From 72a9b1ef0e22e13d7f1b6a184aba1f075ad159e1 Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Fri, 31 Jan 2020 14:15:07 -0300 Subject: [PATCH 01/10] fix custom ticket list --- .../src/app/admin/panel/tickets/admin-panel-search-tickets.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js b/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js index 58287b7c..b6ecaf11 100644 --- a/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js +++ b/client/src/app/admin/panel/tickets/admin-panel-search-tickets.js @@ -14,7 +14,7 @@ class AdminPanelSearchTickets extends React.Component { return (
- {(this.props.error) ? {i18n('ERROR_RETRIEVING_TICKETS')} : } + {(this.props.error) ? {i18n('ERROR_RETRIEVING_TICKETS')} : }
); } From e44559618f110bcd66f1217b7e603c6d64c85022 Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Fri, 31 Jan 2020 14:19:48 -0300 Subject: [PATCH 02/10] Fix blank strings of titles and contents BE --- server/controllers/article/add-topic.php | 6 +++--- server/controllers/article/add.php | 4 ++-- server/controllers/article/edit-topic.php | 7 ++++++- server/controllers/article/edit.php | 10 +++++++++- server/controllers/staff/edit.php | 2 +- server/controllers/staff/invite.php | 2 +- server/controllers/staff/search-tickets.php | 2 +- server/controllers/system/add-api-key.php | 2 +- server/controllers/system/add-custom-field.php | 6 +++++- server/controllers/system/add-department.php | 2 +- server/controllers/system/delete-api-key.php | 2 +- server/controllers/system/edit-department.php | 6 +++++- server/controllers/system/edit-mail-template.php | 6 +++--- server/controllers/system/email-polling.php | 2 +- server/controllers/system/get-mail-template.php | 4 ++-- server/controllers/system/init-admin.php | 4 ++-- .../controllers/system/recover-mail-template.php | 4 ++-- server/controllers/ticket/add-custom-response.php | 4 ++-- server/controllers/ticket/comment.php | 7 +++---- server/controllers/ticket/create-tag.php | 2 +- server/controllers/ticket/create.php | 6 +++--- server/controllers/ticket/edit-comment.php | 4 ++-- server/controllers/ticket/edit-custom-response.php | 10 +++++++++- server/controllers/ticket/edit-tag.php | 4 ++++ server/controllers/user/edit-password.php | 2 +- server/controllers/user/invite.php | 2 +- server/controllers/user/recover-password.php | 2 +- server/controllers/user/signup.php | 4 ++-- server/data/ERRORS.php | 5 +++++ server/libs/validations/content.php | 14 ++++++++++++++ 30 files changed, 94 insertions(+), 43 deletions(-) create mode 100644 server/libs/validations/content.php diff --git a/server/controllers/article/add-topic.php b/server/controllers/article/add-topic.php index 4f7abdcc..8c0fc90a 100755 --- a/server/controllers/article/add-topic.php +++ b/server/controllers/article/add-topic.php @@ -36,9 +36,9 @@ class AddTopicController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), - 'error' => ERRORS::INVALID_NAME - ] + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_TITLE + ], ] ]; } diff --git a/server/controllers/article/add.php b/server/controllers/article/add.php index 09b87996..7c4e0b43 100755 --- a/server/controllers/article/add.php +++ b/server/controllers/article/add.php @@ -40,11 +40,11 @@ class AddArticleController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'title' => [ - 'validation' => DataValidator::length(1, 100), + 'validation' => DataValidator::notBlank()->length(1, 100), 'error' => ERRORS::INVALID_NAME ], 'content' => [ - 'validation' => DataValidator::length(10), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'topicId' => [ diff --git a/server/controllers/article/edit-topic.php b/server/controllers/article/edit-topic.php index 124bca55..7a789556 100755 --- a/server/controllers/article/edit-topic.php +++ b/server/controllers/article/edit-topic.php @@ -38,7 +38,12 @@ class EditTopicController extends Controller { 'topicId' => [ 'validation' => DataValidator::dataStoreId('topic'), 'error' => ERRORS::INVALID_TOPIC - ] + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME + ], + ] ]; } diff --git a/server/controllers/article/edit.php b/server/controllers/article/edit.php index 11883156..cc30b1e9 100755 --- a/server/controllers/article/edit.php +++ b/server/controllers/article/edit.php @@ -41,7 +41,15 @@ class EditArticleController extends Controller { 'articleId' => [ 'validation' => DataValidator::dataStoreId('article'), 'error' => ERRORS::INVALID_TOPIC - ] + ], + 'title' => [ + 'validation' => DataValidator::notBlank()->length(5, 100), + 'error' => ERRORS::INVALID_TITLE + ], + 'content' => [ + 'validation' => DataValidator::content(), + 'error' => ERRORS::INVALID_CONTENT + ], ] ]; } diff --git a/server/controllers/staff/edit.php b/server/controllers/staff/edit.php index 2b98ecf2..ad314685 100755 --- a/server/controllers/staff/edit.php +++ b/server/controllers/staff/edit.php @@ -42,7 +42,7 @@ class EditStaffController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::oneOf(DataValidator::length(5, 200), DataValidator::falseVal()), + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 200), DataValidator::falseVal()), 'error' => ERRORS::INVALID_PASSWORD ], 'level' => [ diff --git a/server/controllers/staff/invite.php b/server/controllers/staff/invite.php index 0fdeb6c7..7bd46762 100755 --- a/server/controllers/staff/invite.php +++ b/server/controllers/staff/invite.php @@ -47,7 +47,7 @@ class InviteStaffController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ diff --git a/server/controllers/staff/search-tickets.php b/server/controllers/staff/search-tickets.php index f49f4015..caaaed66 100755 --- a/server/controllers/staff/search-tickets.php +++ b/server/controllers/staff/search-tickets.php @@ -35,7 +35,7 @@ class SearchTicketStaffController extends Controller { 'permission' => 'staff_1', 'requestData' => [ 'query' => [ - 'validation' => DataValidator::length(1), + 'validation' => DataValidator::notBlank()->length(1), 'error' => ERRORS::INVALID_QUERY ], 'page' => [ diff --git a/server/controllers/system/add-api-key.php b/server/controllers/system/add-api-key.php index 18c3dce4..f2dfb6bd 100755 --- a/server/controllers/system/add-api-key.php +++ b/server/controllers/system/add-api-key.php @@ -34,7 +34,7 @@ class AddAPIKeyController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55)->alnum(), + 'validation' => DataValidator::notBlank()->length(2, 55)->alnum(), 'error' => ERRORS::INVALID_NAME ], 'type' => [ diff --git a/server/controllers/system/add-custom-field.php b/server/controllers/system/add-custom-field.php index 1babb45e..80369656 100644 --- a/server/controllers/system/add-custom-field.php +++ b/server/controllers/system/add-custom-field.php @@ -37,9 +37,13 @@ class AddCustomFieldController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ], + 'description' => [ + 'validation' => DataValidator::notBlank()->length(2, 100), + 'error' => ERRORS::INVALID_DESCRIPTION + ], 'type' => [ 'validation' => DataValidator::oneOf( DataValidator::equals('text'), diff --git a/server/controllers/system/add-department.php b/server/controllers/system/add-department.php index 28a21b6a..8a63f6b8 100755 --- a/server/controllers/system/add-department.php +++ b/server/controllers/system/add-department.php @@ -31,7 +31,7 @@ class AddDepartmentController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ] ] diff --git a/server/controllers/system/delete-api-key.php b/server/controllers/system/delete-api-key.php index 9acb0797..129c2b43 100755 --- a/server/controllers/system/delete-api-key.php +++ b/server/controllers/system/delete-api-key.php @@ -31,7 +31,7 @@ class DeleteAPIKeyController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ] ] diff --git a/server/controllers/system/edit-department.php b/server/controllers/system/edit-department.php index c2ad1db3..b5943dd6 100755 --- a/server/controllers/system/edit-department.php +++ b/server/controllers/system/edit-department.php @@ -37,7 +37,11 @@ class EditDepartmentController extends Controller { 'departmentId' => [ 'validation' => DataValidator::dataStoreId('department'), 'error' => ERRORS::INVALID_DEPARTMENT - ] + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME + ], ] ]; } diff --git a/server/controllers/system/edit-mail-template.php b/server/controllers/system/edit-mail-template.php index 2d053bee..c9721fe1 100755 --- a/server/controllers/system/edit-mail-template.php +++ b/server/controllers/system/edit-mail-template.php @@ -46,15 +46,15 @@ class EditMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2,2), 'error' => ERRORS::INVALID_LANGUAGE ], 'subject' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_SUBJECT ], ] diff --git a/server/controllers/system/email-polling.php b/server/controllers/system/email-polling.php index f4ae3c0c..092da5e3 100755 --- a/server/controllers/system/email-polling.php +++ b/server/controllers/system/email-polling.php @@ -12,7 +12,7 @@ class EmailPollingController extends Controller { 'permission' => 'any', 'requestData' => [ 'token' => [ - 'validation' => DataValidator::length(1, 200), + 'validation' => DataValidator::notBlank()->length(1, 200), 'error' => ERRORS::INVALID_TOKEN ] ] diff --git a/server/controllers/system/get-mail-template.php b/server/controllers/system/get-mail-template.php index 8d889fd7..1a916f6f 100755 --- a/server/controllers/system/get-mail-template.php +++ b/server/controllers/system/get-mail-template.php @@ -31,11 +31,11 @@ class GetMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2, 2), 'error' => ERRORS::INVALID_LANGUAGE ], ] diff --git a/server/controllers/system/init-admin.php b/server/controllers/system/init-admin.php index 00c8cf37..889024a0 100755 --- a/server/controllers/system/init-admin.php +++ b/server/controllers/system/init-admin.php @@ -36,7 +36,7 @@ class InitAdminController extends Controller { 'permission' => 'any', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ @@ -44,7 +44,7 @@ class InitAdminController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ], ] diff --git a/server/controllers/system/recover-mail-template.php b/server/controllers/system/recover-mail-template.php index ed8f87b2..f0feec63 100755 --- a/server/controllers/system/recover-mail-template.php +++ b/server/controllers/system/recover-mail-template.php @@ -33,11 +33,11 @@ class RecoverMailTemplateController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'template' => [ - 'validation' => DataValidator::length(4), + 'validation' => DataValidator::notBlank()->length(4), 'error' => ERRORS::INVALID_TEMPLATE ], 'language' => [ - 'validation' => DataValidator::length(2, 2), + 'validation' => DataValidator::notBlank()->length(2, 2), 'error' => ERRORS::INVALID_LANGUAGE ], ] diff --git a/server/controllers/ticket/add-custom-response.php b/server/controllers/ticket/add-custom-response.php index 150aeb1a..db01fa12 100755 --- a/server/controllers/ticket/add-custom-response.php +++ b/server/controllers/ticket/add-custom-response.php @@ -36,11 +36,11 @@ class AddCustomResponseController extends Controller { 'permission' => 'staff_2', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(5, 100), + 'validation' => DataValidator::notBlank()->length(5, 100), 'error' => ERRORS::INVALID_NAME ], 'content' => [ - 'validation' => DataValidator::length(20, 500), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'language' => [ diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index be337dfa..63dcf66c 100755 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -47,7 +47,7 @@ class CommentController extends Controller { 'permission' => 'user', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(20, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -61,7 +61,7 @@ class CommentController extends Controller { 'permission' => 'any', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(20, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -83,11 +83,10 @@ class CommentController extends Controller { $isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user); $isOwner = $this->ticket->isOwner($this->user); $private = Controller::request('private'); - if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){ throw new RequestException(ERRORS::NO_PERMISSION); } - + if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) { throw