ticket_articles_controller.rb 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class TicketArticlesController < ApplicationController
  3. include CreatesTicketArticles
  4. include ClonesTicketArticleAttachments
  5. prepend_before_action -> { authorize! }, only: %i[index import_example import_start]
  6. prepend_before_action :authentication_check
  7. # GET /articles
  8. def index
  9. model_index_render(Ticket::Article, params)
  10. end
  11. # GET /articles/1
  12. def show
  13. article = Ticket::Article.find(params[:id])
  14. authorize!(article)
  15. if response_expand?
  16. result = article.attributes_with_association_names
  17. render json: result, status: :ok
  18. return
  19. end
  20. if response_full?
  21. full = Ticket::Article.full(params[:id])
  22. render json: full
  23. return
  24. end
  25. render json: article.attributes_with_association_names
  26. end
  27. # GET /ticket_articles/by_ticket/1
  28. def index_by_ticket
  29. ticket = Ticket.find(params[:id])
  30. authorize!(ticket, :show?)
  31. articles = []
  32. if response_expand?
  33. ticket.articles.each do |article|
  34. next if !authorized?(article, :show?)
  35. result = article.attributes_with_association_names
  36. articles.push result
  37. end
  38. render json: articles, status: :ok
  39. return
  40. end
  41. if response_full?
  42. assets = {}
  43. record_ids = []
  44. ticket.articles.each do |article|
  45. next if !authorized?(article, :show?)
  46. record_ids.push article.id
  47. assets = article.assets({})
  48. end
  49. render json: {
  50. record_ids: record_ids,
  51. assets: assets,
  52. }, status: :ok
  53. return
  54. end
  55. ticket.articles.each do |article|
  56. next if !authorized?(article, :show?)
  57. articles.push article.attributes_with_association_names
  58. end
  59. render json: articles, status: :ok
  60. end
  61. # POST /articles
  62. def create
  63. ticket = Ticket.find(params[:ticket_id])
  64. authorize!(ticket)
  65. article = article_create(ticket, params)
  66. if response_expand?
  67. result = article.attributes_with_association_names
  68. render json: result, status: :created
  69. return
  70. end
  71. if response_full?
  72. full = Ticket::Article.full(params[:id])
  73. render json: full, status: :created
  74. return
  75. end
  76. render json: article.attributes_with_association_names, status: :created
  77. end
  78. # PUT /articles/1
  79. def update
  80. article = Ticket::Article.find(params[:id])
  81. authorize!(article)
  82. # only update internal and highlight info
  83. clean_params = {}
  84. if !params[:internal].nil?
  85. clean_params[:internal] = params[:internal]
  86. end
  87. if params.dig(:preferences, :highlight).present?
  88. clean_params = article.param_preferences_merge(clean_params.merge(
  89. preferences: {
  90. highlight: params[:preferences][:highlight].to_s
  91. }
  92. ))
  93. end
  94. article.update!(clean_params)
  95. if response_expand?
  96. result = article.attributes_with_association_names
  97. render json: result, status: :ok
  98. return
  99. end
  100. if response_full?
  101. full = Ticket::Article.full(params[:id])
  102. render json: full, status: :ok
  103. return
  104. end
  105. render json: article.attributes_with_association_names, status: :ok
  106. end
  107. # DELETE /api/v1/ticket_articles/:id
  108. def destroy
  109. article = Ticket::Article.find(params[:id])
  110. authorize!(article)
  111. article.destroy!
  112. render json: {}, status: :ok
  113. end
  114. # POST /ticket_attachment_upload_clone_by_article
  115. def ticket_attachment_upload_clone_by_article
  116. article = Ticket::Article.find(params[:article_id])
  117. authorize!(article.ticket, :show?)
  118. render json: {
  119. attachments: article_attachments_clone(article),
  120. }
  121. end
  122. # GET /ticket_attachment/:ticket_id/:article_id/:id
  123. def attachment
  124. ticket = Ticket.lookup(id: params[:ticket_id])
  125. authorize!(ticket, :show?)
