trabajo-afectivo/app/controllers/tickets_shared_draft_starts_controller.rb

# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

class TicketsSharedDraftStartsController < ApplicationController
  prepend_before_action :authorize!
  prepend_before_action :authentication_check

  def index
    drafts = scope

    render json: {
      shared_draft_ids: drafts.map(&:id),
      assets:           ApplicationModel::CanAssets.reduce(drafts),
    }
  end

  def show
    object = scope.find params[:id]

    render json: {
      shared_draft_id:      object.id,
      shared_draft_content: object.content,
      assets:               object.assets,
    }
  end

  def create
    object = scope.create! safe_params
    object.attach_upload_cache params[:form_id]

    render json: {
      shared_draft_id: object.id,
      assets:          object.assets,
    }
  end

  def update
    object = scope.find params[:id]

    object.update! safe_params
    object.attach_upload_cache params[:form_id]

    render json: {
      shared_draft_id: object.id,
      assets:          object.assets,
    }
  end

  def destroy
    object = scope.find params[:id]

    object.destroy!

    render json: {
      shared_draft_id: object.id
    }
  end

  def import_attachments
    object = scope.find params[:id]

    new_attachments = object.clone_attachments 'UploadCache', params[:form_id]

    render json: {
      attachments: new_attachments
    }
  end

  private

  def scope
    Ticket::SharedDraftStartPolicy::Scope
      .new(current_user, Ticket::SharedDraftStart)
      .resolve
  end

  def safe_params
    safe_params = params.permit :name, :group_id, content: {}

    safe_params[:content].delete :group_id

    allowed_groups = current_user.groups.access('create').map(&:id).map(&:to_s)
    group_id       = safe_params[:group_id]&.to_s

    if allowed_groups.exclude? group_id
      raise Exceptions::UnprocessableEntity, __("User does not have access to one of given group IDs: #{group_id}")
    end

    safe_params
  end
end
Fixes #629 - Draft Sharing. 2022-02-24 11:33:52 +00:00			`# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/`

			`class TicketsSharedDraftStartsController < ApplicationController`
			`prepend_before_action :authorize!`
			`prepend_before_action :authentication_check`

			`def index`
			`drafts = scope`

			`render json: {`
			`shared_draft_ids: drafts.map(&:id),`
			`assets: ApplicationModel::CanAssets.reduce(drafts),`
			`}`
			`end`

			`def show`
			`object = scope.find params[:id]`

			`render json: {`
			`shared_draft_id: object.id,`
			`shared_draft_content: object.content,`
			`assets: object.assets,`
			`}`
			`end`

			`def create`
			`object = scope.create! safe_params`
			`object.attach_upload_cache params[:form_id]`

			`render json: {`
			`shared_draft_id: object.id,`
			`assets: object.assets,`
			`}`
			`end`

			`def update`
			`object = scope.find params[:id]`

			`object.update! safe_params`
			`object.attach_upload_cache params[:form_id]`

			`render json: {`
			`shared_draft_id: object.id,`
			`assets: object.assets,`
			`}`
			`end`

			`def destroy`
			`object = scope.find params[:id]`

			`object.destroy!`

			`render json: {`
			`shared_draft_id: object.id`
			`}`
			`end`

			`def import_attachments`
			`object = scope.find params[:id]`

			`new_attachments = object.clone_attachments 'UploadCache', params[:form_id]`

			`render json: {`
			`attachments: new_attachments`
			`}`
			`end`

			`private`

			`def scope`
			`Ticket::SharedDraftStartPolicy::Scope`
			`.new(current_user, Ticket::SharedDraftStart)`
			`.resolve`
			`end`

			`def safe_params`
			`safe_params = params.permit :name, :group_id, content: {}`

			`safe_params[:content].delete :group_id`

			`allowed_groups = current_user.groups.access('create').map(&:id).map(&:to_s)`
			`group_id = safe_params[:group_id]&.to_s`

			`if allowed_groups.exclude? group_id`
			`raise Exceptions::UnprocessableEntity, __("User does not have access to one of given group IDs: #{group_id}")`
			`end`

			`safe_params`
			`end`
			`end`