new RequestException(ERRORS::NO_PERMISSION); } diff --git a/server/controllers/ticket/create-tag.php b/server/controllers/ticket/create-tag.php index 5974ef12..0dd53239 100644 --- a/server/controllers/ticket/create-tag.php +++ b/server/controllers/ticket/create-tag.php @@ -34,7 +34,7 @@ class CreateTagController extends Controller { 'permission' => 'staff_3', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 100), + 'validation' => DataValidator::notBlank()->length(2, 100), 'error' => ERRORS::INVALID_NAME ], 'color' => [ diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index b5493767..695138d2 100755 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -54,11 +54,11 @@ class CreateController extends Controller { 'permission' => 'user', 'requestData' => [ 'title' => [ - 'validation' => DataValidator::length(1, 200), + 'validation' => DataValidator::notBlank()->length(1, 200), 'error' => ERRORS::INVALID_TITLE ], 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'departmentId' => [ @@ -83,7 +83,7 @@ class CreateController extends Controller { 'error' => ERRORS::INVALID_EMAIL ]; $validations['requestData']['name'] = [ - 'validation' => DataValidator::length(2, 40), + 'validation' => DataValidator::notBlank()->length(2, 40), 'error' => ERRORS::INVALID_NAME ]; } diff --git a/server/controllers/ticket/edit-comment.php b/server/controllers/ticket/edit-comment.php index 7c9248ed..dd82c841 100644 --- a/server/controllers/ticket/edit-comment.php +++ b/server/controllers/ticket/edit-comment.php @@ -36,7 +36,7 @@ class EditCommentController extends Controller { 'permission' => 'user', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ @@ -50,7 +50,7 @@ class EditCommentController extends Controller { 'permission' => 'any', 'requestData' => [ 'content' => [ - 'validation' => DataValidator::length(10, 5000), + 'validation' => DataValidator::content(), 'error' => ERRORS::INVALID_CONTENT ], 'ticketNumber' => [ diff --git a/server/controllers/ticket/edit-custom-response.php b/server/controllers/ticket/edit-custom-response.php index 3d430e34..07837898 100755 --- a/server/controllers/ticket/edit-custom-response.php +++ b/server/controllers/ticket/edit-custom-response.php @@ -37,7 +37,15 @@ class EditCustomResponseController extends Controller { 'id' => [ 'validation' => DataValidator::dataStoreId('customresponse'), 'error' => ERRORS::INVALID_NAME - ] + ], + 'content' => [ + 'validation' => DataValidator::content(), + 'error' => ERRORS::INVALID_CONTENT + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME + ], ] ]; } diff --git a/server/controllers/ticket/edit-tag.php b/server/controllers/ticket/edit-tag.php index c90eac0b..2be11cce 100644 --- a/server/controllers/ticket/edit-tag.php +++ b/server/controllers/ticket/edit-tag.php @@ -41,6 +41,10 @@ class EditTagController extends Controller { 'color' => [ 'validation' => DataValidator::hexRgbColor()->startsWith('#'), 'error' => ERRORS::INVALID_COLOR + ], + 'name' => [ + 'validation' => DataValidator::notBlank()->length(1, 200), + 'error' => ERRORS::INVALID_NAME ] ] ]; diff --git a/server/controllers/user/edit-password.php b/server/controllers/user/edit-password.php index 874c575d..35e5e9a1 100755 --- a/server/controllers/user/edit-password.php +++ b/server/controllers/user/edit-password.php @@ -33,7 +33,7 @@ class EditPassword extends Controller { 'permission' => 'user', 'requestData' => [ 'newPassword' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/controllers/user/invite.php b/server/controllers/user/invite.php index 18d31c3d..ad7c0d11 100755 --- a/server/controllers/user/invite.php +++ b/server/controllers/user/invite.php @@ -45,7 +45,7 @@ class InviteUserController extends Controller { 'permission' => 'staff_1', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ diff --git a/server/controllers/user/recover-password.php b/server/controllers/user/recover-password.php index 8fe431a6..f419fd41 100755 --- a/server/controllers/user/recover-password.php +++ b/server/controllers/user/recover-password.php @@ -48,7 +48,7 @@ class RecoverPasswordController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/controllers/user/signup.php b/server/controllers/user/signup.php index aa8c663f..63c278dd 100755 --- a/server/controllers/user/signup.php +++ b/server/controllers/user/signup.php @@ -56,7 +56,7 @@ class SignUpController extends Controller { 'permission' => 'any', 'requestData' => [ 'name' => [ - 'validation' => DataValidator::length(2, 55), + 'validation' => DataValidator::notBlank()->length(2, 55), 'error' => ERRORS::INVALID_NAME ], 'email' => [ @@ -64,7 +64,7 @@ class SignUpController extends Controller { 'error' => ERRORS::INVALID_EMAIL ], 'password' => [ - 'validation' => DataValidator::length(5, 200), + 'validation' => DataValidator::notBlank()->length(5, 200), 'error' => ERRORS::INVALID_PASSWORD ] ] diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index d970ad21..3d011004 100755 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -39,6 +39,10 @@ * @apiDefine INVALID_NAME * @apiError {String} INVALID_NAME The name is invalid, probably too short. */ +/** + * @apiDefine INVALID_DESCRIPTION + * @apiError {String} INVALID_DESCRIPTION The description is invalid. + */ /** * @apiDefine INVALID_SETTING * @apiError {String} INVALID_SETTING The setting are invalid. @@ -307,6 +311,7 @@ class ERRORS { const INVALID_EMAIL = 'INVALID_EMAIL'; const INVALID_PASSWORD = 'INVALID_PASSWORD'; const INVALID_NAME = 'INVALID_NAME'; + const INVALID_DESCRIPTION = 'INVALID_DESCRIPTION'; const INVALID_SETTING = 'INVALID_SETTING'; const INVALID_DEPARTMENT = 'INVALID_DEPARTMENT'; const INVALID_TICKET = 'INVALID_TICKET'; diff --git a/server/libs/validations/content.php b/server/libs/validations/content.php new file mode 100644 index 00000000..7388851d --- /dev/null +++ b/server/libs/validations/content.php @@ -0,0 +1,14 @@ +]*>/",'',$content)); + + if($content != '')return true; + return false; + } +} \ No newline at end of file From 74de20641f750f2f62c367c08b343472ef449f2e Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Fri, 31 Jan 2020 21:47:56 -0300 Subject: [PATCH 03/10] fix department filter of ticket search --- server/controllers/ticket/search.php | 62 ++++++++++++++----- .../tests/controllers/ticket/searchTest.php | 27 +++++--- 2 files changed, 66 insertions(+), 23 deletions(-) diff --git a/server/controllers/ticket/search.php b/server/controllers/ticket/search.php index 6a0cf035..8f03b43a 100644 --- a/server/controllers/ticket/search.php +++ b/server/controllers/ticket/search.php @@ -254,13 +254,28 @@ class SearchController extends Controller { } } - private function setDepartmentFilter($departments,$allowedDepartments, $idStaff, &$filters){ + private function setDepartmentFilter($departments,$ownDepartments, $idStaff, &$filters){ if ($filters != "") $filters .