2016-10-19 03:11:36 +00:00
|
|
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class TicketArticlesController < ApplicationController
|
2017-03-09 11:44:51 +00:00
|
|
|
include CreatesTicketArticles
|
2017-08-28 21:31:26 +00:00
|
|
|
include ClonesTicketArticleAttachments
|
2017-03-09 11:44:51 +00:00
|
|
|
|
2017-02-15 12:29:25 +00:00
|
|
|
prepend_before_action :authentication_check
|
2012-04-10 14:06:46 +00:00
|
|
|
|
|
|
|
# GET /articles
|
|
|
|
def index
|
2016-08-12 16:39:09 +00:00
|
|
|
permission_check('admin')
|
2016-06-20 12:13:00 +00:00
|
|
|
model_index_render(Ticket::Article, params)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# GET /articles/1
|
|
|
|
def show
|
2016-06-20 12:13:00 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(article, 'read')
|
2016-06-20 12:13:00 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-06-20 12:13:00 +00:00
|
|
|
render json: result, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-06-20 12:13:00 +00:00
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names
|
2016-06-21 20:59:03 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# GET /ticket_articles/by_ticket/1
|
|
|
|
def index_by_ticket
|
|
|
|
ticket = Ticket.find(params[:id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(ticket, 'read')
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
articles = []
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-10-01 12:25:52 +00:00
|
|
|
ticket.articles.each do |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-06-21 20:59:03 +00:00
|
|
|
articles.push result
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
render json: articles, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-06-21 20:59:03 +00:00
|
|
|
assets = {}
|
|
|
|
record_ids = []
|
2017-10-01 12:25:52 +00:00
|
|
|
ticket.articles.each do |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
record_ids.push article.id
|
|
|
|
assets = article.assets({})
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-21 20:59:03 +00:00
|
|
|
render json: {
|
|
|
|
record_ids: record_ids,
|
|
|
|
assets: assets,
|
2017-12-14 13:19:24 +00:00
|
|
|
}, status: :ok
|
2016-06-21 20:59:03 +00:00
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-10-01 12:25:52 +00:00
|
|
|
ticket.articles.each do |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2017-01-31 17:13:45 +00:00
|
|
|
articles.push article.attributes_with_association_names
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2017-12-14 13:19:24 +00:00
|
|
|
render json: articles, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# POST /articles
|
|
|
|
def create
|
2016-08-24 11:42:22 +00:00
|
|
|
ticket = Ticket.find(params[:ticket_id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(ticket, 'create')
|
2016-08-24 11:42:22 +00:00
|
|
|
article = article_create(ticket, params)
|
2012-11-13 10:34:45 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-08-24 11:42:22 +00:00
|
|
|
render json: result, status: :created
|
|
|
|
return
|
2012-12-02 10:18:55 +00:00
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-08-24 11:42:22 +00:00
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full, status: :created
|
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2016-08-24 11:42:22 +00:00
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names, status: :created
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# PUT /articles/1
|
|
|
|
def update
|
2016-06-07 19:22:08 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(article, 'change')
|
2016-06-07 19:22:08 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if !current_user.permissions?('ticket.agent') && !current_user.permissions?('admin')
|
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (ticket.agent or admin permission required)!'
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
clean_params = Ticket::Article.association_name_to_id_convert(params)
|
2016-06-07 19:22:08 +00:00
|
|
|
clean_params = Ticket::Article.param_cleanup(clean_params, true)
|
|
|
|
|
2017-09-11 11:16:08 +00:00
|
|
|
article.update!(clean_params)
|
2016-08-24 11:42:22 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_expand?
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-08-24 11:42:22 +00:00
|
|
|
render json: result, status: :ok
|
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2016-08-24 11:42:22 +00:00
|
|
|
|
2017-12-14 13:19:24 +00:00
|
|
|
if response_full?
|
2016-08-24 11:42:22 +00:00
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# DELETE /articles/1
|
|
|
|
def destroy
|
2016-06-07 19:22:08 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(article, 'delete')
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if current_user.permissions?('admin')
|
|
|
|
article.destroy!
|
|
|
|
head :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if current_user.permissions?('ticket.agent') && article.created_by_id == current_user.id && article.type.name == 'note'
|
|
|
|
article.destroy!
