diff --git a/server/controllers/ticket/close.php b/server/controllers/ticket/close.php index 840654e1..5ba0331c 100755 --- a/server/controllers/ticket/close.php +++ b/server/controllers/ticket/close.php @@ -62,9 +62,12 @@ class CloseController extends Controller { public function handler() { $this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); - if($this->shouldDenyPermission()) { - Response::respondError(ERRORS::NO_PERMISSION); - return; + if( + (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) && + !$this->ticket->isOwner(Controller::getLoggedUser()) && + !$this->ticket->isAuthor(Controller::getLoggedUser()) + ) { + throw new Exception(ERRORS::NO_PERMISSION); } $this->markAsUnread(); @@ -79,16 +82,6 @@ class CloseController extends Controller { Response::respondSuccess(); } - private function shouldDenyPermission() { - if(Controller::isStaffLogged()) { - return $this->ticket->owner && $this->ticket->owner->id !== Controller::getLoggedUser()->id; - } else if(Controller::isUserSystemEnabled()) { - return $this->ticket->author->id !== Controller::getLoggedUser()->id; - } else { - return false; - } - } - private function markAsUnread() { if(Controller::isStaffLogged()) { $this->ticket->unread = true; diff --git a/server/controllers/ticket/comment.php b/server/controllers/ticket/comment.php index 4319cceb..26e6d623 100755 --- a/server/controllers/ticket/comment.php +++ b/server/controllers/ticket/comment.php @@ -65,7 +65,6 @@ class CommentController extends Controller { 'csrf_token' => [ 'validation' => DataValidator::equals($session->getToken()), 'error' => ERRORS::INVALID_TOKEN - ] ] ]; @@ -73,24 +72,30 @@ class CommentController extends Controller { } public function handler() { - $session = Session::getInstance(); $this->requestData(); + $ticketAuthor = $this->ticket->authorToArray(); + $isAuthor = $this->ticket->isAuthor(Controller::getLoggedUser()); + $isOwner = $this->ticket->isOwner(Controller::getLoggedUser()); - if ((!Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) || - (!Controller::isStaffLogged() && $session->isLoggedWithId(($this->ticket->author) ? $this->ticket->author->id : 0)) || - (Controller::isStaffLogged() && $session->isLoggedWithId(($this->ticket->owner) ? $this->ticket->owner->id : 0))) { - $this->storeComment(); - - if(Controller::isStaffLogged() || $this->ticket->owner) { - $this->sendMail(); - } - - Log::createLog('COMMENT', $this->ticket->ticketNumber); - - Response::respondSuccess(); - } else { - Response::respondError(ERRORS::NO_PERMISSION); + if((Controller::isUserSystemEnabled() || Controller::isStaffLogged()) && !$isOwner && !$isAuthor) { + throw new Exception(ERRORS::NO_PERMISSION); } + + $this->storeComment(); + + if($isAuthor && $this->ticket->owner) { + $this->sendMail([ + 'email' => $this->ticket->owner->email, + 'name' => $this->ticket->owner->name, + 'staff' => true + ]); + } else { + $this->sendMail($ticketAuthor); + } + + Log::createLog('COMMENT', $this->ticket->ticketNumber); + + Response::respondSuccess(); } private function requestData() { @@ -121,20 +126,16 @@ class CommentController extends Controller { $this->ticket->store(); } - private function sendMail() { + private function sendMail($recipient) { $mailSender = MailSender::getInstance(); - $email = ($this->ticket->author) ? $this->ticket->author->email : $this->ticket->authorEmail; - $name = ($this->ticket->author) ? $this->ticket->author->name : $this->ticket->authorName; - - if(!Controller::isStaffLogged() && $this->ticket->owner) { - $email = $this->ticket->owner->email; - $name = $this->ticket->owner->name; - } + $email = $recipient['email']; + $name = $recipient['name']; + $isStaff = $recipient['staff']; $url = Setting::getSetting('url')->getValue(); - if(!Controller::isUserSystemEnabled()) { + if(!Controller::isUserSystemEnabled() && !$isStaff) { $url .