= " and "; - - $validDepartments = $this->generateValidDepartmentList($departments, $allowedDepartments); + + $restOfDepartments = $this->generateValidDepartmentList($departments, $ownDepartments); + $allowedDepartments = $this->generateValidDepartmentList($departments, $ownDepartments, true); $first = TRUE; - if($validDepartments){ - foreach($validDepartments as $department) { + + if(!$allowedDepartments && !$restOfDepartments){ + foreach($ownDepartments as $department) { + if($first){ + $filters .= " ( "; + $first = FALSE; + } else { + $filters .= " or "; + } + $filters .= "ticket.department_id = " . $department['id']; + } + $filters .= ")"; + } + + if($allowedDepartments){ + foreach($allowedDepartments as $department) { if($first){ $filters .= " ( "; $first = FALSE; @@ -269,11 +284,24 @@ class SearchController extends Controller { } $filters .= "ticket.department_id = " . $department; } - $filters .= " or "; - }else{ - $filters .= "("; } - $filters .= "ticket.author_staff_id = " . $idStaff . ")"; + + if($restOfDepartments){ + if($allowedDepartments) $filters .= " or "; + $filters .= "(ticket.author_staff_id = " . $idStaff . " and "; + $first = TRUE; + foreach($restOfDepartments as $department) { + if($first){ + $filters .= " ( "; + $first = FALSE; + } else { + $filters .= " or "; + } + $filters .= "ticket.department_id = " . $department; + } + $filters .= "))"; + } + if($allowedDepartments) $filters .= " )"; } private function setAuthorFilter($authors, &$filters){ @@ -339,20 +367,22 @@ class SearchController extends Controller { }; } - private function generateValidDepartmentList($departments, $allowedDepartments){ - $result = []; + private function generateValidDepartmentList($departments, $allowedDepartments, $allowed = false){ + $allowedDepartmentsresult = []; $managedDepartments = []; if($departments == null) $departments = []; foreach ($allowedDepartments as $department) { array_push($managedDepartments,$department['id']); } - $result = array_intersect($departments,$managedDepartments); - if(empty($result)) $result = $managedDepartments; + $allowedDepartmentsresult = array_values(array_unique(array_intersect($departments,$managedDepartments))); + $authorsDepartments = array_values(array_diff($departments,$allowedDepartmentsresult)); - $result = array_unique($result); - - return $result; + if($allowed){ + return $allowedDepartmentsresult; + }else{ + return $authorsDepartments; + }; } //ORDER diff --git a/server/tests/controllers/ticket/searchTest.php b/server/tests/controllers/ticket/searchTest.php index a49b3fb3..b5fc92d8 100644 --- a/server/tests/controllers/ticket/searchTest.php +++ b/server/tests/controllers/ticket/searchTest.php @@ -209,7 +209,7 @@ class SearchControllerTest extends TestCase { ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id' ); $this->assertEquals( @@ -228,12 +228,12 @@ class SearchControllerTest extends TestCase { ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 ) GROUP BY ticket.id' ); $this->assertEquals( $this->searchController->getSQLQuery([ - 'departments' => [1,2,3], + 'departments' => [1,2,3,4], 'staffId' => 1, 'allowedDepartments' => [ [ @@ -241,13 +241,26 @@ class SearchControllerTest extends TestCase { ], [ 'id' => 1 - ], - [ - 'id' => 3 ] ] ]), - 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or (ticket.author_staff_id = 1 and ( ticket.department_id = 3 or ticket.department_id = 4)) ) GROUP BY ticket.id' + ); + + $this->assertEquals( + $this->searchController->getSQLQuery([ + 'departments' => [2], + 'staffId' => 1, + 'allowedDepartments' => [ + [ + 'id' => 5 + ], + [ + 'id' => 6 + ] + ] + ]), + 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.author_staff_id = 1 and ( ticket.department_id = 2)) GROUP BY ticket.id' ); } From ca63c3d08b8952bd134826f3957fe8e60bbce81a Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Mon, 3 Feb 2020 17:38:58 -0300 Subject: [PATCH 04/10] update names of departments, ticket search path --- client/src/data/languages/en.js | 1 + server/controllers/ticket/search.php | 59 +++++++++++++++------------- 2 files changed, 32 insertions(+), 28 deletions(-) diff --git a/client/src/data/languages/en.js b/client/src/data/languages/en.js index 75ef6f8c..a8380b5b 100644 --- a/client/src/data/languages/en.js +++ b/client/src/data/languages/en.js @@ -363,6 +363,7 @@ export default { 'NO_PERMISSION': 'You\'ve no permission to access to this page.', 'INVALID_USER': 'User id is invalid', 'INVALID_TITLE': 'invalid title', + 'INVALID_NAME': 'invalid name', 'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.', 'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.', 'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.', diff --git a/server/controllers/ticket/search.php b/server/controllers/ticket/search.php index 8f03b43a..26eee99a 100644 --- a/server/controllers/ticket/search.php +++ b/server/controllers/ticket/search.php @@ -104,6 +104,12 @@ class SearchController extends Controller { } public function handler() { + + $allowedDepartmentsId = []; + foreach (Controller::getLoggedUser()->sharedDepartmentList->toArray() as $department) { + array_push($allowedDepartmentsId,$department['id']); + } + $inputs = [ 'closed' => Controller::request('closed'), 'tags' => json_decode(Controller::request('tags')), @@ -117,7 +123,7 @@ class SearchController extends Controller { 'query' => Controller::request('query'), 'orderBy' => json_decode(Controller::request('orderBy'),true), 'page' => Controller::request('page'), - 'allowedDepartments' => Controller::getLoggedUser()->sharedDepartmentList->toArray(), + 'allowedDepartments' => $allowedDepartmentsId, 'staffId' => Controller::getLoggedUser()->id ]; @@ -254,28 +260,28 @@ class SearchController extends Controller { } } - private function setDepartmentFilter($departments,$ownDepartments, $idStaff, &$filters){ + private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){ if ($filters != "") $filters .