123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- class TicketsController < ApplicationController
- include CreatesTicketArticles
- include ClonesTicketArticleAttachments
- include ChecksUserAttributesByCurrentUserPermission
- include TicketStats
- include CanPaginate
- prepend_before_action -> { authorize! }, only: %i[create import_example import_start ticket_customer ticket_history ticket_related ticket_recent ticket_merge ticket_split]
- prepend_before_action :authentication_check
- # GET /api/v1/tickets
- def index
- paginate_with(max: 100)
- tickets = TicketPolicy::ReadScope.new(current_user).resolve
- .reorder(id: :asc)
- .offset(pagination.offset)
- .limit(pagination.limit)
- if response_expand?
- list = tickets.map(&:attributes_with_association_names)
- render json: list, status: :ok
- return
- end
- if response_full?
- assets = {}
- item_ids = []
- tickets.each do |item|
- item_ids.push item.id
- assets = item.assets(assets)
- end
- render json: {
- record_ids: item_ids,
- assets: assets,
- }, status: :ok
- return
- end
- render json: tickets
- end
- # GET /api/v1/tickets/1
- def show
- ticket = Ticket.find(params[:id])
- authorize!(ticket)
- auto_assign_ticket(ticket)
- if response_expand?
- result = ticket.attributes_with_association_names
- render json: result, status: :ok
- return
- end
- if response_full?
- full = Ticket.full(params[:id])
- render json: full
- return
- end
- if response_all?
- render json: ticket_all(ticket)
- return
- end
- render json: ticket
- end
- def auto_assign_ticket(ticket)
- return if params[:auto_assign].blank?
- ticket.auto_assign(current_user)
- end
- # POST /api/v1/tickets
- def create
- ticket = nil
- Transaction.execute do # rubocop:disable Metrics/BlockLength
- customer = {}
- if params[:customer].instance_of?(ActionController::Parameters)
- customer = params[:customer]
- params.delete(:customer)
- end
- if (shared_draft_id = params[:shared_draft_id])
- shared_draft = Ticket::SharedDraftStart.find_by id: shared_draft_id
- if shared_draft && (shared_draft.group_id.to_s != params[:group_id]&.to_s || !shared_draft.group.shared_drafts?)
- raise Exceptions::UnprocessableEntity, __('Shared draft cannot be selected for this ticket.')
- end
- shared_draft&.destroy
- end
- # Prevent direct access to checklist via API
- # Otherwise users may get unauthorized access to checklists of other tickets
- params.delete(:checklist)
- params.delete(:checklist_id)
- clean_params = Ticket.association_name_to_id_convert(params)
- # overwrite params
- if !current_user.permissions?('ticket.agent')
- %i[owner owner_id customer customer_id preferences].each do |key|
- clean_params.delete(key)
- end
- clean_params[:customer_id] = current_user.id
- end
- # The parameter :customer_id is 'abused' in cases where it is not an integer, but a string like
- # 'guess:customers.email@domain.cm' which implies that the customer should be looked up.
- if clean_params[:customer_id].is_a?(String) && clean_params[:customer_id] =~ %r{^guess:(.+?)$}
- email_address = $1
- email_address_validation = EmailAddressValidation.new(email_address)
- if !email_address_validation.valid?
- render json: { error: "Invalid email '#{email_address}' of customer" }, status: :unprocessable_entity
- return
- end
- local_customer = User.find_by(email: email_address.downcase)
- if !local_customer
- role_ids = Role.signup_role_ids
- local_customer = User.create(
- firstname: '',
- lastname: '',
- email: email_address,
- password: '',
- active: true,
- role_ids: role_ids,
- )
- end
- clean_params[:customer_id] = local_customer.id
- end
- # try to create customer if needed
- if clean_params[:customer_id].blank? && customer.present?
- check_attributes_by_current_user_permission(customer)
- clean_customer = User.association_name_to_id_convert(customer)
- local_customer = nil
- if !local_customer && clean_customer[:id].present?
