trabajo-afectivo/app/controllers/tickets_controller.rb

710 lines
20 KiB
Ruby
Raw Normal View History

2022-01-01 13:38:12 +00:00
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class TicketsController < ApplicationController
include CreatesTicketArticles
2017-08-28 21:31:26 +00:00
include ClonesTicketArticleAttachments
include ChecksUserAttributesByCurrentUserPermission
include TicketStats
include CanPaginate
prepend_before_action -> { authorize! }, only: %i[create selector import_example import_start ticket_customer ticket_history ticket_related ticket_recent ticket_merge ticket_split]
prepend_before_action :authentication_check
2012-04-10 14:06:46 +00:00
# GET /api/v1/tickets
def index
paginate_with(max: 100)
tickets = TicketPolicy::ReadScope.new(current_user).resolve
.order(id: :asc)
.offset(pagination.offset)
.limit(pagination.limit)
if response_expand?
list = []
tickets.each do |ticket|
list.push ticket.attributes_with_association_names
end
render json: list, status: :ok
return
end
if response_full?
assets = {}
item_ids = []
tickets.each do |item|
item_ids.push item.id
assets = item.assets(assets)
end
render json: {
record_ids: item_ids,
assets: assets,
}, status: :ok
return
end
render json: tickets
end
# GET /api/v1/tickets/1
2012-04-10 14:06:46 +00:00
def show
ticket = Ticket.find(params[:id])
authorize!(ticket)
if response_expand?
result = ticket.attributes_with_association_names
render json: result, status: :ok
return
end
if response_full?
full = Ticket.full(params[:id])
render json: full
return
end
if response_all?
render json: ticket_all(ticket)
return
end
2012-09-04 21:28:49 +00:00
render json: ticket
2012-04-10 14:06:46 +00:00
end
# POST /api/v1/tickets
2012-04-10 14:06:46 +00:00
def create
ticket = nil
Transaction.execute do # rubocop:disable Metrics/BlockLength
customer = {}
if params[:customer].instance_of?(ActionController::Parameters)
customer = params[:customer]
params.delete(:customer)
end
clean_params = Ticket.association_name_to_id_convert(params)
# overwrite params
if !current_user.permissions?('ticket.agent')
%i[owner owner_id customer customer_id organization organization_id preferences].each do |key|
clean_params.delete(key)
end
clean_params[:customer_id] = current_user.id
end
# The parameter :customer_id is 'abused' in cases where it is not an integer, but a string like
# 'guess:customers.email@domain.com' which implies that the customer should be looked up.
if clean_params[:customer_id].is_a?(String) && clean_params[:customer_id] =~ %r{^guess:(.+?)$}
email_address = $1
email_address_validation = EmailAddressValidation.new(email_address)
if !email_address_validation.valid_format?
render json: { error: "Invalid email '#{email_address}' of customer" }, status: :unprocessable_entity
return
end
local_customer = User.find_by(email: email_address.downcase)
if !local_customer
role_ids = Role.signup_role_ids
local_customer = User.create(
firstname: '',
lastname: '',
email: email_address,
password: '',
active: true,
role_ids: role_ids,
)
end
clean_params[:customer_id] = local_customer.id
end
# try to create customer if needed
if clean_params[:customer_id].blank? && customer.present?
check_attributes_by_current_user_permission(customer)
clean_customer = User.association_name_to_id_convert(customer)
local_customer = nil
if !local_customer && clean_customer[:id].present?
local_customer = User.find_by(id: clean_customer[:id])
end
if !local_customer && clean_customer[:email].present?
local_customer = User.find_by(email: clean_customer[:email].downcase)
end
if !local_customer && clean_customer[:login].present?
local_customer = User.find_by(login: clean_customer[:login].downcase)
end
if !local_customer
role_ids = Role.signup_role_ids
local_customer = User.new(clean_customer)
local_customer.role_ids = role_ids
local_customer.save!
end
clean_params[:customer_id] = local_customer.id
end
2012-04-10 14:06:46 +00:00
clean_params = Ticket.param_cleanup(clean_params, true)
clean_params[:screen] = 'create_middle'
ticket = Ticket.new(clean_params)
authorize!(ticket, :create?)
