tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-31 01:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #715 from guillegiu/master

Browse Source 
Fix bugs for 4.6.1
This commit is contained in:
Guillermo Giuliana 2020-02-05 16:48:58 -03:00 committed by GitHub
commit 5b1d3d8b50
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
43 changed files with 224 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
client/src/app/admin/panel/tickets/admin-panel-search-tickets.js
View File

@ -14,7 +14,7 @@ class AdminPanelSearchTickets extends React.Component {
return ( return (
<div className="admin-panel-all-tickets"> <div className="admin-panel-all-tickets">
<Header title={this.getList().title} description={i18n('SEARCH_TICKETS_DESCRIPTION')} /> <Header title={this.getList().title} description={i18n('SEARCH_TICKETS_DESCRIPTION')} />
{(this.props.error) ? <Message type="error">{i18n('ERROR_RETRIEVING_TICKETS')}</Message> : <TicketQueryList customList ={this.getList().filters}/>} {(this.props.error) ? <Message type="error">{i18n('ERROR_RETRIEVING_TICKETS')}</Message> : <TicketQueryList customList ={this.getList()}/>}
</div> </div>
); );
} }

1
client/src/data/languages/en.js
View File

@ -363,6 +363,7 @@ export default {
'NO_PERMISSION': 'You\'ve no permission to access to this page.', 'NO_PERMISSION': 'You\'ve no permission to access to this page.',
'INVALID_USER': 'User id is invalid', 'INVALID_USER': 'User id is invalid',
'INVALID_TITLE': 'invalid title', 'INVALID_TITLE': 'invalid title',
'INVALID_NAME': 'invalid name',
'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.', 'ERROR_RETRIEVING_TICKETS': 'An error occurred while trying to retrieve tickets.',
'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.', 'ERROR_RETRIEVING_USERS': 'An error occurred while trying to retrieve users.',
'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.', 'ERROR_RETRIEVING_BAN_LIST': 'An error occurred while trying to retrieve the list of banned emails.',

7
client/src/lib-app/validations/length-validator.js
View File

@ -1,4 +1,5 @@
import Validator from 'lib-app/validations/validator'; import Validator from 'lib-app/validations/validator';
import _ from 'lodash';
class LengthValidator extends Validator { class LengthValidator extends Validator {
constructor(length, errorKey = 'INVALID_VALUE', validator = null) { constructor(length, errorKey = 'INVALID_VALUE', validator = null) {
@ -12,8 +13,10 @@ class LengthValidator extends Validator {
let div = document.createElement("div"); let div = document.createElement("div");
div.innerHTML = value; div.innerHTML = value;
let text = div.textContent || div.innerText || ""; let text = div.textContent || div.innerText || "";
if(_.every(text, c => c === " ")) {
if (text.length < this.minlength) return this.getError(this.errorKey); text = text.replace(/\s/g, '');
}
if(text.length < this.minlength) return this.getError(this.errorKey);
} }
} }

19
client/src/lib-app/validations/space-validator.js Normal file
View File

@ -0,0 +1,19 @@
import Validator from 'lib-app/validations/validator';
class SpaceValidator extends Validator {
constructor(errorKey = 'INVALID_VALUE', validator = null) {
super(validator);
this.errorKey = errorKey;
}
validate(value = '', form = {}) {
let div = document.createElement("div");
div.innerHTML = value;
let text = div.textContent || div.innerText || "";
if (text.replace(/\s/g, '').length < 1) return this.getError(this.errorKey);
}
}
export default SpaceValidator;

3
client/src/lib-app/validations/validator-factory.js
View File

@ -4,13 +4,14 @@ import RepeatPasswordValidator from 'lib-app/validations/repeat-password-validat
import LengthValidator from 'lib-app/validations/length-validator'; import LengthValidator from 'lib-app/validations/length-validator';
import ListValidator from 'lib-app/validations/list-validator'; import ListValidator from 'lib-app/validations/list-validator';
import ImageSizeValidator from 'lib-app/validations/image-size-validator'; import ImageSizeValidator from 'lib-app/validations/image-size-validator';
import SpaceValidator from './space-validator';
let validators = { let validators = {
'DEFAULT': new Validator(), 'DEFAULT': new Validator(),
'NAME': new LengthValidator(2, 'ERROR_NAME'), 'NAME': new LengthValidator(2, 'ERROR_NAME'),
'TITLE': new LengthValidator(1, 'ERROR_TITLE'), 'TITLE': new LengthValidator(1, 'ERROR_TITLE'),
'EMAIL': new EmailValidator(), 'EMAIL': new EmailValidator(),
'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(10, 'ERROR_CONTENT_SHORT')), 'TEXT_AREA': new ImageSizeValidator(undefined, new LengthValidator(1, 'ERROR_CONTENT_SHORT')),
'PASSWORD': new LengthValidator(6, 'ERROR_PASSWORD'), 'PASSWORD': new LengthValidator(6, 'ERROR_PASSWORD'),
'REPEAT_PASSWORD': new RepeatPasswordValidator(), 'REPEAT_PASSWORD': new RepeatPasswordValidator(),
'URL': new LengthValidator(5, 'ERROR_URL'), 'URL': new LengthValidator(5, 'ERROR_URL'),

