2016-10-19 03:11:36 +00:00
|
|
|
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
|
2013-06-12 15:59:58 +00:00
|
|
|
|
2012-04-10 14:06:46 +00:00
|
|
|
class TicketArticlesController < ApplicationController
|
2017-03-09 11:44:51 +00:00
|
|
|
include AccessesTickets
|
|
|
|
include CreatesTicketArticles
|
|
|
|
|
2017-02-15 12:29:25 +00:00
|
|
|
prepend_before_action :authentication_check
|
2012-04-10 14:06:46 +00:00
|
|
|
|
|
|
|
# GET /articles
|
|
|
|
def index
|
2016-08-12 16:39:09 +00:00
|
|
|
permission_check('admin')
|
2016-06-20 12:13:00 +00:00
|
|
|
model_index_render(Ticket::Article, params)
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# GET /articles/1
|
|
|
|
def show
|
2016-06-20 12:13:00 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2016-06-30 08:24:03 +00:00
|
|
|
article_permission(article)
|
2016-06-20 12:13:00 +00:00
|
|
|
|
|
|
|
if params[:expand]
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-06-20 12:13:00 +00:00
|
|
|
render json: result, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if params[:full]
|
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names
|
2016-06-21 20:59:03 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# GET /ticket_articles/by_ticket/1
|
|
|
|
def index_by_ticket
|
|
|
|
ticket = Ticket.find(params[:id])
|
2016-06-30 08:24:03 +00:00
|
|
|
ticket_permission(ticket)
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
articles = []
|
|
|
|
|
|
|
|
if params[:expand]
|
2016-12-13 14:54:01 +00:00
|
|
|
ticket.articles.each { |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-06-21 20:59:03 +00:00
|
|
|
articles.push result
|
|
|
|
}
|
|
|
|
|
|
|
|
render json: articles, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if params[:full]
|
|
|
|
assets = {}
|
|
|
|
record_ids = []
|
2016-12-13 14:54:01 +00:00
|
|
|
ticket.articles.each { |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
record_ids.push article.id
|
|
|
|
assets = article.assets({})
|
|
|
|
}
|
|
|
|
render json: {
|
|
|
|
record_ids: record_ids,
|
|
|
|
assets: assets,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2016-12-13 14:54:01 +00:00
|
|
|
ticket.articles.each { |article|
|
2016-06-21 20:59:03 +00:00
|
|
|
|
|
|
|
# ignore internal article if customer is requesting
|
2016-08-12 16:39:09 +00:00
|
|
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
2017-01-31 17:13:45 +00:00
|
|
|
articles.push article.attributes_with_association_names
|
2016-06-21 20:59:03 +00:00
|
|
|
}
|
|
|
|
render json: articles
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# POST /articles
|
|
|
|
def create
|
2016-08-24 11:42:22 +00:00
|
|
|
ticket = Ticket.find(params[:ticket_id])
|
|
|
|
ticket_permission(ticket)
|
|
|
|
article = article_create(ticket, params)
|
2012-11-13 10:34:45 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if params[:expand]
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-08-24 11:42:22 +00:00
|
|
|
render json: result, status: :created
|
|
|
|
return
|
2012-12-02 10:18:55 +00:00
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if params[:full]
|
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full, status: :created
|
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2016-08-24 11:42:22 +00:00
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names, status: :created
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# PUT /articles/1
|
|
|
|
def update
|
2016-06-07 19:22:08 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2016-06-30 08:24:03 +00:00
|
|
|
article_permission(article)
|
2016-06-07 19:22:08 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if !current_user.permissions?('ticket.agent') && !current_user.permissions?('admin')
|
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (ticket.agent or admin permission required)!'