# create ticket
ticket.save!
# create tags if given
2017-09-08 08:28:34 +00:00
if params[:tags].present?
tags = params[:tags].split(',')
tags.each do |tag|
2017-04-12 07:34:49 +00:00
ticket.tag_add(tag)
end
end
2012-10-02 05:46:08 +00:00
# create mentions if given
if params[:mentions].present?
authorize!(Mention.new, :create?)
Array(params[:mentions]).each do |user_id|
Mention.where(mentionable: ticket, user_id: user_id).first_or_create(mentionable: ticket, user_id: user_id)
end
end
# create article if given
if params[:article]
article_create(ticket, params[:article])
end
# create links (e. g. in case of ticket split)
# links: {
# Ticket: {
# parent: [ticket_id1, ticket_id2, ...]
# normal: [ticket_id1, ticket_id2, ...]
# child: [ticket_id1, ticket_id2, ...]
# },
# }
if params[:links].present?
link = params[:links].permit!.to_h
raise Exceptions::UnprocessableEntity, __('Invalid link structure') if !link.is_a? Hash
link.each do |target_object, link_types_with_object_ids|
raise Exceptions::UnprocessableEntity, __('Invalid link structure (Object)') if !link_types_with_object_ids.is_a? Hash
link_types_with_object_ids.each do |link_type, object_ids|
raise Exceptions::UnprocessableEntity, __('Invalid link structure (Object → LinkType)') if !object_ids.is_a? Array
object_ids.each do |local_object_id|
link = Link.add(
link_type: link_type,
link_object_target: target_object,
link_object_target_value: local_object_id,
link_object_source: 'Ticket',
link_object_source_value: ticket.id,
)
end
end
end
end
end
if response_expand?
result = ticket.reload.attributes_with_association_names
render json: result, status: :created
return
end
if response_full?
full = Ticket.full(ticket.id)
render json: full, status: :created
return
end
if response_all?
render json: ticket_all(ticket.reload), status: :created
return
end
render json: ticket.reload.attributes_with_association_ids, status: :created
2012-04-10 14:06:46 +00:00
end
# PUT /api/v1/tickets/1
2012-04-10 14:06:46 +00:00
def update
ticket = Ticket.find(params[:id])
authorize!(ticket, :follow_up?)
authorize!(ticket)
2014-09-23 05:37:43 +00:00
clean_params = Ticket.association_name_to_id_convert(params)
clean_params = Ticket.param_cleanup(clean_params, true)
# only apply preferences changes (keep not updated keys/values)
clean_params = ticket.param_preferences_merge(clean_params)
clean_params[:screen] = 'edit'
# disable changes on ticket number
clean_params.delete('number')
# overwrite params
if !current_user.permissions?('ticket.agent')
2017-11-23 08:09:44 +00:00
%i[owner owner_id customer customer_id organization organization_id preferences].each do |key|
clean_params.delete(key)
end
end
2012-09-04 21:28:49 +00:00
ticket.with_lock do
ticket.update!(clean_params)
if params[:article].present?
article_create(ticket, params[:article])
end
end
if response_expand?
result = ticket.reload.attributes_with_association_names
render json: result, status: :ok
return
2012-04-10 14:06:46 +00:00
end
if response_full?
full = Ticket.full(params[:id])
render json: full, status: :ok
return
end
if response_all?
render json: ticket_all(ticket.reload), status: :ok
return
end
render json: ticket.reload.attributes_with_association_ids, status: :ok
2012-04-10 14:06:46 +00:00
end
# DELETE /api/v1/tickets/1
2012-04-10 14:06:46 +00:00
def destroy
ticket = Ticket.find(params[:id])
authorize!(ticket)
ticket.destroy!
