- Corrected with rubocop cop 'Style/PredicateName'.
- Removed application_module method 'is_not_role', was never used. - Renamed Sessions::Backend::Collections methods is_role_set to roles_add. - Renamed Sessions::Backend::Collections methods is_not_role_set to not_roles_add.
This commit is contained in:
Thorsten Eckel
parent
06b5a8df9e
commit
7f67e6f00a
22 changed files with 65 additions and 68 deletions
|
|
@ -200,8 +200,6 @@ Rails/TimeZone:
|
||||||
Enabled: false
|
Enabled: false
|
||||||
Lint/RescueException:
|
Lint/RescueException:
|
||||||
Enabled: false
|
Enabled: false
|
||||||
Style/PredicateName:
|
|
||||||
Enabled: false
|
|
||||||
Style/ClassVars:
|
Style/ClassVars:
|
||||||
Enabled: false
|
Enabled: false
|
||||||
Lint/UselessAssignment:
|
Lint/UselessAssignment:
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ class ApplicationController < ActionController::Base
|
||||||
:authentication_check,
|
:authentication_check,
|
||||||
:authentication_check_action_token,
|
:authentication_check_action_token,
|
||||||
:config_frontend,
|
:config_frontend,
|
||||||
:is_role,
|
:role?,
|
||||||
:model_create_render,
|
:model_create_render,
|
||||||
:model_update_render,
|
:model_update_render,
|
||||||
:model_restory_render,
|
:model_restory_render,
|
||||||
|
|
@ -215,10 +215,9 @@ class ApplicationController < ActionController::Base
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_role( role_name )
|
def role?( role_name )
|
||||||
return false if !current_user
|
return false if !current_user
|
||||||
return true if current_user.is_role( role_name )
|
current_user.role?( role_name )
|
||||||
false
|
|
||||||
end
|
end
|
||||||
|
|
||||||
def ticket_permission(ticket)
|
def ticket_permission(ticket)
|
||||||
|
|
@ -227,12 +226,8 @@ class ApplicationController < ActionController::Base
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
def is_not_role( role_name )
|
|
||||||
deny_if_not_role( role_name )
|
|
||||||
end
|
|
||||||
|
|
||||||
def deny_if_not_role( role_name )
|
def deny_if_not_role( role_name )
|
||||||
return false if is_role( role_name )
|
return false if role?( role_name )
|
||||||
response_access_deny
|
response_access_deny
|
||||||
true
|
true
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -50,7 +50,7 @@ curl http://localhost/api/v1/organizations.json -v -u #{login}:#{password}
|
||||||
|
|
||||||
# only allow customer to fetch his own organization
|
# only allow customer to fetch his own organization
|
||||||
organizations = []
|
organizations = []
|
||||||
if is_role(Z_ROLENAME_CUSTOMER) && !is_role(Z_ROLENAME_ADMIN) && !is_role(Z_ROLENAME_AGENT)
|
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
|
||||||
if current_user.organization_id
|
if current_user.organization_id
|
||||||
organizations = Organization.where( id: current_user.organization_id )
|
organizations = Organization.where( id: current_user.organization_id )
|
||||||
end
|
end
|
||||||
|
|
@ -80,7 +80,7 @@ curl http://localhost/api/v1/organizations/#{id}.json -v -u #{login}:#{password}
|
||||||
def show
|
def show
|
||||||
|
|
||||||
# only allow customer to fetch his own organization
|
# only allow customer to fetch his own organization
|
||||||
if is_role(Z_ROLENAME_CUSTOMER) && !is_role(Z_ROLENAME_ADMIN) && !is_role(Z_ROLENAME_AGENT)
|
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
|
||||||
if !current_user.organization_id
|
if !current_user.organization_id
|
||||||
render json: {}
|
render json: {}
|
||||||
return
|
return
|
||||||
|
|
@ -178,7 +178,7 @@ Test:
|
||||||
def history
|
def history
|
||||||
|
|
||||||
# permissin check
|
# permissin check
|
||||||
if !is_role(Z_ROLENAME_ADMIN) && !is_role(Z_ROLENAME_AGENT)
|
if !role?(Z_ROLENAME_ADMIN) && !role?(Z_ROLENAME_AGENT)
|
||||||
response_access_deny
|
response_access_deny
