tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-31 01:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

[DEV-318] Make staffs able to edit their own content (#1187)

Browse Source 
* Fix edit ticket comment permissions

* wip

* Rename ticketEventToArray variable
This commit is contained in:
LautaroCesso 2022-04-25 12:43:25 -03:00 committed by GitHub
parent 0f6c64674e
commit 62bd70cc3b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
server/controllers/ticket/edit-comment.php
View File

@ -52,20 +52,22 @@ class EditCommentController extends Controller {
$user = Controller::getLoggedUser(); $user = Controller::getLoggedUser();
$newcontent = Controller::request('content', true); $newcontent = Controller::request('content', true);
$ticketNumberLog = null; $ticketNumberLog = null;
$ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId')); $ticketEvent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
if(!$ticketevent->isNull()) { if(!$ticketEvent->isNull()) {
$ticket = Ticket::getDataStore($ticketevent->ticketId); $ticket = Ticket::getDataStore($ticketEvent->ticketId);
} else { } else {
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
} }
if(!Controller::isStaffLogged() && $user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId) { $ticketEventArray = $ticketEvent->toArray();
if(!Controller::isStaffLogged() && $user->id !== $ticketEventArray["author"]["id"] && $user->id !== $ticket->authorId) {
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }
if (!$ticketevent->isNull()) { if (!$ticketEvent->isNull()) {
if($user->id !== $ticketevent->authorUserId) { if($user->id !== $ticketEventArray["author"]["id"]) {
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }
} else if ($user->id !== $ticket->authorId) { } else if ($user->id !== $ticket->authorId) {
@ -76,20 +78,20 @@ class EditCommentController extends Controller {
throw new RequestException(ERRORS::NO_PERMISSION); throw new RequestException(ERRORS::NO_PERMISSION);
} }
if(!$ticketevent->isNull()) { if(!$ticketEvent->isNull()) {
if($ticketevent->type !== "COMMENT" || $ticket->closed || $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketevent->id) { if($ticketEvent->type !== "COMMENT" || $ticket->closed || $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketEvent->id) {
throw new RequestException(ERRORS::INVALID_TICKET_EVENT); throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
} }
} else if(sizeof($ticket->getEventsOfType("COMMENT"))) { } else if(sizeof($ticket->getEventsOfType("COMMENT"))) {
throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED); throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED);
} }
if(!$ticketevent->isNull()){ if(!$ticketEvent->isNull()){
$ticketNumber = Ticket::getTicket($ticketevent->ticketId)->ticketNumber; $ticketNumber = Ticket::getTicket($ticketEvent->ticketId)->ticketNumber;
$ticketevent->content = $newcontent; $ticketEvent->content = $newcontent;
$ticketevent->editedContent = true; $ticketEvent->editedContent = true;
$ticketevent->store(); $ticketEvent->store();
} else { } else {
$ticketNumber = $ticket->ticketNumber; $ticketNumber = $ticket->ticketNumber;