trabajo-afectivo/app/controllers/ticket_articles_controller.rb

# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class TicketArticlesController < ApplicationController
  before_action :authentication_check

  # GET /articles
  def index
    @articles = Ticket::Article.all

    render json: @articles
  end

  # GET /articles/1
  def show
    @article = Ticket::Article.find(params[:id])

    render json: @article
  end

  # POST /articles
  def create
    form_id = params[:form_id]

    clean_params = Ticket::Article.param_association_lookup(params)
    clean_params = Ticket::Article.param_cleanup(clean_params, true)
    article = Ticket::Article.new(clean_params)

    # permission check
    return if !article_permission(article)

    # find attachments in upload cache
    if form_id
      article.attachments = Store.list(
        object: 'UploadCache',
        o_id: form_id,
      )
    end

    if article.save

      # remove attachments from upload cache
      Store.remove(
        object: 'UploadCache',
        o_id: form_id,
      )

      render json: article, status: :created
    else
      render json: article.errors, status: :unprocessable_entity
    end
  end

  # PUT /articles/1
  def update

    # permission check
    article = Ticket::Article.find(params[:id])
    return if !article_permission(article)

    clean_params = Ticket::Article.param_association_lookup(params)
    clean_params = Ticket::Article.param_cleanup(clean_params, true)

    if article.update_attributes(clean_params)
      render json: article, status: :ok
    else
      render json: article.errors, status: :unprocessable_entity
    end
  end

  # DELETE /articles/1
  def destroy
    article = Ticket::Article.find(params[:id])
    return if !article_permission(article)
    article.destroy

    head :ok
  end

  # DELETE /ticket_attachment_upload
  def ticket_attachment_upload_delete
    if params[:store_id]
      Store.remove_item(params[:store_id])
      render json: {
        success: true,
      }
      return
    elsif params[:form_id]
      Store.remove(
        object: 'UploadCache',
        o_id:   params[:form_id],
      )
      render json: {
        success: true,
      }
      return
    end

    render json: { message: 'No such store_id or form_id!' }, status: :unprocessable_entity
  end

  # POST /ticket_attachment_upload
  def ticket_attachment_upload_add

    # store file
    file = params[:File]
    content_type = file.content_type
    if !content_type || content_type == 'application/octet-stream'
      content_type = if MIME::Types.type_for(file.original_filename).first
                       MIME::Types.type_for(file.original_filename).first.content_type
                     else
                       'application/octet-stream'
                     end
    end
    headers_store = {
      'Content-Type' => content_type
    }
    store = Store.add(
      object: 'UploadCache',
      o_id: params[:form_id],
      data: file.read,
      filename: file.original_filename,
      preferences: headers_store
    )

    # return result
    render json: {
      success: true,
      data: {
        store_id: store.id,
        filename: file.original_filename,
        size: store.size,
      }
    }
  end

  # GET /ticket_attachment/:ticket_id/:article_id/:id
  def attachment

    # permission check
    ticket = Ticket.lookup(id: params[:ticket_id])
    if !ticket_permission(ticket)
      render json: 'No such ticket.', status: :unauthorized
      return
    end
    article = Ticket::Article.find(params[:article_id])
    if ticket.id != article.ticket_id
      render json: 'No access, article_id/ticket_id is not matching.', status: :unauthorized
      return
    end

    list = article.attachments || []
    access = false
    list.each {|item|
      if item.id.to_i == params[:id].to_i
        access = true
      end
    }
    if !access
      render json: 'Requested file id is not linked with article_id.', status: :unauthorized
      return
    end

    # find file
    file = Store.find(params[:id])
    send_data(
      file.content,
      filename: file.filename,
      type: file.preferences['Content-Type'] || file.preferences['Mime-Type'],
      disposition: 'inline'
    )
  end

  # GET /ticket_article_plain/1
  def article_plain

    # permission check
    article = Ticket::Article.find(params[:id])
    return if !article_permission(article)

    list = Store.list(
      object: 'Ticket::Article::Mail',
      o_id: params[:id],
    )