|
|
|
|
head :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
|
2014-10-06 20:24:21 +00:00
|
|
|
# DELETE /ticket_attachment_upload
|
|
|
|
def ticket_attachment_upload_delete
|
2017-12-05 14:49:59 +00:00
|
|
|
|
|
|
|
if params[:id].present?
|
|
|
|
Store.remove_item(params[:id])
|
2015-11-04 11:42:57 +00:00
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
}
|
|
|
|
return
|
2017-12-05 14:49:59 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
if params[:form_id].present?
|
2015-11-04 11:42:57 +00:00
|
|
|
Store.remove(
|
|
|
|
object: 'UploadCache',
|
|
|
|
o_id: params[:form_id],
|
|
|
|
)
|
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
2014-10-06 20:24:21 +00:00
|
|
|
|
2017-12-05 14:49:59 +00:00
|
|
|
render json: { message: 'No such id or form_id!' }, status: :unprocessable_entity
|
2014-10-06 20:24:21 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# POST /ticket_attachment_upload
|
|
|
|
def ticket_attachment_upload_add
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# store file
|
2014-10-06 20:24:21 +00:00
|
|
|
file = params[:File]
|
|
|
|
content_type = file.content_type
|
2012-09-20 12:08:02 +00:00
|
|
|
if !content_type || content_type == 'application/octet-stream'
|
2016-01-15 17:22:57 +00:00
|
|
|
content_type = if MIME::Types.type_for(file.original_filename).first
|
|
|
|
MIME::Types.type_for(file.original_filename).first.content_type
|
|
|
|
else
|
|
|
|
'application/octet-stream'
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
headers_store = {
|
|
|
|
'Content-Type' => content_type
|
|
|
|
}
|
2014-10-06 20:24:21 +00:00
|
|
|
store = Store.add(
|
2015-04-27 13:42:53 +00:00
|
|
|
object: 'UploadCache',
|
|
|
|
o_id: params[:form_id],
|
|
|
|
data: file.read,
|
|
|
|
filename: file.original_filename,
|
|
|
|
preferences: headers_store
|
2012-09-20 12:08:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# return result
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
data: {
|
2017-12-05 14:49:59 +00:00
|
|
|
id: store.id,
|
2015-04-27 13:42:53 +00:00
|
|
|
filename: file.original_filename,
|
|
|
|
size: store.size,
|
2014-10-06 20:24:21 +00:00
|
|
|
}
|
2012-09-20 12:08:02 +00:00
|
|
|
}
|
|
|
|
end
|
2012-12-02 10:18:55 +00:00
|
|
|
|
2017-12-05 15:12:52 +00:00
|
|
|
# POST /ticket_attachment_upload_clone_by_article
|
|
|
|
def ticket_attachment_upload_clone_by_article
|
|
|
|
article = Ticket::Article.find(params[:article_id])
|
|
|
|
access!(article.ticket, 'read')
|
|
|
|
|
|
|
|
render json: {
|
2017-08-28 21:31:26 +00:00
|
|
|
attachments: article_attachments_clone(article),
|
2017-12-05 15:12:52 +00:00
|
|
|
}
|
|
|
|
end
|
|
|
|
|
2016-06-07 19:22:08 +00:00
|
|
|
# GET /ticket_attachment/:ticket_id/:article_id/:id
|
2012-09-20 12:08:02 +00:00
|
|
|
def attachment
|
2016-05-10 22:09:10 +00:00
|
|
|
ticket = Ticket.lookup(id: params[:ticket_id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(ticket, 'read')
|
|
|
|
|
2016-05-10 22:09:10 +00:00
|
|
|
article = Ticket::Article.find(params[:article_id])
|
2012-09-20 12:08:02 +00:00
|
|
|
if ticket.id != article.ticket_id
|
2017-04-04 16:15:29 +00:00
|
|
|
|
|
|
|
# check if requested ticket got merged
|
|
|
|
if ticket.state.state_type.name != 'merged'
|
|
|
|
raise Exceptions::NotAuthorized, 'No access, article_id/ticket_id is not matching.'
