From 60decb3cfa66c6bbaa458475315067f721626b69 Mon Sep 17 00:00:00 2001 From: Mike Koch Date: Tue, 26 Sep 2017 13:08:17 -0400 Subject: [PATCH] Fixed ticket creation stuff --- api/BusinessLogic/Security/UserContext.php | 15 +++++++++ api/BusinessLogic/Tickets/TicketCreator.php | 6 ++-- api/DataAccess/Tickets/TicketGateway.php | 37 +++++++++++++++++++-- api/index.php | 7 ++-- 4 files changed, 59 insertions(+), 6 deletions(-) diff --git a/api/BusinessLogic/Security/UserContext.php b/api/BusinessLogic/Security/UserContext.php index ee1522a9..70a907ac 100644 --- a/api/BusinessLogic/Security/UserContext.php +++ b/api/BusinessLogic/Security/UserContext.php @@ -55,6 +55,21 @@ class UserContext extends \BaseClass { /* @var $active bool */ public $active; + static function buildAnonymousUser() { + $userContext = new UserContext(); + $userContext->id = -1; + $userContext->username = "API - ANONYMOUS USER"; // Usernames can't have spaces, so no one will take this username + $userContext->admin = false; + $userContext->name = "ANONYMOUS USER"; + $userContext->email = "anonymous-user@example.com"; + $userContext->categories = array(); + $userContext->permissions = array(); + $userContext->autoAssign = false; + $userContext->active = true; + + return $userContext; + } + /** * Builds a user context based on the current session. **The session must be active!** * @param $dataRow array the $_SESSION superglobal or the hesk_users result set diff --git a/api/BusinessLogic/Tickets/TicketCreator.php b/api/BusinessLogic/Tickets/TicketCreator.php index ee1affcf..4175ce0e 100644 --- a/api/BusinessLogic/Tickets/TicketCreator.php +++ b/api/BusinessLogic/Tickets/TicketCreator.php @@ -155,10 +155,12 @@ class TicketCreator extends \BaseClass { $ticket->lastReplier = 0; $this->auditTrailGateway->insertAuditTrailRecord($ticket->id, AuditTrailEntityType::TICKET, - 'audit_created', DateTimeHelpers::heskDate($heskSettings), array(), $heskSettings); + 'audit_created', DateTimeHelpers::heskDate($heskSettings), array( + 0 => $ticket->name + ), $heskSettings); $addressees = new Addressees(); - $addressees->to = $this->getAddressees($ticket->email); + $addressees->to = $ticket->email; if ($ticketRequest->sendEmailToCustomer && $emailVerified) { $this->emailSenderHelper->sendEmailForTicket(EmailTemplateRetriever::NEW_TICKET, $ticketRequest->language, $addressees, $ticket, $heskSettings, $modsForHeskSettings); diff --git a/api/DataAccess/Tickets/TicketGateway.php b/api/DataAccess/Tickets/TicketGateway.php index 5d8437bb..4c72a9f2 100644 --- a/api/DataAccess/Tickets/TicketGateway.php +++ b/api/DataAccess/Tickets/TicketGateway.php @@ -129,7 +129,7 @@ class TicketGateway extends CommonDao { function getTicketByTrackingId($trackingId, $heskSettings) { $this->init(); - $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `trackid` = " . intval($trackingId)); + $rs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `trackid` = '" . hesk_dbEscape($trackingId) . "'"); if (hesk_dbNumRows($rs) === 0) { return null; } @@ -138,7 +138,40 @@ class TicketGateway extends CommonDao { $linkedTicketsRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "tickets` WHERE `parent` = " . intval($trackingId)); $repliesRs = hesk_dbQuery("SELECT * FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "replies` WHERE `replyto` = " . intval($row['id']) . " ORDER BY `id` ASC"); - $ticket = Ticket::fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $heskSettings); + $audiTrailRs = hesk_dbQuery("SELECT `audit`.`id`, `audit`.`language_key`, `audit`.`date`, + `values`.`replacement_index`, `values`.`replacement_value` + FROM `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail` AS `audit` + LEFT JOIN `" . hesk_dbEscape($heskSettings['db_pfix']) . "audit_trail_to_replacement_values` AS `values` + ON `audit`.`id` = `values`.`audit_trail_id` + WHERE `entity_type` = 'TICKET' AND `entity_id` = " . intval($row['id'])); + $auditRecords = array(); + + /* @var $currentAuditRecord AuditTrail */ + $currentAuditRecord = null; + while ($auditRow = hesk_dbFetchAssoc($audiTrailRs)) { + if ($currentAuditRecord == null || $currentAuditRecord->id != $auditRow['id']) { + if ($currentAuditRecord != null) { + $auditRecords[] = $currentAuditRecord; + } + $currentAuditRecord = new AuditTrail(); + $currentAuditRecord->id = $auditRow['id']; + $currentAuditRecord->entityId = $row['id']; + $currentAuditRecord->entityType = AuditTrailEntityType::TICKET; + $currentAuditRecord->languageKey = $auditRow['language_key']; + $currentAuditRecord->date = $auditRow['date']; + $currentAuditRecord->replacementValues = array(); + } + + if ($auditRow['replacement_index'] != null) { + $currentAuditRecord->replacementValues[intval($auditRow['replacement_index'])] = $auditRow['replacement_value']; + } + } + + if ($currentAuditRecord != null) { + $auditRecords[] = $currentAuditRecord; + } + + $ticket = Ticket::fromDatabaseRow($row, $linkedTicketsRs, $repliesRs, $auditRecords, $heskSettings); $this->close(); diff --git a/api/index.php b/api/index.php index 393455a4..4766701c 100644 --- a/api/index.php +++ b/api/index.php @@ -43,7 +43,10 @@ function internalOrAuthHandler() { } function publicHandler() { - //-- No-op + global $userContext; + + //-- Create an "anonymous" UserContext + $userContext = \BusinessLogic\Security\UserContext::buildAnonymousUser(); } function assertApiIsEnabled() { @@ -188,7 +191,7 @@ Link::all(array( '/v1/categories/{i}' => action(\Controllers\Categories\CategoryController::clazz(), array(RequestMethod::GET, RequestMethod::PUT, RequestMethod::DELETE), SecurityHandler::INTERNAL_OR_AUTH_TOKEN), '/v1-internal/categories/{i}/sort/{s}' => action(\Controllers\Categories\CategoryController::clazz() . '::sort', array(RequestMethod::POST), SecurityHandler::INTERNAL), // Tickets - '/v1/tickets' => action(\Controllers\Tickets\CustomerTicketController::clazz(), RequestMethod::all()), + '/v1/tickets' => action(\Controllers\Tickets\CustomerTicketController::clazz(), RequestMethod::all(), SecurityHandler::OPEN), // Tickets - Staff '/v1/staff/tickets/{i}' => action(\Controllers\Tickets\StaffTicketController::clazz(), RequestMethod::all()), // Attachments