2012-04-10 14:06:46 +00:00
head :ok
2012-04-10 14:06:46 +00:00
end
# GET /api/v1/ticket_customer
# GET /api/v1/tickets_customer
def ticket_customer
2012-10-02 05:46:08 +00:00
# return result
result = Ticket::ScreenOptions.list_by_customer(
current_user: current_user,
customer_id: params[:customer_id],
limit: 15,
)
render json: result
end
# GET /api/v1/ticket_history/1
def ticket_history
# get ticket data
ticket = Ticket.find(params[:id])
authorize!(ticket, :show?)
# get history of ticket
render json: ticket.history_get(true)
end
# GET /api/v1/ticket_related/1
def ticket_related
2012-10-18 19:23:05 +00:00
ticket = Ticket.find(params[:ticket_id])
assets = ticket.assets({})
tickets = TicketPolicy::ReadScope.new(current_user).resolve
.where(
customer_id: ticket.customer_id,
state_id: Ticket::State.by_category(:open).select(:id),
)
.where.not(id: ticket.id)
.order(created_at: :desc)
.limit(6)
2012-10-18 19:23:05 +00:00
# if we do not have open related tickets, search for any tickets
tickets ||= TicketPolicy::ReadScope.new(current_user).resolve
.where(customer_id: ticket.customer_id)
.where.not(state_id: Ticket::State.by_category(:merged).pluck(:id))
.where.not(id: ticket.id)
.order(created_at: :desc)
.limit(6)
# get related assets
2014-02-03 19:24:49 +00:00
ticket_ids_by_customer = []
tickets.each do |ticket_list|
2015-04-30 15:53:03 +00:00
ticket_ids_by_customer.push ticket_list.id
assets = ticket_list.assets(assets)
end
2012-10-18 19:23:05 +00:00
ticket_ids_recent_viewed = []
recent_views = RecentView.list(current_user, 8, 'Ticket')
recent_views.each do |recent_view|
next if recent_view.object.name != 'Ticket'
next if recent_view.o_id == ticket.id
ticket_ids_recent_viewed.push recent_view.o_id
recent_view_ticket = Ticket.find(recent_view.o_id)
assets = recent_view_ticket.assets(assets)
end
2012-10-18 19:23:05 +00:00
# return result
render json: {
assets: assets,
ticket_ids_by_customer: ticket_ids_by_customer,
ticket_ids_recent_viewed: ticket_ids_recent_viewed,
2012-10-18 19:23:05 +00:00
}
end
2019-06-04 03:40:48 +00:00
# GET /api/v1/ticket_recent
def ticket_recent
ticket_ids = RecentView.list(current_user, 10, Ticket.name).map(&:o_id)
tickets = ticket_ids.map { |elem| Ticket.lookup(id: elem) }
assets = ApplicationModel::CanAssets.reduce(tickets)
render json: {
assets: assets,
ticket_ids_recent_viewed: ticket_ids
}
end
# PUT /api/v1/ticket_merge/1/1
def ticket_merge
# check target ticket
target_ticket = Ticket.find_by(number: params[:target_ticket_number])
if !target_ticket
render json: {
result: 'failed',
message: __('No such target ticket number!'),
}
return
end
authorize!(target_ticket, :update?)
# check source ticket
source_ticket = Ticket.find_by(id: params[:source_ticket_id])
if !source_ticket
render json: {
result: 'failed',
message: __('No such source ticket!'),
}
return
end
authorize!(source_ticket, :update?)