    # find file
    return if !list

    file = Store.find(list.first)
    send_data(
      file.content,
      filename: file.filename,
      type: 'message/rfc822',
      disposition: 'inline'
    )
  end

end
Updated header. 2014-02-03 19:24:49 +00:00			`# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/`
Code reformattingand code layout beautying. 2013-06-12 15:59:58 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`class TicketArticlesController < ApplicationController`
Corrected with rubocop cop 'Rails/ActionFilter'. 2015-05-07 11:23:55 +00:00			`before_action :authentication_check`
Init version. 2012-04-10 14:06:46 +00:00
			`# GET /articles`
			`def index`
			`@articles = Ticket::Article.all`

Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: @articles`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`# GET /articles/1`
			`def show`
Improved code layout. 2016-05-10 22:09:10 +00:00			`@article = Ticket::Article.find(params[:id])`
Init version. 2012-04-10 14:06:46 +00:00
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: @article`
Init version. 2012-04-10 14:06:46 +00:00			`end`

			`# POST /articles`
			`def create`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`form_id = params[:form_id]`

			`clean_params = Ticket::Article.param_association_lookup(params)`
			`clean_params = Ticket::Article.param_cleanup(clean_params, true)`
			`article = Ticket::Article.new(clean_params)`

			`# permission check`
			`return if !article_permission(article)`
Added shared organization feature. Customers will be able to watch organization ticket. 2012-11-13 10:34:45 +00:00
Init version. 2012-04-10 14:06:46 +00:00			`# find attachments in upload cache`
Added general support of attachments. 2012-12-02 10:18:55 +00:00			`if form_id`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`article.attachments = Store.list(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`object: 'UploadCache',`
			`o_id: form_id,`
Added general support of attachments. 2012-12-02 10:18:55 +00:00			`)`
			`end`
Init version. 2012-04-10 14:06:46 +00:00
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`if article.save`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00
			`# remove attachments from upload cache`
			`Store.remove(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`object: 'UploadCache',`
			`o_id: form_id,`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`)`
Added shared organization feature. Customers will be able to watch organization ticket. 2012-11-13 10:34:45 +00:00
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: article, status: :created`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`else`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: article.errors, status: :unprocessable_entity`
Init version. 2012-04-10 14:06:46 +00:00			`end`
			`end`

			`# PUT /articles/1`
			`def update`

Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`# permission check`
			`article = Ticket::Article.find(params[:id])`
			`return if !article_permission(article)`

			`clean_params = Ticket::Article.param_association_lookup(params)`
			`clean_params = Ticket::Article.param_cleanup(clean_params, true)`

			`if article.update_attributes(clean_params)`
			`render json: article, status: :ok`
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`else`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: article.errors, status: :unprocessable_entity`
Init version. 2012-04-10 14:06:46 +00:00			`end`
			`end`

			`# DELETE /articles/1`
			`def destroy`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`article = Ticket::Article.find(params[:id])`
			`return if !article_permission(article)`
			`article.destroy`
Init version. 2012-04-10 14:06:46 +00:00
Code cleanup, we only use json as backend. 2012-04-12 11:27:01 +00:00			`head :ok`
Init version. 2012-04-10 14:06:46 +00:00			`end`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00
Added delete attachment feature. 2014-10-06 20:24:21 +00:00			`# DELETE /ticket_attachment_upload`
			`def ticket_attachment_upload_delete`
Mark ticket as changed if only one attachment is uploaded. Delete uploaded attachments on form rest. 2015-11-04 11:42:57 +00:00			`if params[:store_id]`
			`Store.remove_item(params[:store_id])`
			`render json: {`
			`success: true,`
			`}`
			`return`
			`elsif params[:form_id]`
			`Store.remove(`
			`object: 'UploadCache',`
			`o_id: params[:form_id],`
			`)`
			`render json: {`
			`success: true,`
			`}`
			`return`
			`end`
Added delete attachment feature. 2014-10-06 20:24:21 +00:00
Mark ticket as changed if only one attachment is uploaded. Delete uploaded attachments on form rest. 2015-11-04 11:42:57 +00:00			`render json: { message: 'No such store_id or form_id!' }, status: :unprocessable_entity`
Added delete attachment feature. 2014-10-06 20:24:21 +00:00			`end`