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ class SearchController < ApplicationController
|
||||||
def search_user_org
|
def search_user_org
|
||||||
|
|
||||||
# enable search only for agents and admins
|
# enable search only for agents and admins
|
||||||
if !current_user.is_role(Z_ROLENAME_AGENT) && !current_user.is_role(Z_ROLENAME_ADMIN)
|
if !current_user.role?(Z_ROLENAME_AGENT) && !current_user.role?(Z_ROLENAME_ADMIN)
|
||||||
response_access_deny
|
response_access_deny
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -26,7 +26,7 @@ module ExtraCollection
|
||||||
Group.all.each {|item|
|
Group.all.each {|item|
|
||||||
assets = item.assets(assets)
|
assets = item.assets(assets)
|
||||||
}
|
}
|
||||||
if !user.is_role(Z_ROLENAME_CUSTOMER)
|
if !user.role?(Z_ROLENAME_CUSTOMER)
|
||||||
collections[ Organization.to_app_model ] = []
|
collections[ Organization.to_app_model ] = []
|
||||||
Organization.all.each {|item|
|
Organization.all.each {|item|
|
||||||
assets = item.assets(assets)
|
assets = item.assets(assets)
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ module ExtraCollection
|
||||||
Ticket::Article::Sender.all.each {|item|
|
Ticket::Article::Sender.all.each {|item|
|
||||||
assets = item.assets(assets)
|
assets = item.assets(assets)
|
||||||
}
|
}
|
||||||
if !user.is_role(Z_ROLENAME_CUSTOMER)
|
if !user.role?(Z_ROLENAME_CUSTOMER)
|
||||||
|
|
||||||
# all signatures
|
# all signatures
|
||||||
collections[ Signature.to_app_model ] = []
|
collections[ Signature.to_app_model ] = []
|
||||||
|
|
|
||||||
|
|
@ -239,7 +239,7 @@ class TicketsController < ApplicationController
|
||||||
articles.each {|article|
|
articles.each {|article|
|
||||||
|
|
||||||
# ignore internal article if customer is requesting
|
# ignore internal article if customer is requesting
|
||||||
next if article.internal == true && is_role(Z_ROLENAME_CUSTOMER)
|
next if article.internal == true && role?(Z_ROLENAME_CUSTOMER)
|
||||||
|
|
||||||
# load article ids
|
# load article ids
|
||||||
article_ids.push article.id
|
article_ids.push article.id
|
||||||
|
|
|
||||||
|
|
@ -15,7 +15,7 @@ class UsersController < ApplicationController
|
||||||
def index
|
def index
|
||||||
|
|
||||||
# only allow customer to fetch him self
|
# only allow customer to fetch him self
|
||||||
if is_role(Z_ROLENAME_CUSTOMER) && !is_role(Z_ROLENAME_ADMIN) && !is_role('Agent')
|
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?('Agent')
|
||||||
users = User.where( id: current_user.id )
|
users = User.where( id: current_user.id )
|
||||||
else
|
else
|
||||||
users = User.all
|
users = User.all
|
||||||
|
|
@ -203,17 +203,17 @@ class UsersController < ApplicationController
|
||||||
user.update_attributes( User.param_cleanup(params) )
|
user.update_attributes( User.param_cleanup(params) )
|
||||||
|
|
||||||
# only allow Admin's and Agent's
|
# only allow Admin's and Agent's
|
||||||
if is_role(Z_ROLENAME_ADMIN) && is_role('Agent') && params[:role_ids]
|
if role?(Z_ROLENAME_ADMIN) && role?('Agent') && params[:role_ids]
|
||||||
user.role_ids = params[:role_ids]
|
user.role_ids = params[:role_ids]
|
||||||
end
|
end
|
||||||
|
|
||||||
# only allow Admin's
|
# only allow Admin's
|
||||||
if is_role(Z_ROLENAME_ADMIN) && params[:group_ids]
|
if role?(Z_ROLENAME_ADMIN) && params[:group_ids]
|
||||||
user.group_ids = params[:group_ids]
|
user.group_ids = params[:group_ids]
|
||||||
end
|
end
|
||||||
|
|
||||||
# only allow Admin's and Agent's
|
# only allow Admin's and Agent's
|
||||||
if is_role(Z_ROLENAME_ADMIN) && is_role('Agent') && params[:organization_ids]
|
if role?(Z_ROLENAME_ADMIN) && role?('Agent') && params[:organization_ids]
|
||||||
user.organization_ids = params[:organization_ids]
|
user.organization_ids = params[:organization_ids]
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -260,7 +260,7 @@ class UsersController < ApplicationController
