Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Some changes to improve overall UX

Browse Source
This commit is contained in:
Mike Koch 2017-04-30 22:02:34 -04:00
parent ee4ba00fe9
commit 39c5886880
11 changed files with 55 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
api/BusinessLogic/Attachments/AttachmentHandler.php
View File

@ -3,6 +3,7 @@
namespace BusinessLogic\Attachments; namespace BusinessLogic\Attachments;
use BusinessLogic\Exceptions\AccessViolationException;
use BusinessLogic\Exceptions\ApiFriendlyException; use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Exceptions\ValidationException; use BusinessLogic\Exceptions\ValidationException;
use BusinessLogic\Security\UserContext; use BusinessLogic\Security\UserContext;
@ -55,12 +56,16 @@ class AttachmentHandler {
$ticket = $this->ticketGateway->getTicketById($createAttachmentModel->ticketId, $heskSettings); $ticket = $this->ticketGateway->getTicketById($createAttachmentModel->ticketId, $heskSettings);
if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$createAttachmentModel->ticketId} not found", "Ticket Not Found", 404);
}
$extraPermissions = $createAttachmentModel->isEditing $extraPermissions = $createAttachmentModel->isEditing
? array(UserPrivilege::CAN_EDIT_TICKETS) ? array(UserPrivilege::CAN_EDIT_TICKETS)
: array(); : array();
if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, $extraPermissions)) { if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, $extraPermissions)) {
throw new \Exception("User does not have access to ticket {$ticket->id} being created / edited!"); throw new AccessViolationException("User does not have access to ticket {$ticket->id} being created / edited!");
} }
$cleanedFileName = $this->cleanFileName($createAttachmentModel->displayName); $cleanedFileName = $this->cleanFileName($createAttachmentModel->displayName);
@ -99,8 +104,12 @@ class AttachmentHandler {
function deleteAttachmentFromTicket($ticketId, $attachmentId, $userContext, $heskSettings) { function deleteAttachmentFromTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings); $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
}
if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) { if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) {
throw new \Exception("User does not have access to ticket {$ticketId} being created / edited!"); throw new AccessViolationException("User does not have access to ticket {$ticketId} being created / edited!");
} }
$indexToRemove = -1; $indexToRemove = -1;

10
api/BusinessLogic/Attachments/AttachmentRetriever.php
View File

@ -3,6 +3,8 @@
namespace BusinessLogic\Attachments; namespace BusinessLogic\Attachments;
use BusinessLogic\Exceptions\AccessViolationException;
use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Security\UserToTicketChecker; use BusinessLogic\Security\UserToTicketChecker;
use DataAccess\Attachments\AttachmentGateway; use DataAccess\Attachments\AttachmentGateway;
use DataAccess\Files\FileReader; use DataAccess\Files\FileReader;
@ -31,8 +33,12 @@ class AttachmentRetriever {
function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) { function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings); $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) { if ($ticket === null) {
throw new \Exception("User does not have access to attachment {$attachmentId}!"); throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
}
if ($this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) {
throw new AccessViolationException("User does not have access to attachment {$attachmentId}!");
} }
$attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings); $attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);

10
api/BusinessLogic/Exceptions/AccessViolationException.php Normal file
View File

@ -0,0 +1,10 @@
<?php
namespace BusinessLogic\Exceptions;
class AccessViolationException extends ApiFriendlyException {
function __construct($message) {
parent::__construct($message, 'Access Exception', 403);
}
}

2
api/BusinessLogic/Statuses/Status.php
View File

@ -18,7 +18,7 @@ class Status {
$localizedLanguages = array(); $localizedLanguages = array();
while ($languageRow = hesk_dbFetchAssoc($languageRs)) { while ($languageRow = hesk_dbFetchAssoc($languageRs)) {
$localizedLanguages[$languageRow['language']] = new StatusLanguage($languageRow['language'], $languageRow['text']); $localizedLanguages[$languageRow['language']] = $languageRow['text'];
} }
$status->localizedNames = $localizedLanguages; $status->localizedNames = $localizedLanguages;
$status->sort = intval($row['sort']); $status->sort = intval($row['sort']);

14
api/BusinessLogic/Statuses/StatusLanguage.php
View File

@ -1,14 +0,0 @@
<?php
namespace BusinessLogic\Statuses;
class StatusLanguage {
public $language;
public $text;
function __construct($language, $text) {
$this->language = $language;
$this->text = $text;
}
}

8
api/BusinessLogic/Tickets/TicketDeleter.php
View File

@ -4,6 +4,8 @@ namespace BusinessLogic\Tickets;
use BusinessLogic\Attachments\AttachmentHandler; use BusinessLogic\Attachments\AttachmentHandler;
use BusinessLogic\Exceptions\AccessViolationException;
use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Security\UserPrivilege; use BusinessLogic\Security\UserPrivilege;
use BusinessLogic\Security\UserToTicketChecker; use BusinessLogic\Security\UserToTicketChecker;
use DataAccess\Tickets\TicketGateway; use DataAccess\Tickets\TicketGateway;
@ -27,9 +29,13 @@ class TicketDeleter {
function deleteTicket($ticketId, $userContext, $heskSettings) { function deleteTicket($ticketId, $userContext, $heskSettings) {
$ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings); $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);
if ($ticket === null) {
throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
}
if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings,
array(UserPrivilege::CAN_DELETE_TICKETS))) { array(UserPrivilege::CAN_DELETE_TICKETS))) {
throw new \Exception("User does not have access to ticket {$ticketId}"); throw new AccessViolationException("User does not have access to ticket {$ticketId}");
} }
foreach ($ticket->attachments as $attachment) { foreach ($ticket->attachments as $attachment) {

