Allow users to close their tickets with user system disabled

2017-06-01 12:14:23 +02:00 · 2017-06-01 12:14:23 +02:00 · d576ec726e
parent 13ed10dc4e
commit d576ec726e
1 changed files with 37 additions and 14 deletions
--- a/server/controllers/ticket/close.php
+++ b/server/controllers/ticket/close.php
@ -30,15 +30,34 @@ class CloseController extends Controller {
    private $ticket;

    public function validations() {
-        return [
-            'permission' => 'user',
-            'requestData' => [
-                'ticketNumber' => [
-                    'validation' => DataValidator::validTicketNumber(),
-                    'error' => ERRORS::INVALID_TICKET
+        $session = Session::getInstance();
+
+        if (Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
+            return [
+                'permission' => 'user',
+                'requestData' => [
+                    'ticketNumber' => [
+                        'validation' => DataValidator::validTicketNumber(),
+                        'error' => ERRORS::INVALID_TICKET
+                    ]
                ]
-            ]
-        ];
+            ];
+        } else {
+            return [
+                'permission' => 'any',
+                'requestData' => [
+                    'ticketNumber' => [
+                        'validation' => DataValidator::equals($session->getTicketNumber()),
+                        'error' => ERRORS::INVALID_TICKET
+                    ],
+                    'csrf_token' => [
+                        'validation' => DataValidator::equals($session->getToken()),
+                        'error' => Controller::request('csrf_token') . ' != ' . $session->getToken()
+
+                    ]
+                ]
+            ];
+        }
    }

    public function handler() {
@ -62,10 +81,14 @@ class CloseController extends Controller {
    }

    private function shouldDenyPermission() {
-        $user = Controller::getLoggedUser();
+        if(Controller::isUserSystemEnabled() || Controller::isStaffLogged()) {
+            $user = Controller::getLoggedUser();

-        return (!Controller::isStaffLogged() && $this->ticket->author->id !== $user->id) ||
-               (Controller::isStaffLogged() && $this->ticket->owner && $this->ticket->owner->id !== $user->id);
+            return (!Controller::isStaffLogged() && $this->ticket->author->id !== $user->id) ||
+                   (Controller::isStaffLogged() && $this->ticket->owner && $this->ticket->owner->id !== $user->id);
+        } else {
+            return $this->ticket->ticket_number != Session::getInstance()->getTicketNumber();
+        }
    }

    private function markAsUnread() {
@ -95,8 +118,8 @@ class CloseController extends Controller {
        $mailSender = new MailSender();

        $mailSender->setTemplate(MailTemplate::TICKET_CLOSED, [
-            'to' => $this->ticket->author->email,
-            'name' => $this->ticket->author->name,
+            'to' => ($this->ticket->author) ? $this->ticket->author->email : $this->ticket->authorEmail,
+            'name' => ($this->ticket->author) ? $this->ticket->author->name : $this->ticket->authorName,
            'ticketNumber' => $this->ticket->ticketNumber,
            'title' => $this->ticket->title,
            'url' => Setting::getSetting('url')->getValue()
@ -104,4 +127,4 @@ class CloseController extends Controller {

        $mailSender->send();
    }
-}
+}