Fixed attachment download.

app/assets/javascripts/app/controllers/agent_ticket_view.js.coffee

@@ -193,8 +193,8 @@ class Index extends App.Controller
 
   bulk_form: =>
     @configure_attributes_ticket = [
-      { name: 'ticket_state_id',    display: 'State',    tag: 'select',   multiple: false, null: true, relation: 'TicketState', filter: @bulk, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' },
-      { name: 'ticket_priority_id', display: 'Priority', tag: 'select',   multiple: false, null: true, relation: 'TicketPriority', filter: @bulk, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' },
+      { name: 'ticket_state_id',    display: 'State',    tag: 'select',   multiple: false, null: true, relation: 'TicketState', filter: @bulk, translate: true, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' },
+      { name: 'ticket_priority_id', display: 'Priority', tag: 'select',   multiple: false, null: true, relation: 'TicketPriority', filter: @bulk, translate: true, nulloption: true, default: '', class: 'span2', item_class: 'keepleft' },
       { name: 'group_id',           display: 'Group',    tag: 'select',   multiple: false, null: true, relation: 'Group', filter: @bulk, nulloption: true, class: 'span2', item_class: 'keepleft'  },
       { name: 'owner_id',           display: 'Owner',    tag: 'select',   multiple: false, null: true, relation: 'User', filter: @bulk, nulloption: true, class: 'span2', item_class: 'keepleft' },
     ]

app/assets/javascripts/app/views/agent_ticket_zoom.jst.eco

@@ -63,7 +63,7 @@
         <% if article.attachments: %>
           <div>
           <% for attachment in article.attachments: %>
-            <a href="ticket_attachment/<%= attachment.id %>" target="_blank" data-type="attachment" class="" title="<%= attachment.size %>"><%= attachment.filename %></a>
+            <a href="ticket_attachment/<%= article.ticket_id %>/<%= article.id %>/<%= attachment.id %>" target="_blank" data-type="attachment" class="" title="<%= attachment.size %>"><%= attachment.filename %></a>
           <% end %>
           </div>
         <% end %>

app/controllers/ticket_overviews_controller.rb

@@ -286,7 +286,27 @@ class TicketOverviewsController < ApplicationController
 
     # permissin check
     ticket = Ticket.find( params[:ticket_id] )
-    return if !ticket_permission(ticket)
+    if !ticket_permission(ticket)
+      render( :json => 'No such ticket.', :status => :unauthorized )
+      return
+    end
+    article = Ticket::Article.find( params[:article_id] )
+    if ticket.id != article.ticket_id
+      render( :json => 'No access, article_id/ticket_id is not matching.', :status => :unauthorized )
+      return
+    end
+
+    list = Store.list( :object => 'Ticket::Article', :o_id => params[:article_id] ) || []
+    access = false
+    list.each {|item|
+      if item.id.to_i == params[:id].to_i
+        access = true
+      end
+    }
+    if !access
+      render( :json => 'Requested file id is not linked with article_id.', :status => :unauthorized )
+      return
+    end
 
     # find file
     file = Store.find(params[:id])

config/routes/ticket.rb

@@ -2,25 +2,25 @@ module ExtraRoutes
   def add(map)
 
     # tickets
-    map.resources :channels,            :only => [:create, :show, :index, :update, :destroy]
-    map.resources :ticket_articles,     :only => [:create, :show, :index, :update]
-    map.resources :ticket_priorities,   :only => [:create, :show, :index, :update]
-    map.resources :ticket_states,       :only => [:create, :show, :index, :update]
-    map.resources :tickets,             :only => [:create, :show, :index, :update]
-    map.match '/ticket_full/:id',       :to => 'ticket_overviews#ticket_full'
-    map.match '/ticket_attachment/:id', :to => 'ticket_overviews#ticket_attachment'
-    map.match '/ticket_attachment_new', :to => 'ticket_overviews#ticket_attachment_new'
-    map.match '/ticket_article_plain/:id', :to => 'ticket_overviews#ticket_article_plain'
-    map.match '/ticket_history/:id',    :to => 'ticket_overviews#ticket_history'
-    map.match '/ticket_customer',       :to => 'ticket_overviews#ticket_customer'
-    map.match '/ticket_overviews',      :to => 'ticket_overviews#show'
-    map.match '/ticket_create',         :to => 'ticket_overviews#ticket_create'
-    map.match '/user_search',           :to => 'ticket_overviews#user_search'
+    map.resources :channels,                :only => [:create, :show, :index, :update, :destroy]
+    map.resources :ticket_articles,         :only => [:create, :show, :index, :update]
+    map.resources :ticket_priorities,       :only => [:create, :show, :index, :update]
+    map.resources :ticket_states,           :only => [:create, :show, :index, :update]
+    map.resources :tickets,                 :only => [:create, :show, :index, :update]
+    map.match '/ticket_full/:id',           :to => 'ticket_overviews#ticket_full'
+    map.match '/ticket_attachment/:ticket_id/:article_id/:id', :to => 'ticket_overviews#ticket_attachment'
+    map.match '/ticket_attachment_new',     :to => 'ticket_overviews#ticket_attachment_new'
+    map.match '/ticket_article_plain/:id',  :to => 'ticket_overviews#ticket_article_plain'
+    map.match '/ticket_history/:id',        :to => 'ticket_overviews#ticket_history'
+    map.match '/ticket_customer',           :to => 'ticket_overviews#ticket_customer'
+    map.match '/ticket_overviews',          :to => 'ticket_overviews#show'
+    map.match '/ticket_create',             :to => 'ticket_overviews#ticket_create'
+    map.match '/user_search',               :to => 'ticket_overviews#user_search'
 
     map.match '/ticket_merge/:slave_ticket_id/:master_ticket_number', :to => 'ticket_overviews#ticket_merge'
 
-    map.match '/activity_stream',       :to => 'activity#activity_stream'
-    map.match '/recent_viewed',         :to => 'recent_viewed#recent_viewed'
+    map.match '/activity_stream',           :to => 'activity#activity_stream'
+    map.match '/recent_viewed',             :to => 'recent_viewed#recent_viewed'
 
   end
   module_function :add