6
server/controllers/article/add-topic.php
View File

@ -36,9 +36,9 @@ class AddTopicController extends Controller {
'permission' => 'staff_2', 'permission' => 'staff_2',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 100), 'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_TITLE
] ],
] ]
]; ];
} }

4
server/controllers/article/add.php
View File

@ -40,11 +40,11 @@ class AddArticleController extends Controller {
'permission' => 'staff_2', 'permission' => 'staff_2',
'requestData' => [ 'requestData' => [
'title' => [ 'title' => [
'validation' => DataValidator::length(1, 100), 'validation' => DataValidator::notBlank()->length(1, 100),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'content' => [ 'content' => [
'validation' => DataValidator::length(10), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'topicId' => [ 'topicId' => [

7
server/controllers/article/edit-topic.php
View File

@ -38,7 +38,12 @@ class EditTopicController extends Controller {
'topicId' => [ 'topicId' => [
'validation' => DataValidator::dataStoreId('topic'), 'validation' => DataValidator::dataStoreId('topic'),
'error' => ERRORS::INVALID_TOPIC 'error' => ERRORS::INVALID_TOPIC
] ],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
],
] ]
]; ];
} }

10
server/controllers/article/edit.php
View File

@ -41,7 +41,15 @@ class EditArticleController extends Controller {
'articleId' => [ 'articleId' => [
'validation' => DataValidator::dataStoreId('article'), 'validation' => DataValidator::dataStoreId('article'),
'error' => ERRORS::INVALID_TOPIC 'error' => ERRORS::INVALID_TOPIC
] ],
'title' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()),
'error' => ERRORS::INVALID_TITLE
],
'content' => [
'validation' => DataValidator::oneOf(DataValidator::content(),DataValidator::nullType()),
'error' => ERRORS::INVALID_CONTENT
],
] ]
]; ];
} }

2
server/controllers/staff/edit.php
View File

@ -42,7 +42,7 @@ class EditStaffController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
], ],
'password' => [ 'password' => [
'validation' => DataValidator::oneOf(DataValidator::length(5, 200), DataValidator::falseVal()), 'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(5, 200), DataValidator::falseVal()),
'error' => ERRORS::INVALID_PASSWORD 'error' => ERRORS::INVALID_PASSWORD
], ],
'level' => [ 'level' => [

2
server/controllers/staff/get-all-tickets.php
View File

@ -64,7 +64,7 @@ class GetAllTicketsStaffController extends Controller {
$query .= $this->getStaffDepartmentsQueryFilter(); $query .= $this->getStaffDepartmentsQueryFilter();
$query .= $this->getClosedFilter(); $query .= $this->getClosedFilter();
$query .= "ORDER BY CASE WHEN (title LIKE ?) THEN 1 ELSE 2 END ASC, id DESC LIMIT 10 OFFSET " . (($page-1)*10); $query .= "ORDER BY CASE WHEN (title LIKE ?) THEN 1 ELSE 2 END ASC, id DESC LIMIT 10 OFFSET " . (($page-1)*10);
return Ticket::find($query, [ return Ticket::find($query, [
Controller::request('query') . '%', Controller::request('query') . '%',
'%' . Controller::request('query') . '%', '%' . Controller::request('query') . '%',

2
server/controllers/staff/invite.php
View File

@ -47,7 +47,7 @@ class InviteStaffController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55), 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'email' => [ 'email' => [

2
server/controllers/staff/search-tickets.php
View File

@ -35,7 +35,7 @@ class SearchTicketStaffController extends Controller {
'permission' => 'staff_1', 'permission' => 'staff_1',
'requestData' => [ 'requestData' => [
'query' => [ 'query' => [
'validation' => DataValidator::length(1), 'validation' => DataValidator::notBlank()->length(1),
'error' => ERRORS::INVALID_QUERY 'error' => ERRORS::INVALID_QUERY
], ],
'page' => [ 'page' => [

2
server/controllers/system/add-api-key.php
View File

@ -34,7 +34,7 @@ class AddAPIKeyController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55)->alnum(), 'validation' => DataValidator::notBlank()->length(2, 55)->alnum(),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'type' => [ 'type' => [

