diff --git a/app/assets/javascripts/app/controllers/agent_ticket_view.js.coffee b/app/assets/javascripts/app/controllers/agent_ticket_view.js.coffee index 6b4acf740..448a93dc0 100644 --- a/app/assets/javascripts/app/controllers/agent_ticket_view.js.coffee +++ b/app/assets/javascripts/app/controllers/agent_ticket_view.js.coffee @@ -193,8 +193,8 @@ class Index extends App.Controller bulk_form: => @configure_attributes_ticket = [ - { name: 'ticket_state_id', display: 'State', tag: 'select', multiple: false, null: true, relation: 'TicketState', filter: @bulk, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' }, - { name: 'ticket_priority_id', display: 'Priority', tag: 'select', multiple: false, null: true, relation: 'TicketPriority', filter: @bulk, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' }, + { name: 'ticket_state_id', display: 'State', tag: 'select', multiple: false, null: true, relation: 'TicketState', filter: @bulk, translate: true, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' }, + { name: 'ticket_priority_id', display: 'Priority', tag: 'select', multiple: false, null: true, relation: 'TicketPriority', filter: @bulk, translate: true, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' }, { name: 'group_id', display: 'Group', tag: 'select', multiple: false, null: true, relation: 'Group', filter: @bulk, nulloption: true, class: 'span2', item_class: 'keepleft' }, { name: 'owner_id', display: 'Owner', tag: 'select', multiple: false, null: true, relation: 'User', filter: @bulk, nulloption: true, class: 'span2', item_class: 'keepleft' }, ] diff --git a/app/assets/javascripts/app/views/agent_ticket_zoom.jst.eco b/app/assets/javascripts/app/views/agent_ticket_zoom.jst.eco index ab6d3b285..0b642630a 100644 --- a/app/assets/javascripts/app/views/agent_ticket_zoom.jst.eco +++ b/app/assets/javascripts/app/views/agent_ticket_zoom.jst.eco @@ -63,7 +63,7 @@ <% if article.attachments: %>
<% for attachment in article.attachments: %> - <%= attachment.filename %> + <%= attachment.filename %> <% end %>
<% end %> diff --git a/app/controllers/ticket_overviews_controller.rb b/app/controllers/ticket_overviews_controller.rb index 5b78b094e..5f0104cee 100644 --- a/app/controllers/ticket_overviews_controller.rb +++ b/app/controllers/ticket_overviews_controller.rb @@ -286,7 +286,27 @@ class TicketOverviewsController < ApplicationController # permissin check ticket = Ticket.find( params[:ticket_id] ) - return if !ticket_permission(ticket) + if !ticket_permission(ticket) + render( :json => 'No such ticket.', :status => :unauthorized ) + return + end + article = Ticket::Article.find( params[:article_id] ) + if ticket.id != article.ticket_id + render( :json => 'No access, article_id/ticket_id is not matching.', :status => :unauthorized ) + return + end + + list = Store.list( :object => 'Ticket::Article', :o_id => params[:article_id] ) || [] + access = false + list.each {|item| + if item.id.to_i == params[:id].to_i + access = true + end + } + if !access + render( :json => 'Requested file id is not linked with article_id.', :status => :unauthorized ) + return + end # find file file = Store.find(params[:id]) diff --git a/config/routes/ticket.rb b/config/routes/ticket.rb index 98ba5fe85..8399a1529 100644 --- a/config/routes/ticket.rb +++ b/config/routes/ticket.rb @@ -2,25 +2,25 @@ module ExtraRoutes def add(map) # tickets - map.resources :channels, :only => [:create, :show, :index, :update, :destroy] - map.resources :ticket_articles, :only => [:create, :show, :index, :update] - map.resources :ticket_priorities, :only => [:create, :show, :index, :update] - map.resources :ticket_states, :only => [:create, :show, :index, :update] - map.resources :tickets, :only => [:create, :show, :index, :update] - map.match '/ticket_full/:id', :to => 'ticket_overviews#ticket_full' - map.match '/ticket_attachment/:id', :to => 'ticket_overviews#ticket_attachment' - map.match '/ticket_attachment_new', :to => 'ticket_overviews#ticket_attachment_new' - map.match '/ticket_article_plain/:id', :to => 'ticket_overviews#ticket_article_plain' - map.match '/ticket_history/:id', :to => 'ticket_overviews#ticket_history' - map.match '/ticket_customer', :to => 'ticket_overviews#ticket_customer' - map.match '/ticket_overviews', :to => 'ticket_overviews#show' - map.match '/ticket_create', :to => 'ticket_overviews#ticket_create' - map.match '/user_search', :to => 'ticket_overviews#user_search' + map.resources :channels, :only => [:create, :show, :index, :update, :destroy] + map.resources :ticket_articles, :only => [:create, :show, :index, :update] + map.resources :ticket_priorities, :only => [:create, :show, :index, :update] + map.resources :ticket_states, :only => [:create, :show, :index, :update] + map.resources :tickets, :only => [:create, :show, :index, :update] + map.match '/ticket_full/:id', :to => 'ticket_overviews#ticket_full' + map.match '/ticket_attachment/:ticket_id/:article_id/:id', :to => 'ticket_overviews#ticket_attachment' + map.match '/ticket_attachment_new', :to => 'ticket_overviews#ticket_attachment_new' + map.match '/ticket_article_plain/:id', :to => 'ticket_overviews#ticket_article_plain' + map.match '/ticket_history/:id', :to => 'ticket_overviews#ticket_history' + map.match '/ticket_customer', :to => 'ticket_overviews#ticket_customer' + map.match '/ticket_overviews', :to => 'ticket_overviews#show' + map.match '/ticket_create', :to => 'ticket_overviews#ticket_create' + map.match '/user_search', :to => 'ticket_overviews#user_search' map.match '/ticket_merge/:slave_ticket_id/:master_ticket_number', :to => 'ticket_overviews#ticket_merge' - map.match '/activity_stream', :to => 'activity#activity_stream' - map.match '/recent_viewed', :to => 'recent_viewed#recent_viewed' + map.match '/activity_stream', :to => 'activity#activity_stream' + map.match '/recent_viewed', :to => 'recent_viewed#recent_viewed' end module_function :add