= " and "; - $restOfDepartments = $this->generateValidDepartmentList($departments, $ownDepartments); - $allowedDepartments = $this->generateValidDepartmentList($departments, $ownDepartments, true); + $requestedNotOwnedDepartments = $this->generateValidDepartmentList($requestedDepartments, $myDepartments); + $requestedOwnedDepartments = $this->generateValidDepartmentList($requestedDepartments, $myDepartments, true); $first = TRUE; - - if(!$allowedDepartments && !$restOfDepartments){ - foreach($ownDepartments as $department) { + + if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){ + foreach($myDepartments as $department) { if($first){ $filters .= " ( "; $first = FALSE; } else { $filters .= " or "; } - $filters .= "ticket.department_id = " . $department['id']; + $filters .= "ticket.department_id = " . $department; } $filters .= ")"; } - if($allowedDepartments){ - foreach($allowedDepartments as $department) { + if($requestedOwnedDepartments){ + foreach($requestedOwnedDepartments as $department) { if($first){ $filters .= " ( "; $first = FALSE; @@ -286,11 +292,11 @@ class SearchController extends Controller { } } - if($restOfDepartments){ - if($allowedDepartments) $filters .= " or "; + if($requestedNotOwnedDepartments){ + if($requestedOwnedDepartments) $filters .= " or "; $filters .= "(ticket.author_staff_id = " . $idStaff . " and "; $first = TRUE; - foreach($restOfDepartments as $department) { + foreach($requestedNotOwnedDepartments as $department) { if($first){ $filters .= " ( "; $first = FALSE; @@ -301,7 +307,7 @@ class SearchController extends Controller { } $filters .= "))"; } - if($allowedDepartments) $filters .= " )"; + if($requestedOwnedDepartments) $filters .= " )"; } private function setAuthorFilter($authors, &$filters){ @@ -366,22 +372,19 @@ class SearchController extends Controller { $filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )"; }; } - - private function generateValidDepartmentList($departments, $allowedDepartments, $allowed = false){ - $allowedDepartmentsresult = []; - $managedDepartments = []; - if($departments == null) $departments = []; - foreach ($allowedDepartments as $department) { - array_push($managedDepartments,$department['id']); - } - - $allowedDepartmentsresult = array_values(array_unique(array_intersect($departments,$managedDepartments))); - $authorsDepartments = array_values(array_diff($departments,$allowedDepartmentsresult)); - + + private function generateValidDepartmentList($requestedDepartments, $myDepartments, $allowed = false){ + $requestedNotOwnedDepartments = []; + + if($requestedDepartments == null) $requestedDepartments = []; + + $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments))); + $requestedNotOwnedDepartments = array_values(array_diff($requestedDepartments, $requestedOwnedDepartments)); + if($allowed){ - return $allowedDepartmentsresult; + return $requestedOwnedDepartments; }else{ - return $authorsDepartments; + return $requestedNotOwnedDepartments; }; } From af0071dec21886f79ee75713be2e991f6102b406 Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Mon, 3 Feb 2020 17:41:40 -0300 Subject: [PATCH 05/10] show blank title/content error FE --- .../lib-app/validations/length-validator.js | 7 +++++-- .../lib-app/validations/space-validator.js | 19 +++++++++++++++++++ .../lib-app/validations/validator-factory.js | 1 + 3 files changed, 25 insertions(+), 2 deletions(-) create mode 100644 client/src/lib-app/validations/space-validator.js diff --git a/client/src/lib-app/validations/length-validator.js b/client/src/lib-app/validations/length-validator.js index 3b120e07..f8e2a45a 100644 --- a/client/src/lib-app/validations/length-validator.js +++ b/client/src/lib-app/validations/length-validator.js @@ -1,4 +1,5 @@ import Validator from 'lib-app/validations/validator'; +import _ from 'lodash'; class LengthValidator extends Validator { constructor(length, errorKey = 'INVALID_VALUE', validator = null) { @@ -12,8 +13,10 @@ class LengthValidator extends Validator { let div = document.createElement("div"); div.innerHTML = value; let text = div.textContent || div.innerText || ""; - - if (text.length < this.minlength) return this.getError(this.errorKey); + if(_.every(text, c => c === " ")) { + text = text.replace(/\s/g, ''); + } + if(text.length < this.minlength) return this.getError(this.errorKey); } } diff --git a/client/src/lib-app/validations/space-validator.js b/client/src/lib-app/validations/space-validator.js new file mode 100644 index 00000000..447de4f3 --- /dev/null +++ b/client/src/lib-app/validations/space-validator.js @@ -0,0 +1,19 @@ +import Validator from 'lib-app/validations/validator'; + +class SpaceValidator extends Validator { + constructor(errorKey = 'INVALID_VALUE', validator = null) { + super(validator); + + this.errorKey = errorKey; + } + + validate(value = '', form = {}) { + let div = document.createElement("div"); + div.innerHTML = value; + let text = div.textContent || div.innerText || ""; + + if (text.replace(/\s/g, '').length < 1) return this.getError(this.errorKey); + } +} + +export default SpaceValidator; diff --git a/client/src/lib-app/validations/validator-factory.js b/client/src/lib-app/validations/validator-factory.js index c84278f6..f969cdf7 100644 --- a/client/src/lib-app/validations/validator-factory.js +++ b/client/src/lib-app/validations/validator-factory.js @@ -4,6 +4,7 @@ import RepeatPasswordValidator from 'lib-app/validations/repeat-password-validat import LengthValidator from 'lib-app/validations/length-validator'; import ListValidator from 'lib-app/validations/list-validator'; import ImageSizeValidator from 