trabajo-afectivo/app/controllers/ticket_articles_controller.rb

282 lines
7.1 KiB
Ruby
Raw Normal View History

2016-10-19 03:11:36 +00:00
# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
2012-04-10 14:06:46 +00:00
class TicketArticlesController < ApplicationController
before_action :authentication_check
2012-04-10 14:06:46 +00:00
# GET /articles
def index
permission_check('admin')
2016-06-20 12:13:00 +00:00
model_index_render(Ticket::Article, params)
2012-04-10 14:06:46 +00:00
end
# GET /articles/1
def show
2016-06-20 12:13:00 +00:00
# permission check
article = Ticket::Article.find(params[:id])
article_permission(article)
2016-06-20 12:13:00 +00:00
if params[:expand]
result = article.attributes_with_association_names
2016-06-20 12:13:00 +00:00
result[:attachments] = article.attachments
render json: result, status: :ok
return
end
if params[:full]
full = Ticket::Article.full(params[:id])
render json: full
return
end
render json: article.attributes_with_association_names
end
# GET /ticket_articles/by_ticket/1
def index_by_ticket
# permission check
ticket = Ticket.find(params[:id])
ticket_permission(ticket)
articles = []
if params[:expand]
ticket.articles.each { |article|
# ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer')
result = article.attributes_with_association_names
# add attachments
result[:attachments] = article.attachments
articles.push result
}
render json: articles, status: :ok
return
end
if params[:full]
assets = {}
record_ids = []
ticket.articles.each { |article|
# ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer')
record_ids.push article.id
assets = article.assets({})
}
render json: {
record_ids: record_ids,
assets: assets,
}
return
end
ticket.articles.each { |article|
# ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer')
articles.push article.attributes_with_association_names
}
render json: articles
2012-04-10 14:06:46 +00:00
end
# POST /articles
def create
ticket = Ticket.find(params[:ticket_id])
ticket_permission(ticket)
article = article_create(ticket, params)
if params[:expand]
result = article.attributes_with_association_names
result[:attachments] = article.attachments
render json: result, status: :created
return
2012-12-02 10:18:55 +00:00
end
2012-04-10 14:06:46 +00:00
if params[:full]
full = Ticket::Article.full(params[:id])
render json: full, status: :created
return
2012-04-10 14:06:46 +00:00
end
render json: article.attributes_with_association_names, status: :created
2012-04-10 14:06:46 +00:00
end
# PUT /articles/1
def update
# permission check
article = Ticket::Article.find(params[:id])
article_permission(article)
if !current_user.permissions?('ticket.agent') && !current_user.permissions?('admin')
raise Exceptions::NotAuthorized, 'Not authorized (ticket.agent or admin permission required)!'
end
clean_params = Ticket::Article.association_name_to_id_convert(params)
clean_params = Ticket::Article.param_cleanup(clean_params, true)
article.update_attributes!(clean_params)
if params[:expand]
result = article.attributes_with_association_names
result[:attachments] = article.attachments
render json: result, status: :ok
return
2012-04-10 14:06:46 +00:00
end
if params[:full]
full = Ticket::Article.full(params[:id])
render json: full, status: :ok
return
end
render json: article.attributes_with_association_names, status: :ok
2012-04-10 14:06:46 +00:00
end
# DELETE /articles/1
def destroy
article = Ticket::Article.find(params[:id])
article_permission(article)
2012-04-10 14:06:46 +00:00
if current_user.permissions?('admin')
article.destroy!
head :ok
return
end
if current_user.permissions?('ticket.agent') && article.created_by_id == current_user.id && article.type.name == 'note'
article.destroy!
head :ok
return
end
raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!'
2012-04-10 14:06:46 +00:00
end
2014-10-06 20:24:21 +00:00
# DELETE /ticket_attachment_upload
def ticket_attachment_upload_delete
if params[:store_id]
Store.remove_item(params[:store_id])
render json: {
success: true,
}
return
elsif params[:form_id]
Store.remove(
object: 'UploadCache',
o_id: params[:form_id],
)
render json: {
success: true,
}
return
end
2014-10-06 20:24:21 +00:00
render json: { message: 'No such store_id or form_id!' }, status: :unprocessable_entity
2014-10-06 20:24:21 +00:00
end
# POST /ticket_attachment_upload
def ticket_attachment_upload_add
# store file
2014-10-06 20:24:21 +00:00
file = params[:File]
content_type = file.content_type
if !content_type || content_type == 'application/octet-stream'
content_type = if MIME::Types.type_for(file.original_filename).first
MIME::Types.type_for(file.original_filename).first.content_type
else
'application/octet-stream'
end
end
headers_store = {
'Content-Type' => content_type
}
2014-10-06 20:24:21 +00:00
store = Store.add(
object: 'UploadCache',
o_id: params[:form_id],
data: file.read,
filename: file.original_filename,
preferences: headers_store
)
# return result
render json: {
success: true,
data: {
store_id: store.id,
filename: file.original_filename,
size: store.size,
2014-10-06 20:24:21 +00:00
}
}
end
2012-12-02 10:18:55 +00:00
# GET /ticket_attachment/:ticket_id/:article_id/:id
def attachment
2016-01-27 18:26:10 +00:00
# permission check
2016-05-10 22:09:10 +00:00
ticket = Ticket.lookup(id: params[:ticket_id])
if !ticket_permission(ticket)
raise Exceptions::NotAuthorized, 'No such ticket.'
end
2016-05-10 22:09:10 +00:00
article = Ticket::Article.find(params[:article_id])
if ticket.id != article.ticket_id
raise Exceptions::NotAuthorized, 'No access, article_id/ticket_id is not matching.'
end
list = article.attachments || []
access = false
2016-06-30 20:04:48 +00:00
list.each { |item|
if item.id.to_i == params[:id].to_i
access = true
end
}
raise Exceptions::NotAuthorized, 'Requested file id is not linked with article_id.' if !access
# find file
file = Store.find(params[:id])
disposition = sanitized_disposition
send_data(
2014-04-28 07:44:36 +00:00
file.content,
filename: file.filename,
type: file.preferences['Content-Type'] || file.preferences['Mime-Type'],
disposition: disposition
)
end
# GET /ticket_article_plain/1
def article_plain
2016-01-27 18:26:10 +00:00
# permission check
2016-05-10 22:09:10 +00:00
article = Ticket::Article.find(params[:id])
article_permission(article)
file = article.as_raw
# find file
return if !file
send_data(
file.content,
filename: file.filename,
type: 'message/rfc822',
disposition: 'inline'
)
end
private
def sanitized_disposition
disposition = params.fetch(:disposition, 'inline')
valid_disposition = %w(inline attachment)
return disposition if valid_disposition.include?(disposition)
raise Exceptions::NotAuthorized, "Invalid disposition #{disposition} requested. Only #{valid_disposition.join(', ')} are valid."
end
2012-04-10 14:06:46 +00:00
end