# merge ticket
source_ticket.merge_to(
ticket_id: target_ticket.id,
2015-04-30 15:53:03 +00:00
created_by_id: current_user.id,
)
# return result
render json: {
result: 'success',
target_ticket: target_ticket.attributes,
source_ticket: source_ticket.attributes,
}
end
# GET /api/v1/ticket_split
def ticket_split
ticket = Ticket.find(params[:ticket_id])
authorize!(ticket, :show?)
assets = ticket.assets({})
article = Ticket::Article.find(params[:article_id])
authorize!(article.ticket, :show?)
assets = article.assets(assets)
render json: {
assets: assets,
2017-08-28 21:31:26 +00:00
attachments: article_attachments_clone(article),
}
end
# GET /api/v1/ticket_create
def ticket_create
2013-01-04 08:09:59 +00:00
# get attributes to update
attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
view: 'ticket_create',
screen: 'create_middle',
current_user: current_user,
)
render json: attributes_to_change
end
# GET /api/v1/tickets/search
2012-11-14 01:05:53 +00:00
def search
2014-09-01 13:09:43 +00:00
# permit nested conditions
2016-09-11 08:46:01 +00:00
if params[:condition]
params.require(:condition).permit!
end
2014-09-01 13:09:43 +00:00
paginate_with(max: 200, default: 50)
2017-11-23 08:09:44 +00:00
query = params[:query]
if query.respond_to?(:permit!)
query = query.permit!.to_h
end
2012-11-14 01:05:53 +00:00
# build result list
2013-05-21 22:30:09 +00:00
tickets = Ticket.search(
query: query,
condition: params[:condition].to_h,
limit: pagination.limit,
offset: pagination.offset,
order_by: params[:order_by],
sort_by: params[:sort_by],
current_user: current_user,
2013-05-21 22:30:09 +00:00
)
if response_expand?
list = []
tickets.each do |ticket|
list.push ticket.attributes_with_association_names
end
render json: list, status: :ok
return
end
assets = {}
2013-05-21 22:30:09 +00:00
ticket_result = []
tickets.each do |ticket|
ticket_result.push ticket.id
assets = ticket.assets(assets)
2012-11-14 01:05:53 +00:00
end
# return result
render json: {
tickets: ticket_result,
tickets_count: tickets.count,
assets: assets,
2012-11-14 01:05:53 +00:00
}
end
2015-09-17 01:04:16 +00:00
# GET /api/v1/tickets/selector
def selector
ticket_count, tickets = Ticket.selectors(params[:condition], limit: 6, execution_time: true)
2015-09-17 01:04:16 +00:00
assets = {}
ticket_ids = []
2017-11-23 08:09:44 +00:00
tickets&.each do |ticket|
ticket_ids.push ticket.id
assets = ticket.assets(assets)
2015-09-17 01:04:16 +00:00
end
# return result
render json: {
ticket_ids: ticket_ids,
2015-09-17 01:04:16 +00:00
ticket_count: ticket_count || 0,
assets: assets,
2015-09-17 01:04:16 +00:00
}
end
2014-11-10 07:34:20 +00:00
# GET /api/v1/ticket_stats
2014-11-09 23:42:17 +00:00
def stats
2014-11-10 07:34:20 +00:00
if !params[:user_id] && !params[:organization_id]
raise __('Need user_id or organization_id as param')
2014-11-10 07:34:20 +00:00
end
2014-11-09 23:42:17 +00:00
# lookup open user tickets
limit = 100
assets = {}
user_tickets = {}
2014-11-10 07:34:20 +00:00
if params[:user_id]
user = User.lookup(id: params[:user_id])
if !user
raise "No such user with id #{params[:user_id]}"
end
conditions = {
closed_ids: {
'ticket.state_id' => {
operator: 'is',
value: Ticket::State.by_category(:closed).pluck(:id),
},
'ticket.customer_id' => {
operator: 'is',
value: user.id,
},
},
open_ids: {
'ticket.state_id' => {
operator: 'is',
value: Ticket::State.by_category(:open).pluck(:id),
},
'ticket.customer_id' => {
operator: 'is',
value: user.id,
},
},
2014-11-10 07:34:20 +00:00
}
conditions.each do |key, local_condition|
user_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
end
2014-11-09 23:42:17 +00:00
2014-11-10 07:34:20 +00:00
# generate stats by user
condition = {
'tickets.customer_id' => user.id,
2014-11-10 07:34:20 +00:00
}
user_tickets[:volume_by_year] = ticket_stats_last_year(condition)
2014-11-10 07:34:20 +00:00
end
2014-11-09 23:42:17 +00:00
# lookup open org tickets
org_tickets = {}
2017-11-23 08:09:44 +00:00
if params[:organization_id].present?