'lib-app/validations/image-size-validator'; +import SpaceValidator from './space-validator'; let validators = { 'DEFAULT': new Validator(), From d520b9693260ef6afd1e757d5e73a809eacb45db Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Tue, 4 Feb 2020 16:22:08 -0300 Subject: [PATCH 06/10] fix ruby tests and change ticket search departmentvalid functions --- server/controllers/article/edit.php | 4 +-- server/controllers/staff/get-all-tickets.php | 2 +- .../ticket/edit-custom-response.php | 2 +- server/controllers/ticket/search.php | 31 +++++++++++-------- server/data/ERRORS.php | 5 +++ tests/system/custom-fields.rb | 4 +-- tests/system/disable-user-system.rb | 4 +-- tests/ticket/comment.rb | 27 ---------------- tests/ticket/create.rb | 16 +++++----- tests/ticket/custom-response.rb | 1 - 10 files changed, 38 insertions(+), 58 deletions(-) diff --git a/server/controllers/article/edit.php b/server/controllers/article/edit.php index cc30b1e9..5ab87b08 100755 --- a/server/controllers/article/edit.php +++ b/server/controllers/article/edit.php @@ -43,11 +43,11 @@ class EditArticleController extends Controller { 'error' => ERRORS::INVALID_TOPIC ], 'title' => [ - 'validation' => DataValidator::notBlank()->length(5, 100), + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 100),DataValidator::nullType()), 'error' => ERRORS::INVALID_TITLE ], 'content' => [ - 'validation' => DataValidator::content(), + 'validation' => DataValidator::oneOf(DataValidator::content(),DataValidator::nullType()), 'error' => ERRORS::INVALID_CONTENT ], ] diff --git a/server/controllers/staff/get-all-tickets.php b/server/controllers/staff/get-all-tickets.php index 85548cf3..8f615d9a 100755 --- a/server/controllers/staff/get-all-tickets.php +++ b/server/controllers/staff/get-all-tickets.php @@ -64,7 +64,7 @@ class GetAllTicketsStaffController extends Controller { $query .= $this->getStaffDepartmentsQueryFilter(); $query .= $this->getClosedFilter(); $query .= "ORDER BY CASE WHEN (title LIKE ?) THEN 1 ELSE 2 END ASC, id DESC LIMIT 10 OFFSET " . (($page-1)*10); - + return Ticket::find($query, [ Controller::request('query') . '%', '%' . Controller::request('query') . '%', diff --git a/server/controllers/ticket/edit-custom-response.php b/server/controllers/ticket/edit-custom-response.php index 07837898..259a2467 100755 --- a/server/controllers/ticket/edit-custom-response.php +++ b/server/controllers/ticket/edit-custom-response.php @@ -43,7 +43,7 @@ class EditCustomResponseController extends Controller { 'error' => ERRORS::INVALID_CONTENT ], 'name' => [ - 'validation' => DataValidator::notBlank()->length(1, 200), + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()), 'error' => ERRORS::INVALID_NAME ], ] diff --git a/server/controllers/ticket/search.php b/server/controllers/ticket/search.php index 26eee99a..aa19daaf 100644 --- a/server/controllers/ticket/search.php +++ b/server/controllers/ticket/search.php @@ -95,6 +95,10 @@ class SearchController extends Controller { 'validation' => DataValidator::oneOf(DataValidator::in(['0','1']),DataValidator::nullType()), 'error' => ERRORS::INVALID_ASSIGNED_FILTER ], + 'query' => [ + 'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()), + 'error' => ERRORS::INVALID_QUERY_FILTER + ], 'orderBy' => [ 'validation' => DataValidator::oneOf(DataValidator::validOrderBy(),DataValidator::nullType()), 'error' => ERRORS::INVALID_ORDER_BY @@ -130,16 +134,16 @@ class SearchController extends Controller { $query = $this->getSQLQuery($inputs); $queryWithOrder = $this->getSQLQueryWithOrder($inputs); + throw new Exception($queryWithOrder); $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)']; $ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]); $ticketList = []; - foreach ($ticketIdList as $item) { $ticket = Ticket::getDataStore($item['id']); array_push($ticketList, $ticket->toArray()); } $ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';"); - + throw new Exception("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2"); if($ticketTableExists){ Response::respondSuccess([ 'tickets' => $ticketList, @@ -263,8 +267,8 @@ class SearchController extends Controller { private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){ if ($filters != "") $filters .= " and "; - $requestedNotOwnedDepartments = $this->generateValidDepartmentList($requestedDepartments, $myDepartments); - $requestedOwnedDepartments = $this->generateValidDepartmentList($requestedDepartments, $myDepartments, true); + $requestedNotOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments); + $requestedOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments, true); $first = TRUE; if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){ @@ -373,19 +377,20 @@ class SearchController extends Controller { }; } - private function generateValidDepartmentList($requestedDepartments, $myDepartments, $allowed = false){ + private function getRequestedOwnedDepartments($requestedDepartments, $myDepartments){ + $requestedOwnedDepartments = []; + $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments))); + + return $requestedOwnedDepartments; + } + + private function getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments){ $requestedNotOwnedDepartments = []; - - if($requestedDepartments == null) $requestedDepartments = []; - + $requestedOwnedDepartments = []; $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments))); $requestedNotOwnedDepartments = array_values(array_diff($requestedDepartments, $requestedOwnedDepartments)); - if($allowed){ - return $requestedOwnedDepartments; - }else{ - return $requestedNotOwnedDepartments; - }; + return $requestedNotOwnedDepartments; } //ORDER diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index 3d011004..7577e562 100755 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -131,6 +131,10 @@ * @apiDefine INVALID_ASSIGNED_FILTER * @apiError {String} INVALID_ASSIGNED_FILTER The assigned filter is invalid. */ +/** + * @apiDefine INVALID_QUERY_FILTER + * @apiError {String} INVALID_QUERY_FILTER The query filter is invalid. + */ /** * @apiDefine INVALID_ORDER_BY * @apiError {String} INVALID_ORDER_BY