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
clean_params = Ticket::Article.association_name_to_id_convert(params)
|
2016-06-07 19:22:08 +00:00
|
|
|
clean_params = Ticket::Article.param_cleanup(clean_params, true)
|
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
article.update_attributes!(clean_params)
|
|
|
|
|
|
|
|
if params[:expand]
|
2017-01-31 17:13:45 +00:00
|
|
|
result = article.attributes_with_association_names
|
2016-08-24 11:42:22 +00:00
|
|
|
render json: result, status: :ok
|
|
|
|
return
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2016-08-24 11:42:22 +00:00
|
|
|
|
|
|
|
if params[:full]
|
|
|
|
full = Ticket::Article.full(params[:id])
|
|
|
|
render json: full, status: :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
2017-01-31 17:13:45 +00:00
|
|
|
render json: article.attributes_with_association_names, status: :ok
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# DELETE /articles/1
|
|
|
|
def destroy
|
2016-06-07 19:22:08 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2016-06-30 08:24:03 +00:00
|
|
|
article_permission(article)
|
2012-04-10 14:06:46 +00:00
|
|
|
|
2016-08-24 11:42:22 +00:00
|
|
|
if current_user.permissions?('admin')
|
|
|
|
article.destroy!
|
|
|
|
head :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
if current_user.permissions?('ticket.agent') && article.created_by_id == current_user.id && article.type.name == 'note'
|
|
|
|
article.destroy!
|
|
|
|
head :ok
|
|
|
|
return
|
|
|
|
end
|
|
|
|
|
|
|
|
raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!'
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
|
2014-10-06 20:24:21 +00:00
|
|
|
# DELETE /ticket_attachment_upload
|
|
|
|
def ticket_attachment_upload_delete
|
2015-11-04 11:42:57 +00:00
|
|
|
if params[:store_id]
|
|
|
|
Store.remove_item(params[:store_id])
|
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
elsif params[:form_id]
|
|
|
|
Store.remove(
|
|
|
|
object: 'UploadCache',
|
|
|
|
o_id: params[:form_id],
|
|
|
|
)
|
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
}
|
|
|
|
return
|
|
|
|
end
|
2014-10-06 20:24:21 +00:00
|
|
|
|
2015-11-04 11:42:57 +00:00
|
|
|
render json: { message: 'No such store_id or form_id!' }, status: :unprocessable_entity
|
2014-10-06 20:24:21 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
# POST /ticket_attachment_upload
|
|
|
|
def ticket_attachment_upload_add
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# store file
|
2014-10-06 20:24:21 +00:00
|
|
|
file = params[:File]
|
|
|
|
content_type = file.content_type
|
2012-09-20 12:08:02 +00:00
|
|
|
if !content_type || content_type == 'application/octet-stream'
|
2016-01-15 17:22:57 +00:00
|
|
|
content_type = if MIME::Types.type_for(file.original_filename).first
|
|
|
|
MIME::Types.type_for(file.original_filename).first.content_type
|
|
|
|
else
|
|
|
|
'application/octet-stream'
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
headers_store = {
|
|
|
|
'Content-Type' => content_type
|
|
|
|
}
|
2014-10-06 20:24:21 +00:00
|
|
|
store = Store.add(
|
2015-04-27 13:42:53 +00:00
|
|
|
object: 'UploadCache',
|
|
|
|
o_id: params[:form_id],
|
|
|
|
data: file.read,
|
|
|
|
filename: file.original_filename,
|
|
|
|
preferences: headers_store
|
2012-09-20 12:08:02 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
# return result
|
2015-04-27 13:42:53 +00:00
|
|
|
render json: {
|
|
|
|
success: true,
|
|
|
|
data: {
|
|
|
|
store_id: store.id,
|
|
|
|
filename: file.original_filename,
|
|
|
|
size: store.size,
|
2014-10-06 20:24:21 +00:00
|
|
|
}
|
2012-09-20 12:08:02 +00:00
|
|
|
}
|
|
|
|
end
|
2012-12-02 10:18:55 +00:00
|
|
|
|
2016-06-07 19:22:08 +00:00
|
|
|
# GET /ticket_attachment/:ticket_id/:article_id/:id
|
2012-09-20 12:08:02 +00:00
|
|
|
def attachment
|
2016-05-10 22:09:10 +00:00
|
|
|
ticket = Ticket.lookup(id: params[:ticket_id])
|
2012-09-20 12:08:02 +00:00
|
|
|
if !ticket_permission(ticket)
|
2016-06-30 08:24:03 +00:00
|
|
|
raise Exceptions::NotAuthorized, 'No such ticket.'