6
server/controllers/system/add-custom-field.php
View File

@ -37,9 +37,13 @@ class AddCustomFieldController extends Controller {
'permission' => 'staff_2', 'permission' => 'staff_2',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 100), 'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'description' => [
'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_DESCRIPTION
],
'type' => [ 'type' => [
'validation' => DataValidator::oneOf( 'validation' => DataValidator::oneOf(
DataValidator::equals('text'), DataValidator::equals('text'),

2
server/controllers/system/add-department.php
View File

@ -31,7 +31,7 @@ class AddDepartmentController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 100), 'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
] ]
] ]

2
server/controllers/system/delete-api-key.php
View File

@ -31,7 +31,7 @@ class DeleteAPIKeyController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55), 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
] ]
] ]

6
server/controllers/system/edit-department.php
View File

@ -37,7 +37,11 @@ class EditDepartmentController extends Controller {
'departmentId' => [ 'departmentId' => [
'validation' => DataValidator::dataStoreId('department'), 'validation' => DataValidator::dataStoreId('department'),
'error' => ERRORS::INVALID_DEPARTMENT 'error' => ERRORS::INVALID_DEPARTMENT
] ],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
],
] ]
]; ];
} }

6
server/controllers/system/edit-mail-template.php
View File

@ -46,15 +46,15 @@ class EditMailTemplateController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'template' => [ 'template' => [
'validation' => DataValidator::length(4), 'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE 'error' => ERRORS::INVALID_TEMPLATE
], ],
'language' => [ 'language' => [
'validation' => DataValidator::length(2, 2), 'validation' => DataValidator::notBlank()->length(2,2),
'error' => ERRORS::INVALID_LANGUAGE 'error' => ERRORS::INVALID_LANGUAGE
], ],
'subject' => [ 'subject' => [
'validation' => DataValidator::length(4), 'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_SUBJECT 'error' => ERRORS::INVALID_SUBJECT
], ],
] ]

2
server/controllers/system/email-polling.php
View File

@ -12,7 +12,7 @@ class EmailPollingController extends Controller {
'permission' => 'any', 'permission' => 'any',
'requestData' => [ 'requestData' => [
'token' => [ 'token' => [
'validation' => DataValidator::length(1, 200), 'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_TOKEN 'error' => ERRORS::INVALID_TOKEN
] ]
] ]

4
server/controllers/system/get-mail-template.php
View File

@ -31,11 +31,11 @@ class GetMailTemplateController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'template' => [ 'template' => [
'validation' => DataValidator::length(4), 'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE 'error' => ERRORS::INVALID_TEMPLATE
], ],
'language' => [ 'language' => [
'validation' => DataValidator::length(2, 2), 'validation' => DataValidator::notBlank()->length(2, 2),
'error' => ERRORS::INVALID_LANGUAGE 'error' => ERRORS::INVALID_LANGUAGE
], ],
] ]

4
server/controllers/system/init-admin.php
View File

@ -36,7 +36,7 @@ class InitAdminController extends Controller {
'permission' => 'any', 'permission' => 'any',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55), 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'email' => [ 'email' => [
@ -44,7 +44,7 @@ class InitAdminController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
], ],
'password' => [ 'password' => [
'validation' => DataValidator::length(5, 200), 'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD 'error' => ERRORS::INVALID_PASSWORD
], ],
] ]

4
server/controllers/system/recover-mail-template.php
View File

@ -33,11 +33,11 @@ class RecoverMailTemplateController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'template' => [ 'template' => [
'validation' => DataValidator::length(4), 'validation' => DataValidator::notBlank()->length(4),
'error' => ERRORS::INVALID_TEMPLATE 'error' => ERRORS::INVALID_TEMPLATE
], ],
'language' => [ 'language' => [
'validation' => DataValidator::length(2, 2), 'validation' => DataValidator::notBlank()->length(2, 2),
'error' => ERRORS::INVALID_LANGUAGE 'error' => ERRORS::INVALID_LANGUAGE
], ],
] ]

4
server/controllers/ticket/add-custom-response.php
View File

@ -36,11 +36,11 @@ class AddCustomResponseController extends Controller {
'permission' => 'staff_2', 'permission' => 'staff_2',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(5, 100), 'validation' => DataValidator::notBlank()->length(5, 100),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'content' => [ 'content' => [
'validation' => DataValidator::length(20, 500), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'language' => [ 'language' => [