  126. article = Ticket::Article.find(params[:article_id])
  127. if ticket.id != article.ticket_id
  128. # check if requested ticket got merged
  129. if ticket.state.state_type.name != 'merged'
  130. raise Exceptions::Forbidden, __('The article does not belong to the specified ticket.')
  131. end
  132. ticket = article.ticket
  133. authorize!(ticket, :show?)
  134. end
  135. list = article.attachments || []
  136. access = false
  137. list.each do |item|
  138. if item.id.to_i == params[:id].to_i
  139. access = true
  140. end
  141. end
  142. raise Exceptions::Forbidden, __('The file does not belong to the specified article.') if !access
  143. # preview calendar attachments
  144. return render_calendar_preview if params[:view] == 'preview' && params[:type] == 'calendar'
  145. content = download_file.content(params[:view])
  146. send_data(
  147. content,
  148. filename: download_file.filename,
  149. type: download_file.content_type,
  150. disposition: download_file.disposition
  151. )
  152. end
  153. # GET /ticket_article_plain/1
  154. def article_plain
  155. article = Ticket::Article.find(params[:id])
  156. authorize!(article, :show?)
  157. file = article.as_raw
  158. # find file
  159. return if !file
  160. send_data(
  161. file.content,
  162. filename: file.filename,
  163. type: 'message/rfc822',
  164. disposition: 'inline'
  165. )
  166. end
  167. # @path [GET] /ticket_articles/import_example
  168. #
  169. # @summary Download of example CSV file.
  170. # @notes The requester have 'admin' permissions to be able to download it.
  171. # @example curl -u #{login}:#{password} http://localhost:3000/api/v1/ticket_articles/import_example
  172. #
  173. # @response_message 200 File download.
  174. # @response_message 403 Forbidden / Invalid session.
  175. def import_example
  176. csv_string = Ticket::Article.csv_example(
  177. col_sep: ',',
  178. )
  179. send_data(
  180. csv_string,
  181. filename: 'example.csv',
  182. type: 'text/csv',
  183. disposition: 'attachment'
  184. )
  185. end
  186. # @path [POST] /ticket_articles/import
  187. #
  188. # @summary Starts import.
  189. # @notes The requester have 'admin' permissions to be create a new import.
  190. # @example curl -u #{login}:#{password} -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import?try=true'
  191. # @example curl -u #{login}:#{password} -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import'
  192. #
  193. # @response_message 201 Import started.
  194. # @response_message 403 Forbidden / Invalid session.
  195. def import_start
  196. if Setting.get('import_mode') != true
  197. raise __('Tickets can only be imported if system is in import mode.')
  198. end
  199. string = params[:data]
  200. if string.blank? && params[:file].present?
  201. string = params[:file].read.force_encoding('utf-8')
  202. end
  203. raise Exceptions::UnprocessableEntity, __('No source data submitted!') if string.blank?
  204. result = Ticket::Article.csv_import(
  205. string: string,
  206. parse_params: {
  207. col_sep: ';',
  208. },
  209. try: params[:try],
  210. )
  211. render json: result, status: :ok
  212. end
  213. def retry_security_process
  214. article = Ticket::Article.find(params[:id])
  215. authorize!(article, :update?)
  216. result = SecureMailing.retry(article)
  217. render json: result
  218. end
  219. def retry_whatsapp_attachment_download
  220. article = Ticket::Article.find(params[:id])
  221. authorize!(article, :update?)
  222. retry_media = Whatsapp::Retry::Media.new(article:)
  223. retry_media.process
  224. render json: {}, status: :ok
  225. rescue => e
  226. logger.error e
  227. render json: { error: __('The retried attachment download failed.') }, status: :unprocessable_entity
  228. end
  229. private
  230. def render_calendar_preview
  231. render json: Service::Calendar::IcsFile::Parse.new(current_user:).execute(file: download_file), status: :ok
  232. rescue => e
  233. logger.error e
  234. render json: { error: __('The preview cannot be generated. The format is corrupted or not supported.') }, status: :unprocessable_entity
  235. end
  236. end