|
||||||
# @response_message 401 Invalid session.
|
# @response_message 401 Invalid session.
|
||||||
def search
|
def search
|
||||||
|
|
||||||
if is_role(Z_ROLENAME_CUSTOMER) && !is_role(Z_ROLENAME_ADMIN) && !is_role('Agent')
|
if role?(Z_ROLENAME_CUSTOMER) && !role?(Z_ROLENAME_ADMIN) && !role?('Agent')
|
||||||
response_access_deny
|
response_access_deny
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
@ -324,7 +324,7 @@ class UsersController < ApplicationController
|
||||||
def history
|
def history
|
||||||
|
|
||||||
# permissin check
|
# permissin check
|
||||||
if !is_role(Z_ROLENAME_ADMIN) && !is_role('Agent')
|
if !role?(Z_ROLENAME_ADMIN) && !role?('Agent')
|
||||||
response_access_deny
|
response_access_deny
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
@ -715,19 +715,19 @@ curl http://localhost/api/v1/users/avatar -v -u #{login}:#{password} -H "Content
|
||||||
end
|
end
|
||||||
|
|
||||||
def permission_check_by_role
|
def permission_check_by_role
|
||||||
return true if is_role(Z_ROLENAME_ADMIN)
|
return true if role?(Z_ROLENAME_ADMIN)
|
||||||
return true if is_role('Agent')
|
return true if role?('Agent')
|
||||||
|
|
||||||
response_access_deny
|
response_access_deny
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
|
|
||||||
def permission_check
|
def permission_check
|
||||||
return true if is_role(Z_ROLENAME_ADMIN)
|
return true if role?(Z_ROLENAME_ADMIN)
|
||||||
return true if is_role('Agent')
|
return true if role?('Agent')
|
||||||
|
|
||||||
# allow to update customer by him self
|
# allow to update customer by him self
|
||||||
return true if is_role(Z_ROLENAME_CUSTOMER) && params[:id].to_i == current_user.id
|
return true if role?(Z_ROLENAME_CUSTOMER) && params[:id].to_i == current_user.id
|
||||||
|
|
||||||
response_access_deny
|
response_access_deny
|
||||||
false
|
false
|
||||||
|
|
|
||||||
|
|
@ -191,7 +191,7 @@ returns:
|
||||||
roles_options.each {|role, options|
|
roles_options.each {|role, options|
|
||||||
if role == '-all-'
|
if role == '-all-'
|
||||||
data[:screen][screen] = options
|
data[:screen][screen] = options
|
||||||
elsif user && user.is_role(role)
|
elsif user && user.role?(role)
|
||||||
data[:screen][screen] = options
|
data[:screen][screen] = options
|
||||||
end
|
end
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ returns
|
||||||
def permission (data)
|
def permission (data)
|
||||||
|
|
||||||
# check customer
|
# check customer
|
||||||
if data[:current_user].is_role('Customer')
|
if data[:current_user].role?('Customer')
|
||||||
|
|
||||||
# access ok if its own organization
|
# access ok if its own organization
|
||||||
return false if data[:type] != 'ro'
|
return false if data[:type] != 'ro'
|
||||||
|
|
@ -31,8 +31,8 @@ returns
|
||||||
end
|
end
|
||||||
|
|
||||||
# check agent
|
# check agent
|
||||||
return true if data[:current_user].is_role(Z_ROLENAME_ADMIN)
|
return true if data[:current_user].role?(Z_ROLENAME_ADMIN)
|
||||||
return true if data[:current_user].is_role('Agent')
|
return true if data[:current_user].role?('Agent')
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ returns
|
||||||
current_user = params[:current_user]
|
current_user = params[:current_user]
|
||||||
|
|
||||||
# enable search only for agents and admins
|
# enable search only for agents and admins
|
||||||
return [] if !current_user.is_role('Agent') && !current_user.is_role(Z_ROLENAME_ADMIN)
|
return [] if !current_user.role?('Agent') && !current_user.role?(Z_ROLENAME_ADMIN)
|
||||||
|
|
||||||
# try search index backend
|
# try search index backend
|
||||||
if SearchIndexBackend.enabled?
|
if SearchIndexBackend.enabled?