7
server/controllers/ticket/comment.php
View File

@ -47,7 +47,7 @@ class CommentController extends Controller {
'permission' => 'user', 'permission' => 'user',
'requestData' => [ 'requestData' => [
'content' => [ 'content' => [
'validation' => DataValidator::length(20, 5000), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'ticketNumber' => [ 'ticketNumber' => [
@ -61,7 +61,7 @@ class CommentController extends Controller {
'permission' => 'any', 'permission' => 'any',
'requestData' => [ 'requestData' => [
'content' => [ 'content' => [
'validation' => DataValidator::length(20, 5000), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'ticketNumber' => [ 'ticketNumber' => [
@ -83,11 +83,10 @@ class CommentController extends Controller {
$isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user); $isAuthor = $this->session->isTicketSession() || $this->ticket->isAuthor($this->user);
$isOwner = $this->ticket->isOwner($this->user); $isOwner = $this->ticket->isOwner($this->user);
$private = Controller::request('private'); $private = Controller::request('private');
if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){ if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() && !$isAuthor){
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }
if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) { if(!$this->session->isTicketSession() && !$this->user->canManageTicket($this->ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }

2
server/controllers/ticket/create-tag.php
View File

@ -34,7 +34,7 @@ class CreateTagController extends Controller {
'permission' => 'staff_3', 'permission' => 'staff_3',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 100), 'validation' => DataValidator::notBlank()->length(2, 100),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'color' => [ 'color' => [

6
server/controllers/ticket/create.php
View File

@ -54,11 +54,11 @@ class CreateController extends Controller {
'permission' => 'user', 'permission' => 'user',
'requestData' => [ 'requestData' => [
'title' => [ 'title' => [
'validation' => DataValidator::length(1, 200), 'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_TITLE 'error' => ERRORS::INVALID_TITLE
], ],
'content' => [ 'content' => [
'validation' => DataValidator::length(10, 5000), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'departmentId' => [ 'departmentId' => [
@ -83,7 +83,7 @@ class CreateController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
]; ];
$validations['requestData']['name'] = [ $validations['requestData']['name'] = [
'validation' => DataValidator::length(2, 40), 'validation' => DataValidator::notBlank()->length(2, 40),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
]; ];
} }

4
server/controllers/ticket/edit-comment.php
View File

@ -36,7 +36,7 @@ class EditCommentController extends Controller {
'permission' => 'user', 'permission' => 'user',
'requestData' => [ 'requestData' => [
'content' => [ 'content' => [
'validation' => DataValidator::length(10, 5000), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'ticketNumber' => [ 'ticketNumber' => [
@ -50,7 +50,7 @@ class EditCommentController extends Controller {
'permission' => 'any', 'permission' => 'any',
'requestData' => [ 'requestData' => [
'content' => [ 'content' => [
'validation' => DataValidator::length(10, 5000), 'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT 'error' => ERRORS::INVALID_CONTENT
], ],
'ticketNumber' => [ 'ticketNumber' => [

10
server/controllers/ticket/edit-custom-response.php
View File

@ -37,7 +37,15 @@ class EditCustomResponseController extends Controller {
'id' => [ 'id' => [
'validation' => DataValidator::dataStoreId('customresponse'), 'validation' => DataValidator::dataStoreId('customresponse'),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
] ],
'content' => [
'validation' => DataValidator::content(),
'error' => ERRORS::INVALID_CONTENT
],
'name' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank()->length(1, 200),DataValidator::nullType()),
'error' => ERRORS::INVALID_NAME
],
] ]
]; ];
} }

4
server/controllers/ticket/edit-tag.php
View File

@ -41,6 +41,10 @@ class EditTagController extends Controller {
'color' => [ 'color' => [
'validation' => DataValidator::hexRgbColor()->startsWith('#'), 'validation' => DataValidator::hexRgbColor()->startsWith('#'),
'error' => ERRORS::INVALID_COLOR 'error' => ERRORS::INVALID_COLOR
],
'name' => [
'validation' => DataValidator::notBlank()->length(1, 200),
'error' => ERRORS::INVALID_NAME
] ]
] ]
]; ];