organization = Organization.lookup(id: params[:organization_id])
if !organization
raise "No such organization with id #{params[:organization_id]}"
end
conditions = {
closed_ids: {
'ticket.state_id' => {
operator: 'is',
value: Ticket::State.by_category(:closed).pluck(:id),
},
'ticket.organization_id' => {
operator: 'is',
value: organization.id,
},
},
open_ids: {
'ticket.state_id' => {
operator: 'is',
value: Ticket::State.by_category(:open).pluck(:id),
},
'ticket.organization_id' => {
operator: 'is',
value: organization.id,
},
},
2014-11-09 23:42:17 +00:00
}
conditions.each do |key, local_condition|
org_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
end
2014-11-09 23:42:17 +00:00
2014-11-10 07:34:20 +00:00
# generate stats by org
condition = {
'tickets.organization_id' => organization.id,
2014-11-09 23:42:17 +00:00
}
org_tickets[:volume_by_year] = ticket_stats_last_year(condition)
2014-11-10 07:34:20 +00:00
end
2014-11-09 23:42:17 +00:00
# return result
render json: {
user: user_tickets,
organization: org_tickets,
assets: assets,
2014-11-09 23:42:17 +00:00
}
end
# @path [GET] /tickets/import_example
#
# @summary Download of example CSV file.
# @notes The requester have 'admin' permissions to be able to download it.
# @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/tickets/import_example
#
# @response_message 200 File download.
# @response_message 403 Forbidden / Invalid session.
def import_example
csv_string = Ticket.csv_example(
col_sep: ',',
)
send_data(
csv_string,
filename: 'example.csv',
type: 'text/csv',
disposition: 'attachment'
)
end
# @path [POST] /tickets/import
#
# @summary Starts import.
# @notes The requester have 'admin' permissions to be create a new import.
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import?try=true'
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import'
#
# @response_message 201 Import started.
# @response_message 403 Forbidden / Invalid session.
def import_start
if Setting.get('import_mode') != true
raise __('Only can import tickets if system is in import mode.')
end
string = params[:data]
if string.blank? && params[:file].present?
string = params[:file].read.force_encoding('utf-8')
end
raise Exceptions::UnprocessableEntity, __('No source data submitted!') if string.blank?
result = Ticket.csv_import(
string: string,
parse_params: {
col_sep: params[:col_sep] || ',',
},
try: params[:try],
)
render json: result, status: :ok
end
2014-09-23 05:37:43 +00:00
private
def ticket_all(ticket)
# get attributes to update
attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
current_user: current_user,
ticket: ticket,
screen: 'edit',
)
# get related users
assets = attributes_to_change[:assets]
assets = ticket.assets(assets)
# get related users
article_ids = []
ticket.articles.each do |article|
next if !authorized?(article, :show?)
article_ids.push article.id
assets = article.assets(assets)
end
# get links
links = Link.list(
link_object: 'Ticket',
link_object_value: ticket.id,
user: current_user,
)
2019-06-04 03:40:48 +00:00
assets = Link.reduce_assets(assets, links)
# get tags
2017-04-12 07:34:49 +00:00
tags = ticket.tag_list
# get mentions
mentions = Mention.where(mentionable: ticket).order(created_at: :desc)
mentions.each do |mention|
assets = mention.assets(assets)
end
# return result
{
ticket_id: ticket.id,
ticket_article_ids: article_ids,
assets: assets,
2019-06-04 03:40:48 +00:00
links: links,
tags: tags,
mentions: mentions.pluck(:id),
form_meta: attributes_to_change[:form_meta],
}
end
2012-04-10 14:06:46 +00:00
end