALID_TITLE') end - it 'should fail if content is too short' do + it 'should craete ticket with a short content' do result = request('/ticket/create', { title: 'Winter is coming', content: 'Test', @@ -42,13 +42,12 @@ describe '/ticket/create' do csrf_token: $csrf_token }) - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') + (result['status']).should.equal('success') end - it 'should fail if content is very long' do + it 'should fail if the ticket has a very large content' do long_text = '' - 6000.times {long_text << 'a'} + 10001.times {long_text << 'a'} result = request('/ticket/create',{ title: 'Winter is coming', @@ -114,7 +113,7 @@ describe '/ticket/create' do Scripts.login('creator@os4.com','creator') result = request('/ticket/create', { - title: 'Winter is coming', + title: 'Winter is coming!', content: 'The north remembers', departmentId: 1, language: 'en', @@ -124,7 +123,7 @@ describe '/ticket/create' do (result['status']).should.equal('success') - ticket = $database.getRow('ticket','Winter is coming','title') + ticket = $database.getRow('ticket','Winter is coming!','title') (ticket['content']).should.equal('The north remembers') (ticket['unread']).should.equal('0') (ticket['closed']).should.equal('0') @@ -168,7 +167,7 @@ describe '/ticket/create' do ticket_number_gap = $database.getRow('setting', 'ticket-gap', 'name')['value'].to_i - ticket0 = $database.getRow('ticket','Winter is coming','title')['ticket_number'].to_i + ticket0 = $database.getRow('ticket','Winter is coming!','title')['ticket_number'].to_i ticket1 = $database.getRow('ticket','Winter is coming1','title')['ticket_number'].to_i ticket2 = $database.getRow('ticket','Winter is coming2','title')['ticket_number'].to_i ticket3 = $database.getRow('ticket','Winter is coming3','title')['ticket_number'].to_i diff --git a/tests/ticket/custom-response.rb b/tests/ticket/custom-response.rb index 74abcf57..c98659c8 100644 --- a/tests/ticket/custom-response.rb +++ b/tests/ticket/custom-response.rb @@ -34,7 +34,6 @@ describe 'CustomResponses' do }) customResponse = $database.getRow('customresponse', 1) - (result['status']).should.equal('success') (customResponse['name']).should.equal('Some common problem') (customResponse['content']).should.equal('this is the content of a custom response for a common problem 2')