|
||||||
|
|
|
||||||
|
|
@ -93,7 +93,7 @@ returns
|
||||||
|
|
||||||
def self.access_condition(user)
|
def self.access_condition(user)
|
||||||
access_condition = []
|
access_condition = []
|
||||||
if user.is_role(Z_ROLENAME_AGENT)
|
if user.role?(Z_ROLENAME_AGENT)
|
||||||
group_ids = Group.select( 'groups.id' ).joins(:users)
|
group_ids = Group.select( 'groups.id' ).joins(:users)
|
||||||
.where( 'groups_users.user_id = ?', user.id )
|
.where( 'groups_users.user_id = ?', user.id )
|
||||||
.where( 'groups.active = ?', true )
|
.where( 'groups.active = ?', true )
|
||||||
|
|
|
||||||
|
|
@ -19,8 +19,8 @@ returns
|
||||||
def self.all (data)
|
def self.all (data)
|
||||||
|
|
||||||
# get customer overviews
|
# get customer overviews
|
||||||
if data[:current_user].is_role('Customer')
|
if data[:current_user].role?('Customer')
|
||||||
role = data[:current_user].is_role( 'Customer' )
|
role = Role.find_by( name: 'Customer' )
|
||||||
if data[:current_user].organization_id && data[:current_user].organization.shared
|
if data[:current_user].organization_id && data[:current_user].organization.shared
|
||||||
overviews = Overview.where( role_id: role.id, active: true )
|
overviews = Overview.where( role_id: role.id, active: true )
|
||||||
else
|
else
|
||||||
|
|
@ -30,8 +30,8 @@ returns
|
||||||
end
|
end
|
||||||
|
|
||||||
# get agent overviews
|
# get agent overviews
|
||||||
role = data[:current_user].is_role( 'Agent' )
|
return if !data[:current_user].role?( 'Agent' )
|
||||||
return if !role
|
role = Role.find_by( name: 'Agent' )
|
||||||
Overview.where( role_id: role.id, active: true )
|
Overview.where( role_id: role.id, active: true )
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -112,7 +112,7 @@ returns
|
||||||
|
|
||||||
# @tickets = Ticket.where(:group_id => groups, attributes[:myopenassigned] ).limit(params[:limit])
|
# @tickets = Ticket.where(:group_id => groups, attributes[:myopenassigned] ).limit(params[:limit])
|
||||||
# get only tickets with permissions
|
# get only tickets with permissions
|
||||||
if data[:current_user].is_role('Customer')
|
if data[:current_user].role?('Customer')
|
||||||
group_ids = Group.select( 'groups.id' )
|
group_ids = Group.select( 'groups.id' )
|
||||||
.where( 'groups.active = ?', true )
|
.where( 'groups.active = ?', true )
|
||||||
.map( &:id )
|
.map( &:id )
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,7 @@ returns
|
||||||
def permission (data)
|
def permission (data)
|
||||||
|
|
||||||
# check customer
|
# check customer
|
||||||
if data[:current_user].is_role('Customer')
|
if data[:current_user].role?('Customer')
|
||||||
|
|
||||||
# access ok if its own ticket
|
# access ok if its own ticket
|
||||||
return true if customer_id == data[:current_user].id
|
return true if customer_id == data[:current_user].id
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,7 @@ returns
|
||||||
query_extention['bool'] = {}
|
query_extention['bool'] = {}
|
||||||
query_extention['bool']['must'] = []
|
query_extention['bool']['must'] = []
|
||||||
|
|
||||||
if current_user.is_role('Agent')
|
if current_user.role?('Agent')
|
||||||
groups = Group.joins(:users)
|
groups = Group.joins(:users)
|
||||||
.where( 'groups_users.user_id = ?', current_user.id )
|
.where( 'groups_users.user_id = ?', current_user.id )
|
||||||
.where( 'groups.active = ?', true )
|
.where( 'groups.active = ?', true )
|
||||||
|
|
|
||||||
|
|
@ -107,7 +107,7 @@ returns
|
||||||
check if user is in role
|
check if user is in role
|
||||||
|
|
||||||
user = User.find(123)
|
user = User.find(123)
|
||||||
result = user.is_role('Customer')
|
result = user.role?('Customer')
|
||||||
|
|
||||||
returns
|
returns
|
||||||
|
|
||||||
|
|
@ -115,11 +115,15 @@ returns
|
||||||
|
|
||||||
=end
|
=end
|
||||||
|
|
||||||
def is_role( role_name )
|
def role?( role_name )
|
||||||
|
|
||||||
|
result = false
|
||||||
roles.each { |role|
|
roles.each { |role|
|
||||||
return role if role.name == role_name
|
next if role.name != role_name
|
||||||
|
result = true
|
||||||
|
break
|
||||||
}
|
}
|
||||||
false
|
result
|
||||||
end
|
end
|
||||||
|
|
||||||
=begin
|
=begin
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ returns
|
||||||
def permission (data)
|
def permission (data)
|
||||||
|
|
||||||
# check customer
|
# check customer
|
||||||
if data[:current_user].is_role(Z_ROLENAME_CUSTOMER)
|
if data[:current_user].role?(Z_ROLENAME_CUSTOMER)
|
||||||
|
|
||||||
# access ok if its own user
|
# access ok if its own user
|
||||||
return true if id == data[:current_user].id
|
return true if id == data[:current_user].id
|
||||||
|
|
@ -29,8 +29,8 @@ returns
|
||||||
end
|
end
|
||||||
|
|
||||||
# check agent
|
# check agent
|
||||||
return true if data[:current_user].is_role(Z_ROLENAME_ADMIN)
|
return true if data[:current_user].role?(Z_ROLENAME_ADMIN)
|
||||||
return true if data[:current_user].is_role('Agent')
|
return true if data[:current_user].role?('Agent')
|
||||||
false
|
false
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ returns
|
||||||
current_user = params[:current_user]
|
current_user = params[:current_user]
|
||||||
|
|
||||||
# enable search only for agents and admins
|
# enable search only for agents and admins
|
||||||
return [] if !current_user.is_role('Agent') && !current_user.is_role(Z_ROLENAME_ADMIN)
|
return [] if !current_user.role?('Agent') && !current_user.role?(Z_ROLENAME_ADMIN)
|
||||||
|
|
||||||
# try search index backend
|
# try search index backend
|
||||||
if SearchIndexBackend.enabled?