The order-by is invalid. @@ -335,6 +339,7 @@ class ERRORS { const INVALID_AUTHOR_FILTER = 'INVALID_AUTHOR_FILTER'; const INVALID_OWNER_FILTER = 'INVALID_OWNER_FILTER'; const INVALID_ASSIGNED_FILTER = 'INVALID_ASSIGNED_FILTER'; + const INVALID_QUERY_FILTER = 'INVALID_QUERY_FILTER'; const INVALID_ORDER_BY = 'INVALID_ORDER_BY'; const INVALID_TOPIC = 'INVALID_TOPIC'; const INVALID_SEARCH = 'INVALID_SEARCH'; diff --git a/tests/system/custom-fields.rb b/tests/system/custom-fields.rb index 9a09decf..acce982b 100644 --- a/tests/system/custom-fields.rb +++ b/tests/system/custom-fields.rb @@ -121,7 +121,7 @@ describe 'Custom fields' do it 'should success and shows all custom fields' do Scripts.createTextCustomField('mocktextfield1','description number 1') Scripts.createTextCustomField('mocktextfield2','description number 2') - Scripts.createTextCustomField('mocktextfield3',nil) + Scripts.createTextCustomField('mocktextfield3','description number 3') result = request('/system/get-custom-fields', { csrf_userid: $csrf_userid, @@ -147,7 +147,7 @@ describe 'Custom fields' do result['data'][2]['description'].should.equal('description number 2') result['data'][3]['name'].should.equal('mocktextfield3') result['data'][3]['type'].should.equal('text') - result['data'][3]['description'].should.equal('') + result['data'][3]['description'].should.equal('description number 3') end end diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb index 9550c0df..33252dfc 100644 --- a/tests/system/disable-user-system.rb +++ b/tests/system/disable-user-system.rb @@ -19,7 +19,7 @@ describe'system/disable-user-system' do numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") - (numberOftickets.num_rows).should.equal(52) + (numberOftickets.num_rows).should.equal(54) request('/user/logout') @@ -220,7 +220,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) - (numberOftickets.num_rows).should.equal(55) + (numberOftickets.num_rows).should.equal(57) end it 'should not enable the user system' do diff --git a/tests/ticket/comment.rb b/tests/ticket/comment.rb index c5de7fc6..0eb9726f 100644 --- a/tests/ticket/comment.rb +++ b/tests/ticket/comment.rb @@ -18,33 +18,6 @@ describe '/ticket/comment/' do (result['message']).should.equal('NO_PERMISSION') end - it 'should fail if content is too short' do - result = request('/ticket/comment', { - content: 'Test', - ticketNumber: @ticketNumber, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') - end - - it 'should fail if content is very long' do - long_text = '' - 6000.times {long_text << 'a'} - - result = request('/ticket/comment', { - content: long_text, - ticketNumber: @ticketNumber, - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') - end - it 'should fail if ticket does not exist' do result = request('/ticket/comment', { content: 'some comment content', diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index 9632c86b..723eb1eb 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -32,7 +32,7 @@ describe '/ticket/create' do (result['message']).should.equal('INVALID_TITLE') end - it 'should fail if content is too short' do + it 'should craete ticket with a short content' do result = request('/ticket/create', { title: 'Winter is coming', content: 'Test', @@ -42,11 +42,10 @@ describe '/ticket/create' do csrf_token: $csrf_token }) - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') + (result['status']).should.equal('success') end - it 'should fail if content is very long' do + it 'should create ticket with a large content' do long_text = '' 6000.times {long_text << 'a'} @@ -59,8 +58,7 @@ describe '/ticket/create' do csrf_token: $csrf_token }) - (result['status']).should.equal('fail') - (result['message']).should.equal('INVALID_CONTENT') + (result['status']).should.equal('success') end @@ -114,7 +112,7 @@ describe '/ticket/create' do Scripts.login('creator@os4.com','creator') result = request('/ticket/create', { - title: 'Winter is coming', + title: 'Winter is coming!', content: 'The north remembers', departmentId: 1, language: 'en', @@ -124,7 +122,7 @@ describe '/ticket/create' do (result['status']).should.equal('success') - ticket = $database.getRow('ticket','Winter is coming','title') + ticket = $database.getRow('ticket','Winter is coming!','title') (ticket['content']).should.equal('The north remembers') (ticket['unread']).should.equal('0') (ticket['closed']).should.equal('0') @@ -168,7 +166,7 @@ describe '/ticket/create' do ticket_number_gap = $database.getRow('setting', 'ticket-gap', 'name')['value'].to_i - ticket0 = $database.getRow('ticket','Winter is coming','title')['ticket_number'].to_i + ticket0 = $database.getRow('ticket','Winter is coming!','title')['ticket_number'].to_i ticket1 = $database.getRow('ticket','Winter is coming1','title')['ticket_number'].to_i ticket2 = $database.getRow('ticket','Winter is coming2','title')['ticket_number'].to_i ticket3 = $database.getRow('ticket','Winter is coming3','title')['ticket_number'].to_i diff --git a/tests/ticket/custom-response.rb b/tests/ticket/custom-response.rb index 74abcf57..c98659c8 100644 --- a/tests/ticket/custom-response.rb +++ b/tests/ticket/custom-response.rb @@ -34,7 +34,6 @@ describe 'CustomResponses' do }) customResponse = $database.getRow('customresponse', 1) - (result['status']).should.equal('success') (customResponse['name']).should.equal('Some common problem') (customResponse['content']).should.equal('this is the content of a custom response for a common problem 2') From dc278db8453cc2e16df1e13eee30113f42b7b74e Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Tue, 4 Feb 2020 19:11:37 -0300 Subject: [PATCH 07/10] shows real pages when you search tickets with a query --- server/controllers/ticket/search.