90
server/controllers/ticket/search.php
View File

@ -95,6 +95,10 @@ class SearchController extends Controller {
'validation' => DataValidator::oneOf(DataValidator::in(['0','1']),DataValidator::nullType()), 'validation' => DataValidator::oneOf(DataValidator::in(['0','1']),DataValidator::nullType()),
'error' => ERRORS::INVALID_ASSIGNED_FILTER 'error' => ERRORS::INVALID_ASSIGNED_FILTER
], ],
'query' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY_FILTER
],
'orderBy' => [ 'orderBy' => [
'validation' => DataValidator::oneOf(DataValidator::validOrderBy(),DataValidator::nullType()), 'validation' => DataValidator::oneOf(DataValidator::validOrderBy(),DataValidator::nullType()),
'error' => ERRORS::INVALID_ORDER_BY 'error' => ERRORS::INVALID_ORDER_BY
@ -104,6 +108,12 @@ class SearchController extends Controller {
} }
public function handler() { public function handler() {
$allowedDepartmentsId = [];
foreach (Controller::getLoggedUser()->sharedDepartmentList->toArray() as $department) {
array_push($allowedDepartmentsId,$department['id']);
}
$inputs = [ $inputs = [
'closed' => Controller::request('closed'), 'closed' => Controller::request('closed'),
'tags' => json_decode(Controller::request('tags')), 'tags' => json_decode(Controller::request('tags')),
@ -117,14 +127,14 @@ class SearchController extends Controller {
'query' => Controller::request('query'), 'query' => Controller::request('query'),
'orderBy' => json_decode(Controller::request('orderBy'),true), 'orderBy' => json_decode(Controller::request('orderBy'),true),
'page' => Controller::request('page'), 'page' => Controller::request('page'),
'allowedDepartments' => Controller::getLoggedUser()->sharedDepartmentList->toArray(), 'allowedDepartments' => $allowedDepartmentsId,
'staffId' => Controller::getLoggedUser()->id 'staffId' => Controller::getLoggedUser()->id
]; ];
$query = $this->getSQLQuery($inputs); $query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs); $queryWithOrder = $this->getSQLQueryWithOrder($inputs);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => $inputs['query']])[0]['COUNT(*)']; $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%"])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]); $ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%"]);
$ticketList = []; $ticketList = [];
@ -133,7 +143,6 @@ class SearchController extends Controller {
array_push($ticketList, $ticket->toArray()); array_push($ticketList, $ticket->toArray());
} }
$ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';"); $ticketTableExists = RedBean::exec("select table_name from information_schema.tables where table_name = 'ticket';");
if($ticketTableExists){ if($ticketTableExists){
Response::respondSuccess([ Response::respondSuccess([
'tickets' => $ticketList, 'tickets' => $ticketList,
@ -254,13 +263,29 @@ class SearchController extends Controller {
} }
} }
private function setDepartmentFilter($departments,$allowedDepartments, $idStaff, &$filters){ private function setDepartmentFilter($requestedDepartments,$myDepartments, $idStaff, &$filters){
if ($filters != "") $filters .= " and "; if ($filters != "") $filters .= " and ";
if (!$requestedDepartments) $requestedDepartments = [];
$validDepartments = $this->generateValidDepartmentList($departments, $allowedDepartments);
$requestedOwnedDepartments = $this->getRequestedOwnedDepartments($requestedDepartments, $myDepartments);
$requestedNotOwnedDepartments = $this->getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments);
$first = TRUE; $first = TRUE;
if($validDepartments){
foreach($validDepartments as $department) { if(!$requestedOwnedDepartments && !$requestedNotOwnedDepartments){
foreach($myDepartments as $department) {
if($first){
$filters .= " ( ";
$first = FALSE;
} else {
$filters .= " or ";
}
$filters .= "ticket.department_id = " . $department;
}
$filters .= ")";
}
if($requestedOwnedDepartments){
foreach($requestedOwnedDepartments as $department) {
if($first){ if($first){
$filters .= " ( "; $filters .= " ( ";
$first = FALSE; $first = FALSE;
@ -269,11 +294,24 @@ class SearchController extends Controller {
} }
$filters .= "ticket.department_id = " . $department; $filters .= "ticket.department_id = " . $department;
} }
$filters .= " or ";
}else{
$filters .= "(";
} }
$filters .= "ticket.author_staff_id = " . $idStaff . ")";
if($requestedNotOwnedDepartments){
if($requestedOwnedDepartments) $filters .= " or ";
$filters .= "(ticket.author_staff_id = " . $idStaff . " and ";
$first = TRUE;
foreach($requestedNotOwnedDepartments as $department) {
if($first){
$filters .= " ( ";
$first = FALSE;
} else {
$filters .= " or ";
}
$filters .= "ticket.department_id = " . $department;
}
$filters .= "))";
}
if($requestedOwnedDepartments) $filters .= " )";
} }
private function setAuthorFilter($authors, &$filters){ private function setAuthorFilter($authors, &$filters){
@ -338,21 +376,21 @@ class SearchController extends Controller {
$filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )"; $filters .= " (ticket.title LIKE :query or ticket.content LIKE :query or ticket.ticket_number LIKE :query". $ticketevent ." )";
}; };
} }
private function getRequestedOwnedDepartments($requestedDepartments, $myDepartments){
$requestedOwnedDepartments = [];
$requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments)));
return $requestedOwnedDepartments;
}
private function generateValidDepartmentList($departments, $allowedDepartments){ private function getRequestedNotOwnedDepartments($requestedDepartments, $myDepartments){
$result = []; $requestedNotOwnedDepartments = [];
$managedDepartments = []; $requestedOwnedDepartments = [];
if($departments == null) $departments = []; $requestedOwnedDepartments = array_values(array_unique(array_intersect($requestedDepartments, $myDepartments)));
foreach ($allowedDepartments as $department) { $requestedNotOwnedDepartments = array_values(array_diff($requestedDepartments, $requestedOwnedDepartments));
array_push($managedDepartments,$department['id']);
} return $requestedNotOwnedDepartments;
$result = array_intersect($departments,$managedDepartments);
if(empty($result)) $result = $managedDepartments;
$result = array_unique($result);
return $result;
} }
//ORDER //ORDER