|
if SearchIndexBackend.enabled?
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
class Sessions::Backend::Collections::Base
|
class Sessions::Backend::Collections::Base
|
||||||
class << self; attr_accessor :model, :is_role, :is_not_role end
|
class << self; attr_accessor :model, :roles, :not_roles end
|
||||||
|
|
||||||
def initialize( user, client = nil, client_id = nil, ttl )
|
def initialize( user, client = nil, client_id = nil, ttl )
|
||||||
@user = user
|
@user = user
|
||||||
|
|
@ -22,19 +22,19 @@ class Sessions::Backend::Collections::Base
|
||||||
def push
|
def push
|
||||||
|
|
||||||
# check role based access
|
# check role based access
|
||||||
if self.class.is_role
|
if self.class.roles
|
||||||
access = false
|
access = false
|
||||||
self.class.is_role.each {|role|
|
self.class.roles.each {|role|
|
||||||
next if !@user.is_role(role)
|
next if !@user.role?(role)
|
||||||
access = true
|
access = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
return if !access
|
return if !access
|
||||||
end
|
end
|
||||||
if self.class.is_not_role
|
if self.class.not_roles
|
||||||
access = false
|
access = false
|
||||||
self.class.is_not_role.each {|role|
|
self.class.not_roles.each {|role|
|
||||||
next if @user.is_role(role)
|
next if @user.role?(role)
|
||||||
access = true
|
access = true
|
||||||
break
|
break
|
||||||
}
|
}
|
||||||
|
|
@ -96,18 +96,18 @@ class Sessions::Backend::Collections::Base
|
||||||
@model = model
|
@model = model
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.is_role_set(role)
|
def self.roles_add(role)
|
||||||
if !@is_role
|
if !@roles
|
||||||
@is_role = []
|
@roles = []
|
||||||
end
|
end
|
||||||
@is_role.push role
|
@roles.push role
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.is_not_role_set(role)
|
def self.not_roles_add(role)
|
||||||
if !@is_not_role
|
if !@not_roles
|
||||||
@is_not_role = []
|
@not_roles = []
|
||||||
end
|
end
|
||||||
@is_not_role.push role
|
@not_roles.push role
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
class Sessions::Backend::Collections::EmailAddress < Sessions::Backend::Collections::Base
|
class Sessions::Backend::Collections::EmailAddress < Sessions::Backend::Collections::Base
|
||||||
model_set 'EmailAddress'
|
model_set 'EmailAddress'
|
||||||
is_not_role_set 'Customer'
|
not_roles_add 'Customer'
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ class Sessions::Backend::Collections::Organization < Sessions::Backend::Collecti
|
||||||
|
|
||||||
# get whole collection
|
# get whole collection
|
||||||
all = []
|
all = []
|
||||||
if !@user.is_role('Customer')
|
if !@user.role?('Customer')
|
||||||
all = Organization.all
|
all = Organization.all
|
||||||
else
|
else
|
||||||
if @user.organization_id
|
if @user.organization_id
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
class Sessions::Backend::Collections::Signature < Sessions::Backend::Collections::Base
|
class Sessions::Backend::Collections::Signature < Sessions::Backend::Collections::Base
|
||||||
model_set 'Signature'
|
model_set 'Signature'
|
||||||
is_not_role_set 'Customer'
|
not_roles_add 'Customer'
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue