From 4f08d899cfab95df31de880e3ebaa2bd15c9caba Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Wed, 14 Sep 2016 09:21:17 +0200 Subject: [PATCH] Added per_page limit to 500 (excepting tickets with 100). Added page/per_page support for search actions. --- app/controllers/application_controller.rb | 5 +++++ app/controllers/organizations_controller.rb | 8 ++++++++ app/controllers/tickets_controller.rb | 19 +++++++++++++++++++ app/controllers/users_controller.rb | 8 ++++++++ 4 files changed, 40 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 2a91a648a..148e70548 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -597,6 +597,11 @@ class ApplicationController < ActionController::Base offset = (params[:page].to_i - 1) * params[:per_page].to_i limit = params[:per_page].to_i end + + if per_page > 500 + per_page = 500 + end + generic_objects = if offset > 0 object.limit(params[:per_page]).offset(offset).limit(limit) else diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb index 287150315..47864343f 100644 --- a/app/controllers/organizations_controller.rb +++ b/app/controllers/organizations_controller.rb @@ -55,6 +55,10 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} per_page = params[:per_page].to_i end + if per_page > 500 + per_page = 500 + end + # only allow customer to fetch his own organization organizations = [] if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent') @@ -227,6 +231,10 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co params[:limit] = params[:page].to_i * params[:per_page].to_i end + if params[:limit] && params[:limit].to_i > 500 + params[:limit].to_i = 500 + end + query_params = { query: params[:query], limit: params[:limit], diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb index 93b55e292..f78926e98 100644 --- a/app/controllers/tickets_controller.rb +++ b/app/controllers/tickets_controller.rb @@ -13,6 +13,10 @@ class TicketsController < ApplicationController per_page = params[:per_page].to_i end + if per_page > 100 + per_page = 100 + end + access_condition = Ticket.access_condition(current_user) tickets = Ticket.where(access_condition).offset(offset).limit(per_page) @@ -397,6 +401,15 @@ class TicketsController < ApplicationController params.require(:condition).permit! end + # set limit for pagination if needed + if params[:page] && params[:per_page] + params[:limit] = params[:page].to_i * params[:per_page].to_i + end + + if params[:limit] && params[:limit].to_i > 100 + params[:limit].to_i = 100 + end + # build result list tickets = Ticket.search( limit: params[:limit], @@ -405,6 +418,12 @@ class TicketsController < ApplicationController current_user: current_user, ) + # do pagination if needed + if params[:page] && params[:per_page] + offset = (params[:page].to_i - 1) * params[:per_page].to_i + tickets = tickets.slice(offset, params[:per_page].to_i) || [] + end + if params[:expand] list = [] tickets.each { |ticket| diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 520540762..40e31fb62 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -20,6 +20,10 @@ class UsersController < ApplicationController per_page = params[:per_page].to_i end + if per_page > 500 + per_page = 500 + end + # only allow customer to fetch him self users = if !current_user.permissions?('admin.user') && !current_user.permissions?('ticket.agent') User.where(id: current_user.id).offset(offset).limit(per_page) @@ -333,6 +337,10 @@ class UsersController < ApplicationController params[:limit] = params[:page].to_i * params[:per_page].to_i end + if params[:limit] && params[:limit].to_i > 500 + params[:limit].to_i = 500 + end + query_params = { query: params[:query], limit: params[:limit],