2
server/controllers/user/edit-password.php
View File

@ -33,7 +33,7 @@ class EditPassword extends Controller {
'permission' => 'user', 'permission' => 'user',
'requestData' => [ 'requestData' => [
'newPassword' => [ 'newPassword' => [
'validation' => DataValidator::length(5, 200), 'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD 'error' => ERRORS::INVALID_PASSWORD
] ]
] ]

2
server/controllers/user/invite.php
View File

@ -45,7 +45,7 @@ class InviteUserController extends Controller {
'permission' => 'staff_1', 'permission' => 'staff_1',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55), 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'email' => [ 'email' => [

2
server/controllers/user/recover-password.php
View File

@ -48,7 +48,7 @@ class RecoverPasswordController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
], ],
'password' => [ 'password' => [
'validation' => DataValidator::length(5, 200), 'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD 'error' => ERRORS::INVALID_PASSWORD
] ]
] ]

4
server/controllers/user/signup.php
View File

@ -56,7 +56,7 @@ class SignUpController extends Controller {
'permission' => 'any', 'permission' => 'any',
'requestData' => [ 'requestData' => [
'name' => [ 'name' => [
'validation' => DataValidator::length(2, 55), 'validation' => DataValidator::notBlank()->length(2, 55),
'error' => ERRORS::INVALID_NAME 'error' => ERRORS::INVALID_NAME
], ],
'email' => [ 'email' => [
@ -64,7 +64,7 @@ class SignUpController extends Controller {
'error' => ERRORS::INVALID_EMAIL 'error' => ERRORS::INVALID_EMAIL
], ],
'password' => [ 'password' => [
'validation' => DataValidator::length(5, 200), 'validation' => DataValidator::notBlank()->length(5, 200),
'error' => ERRORS::INVALID_PASSWORD 'error' => ERRORS::INVALID_PASSWORD
] ]
] ]

10
server/data/ERRORS.php
View File

@ -39,6 +39,10 @@
* @apiDefine INVALID_NAME * @apiDefine INVALID_NAME
* @apiError {String} INVALID_NAME The name is invalid, probably too short. * @apiError {String} INVALID_NAME The name is invalid, probably too short.
*/ */
/**
* @apiDefine INVALID_DESCRIPTION
* @apiError {String} INVALID_DESCRIPTION The description is invalid.
*/
/** /**
* @apiDefine INVALID_SETTING * @apiDefine INVALID_SETTING
* @apiError {String} INVALID_SETTING The setting are invalid. * @apiError {String} INVALID_SETTING The setting are invalid.
@ -127,6 +131,10 @@
* @apiDefine INVALID_ASSIGNED_FILTER * @apiDefine INVALID_ASSIGNED_FILTER
* @apiError {String} INVALID_ASSIGNED_FILTER The assigned filter is invalid. * @apiError {String} INVALID_ASSIGNED_FILTER The assigned filter is invalid.
*/ */
/**
* @apiDefine INVALID_QUERY_FILTER
* @apiError {String} INVALID_QUERY_FILTER The query filter is invalid.
*/
/** /**
* @apiDefine INVALID_ORDER_BY * @apiDefine INVALID_ORDER_BY
* @apiError {String} INVALID_ORDER_BY The order-by is invalid. * @apiError {String} INVALID_ORDER_BY The order-by is invalid.
@ -307,6 +315,7 @@ class ERRORS {
const INVALID_EMAIL = 'INVALID_EMAIL'; const INVALID_EMAIL = 'INVALID_EMAIL';
const INVALID_PASSWORD = 'INVALID_PASSWORD'; const INVALID_PASSWORD = 'INVALID_PASSWORD';
const INVALID_NAME = 'INVALID_NAME'; const INVALID_NAME = 'INVALID_NAME';
const INVALID_DESCRIPTION = 'INVALID_DESCRIPTION';
const INVALID_SETTING = 'INVALID_SETTING'; const INVALID_SETTING = 'INVALID_SETTING';
const INVALID_DEPARTMENT = 'INVALID_DEPARTMENT'; const INVALID_DEPARTMENT = 'INVALID_DEPARTMENT';
const INVALID_TICKET = 'INVALID_TICKET'; const INVALID_TICKET = 'INVALID_TICKET';
@ -330,6 +339,7 @@ class ERRORS {
const INVALID_AUTHOR_FILTER = 'INVALID_AUTHOR_FILTER'; const INVALID_AUTHOR_FILTER = 'INVALID_AUTHOR_FILTER';
const INVALID_OWNER_FILTER = 'INVALID_OWNER_FILTER'; const INVALID_OWNER_FILTER = 'INVALID_OWNER_FILTER';
const INVALID_ASSIGNED_FILTER = 'INVALID_ASSIGNED_FILTER'; const INVALID_ASSIGNED_FILTER = 'INVALID_ASSIGNED_FILTER';
const INVALID_QUERY_FILTER = 'INVALID_QUERY_FILTER';
const INVALID_ORDER_BY = 'INVALID_ORDER_BY'; const INVALID_ORDER_BY = 'INVALID_ORDER_BY';
const INVALID_TOPIC = 'INVALID_TOPIC'; const INVALID_TOPIC = 'INVALID_TOPIC';
const INVALID_SEARCH = 'INVALID_SEARCH'; const INVALID_SEARCH = 'INVALID_SEARCH';