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/server/controllers/ticket/search.php b/server/controllers/ticket/search.php index aa19daaf..6c58c4a9 100644 --- a/server/controllers/ticket/search.php +++ b/server/controllers/ticket/search.php @@ -134,16 +134,15 @@ class SearchController extends Controller { $query = $this->getSQLQuery($inputs); $queryWithOrder = $this->getSQLQueryWithOrder($inputs); - throw new Exception($queryWithOrder); - $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)']; + $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%"])[0]['COUNT(*)']; $ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]); $ticketList = []; + foreach ($ticketIdList as $item) { $ticket = Ticket::getDataStore($item['id']); array_push($ticketList, $ticket->toArray()); } $ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';"); - throw new Exception("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2"); if($ticketTableExists){ Response::respondSuccess([ 'tickets' => $ticketList, @@ -266,9 +265,10 @@ class SearchController extends Controller { private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){ if ($filters != "") $filters .= " and "; + if (!$requestedDepartments) $requestedDepartments = []; - $requestedNotOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments); - $requestedOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments, true); + $requestedOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments); + $requestedNotOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments); $first = TRUE; if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){ From a2502bc1c6fb3e83a4d202eba30e4957c32f294b Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Wed, 5 Feb 2020 15:43:25 -0300 Subject: [PATCH 08/10] add length limit contents --- server/libs/validations/content.php | 5 +++-- tests/system/disable-user-system.rb | 4 ++-- tests/ticket/create.rb | 5 +++-- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/server/libs/validations/content.php b/server/libs/validations/content.php index 7388851d..6e0d93b2 100644 --- a/server/libs/validations/content.php +++ b/server/libs/validations/content.php @@ -8,7 +8,8 @@ class Content extends AbstractRule { public function validate($content) { $content = str_replace(" ",'',preg_replace("/<\s*[^>]*>/",'',$content)); - if($content != '')return true; - return false; + if($content == '') return false; + if(strlen($content) > 1250) return false; + return true; } } \ No newline at end of file diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb index 33252dfc..f0dd5f21 100644 --- a/tests/system/disable-user-system.rb +++ b/tests/system/disable-user-system.rb @@ -19,7 +19,7 @@ describe'system/disable-user-system' do numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") - (numberOftickets.num_rows).should.equal(54) + (numberOftickets.num_rows).should.equal(53) request('/user/logout') @@ -220,7 +220,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) - (numberOftickets.num_rows).should.equal(57) + (numberOftickets.num_rows).should.equal(56) end it 'should not enable the user system' do diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index 723eb1eb..e74709ff 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -45,7 +45,7 @@ describe '/ticket/create' do (result['status']).should.equal('success') end - it 'should create ticket with a large content' do + it 'should fail if the ticket has a very large content' do long_text = '' 6000.times {long_text << 'a'} @@ -58,7 +58,8 @@ describe '/ticket/create' do csrf_token: $csrf_token }) - (result['status']).should.equal('success') + (result['status']).should.equal('fail') + (result['message']).should.equal('INVALID_CONTENT') end From 364aca247e2773e0292bced1609944b53fda433f Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Wed, 5 Feb 2020 16:41:06 -0300 Subject: [PATCH 09/10] allowes contents of 1 caracter length FE --- client/src/lib-app/validations/validator-factory.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/src/lib-app/validations/validator-factory.js b/client/src/lib-app/validations/validator-factory.js index f969cdf7..7e9242d0 100644 --- a/client/src/lib-app/validations/validator-factory.js +++ b/client/src/lib-app/validations/validator-factory.js @@ -11,7 +11,7 @@ let validators = { 'NAME': new LengthValidator(2, 'ERROR_NAME'), 'TITLE': new LengthValidator(1, 'ERROR_TITLE'), 'EMAIL': new EmailValidator(), - 'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(10, 'ERROR_CONTENT_SHORT')), + 'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(1, 'ERROR_CONTENT_SHORT')), 'PASSWORD': new LengthValidator(6, 'ERROR_PASSWORD'), 'REPEAT_PASSWORD': new RepeatPasswordValidator(), 'URL': new LengthValidator(5, 'ERROR_URL'), From aedae876d681f16ef53224e3fdb1cde08321c7da Mon Sep 17 00:00:00 2001 From: Guillermo Giuliana Date: Wed, 5 Feb 2020 16:43:14 -0300 Subject: [PATCH 10/10] increase length liming content, allowes title-articles with 1 caracted --- server/controllers/article/edit.php | 2 +- server/libs/validations/content.php | 2 +- tests/ticket/create.rb | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/server/controllers/article/edit.php b/server/controllers/article/edit.php index 5ab87b08..d15ab96e 100755 --- a/server/controllers/article/edit.php +++ b/server/controllers/article/edit.php @@ -43,7 +43,7 @@ class EditArticleController extends Controller { 'error' => ERRORS::INVALID_TOPIC ], 'title' => [ - 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 100),DataValidator::nullType()), + 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()), 'error' => ERRORS::INVALID_TITLE ], 'content' => [ diff --git a/server/libs/validations/content.php b/server/libs/validations/content.php index 6e0d93b2..afc09d44 100644 --- a/server/libs/validations/content.php +++ b/server/libs/validations/content.php @@ -9,7 +9,7 @@ class Content extends AbstractRule { $content = str_replace(" ",'',preg_replace("/<\s*[^>]*>/",'',$content)); if($content == '') return false; - if(strlen($content) > 1250) return false; + if(strlen($content) > 10000) return false; return true; } } \ No newline at end of file diff --git a/tests/ticket/create.rb b/tests/ticket/create.rb index e74709ff..9429e174 100644 --- a/tests/ticket/create.rb +++ b/tests/ticket/create.rb @@ -47,7 +47,7 @@ describe '/ticket/create' do it 'should fail if the ticket has a very large content' do long_text = '' - 6000.times {long_text << 'a'} + 10001.times {long_text << 'a'} result = request('/ticket/create',{ title: 'Winter is coming',