5
api/BusinessLogic/Tickets/TicketEditor.php
View File

@ -3,6 +3,7 @@
namespace BusinessLogic\Tickets; namespace BusinessLogic\Tickets;
use BusinessLogic\Exceptions\AccessViolationException;
use BusinessLogic\Exceptions\ApiFriendlyException; use BusinessLogic\Exceptions\ApiFriendlyException;
use BusinessLogic\Exceptions\ValidationException; use BusinessLogic\Exceptions\ValidationException;
use BusinessLogic\Security\UserContext; use BusinessLogic\Security\UserContext;
@ -43,7 +44,7 @@ class TicketEditor {
} }
if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) { if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) {
throw new \Exception("User does not have access to ticket {$editTicketModel->id}"); throw new AccessViolationException("User does not have access to ticket {$editTicketModel->id}");
} }
$this->validate($editTicketModel, $ticket->categoryId, $heskSettings); $this->validate($editTicketModel, $ticket->categoryId, $heskSettings);
@ -88,7 +89,7 @@ class TicketEditor {
$customFieldNumber = intval(str_replace('custom', '', $key)); $customFieldNumber = intval(str_replace('custom', '', $key));
//TODO test this //TODO test this
if (!array_key_exists($customFieldNumber, $editTicketModel->customFields)) { if ($editTicketModel->customFields === null || !array_key_exists($customFieldNumber, $editTicketModel->customFields)) {
continue; continue;
} }

3
api/Controllers/Attachments/StaffTicketAttachmentsController.php
View File

@ -22,7 +22,7 @@ class StaffTicketAttachmentsController {
$contents = $attachmentRetriever->getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $hesk_settings); $contents = $attachmentRetriever->getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $hesk_settings);
output(array('contents' => base64_encode($contents))); output(array('contents' => $contents));
} }
private function verifyAttachmentsAreEnabled($heskSettings) { private function verifyAttachmentsAreEnabled($heskSettings) {
@ -51,6 +51,7 @@ class StaffTicketAttachmentsController {
$model = new CreateAttachmentForTicketModel(); $model = new CreateAttachmentForTicketModel();
$model->attachmentContents = Helpers::safeArrayGet($json, 'data'); $model->attachmentContents = Helpers::safeArrayGet($json, 'data');
$model->displayName = Helpers::safeArrayGet($json, 'displayName'); $model->displayName = Helpers::safeArrayGet($json, 'displayName');
$model->isEditing = Helpers::safeArrayGet($json, 'isEditing');
$model->ticketId = $ticketId; $model->ticketId = $ticketId;
return $model; return $model;

6
api/Controllers/Categories/CategoryController.php
View File

@ -3,10 +3,16 @@
namespace Controllers\Categories; namespace Controllers\Categories;
use BusinessLogic\Categories\CategoryRetriever; use BusinessLogic\Categories\CategoryRetriever;
use BusinessLogic\Exceptions\ApiFriendlyException;
class CategoryController { class CategoryController {
function get($id) { function get($id) {
$categories = self::getAllCategories(); $categories = self::getAllCategories();
if (!isset($categories[$id])) {
throw new ApiFriendlyException("Category {$id} not found!", "Category Not Found", 404);
}
output($categories[$id]); output($categories[$id]);
} }

2
api/Controllers/Tickets/StaffTicketController.php
View File

@ -17,6 +17,8 @@ class StaffTicketController {
$ticketDeleter = $applicationContext->get[TicketDeleter::class]; $ticketDeleter = $applicationContext->get[TicketDeleter::class];
$ticketDeleter->deleteTicket($id, $userContext, $hesk_settings); $ticketDeleter->deleteTicket($id, $userContext, $hesk_settings);
http_response_code(204);
} }
function put($id) { function put($id) {

6
api/DataAccess/Logging/LoggingGateway.php
View File

@ -36,7 +36,11 @@ class LoggingGateway extends CommonDao {
hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "logging` (`username`, `message`, `severity`, `location`, `timestamp`, `stack_trace`) hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "logging` (`username`, `message`, `severity`, `location`, `timestamp`, `stack_trace`)
VALUES ('" . hesk_dbEscape($userContext->username) . "', VALUES ('" . hesk_dbEscape($userContext->username) . "',
'" . hesk_dbEscape($message) . "', " . intval($severity) . ", '" . hesk_dbEscape($location) . "', NOW(), '" . hesk_dbEscape($stackTrace) . "')"); '" . hesk_dbEscape(addslashes($message)) . "',
" . intval($severity) . ",
'" . hesk_dbEscape(addslashes($location)) . "',
NOW(),
'" . hesk_dbEscape(addslashes($stackTrace)) . "')");
$insertedId = hesk_dbInsertID(); $insertedId = hesk_dbInsertID();