15
server/libs/validations/content.php Normal file
View File

@ -0,0 +1,15 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class Content extends AbstractRule {
public function validate($content) {
$content = str_replace(" ",'',preg_replace("/<\s*[^>]*>/",'',$content));
if($content == '') return false;
if(strlen($content) > 10000) return false;
return true;
}
}

27
server/tests/controllers/ticket/searchTest.php
View File

@ -209,7 +209,7 @@ class SearchControllerTest extends TestCase {
] ]
] ]
]), ]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 2 or ticket.department_id = 1 or ticket.department_id = 3) GROUP BY ticket.id'
); );
$this->assertEquals( $this->assertEquals(
@ -228,12 +228,12 @@ class SearchControllerTest extends TestCase {
] ]
] ]
]), ]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.author_staff_id = 1) GROUP BY ticket.id' 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 ) GROUP BY ticket.id'
); );
$this->assertEquals( $this->assertEquals(
$this->searchController->getSQLQuery([ $this->searchController->getSQLQuery([
'departments' => [1,2,3], 'departments' => [1,2,3,4],
'staffId' => 1, 'staffId' => 1,
'allowedDepartments' => [ 'allowedDepartments' => [
[ [
@ -241,13 +241,26 @@ class SearchControllerTest extends TestCase {
], ],
[ [
'id' => 1 'id' => 1
],
[
'id' => 3
] ]
] ]
]), ]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or ticket.department_id = 3 or ticket.author_staff_id = 1) GROUP BY ticket.id' 'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE ( ticket.department_id = 1 or ticket.department_id = 2 or (ticket.author_staff_id = 1 and ( ticket.department_id = 3 or ticket.department_id = 4)) ) GROUP BY ticket.id'
);
$this->assertEquals(
$this->searchController->getSQLQuery([
'departments' => [2],
'staffId' => 1,
'allowedDepartments' => [
[
'id' => 5
],
[
'id' => 6
]
]
]),
'FROM (ticket LEFT JOIN tag_ticket ON tag_ticket.ticket_id = ticket.id LEFT JOIN ticketevent ON ticketevent.ticket_id = ticket.id) WHERE (ticket.author_staff_id = 1 and ( ticket.department_id = 2)) GROUP BY ticket.id'
); );
} }

4
tests/system/custom-fields.rb
View File

@ -121,7 +121,7 @@ describe 'Custom fields' do
it 'should success and shows all custom fields' do it 'should success and shows all custom fields' do
Scripts.createTextCustomField('mocktextfield1','description number 1') Scripts.createTextCustomField('mocktextfield1','description number 1')
Scripts.createTextCustomField('mocktextfield2','description number 2') Scripts.createTextCustomField('mocktextfield2','description number 2')
Scripts.createTextCustomField('mocktextfield3',nil) Scripts.createTextCustomField('mocktextfield3','description number 3')
result = request('/system/get-custom-fields', { result = request('/system/get-custom-fields', {
csrf_userid: $csrf_userid, csrf_userid: $csrf_userid,
@ -147,7 +147,7 @@ describe 'Custom fields' do
result['data'][2]['description'].should.equal('description number 2') result['data'][2]['description'].should.equal('description number 2')
result['data'][3]['name'].should.equal('mocktextfield3') result['data'][3]['name'].should.equal('mocktextfield3')
result['data'][3]['type'].should.equal('text') result['data'][3]['type'].should.equal('text')
result['data'][3]['description'].should.equal('') result['data'][3]['description'].should.equal('description number 3')
end end
end end

4
tests/system/disable-user-system.rb
View File

@ -19,7 +19,7 @@ describe'system/disable-user-system' do
numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") numberOftickets = $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
(numberOftickets.num_rows).should.equal(52) (numberOftickets.num_rows).should.equal(53)
request('/user/logout') request('/user/logout')
@ -220,7 +220,7 @@ describe'system/disable-user-system' do
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
(numberOftickets.num_rows).should.equal(55) (numberOftickets.num_rows).should.equal(56)
end end
it 'should not enable the user system' do it 'should not enable the user system' do

27
tests/ticket/comment.rb
View File

@ -18,33 +18,6 @@ describe '/ticket/comment/' do
(result['message']).should.equal('NO_PERMISSION') (result['message']).should.equal('NO_PERMISSION')
end end
it 'should fail if content is too short' do
result = request('/ticket/comment', {
content: 'Test',
ticketNumber: @ticketNumber,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CONTENT')
end
it 'should fail if content is very long' do
long_text = ''
6000.times {long_text << 'a'}
result = request('/ticket/comment', {
content: long_text,
ticketNumber: @ticketNumber,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_CONTENT')
end
it 'should fail if ticket does not exist' do it 'should fail if ticket does not exist' do
result = request('/ticket/comment', { result = request('/ticket/comment', {
content: 'some comment content', content: 'some comment content',

15
tests/ticket/create.rb
View File

@ -32,7 +32,7 @@ describe '/ticket/create' do
(result['message']).should.equal('INVALID_TITLE') (result['message']).should.equal('INVALID_TITLE')
end end
it 'should fail if content is too short' do it 'should craete ticket with a short content' do
result = request('/ticket/create', { result = request('/ticket/create', {
title: 'Winter is coming', title: 'Winter is coming',
content: 'Test', content: 'Test',
@ -42,13 +42,12 @@ describe '/ticket/create' do
csrf_token: $csrf_token csrf_token: $csrf_token
}) })
(result['status']).should.equal('fail') (result['status']).should.equal('success')
(result['message']).should.equal('INVALID_CONTENT')
end end
it 'should fail if content is very long' do it 'should fail if the ticket has a very large content' do
long_text = '' long_text = ''
6000.times {long_text << 'a'} 10001.times {long_text << 'a'}
result = request('/ticket/create',{ result = request('/ticket/create',{
title: 'Winter is coming', title: 'Winter is coming',
@ -114,7 +113,7 @@ describe '/ticket/create' do
Scripts.login('creator@os4.com','creator') Scripts.login('creator@os4.com','creator')
result = request('/ticket/create', { result = request('/ticket/create', {
title: 'Winter is coming', title: 'Winter is coming!',
content: 'The north remembers', content: 'The north remembers',
departmentId: 1, departmentId: 1,
language: 'en', language: 'en',
@ -124,7 +123,7 @@ describe '/ticket/create' do
(result['status']).should.equal('success') (result['status']).should.equal('success')
ticket = $database.getRow('ticket','Winter is coming','title') ticket = $database.getRow('ticket','Winter is coming!','title')
(ticket['content']).should.equal('The north remembers') (ticket['content']).should.equal('The north remembers')
(ticket['unread']).should.equal('0') (ticket['unread']).should.equal('0')
(ticket['closed']).should.equal('0') (ticket['closed']).should.equal('0')
@ -168,7 +167,7 @@ describe '/ticket/create' do
ticket_number_gap = $database.getRow('setting', 'ticket-gap', 'name')['value'].to_i ticket_number_gap = $database.getRow('setting', 'ticket-gap', 'name')['value'].to_i
ticket0 = $database.getRow('ticket','Winter is coming','title')['ticket_number'].to_i ticket0 = $database.getRow('ticket','Winter is coming!','title')['ticket_number'].to_i
ticket1 = $database.getRow('ticket','Winter is coming1','title')['ticket_number'].to_i ticket1 = $database.getRow('ticket','Winter is coming1','title')['ticket_number'].to_i
ticket2 = $database.getRow('ticket','Winter is coming2','title')['ticket_number'].to_i ticket2 = $database.getRow('ticket','Winter is coming2','title')['ticket_number'].to_i
ticket3 = $database.getRow('ticket','Winter is coming3','title')['ticket_number'].to_i ticket3 = $database.getRow('ticket','Winter is coming3','title')['ticket_number'].to_i

1
tests/ticket/custom-response.rb
View File

@ -34,7 +34,6 @@ describe 'CustomResponses' do
}) })
customResponse = $database.getRow('customresponse', 1) customResponse = $database.getRow('customresponse', 1)
(result['status']).should.equal('success') (result['status']).should.equal('success')
(customResponse['name']).should.equal('Some common problem') (customResponse['name']).should.equal('Some common problem')
(customResponse['content']).should.equal('this is the content of a custom response for a common problem 2') (customResponse['content']).should.equal('this is the content of a custom response for a common problem 2')