Merge pull request #726 from aleixgil/bugfix/ticketUpdateProtection

BadChoice · web-flow · commit 99ce781f75a3 · 2021-07-05T10:36:22.000+02:00
On comment ticket, validation implementation. Response returned. Translations.
diff --git a/app/Http/Controllers/Api/CommentsController.php b/app/Http/Controllers/Api/CommentsController.php
@@ -2,18 +2,34 @@
 
 namespace App\Http\Controllers\Api;
 
+use App\Requester;
 use App\Ticket;
 use Illuminate\Http\Response;
+use Illuminate\Support\Facades\App;
 
 class CommentsController extends ApiController
 {
     public function store(Ticket $ticket)
     {
-    	$comment = $ticket->addComment(null, strip_tags(request('body')), request('new_status'));
+        App::setLocale(request('language'));
+
+        $ticketRequester = Requester::findOrFail($ticket->requester_id);
+        try {
+            Requester::validateTicketComment(request('requester'), $ticketRequester);
+        } catch (\Exception $e) {
+            return $this->respond(['id' => null, 'message' => $e->getMessage()], Response::HTTP_BAD_REQUEST);
+        }
+
+        $comment = $ticket->addComment(null, strip_tags(request('body')), request('new_status'));
+
+        if (request('new_status') == $ticket::STATUS_SOLVED) {
+            return $this->respond(['id' => null, 'message' => __('validation.solvedTicket')], Response::HTTP_CREATED);
+        }
+
         if (! $comment) {
-            return $this->respond(['id' => null, 'message' => 'Can not create a comment with empty body'], Response::HTTP_OK);
+            return $this->respond(['id' => null, 'message' => __('validation.emptyBodyComment')], Response::HTTP_BAD_REQUEST);
         }
 
-        return $this->respond(['id' => $comment->id], Response::HTTP_CREATED);
+        return $this->respond(['id' => $comment->id, 'message' => __('validation.commentCreated')], Response::HTTP_CREATED);
     }
 }
diff --git a/app/Requester.php b/app/Requester.php
@@ -17,6 +17,13 @@ public static function findOrCreate($name, $email = null)
         return self::firstOrCreate(['email' => $email], ['name' => $name]);
     }
 
+    public static function validateTicketComment($requester, $ticketRequester)
+    {
+        if (! ($requester['name'] == $ticketRequester->name && $requester['email'] == $ticketRequester->email)) {
+            throw new \Exception(__('validation.ticketCommentInjection'));
+        }
+    }
+
     public function tickets()
     {
         return $this->hasMany(Ticket::class);
@@ -42,7 +49,8 @@ public function closedTickets()
         return $this->tickets()->where('status', '=', Ticket::STATUS_CLOSED);
     }
 
-    public function shouldBeNotified(){
+    public function shouldBeNotified()
+    {
         return $this->no_reply == false;
     }
 }
diff --git a/resources/lang/ca/ticket.php b/resources/lang/ca/ticket.php
@@ -53,6 +53,6 @@
     'blocker'            => 'Bloquejant',
     'thanksForTheRating' => 'Moltes gràcies!',
     'rated'              => 'Classificats',
-    'ticketType'         => 'Tipo de tickets',
+    'ticketType'         => 'Tipo de tiquets',
     'needSubject'        => "Fa falta l'asumpte",
 ];
diff --git a/resources/lang/ca/validation.php b/resources/lang/ca/validation.php
@@ -141,4 +141,8 @@
         'subject'               => 'assumpte',
         'message'               => 'missatge',
     ],
+    'emptyBodyComment'          => 'No pots crear un comentari buit.',
+    'commentCreated'            => 'Comentari creat.',
+    'ticketCommentInjection'    => 'Error al enviar el comentari. No s\'està guardant al tiquet que toca.',
+    'solvedTicket'              => 'Tiquet solucionat.',
 ];
diff --git a/resources/lang/en/validation.php b/resources/lang/en/validation.php
@@ -148,4 +148,8 @@
         'subject'               => 'subject',
         'message'               => 'message',
     ],
+    'emptyBodyComment'          => 'Can not create a comment with empty body.',
+    'commentCreated'            => 'Comment created.',
+    'ticketCommentInjection'    => 'Error submitting comment. It is not being sent to the correct ticket.',
+    'solvedTicket'              => 'Ticket résolu.',
 ];
diff --git a/resources/lang/es/validation.php b/resources/lang/es/validation.php
@@ -140,4 +140,8 @@
         'subject'               => 'asunto',
         'message'               => 'mensaje',
     ],
+    'emptyBodyComment'          => 'No puedes crear un comentario vacio.',
+    'commentCreated'            => 'Comentario creado.',
+    'ticketCommentInjection'    => 'Error al enviar el comentario. No se está enviando al ticket que toca.',
+    'solvedTicket'              => 'Ticket solucionado.',
 ];
diff --git a/resources/lang/fr/validation.php b/resources/lang/fr/validation.php
@@ -141,4 +141,7 @@
         'available'             => 'disponible',
         'size'                  => 'taille',
     ],
+    'emptyBodyComment'          => 'Impossible de créer un commentaire avec un corps vide.',
+    'commentCreated'            => 'Commentaire créé.',
+    'ticketCommentInjection'    => 'Erreur lors de l\'envoi du commentaire. Il n\'est pas envoyé au bon ticket.',
 ];

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,13 @@ public static function findOrCreate($name, $email = null)`
`17`	`17`	`return self::firstOrCreate(['email' => $email], ['name' => $name]);`
`18`	`18`	`}`
`19`	`19`
	`20`	`+ public static function validateTicketComment($requester, $ticketRequester)`
	`21`	`+ {`
	`22`	`+ if (! ($requester['name'] == $ticketRequester->name && $requester['email'] == $ticketRequester->email)) {`
	`23`	`+ throw new \Exception(__('validation.ticketCommentInjection'));`
	`24`	`+ }`
	`25`	`+ }`
	`26`	`+`
`20`	`27`	`public function tickets()`
`21`	`28`	`{`
`22`	`29`	`return $this->hasMany(Ticket::class);`
`@@ -42,7 +49,8 @@ public function closedTickets()`
`42`	`49`	`return $this->tickets()->where('status', '=', Ticket::STATUS_CLOSED);`
`43`	`50`	`}`
`44`	`51`
`45`		`- public function shouldBeNotified(){`
	`52`	`+ public function shouldBeNotified()`
	`53`	`+ {`
`46`	`54`	`return $this->no_reply == false;`
`47`	`55`	`}`
`48`	`56`	`}`