= '/check-ticket/' . $this->ticket->ticketNumber; $url .= '/' . $email; } diff --git a/server/controllers/ticket/create.php b/server/controllers/ticket/create.php index 34f252a9..eda86b42 100755 --- a/server/controllers/ticket/create.php +++ b/server/controllers/ticket/create.php @@ -122,7 +122,6 @@ class CreateController extends Controller { 'title' => $this->title, 'content' => $this->content, 'language' => $this->language, - 'author' => $author, 'department' => $department, 'file' => ($fileUploader instanceof FileUploader) ? $fileUploader->getFileName() : null, 'date' => Date::getCurrentDate(), @@ -130,10 +129,12 @@ class CreateController extends Controller { 'unreadStaff' => true, 'closed' => false, 'authorName' => $this->name, - 'authorEmail' => $this->email + 'authorEmail' => $this->email, )); - if(Controller::isUserSystemEnabled()) { + $ticket->setAuthor($author); + + if(Controller::isUserSystemEnabled() && !Controller::isStaffLogged()) { $author->sharedTicketList->add($ticket); $author->tickets++; diff --git a/server/models/Ticket.php b/server/models/Ticket.php index 26993e6b..2c86a2cf 100755 --- a/server/models/Ticket.php +++ b/server/models/Ticket.php @@ -43,6 +43,7 @@ class Ticket extends DataStore { 'closed', 'priority', 'author', + 'authorStaff', 'owner', 'ownTicketeventList', 'unreadStaff', @@ -60,6 +61,22 @@ class Ticket extends DataStore { return Ticket::getTicket($value, 'ticketNumber'); } + public function setAuthor($author) { + if($author instanceof User) { + $this->author = $author; + } else if($author instanceof Staff) { + $this->authorStaff = $author; + } + } + + public function getAuthor() { + if($this->author && !$this->author->isNull()) { + return $this->author; + } else { + return $this->authorStaff; + } + } + public function getDefaultProps() { return array( 'priority' => 'low', @@ -112,18 +129,20 @@ class Ticket extends DataStore { } public function authorToArray() { - $author = $this->author; + $author = $this->getAuthor(); if ($author && !$author->isNull()) { return [ 'id' => $author->id, 'name' => $author->name, + 'staff' => $author instanceof Staff, + 'profilePic' => ($author instanceof Staff) ? $author->profilePic : null, 'email' => $author->email ]; } else { return [ - 'name' => $this->authorName, - 'email' => $this->authorEmail + 'name' => $this->authorName, + 'email' => $this->authorEmail ]; } } @@ -155,7 +174,7 @@ class Ticket extends DataStore { ]; $author = $ticketEvent->getAuthor(); - if(!$author->isNull()) { + if($author && !$author->isNull()) { $event['author'] = [ 'id'=> $author->id, 'name' => $author->name, @@ -174,4 +193,13 @@ class Ticket extends DataStore { public function addEvent(Ticketevent $event) { $this->ownTicketeventList->add($event); } + + public function isAuthor($user) { + $ticketAuthor = $this->authorToArray(); + return $user->id == $ticketAuthor['id'] && ($user instanceof Staff) == $ticketAuthor['staff']; + } + + public function isOwner($user) { + return $this->owner && $user->id == $this->owner->id && ($user instanceof Staff); + } } diff --git a/tests/ticket/close.rb b/tests/ticket/close.rb index 6c7d219d..a8057d6d 100644 --- a/tests/ticket/close.rb +++ b/tests/ticket/close.rb @@ -4,9 +4,32 @@ describe '/ticket/close' do #TODO: DO THINGS + it 'should not close ticket if not assigned' do + ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + result = request('/ticket/close', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + end + it 'should close a ticket if everything is okey' do ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + result = request('/ticket/close', { ticketNumber: ticket['ticket_number'], csrf_userid: $csrf_userid, @@ -21,5 +44,11 @@ describe '/ticket/close' do lastLog = $database.getLastRow('log') (lastLog['type']).should.equal('CLOSE') + + request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) end end