			`# POST /ticket_attachment_upload`
			`def ticket_attachment_upload_add`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00
			`# store file`
Added delete attachment feature. 2014-10-06 20:24:21 +00:00			`file = params[:File]`
			`content_type = file.content_type`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`if !content_type \|\| content_type == 'application/octet-stream'`
Updated dependencies and applied new rubocop rules. 2016-01-15 17:22:57 +00:00			`content_type = if MIME::Types.type_for(file.original_filename).first`
			`MIME::Types.type_for(file.original_filename).first.content_type`
			`else`
			`'application/octet-stream'`
			`end`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`end`
			`headers_store = {`
			`'Content-Type' => content_type`
			`}`
Added delete attachment feature. 2014-10-06 20:24:21 +00:00			`store = Store.add(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`object: 'UploadCache',`
			`o_id: params[:form_id],`
			`data: file.read,`
			`filename: file.original_filename,`
			`preferences: headers_store`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`)`

			`# return result`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`render json: {`
			`success: true,`
			`data: {`
			`store_id: store.id,`
			`filename: file.original_filename,`
			`size: store.size,`
Added delete attachment feature. 2014-10-06 20:24:21 +00:00			`}`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`}`
			`end`
Added general support of attachments. 2012-12-02 10:18:55 +00:00
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`# GET /ticket_attachment/:ticket_id/:article_id/:id`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`def attachment`

Fixed typo. 2016-01-27 18:26:10 +00:00			`# permission check`
Improved code layout. 2016-05-10 22:09:10 +00:00			`ticket = Ticket.lookup(id: params[:ticket_id])`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`if !ticket_permission(ticket)`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: 'No such ticket.', status: :unauthorized`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`return`
			`end`
Improved code layout. 2016-05-10 22:09:10 +00:00			`article = Ticket::Article.find(params[:article_id])`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`if ticket.id != article.ticket_id`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: 'No access, article_id/ticket_id is not matching.', status: :unauthorized`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`return`
			`end`

Moved attachment support to any model (object.attachments & object.attachments=). 2014-02-05 12:22:14 +00:00			`list = article.attachments \|\| []`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`access = false`
			`list.each {\|item\|`
			`if item.id.to_i == params[:id].to_i`
			`access = true`
			`end`
			`}`
			`if !access`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`render json: 'Requested file id is not linked with article_id.', status: :unauthorized`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`return`
			`end`

			`# find file`
			`file = Store.find(params[:id])`
			`send_data(`
Improved storage backend. 2014-04-28 07:44:36 +00:00			`file.content,`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`filename: file.filename,`
			`type: file.preferences['Content-Type'] \|\| file.preferences['Mime-Type'],`
			`disposition: 'inline'`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`)`
			`end`

			`# GET /ticket_article_plain/1`
			`def article_plain`

Fixed typo. 2016-01-27 18:26:10 +00:00			`# permission check`
Improved code layout. 2016-05-10 22:09:10 +00:00			`article = Ticket::Article.find(params[:id])`
Refactoring of ticket zoom (less rerendering, just rerender particular area's instant of whole view). Added live broadcasting of tag and links. 2016-06-07 19:22:08 +00:00			`return if !article_permission(article)`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00
			`list = Store.list(`
Corrected with rubocop cop 'Style/HashSyntax'. 2015-04-27 13:42:53 +00:00			`object: 'Ticket::Article::Mail',`
			`o_id: params[:id],`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`)`

			`# find file`
Corrected with rubocop cop 'Style/GuardClause'. 2015-04-30 15:25:04 +00:00			`return if !list`

			`file = Store.find(list.first)`
			`send_data(`
			`file.content,`
			`filename: file.filename,`
			`type: 'message/rfc822',`
			`disposition: 'inline'`
			`)`
Rewrite for form generation. Added REST docu. Moved api to /api/*. 2012-09-20 12:08:02 +00:00			`end`

Init version. 2012-04-10 14:06:46 +00:00			`end`