Skip to content

Commit 99ce781

Browse files
authored
Merge pull request #726 from aleixgil/bugfix/ticketUpdateProtection
On comment ticket, validation implementation. Response returned. Translations.
2 parents b90296f + c781dea commit 99ce781

File tree

7 files changed

+44
-5
lines changed

7 files changed

+44
-5
lines changed

app/Http/Controllers/Api/CommentsController.php

Lines changed: 19 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -2,18 +2,34 @@
22

33
namespace App\Http\Controllers\Api;
44

5+
use App\Requester;
56
use App\Ticket;
67
use Illuminate\Http\Response;
8+
use Illuminate\Support\Facades\App;
79

810
class CommentsController extends ApiController
911
{
1012
public function store(Ticket $ticket)
1113
{
12-
$comment = $ticket->addComment(null, strip_tags(request('body')), request('new_status'));
14+
App::setLocale(request('language'));
15+
16+
$ticketRequester = Requester::findOrFail($ticket->requester_id);
17+
try {
18+
Requester::validateTicketComment(request('requester'), $ticketRequester);
19+
} catch (\Exception $e) {
20+
return $this->respond(['id' => null, 'message' => $e->getMessage()], Response::HTTP_BAD_REQUEST);
21+
}
22+
23+
$comment = $ticket->addComment(null, strip_tags(request('body')), request('new_status'));
24+
25+
if (request('new_status') == $ticket::STATUS_SOLVED) {
26+
return $this->respond(['id' => null, 'message' => __('validation.solvedTicket')], Response::HTTP_CREATED);
27+
}
28+
1329
if (! $comment) {
14-
return $this->respond(['id' => null, 'message' => 'Can not create a comment with empty body'], Response::HTTP_OK);
30+
return $this->respond(['id' => null, 'message' => __('validation.emptyBodyComment')], Response::HTTP_BAD_REQUEST);
1531
}
1632

17-
return $this->respond(['id' => $comment->id], Response::HTTP_CREATED);
33+
return $this->respond(['id' => $comment->id, 'message' => __('validation.commentCreated')], Response::HTTP_CREATED);
1834
}
1935
}

app/Requester.php

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,13 @@ public static function findOrCreate($name, $email = null)
1717
return self::firstOrCreate(['email' => $email], ['name' => $name]);
1818
}
1919

20+
public static function validateTicketComment($requester, $ticketRequester)
21+
{
22+
if (! ($requester['name'] == $ticketRequester->name && $requester['email'] == $ticketRequester->email)) {
23+
throw new \Exception(__('validation.ticketCommentInjection'));
24+
}
25+
}
26+
2027
public function tickets()
2128
{
2229
return $this->hasMany(Ticket::class);
@@ -42,7 +49,8 @@ public function closedTickets()
4249
return $this->tickets()->where('status', '=', Ticket::STATUS_CLOSED);
4350
}
4451

45-
public function shouldBeNotified(){
52+
public function shouldBeNotified()
53+
{
4654
return $this->no_reply == false;
4755
}
4856
}

resources/lang/ca/ticket.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,6 @@
5353
'blocker' => 'Bloquejant',
5454
'thanksForTheRating' => 'Moltes gràcies!',
5555
'rated' => 'Classificats',
56-
'ticketType' => 'Tipo de tickets',
56+
'ticketType' => 'Tipo de tiquets',
5757
'needSubject' => "Fa falta l'asumpte",
5858
];

resources/lang/ca/validation.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,4 +141,8 @@
141141
'subject' => 'assumpte',
142142
'message' => 'missatge',
143143
],
144+
'emptyBodyComment' => 'No pots crear un comentari buit.',
145+
'commentCreated' => 'Comentari creat.',
146+
'ticketCommentInjection' => 'Error al enviar el comentari. No s\'està guardant al tiquet que toca.',
147+
'solvedTicket' => 'Tiquet solucionat.',
144148
];

resources/lang/en/validation.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -148,4 +148,8 @@
148148
'subject' => 'subject',
149149
'message' => 'message',
150150
],
151+
'emptyBodyComment' => 'Can not create a comment with empty body.',
152+
'commentCreated' => 'Comment created.',
153+
'ticketCommentInjection' => 'Error submitting comment. It is not being sent to the correct ticket.',
154+
'solvedTicket' => 'Ticket résolu.',
151155
];

resources/lang/es/validation.php

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -140,4 +140,8 @@
140140
'subject' => 'asunto',
141141
'message' => 'mensaje',
142142
],
143+
'emptyBodyComment' => 'No puedes crear un comentario vacio.',
144+
'commentCreated' => 'Comentario creado.',
145+
'ticketCommentInjection' => 'Error al enviar el comentario. No se está enviando al ticket que toca.',
146+
'solvedTicket' => 'Ticket solucionado.',
143147
];

resources/lang/fr/validation.php

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -141,4 +141,7 @@
141141
'available' => 'disponible',
142142
'size' => 'taille',
143143
],
144+
'emptyBodyComment' => 'Impossible de créer un commentaire avec un corps vide.',
145+
'commentCreated' => 'Commentaire créé.',
146+
'ticketCommentInjection' => 'Erreur lors de l\'envoi du commentaire. Il n\'est pas envoyé au bon ticket.',
144147
];

0 commit comments

Comments
 (0)