|
|
|
|
end
|
|
|
|
|
|
|
|
ticket = article.ticket
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(ticket, 'read')
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2014-02-05 12:22:14 +00:00
|
|
|
list = article.attachments || []
|
2012-09-20 12:08:02 +00:00
|
|
|
access = false
|
2017-10-01 12:25:52 +00:00
|
|
|
list.each do |item|
|
2012-09-20 12:08:02 +00:00
|
|
|
if item.id.to_i == params[:id].to_i
|
|
|
|
access = true
|
|
|
|
end
|
2017-10-01 12:25:52 +00:00
|
|
|
end
|
2016-06-30 08:24:03 +00:00
|
|
|
raise Exceptions::NotAuthorized, 'Requested file id is not linked with article_id.' if !access
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# find file
|
|
|
|
file = Store.find(params[:id])
|
2017-01-31 16:55:12 +00:00
|
|
|
|
|
|
|
disposition = sanitized_disposition
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
send_data(
|
2014-04-28 07:44:36 +00:00
|
|
|
file.content,
|
2015-04-27 13:42:53 +00:00
|
|
|
filename: file.filename,
|
2018-02-08 05:33:23 +00:00
|
|
|
type: file.preferences['Content-Type'] || file.preferences['Mime-Type'] || 'application/octet-stream',
|
2017-01-31 16:55:12 +00:00
|
|
|
disposition: disposition
|
2012-09-20 12:08:02 +00:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# GET /ticket_article_plain/1
|
|
|
|
def article_plain
|
2016-05-10 22:09:10 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2017-06-16 20:43:09 +00:00
|
|
|
access!(article, 'read')
|
2012-09-20 12:08:02 +00:00
|
|
|
|
2016-12-20 23:07:47 +00:00
|
|
|
file = article.as_raw
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# find file
|
2016-12-20 23:07:47 +00:00
|
|
|
return if !file
|
2015-04-30 15:25:04 +00:00
|
|
|
|
|
|
|
send_data(
|
|
|
|
file.content,
|
|
|
|
filename: file.filename,
|
|
|
|
type: 'message/rfc822',
|
|
|
|
disposition: 'inline'
|
|
|
|
)
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2018-02-20 04:29:30 +00:00
|
|
|
# @path [GET] /ticket_articles/import_example
|
|
|
|
#
|
|
|
|
# @summary Download of example CSV file.
|
|
|
|
# @notes The requester have 'admin' permissions to be able to download it.
|
|
|
|
# @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/ticket_articles/import_example
|
|
|
|
#
|
|
|
|
# @response_message 200 File download.
|
|
|
|
# @response_message 401 Invalid session.
|
|
|
|
def import_example
|
|
|
|
permission_check('admin')
|
|
|
|
csv_string = Ticket::Article.csv_example(
|
|
|
|
col_sep: ',',
|
|
|
|
)
|
|
|
|
send_data(
|
|
|
|
csv_string,
|
|
|
|
filename: 'example.csv',
|
|
|
|
type: 'text/csv',
|
|
|
|
disposition: 'attachment'
|
|
|
|
)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
# @path [POST] /ticket_articles/import
|
|
|
|
#
|
|
|
|
# @summary Starts import.
|
|
|
|
# @notes The requester have 'admin' permissions to be create a new import.
|
|
|
|
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import?try=true'
|
|
|
|
# @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import'
|
|
|
|
#
|
|
|
|
# @response_message 201 Import started.
|
|
|
|
# @response_message 401 Invalid session.
|
|
|
|
def import_start
|
|
|
|
permission_check('admin')
|
|
|
|
if Setting.get('import_mode') != true
|
|
|
|
raise 'Only can import tickets if system is in import mode.'
|
|
|
|
end
|
|
|
|
result = Ticket::Article.csv_import(
|
|
|
|
string: params[:file].read.force_encoding('utf-8'),
|
|
|
|
parse_params: {
|
|
|
|
col_sep: ';',
|
|
|
|
},
|
|
|
|
try: params[:try],
|
|
|
|
)
|
|
|
|
render json: result, status: :ok
|
|
|
|
end
|
|
|
|
|
2017-01-31 16:55:12 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
def sanitized_disposition
|
|
|
|
disposition = params.fetch(:disposition, 'inline')
|
2017-11-23 08:09:44 +00:00
|
|
|
valid_disposition = %w[inline attachment]
|
2017-01-31 16:55:12 +00:00
|
|
|
return disposition if valid_disposition.include?(disposition)
|
|
|
|
raise Exceptions::NotAuthorized, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
|
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|