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
2016-05-10 22:09:10 +00:00
|
|
|
article = Ticket::Article.find(params[:article_id])
|
2012-09-20 12:08:02 +00:00
|
|
|
if ticket.id != article.ticket_id
|
2017-04-04 16:15:29 +00:00
|
|
|
|
|
|
|
# check if requested ticket got merged
|
|
|
|
if ticket.state.state_type.name != 'merged'
|
|
|
|
raise Exceptions::NotAuthorized, 'No access, article_id/ticket_id is not matching.'
|
|
|
|
end
|
|
|
|
|
|
|
|
ticket = article.ticket
|
|
|
|
if !ticket_permission(ticket)
|
|
|
|
raise Exceptions::NotAuthorized, "No access, for ticket_id '#{ticket.id}'."
|
|
|
|
end
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2014-02-05 12:22:14 +00:00
|
|
|
list = article.attachments || []
|
2012-09-20 12:08:02 +00:00
|
|
|
access = false
|
2016-06-30 20:04:48 +00:00
|
|
|
list.each { |item|
|
2012-09-20 12:08:02 +00:00
|
|
|
if item.id.to_i == params[:id].to_i
|
|
|
|
access = true
|
|
|
|
end
|
|
|
|
}
|
2016-06-30 08:24:03 +00:00
|
|
|
raise Exceptions::NotAuthorized, 'Requested file id is not linked with article_id.' if !access
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# find file
|
|
|
|
file = Store.find(params[:id])
|
2017-01-31 16:55:12 +00:00
|
|
|
|
|
|
|
disposition = sanitized_disposition
|
|
|
|
|
2012-09-20 12:08:02 +00:00
|
|
|
send_data(
|
2014-04-28 07:44:36 +00:00
|
|
|
file.content,
|
2015-04-27 13:42:53 +00:00
|
|
|
filename: file.filename,
|
|
|
|
type: file.preferences['Content-Type'] || file.preferences['Mime-Type'],
|
2017-01-31 16:55:12 +00:00
|
|
|
disposition: disposition
|
2012-09-20 12:08:02 +00:00
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
# GET /ticket_article_plain/1
|
|
|
|
def article_plain
|
2016-05-10 22:09:10 +00:00
|
|
|
article = Ticket::Article.find(params[:id])
|
2016-06-30 08:24:03 +00:00
|
|
|
article_permission(article)
|
2012-09-20 12:08:02 +00:00
|
|
|
|
2016-12-20 23:07:47 +00:00
|
|
|
file = article.as_raw
|
2012-09-20 12:08:02 +00:00
|
|
|
|
|
|
|
# find file
|
2016-12-20 23:07:47 +00:00
|
|
|
return if !file
|
2015-04-30 15:25:04 +00:00
|
|
|
|
|
|
|
send_data(
|
|
|
|
file.content,
|
|
|
|
filename: file.filename,
|
|
|
|
type: 'message/rfc822',
|
|
|
|
disposition: 'inline'
|
|
|
|
)
|
2012-09-20 12:08:02 +00:00
|
|
|
end
|
|
|
|
|
2017-01-31 16:55:12 +00:00
|
|
|
private
|
|
|
|
|
2017-03-09 11:44:51 +00:00
|
|
|
def article_permission(article)
|
2017-03-10 05:34:51 +00:00
|
|
|
if current_user.permissions?('ticket.customer')
|
|
|
|
raise Exceptions::NotAuthorized if article.internal == true
|
|
|
|
end
|
2017-03-09 11:44:51 +00:00
|
|
|
ticket = Ticket.lookup(id: article.ticket_id)
|
|
|
|
return true if ticket.permission(current_user: current_user)
|
|
|
|
raise Exceptions::NotAuthorized
|
|
|
|
end
|
|
|
|
|
2017-01-31 16:55:12 +00:00
|
|
|
def sanitized_disposition
|
|
|
|
disposition = params.fetch(:disposition, 'inline')
|
|
|
|
valid_disposition = %w(inline attachment)
|
|
|
|
return disposition if valid_disposition.include?(disposition)
|
|
|
|
raise Exceptions::NotAuthorized, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
|
|
|
|
end
|
2012-04-10 14:06:46 +00:00
|
|
|
end
|