- local_customer = User.find_by(id: clean_customer[:id])
- end
- if !local_customer && clean_customer[:email].present?
- local_customer = User.find_by(email: clean_customer[:email].downcase)
- end
- if !local_customer && clean_customer[:login].present?
- local_customer = User.find_by(login: clean_customer[:login].downcase)
- end
- if !local_customer
- role_ids = Role.signup_role_ids
- local_customer = User.new(clean_customer)
- local_customer.role_ids = role_ids
- local_customer.save!
- end
- clean_params[:customer_id] = local_customer.id
- end
- clean_params = Ticket.param_cleanup(clean_params, true)
- clean_params[:screen] = 'create_middle'
- ticket = Ticket.new(clean_params)
- authorize!(ticket, :create?)
- # create ticket
- ticket.save!
- # create tags if given
- if params[:tags].present?
- tags = params[:tags].split(',').map(&:strip)
- tags.each do |tag|
- next if !::Tag.tag_allowed?(name: tag, user_id: UserInfo.current_user_id)
- ticket.tag_add(tag)
- end
- end
- # This mentions handling is used by custom API calls only
- # Mentions created in UI are handled by Ticket::Article#check_mentions
- if params[:mentions].present?
- authorize!(ticket, :create_mentions?)
- Array(params[:mentions]).each do |user_id|
- Mention.subscribe! ticket, User.find(user_id)
- end
- end
- # create article if given
- if params[:article]
- article_create(ticket, params[:article])
- end
- # create links (e. g. in case of ticket split)
- # links: {
- # Ticket: {
- # parent: [ticket_id1, ticket_id2, ...]
- # normal: [ticket_id1, ticket_id2, ...]
- # child: [ticket_id1, ticket_id2, ...]
- # },
- # }
- if params[:links].present?
- link = params[:links].permit!.to_h
- raise Exceptions::UnprocessableEntity, __('Invalid link structure') if !link.is_a? Hash
- link.each do |target_object, link_types_with_object_ids|
- raise Exceptions::UnprocessableEntity, __('Invalid link structure (Object)') if !link_types_with_object_ids.is_a? Hash
- link_types_with_object_ids.each do |link_type, object_ids|
- raise Exceptions::UnprocessableEntity, __('Invalid link structure (Object → LinkType)') if !object_ids.is_a? Array
- object_ids.each do |local_object_id|
- link = Link.add(
- link_type: link_type,
- link_object_target: target_object,
- link_object_target_value: local_object_id,
- link_object_source: 'Ticket',
- link_object_source_value: ticket.id,
- )
- end
- end
- end
- end
- end
- if response_expand?
- result = ticket.reload.attributes_with_association_names
- render json: result, status: :created
- return
- end
- if response_full?
- full = Ticket.full(ticket.id)
- render json: full, status: :created
- return
- end
- if response_all?
- render json: ticket_all(ticket.reload), status: :created
- return
- end
- render json: ticket.reload.attributes_with_association_ids, status: :created
- end
- # PUT /api/v1/tickets/1
- def update
- ticket = Ticket.find(params[:id])
- authorize!(ticket, :follow_up?)
- # Prevent direct access to checklist via API
- # Otherwise users may get unauthorized access to checklists of other tickets
- params.delete(:checklist)
- params.delete(:checklist_id)
- clean_params = Ticket.association_name_to_id_convert(params)
- clean_params = Ticket.param_cleanup(clean_params, true)
- # only apply preferences changes (keep not updated keys/values)
- clean_params = ticket.param_preferences_merge(clean_params)
- clean_params[:screen] = 'edit'
- # disable changes on ticket number
- clean_params.delete('number')
- # overwrite params
- if !current_user.permissions?('ticket.agent')
- %i[owner owner_id customer customer_id organization organization_id preferences].each do |key|
- clean_params.delete(key)
- end
- end
- ticket.with_lock do
- ticket.update!(clean_params)
- if params[:article].present?
- if (shared_draft_id = params[:article][:shared_draft_id])
- shared_draft = Ticket::SharedDraftZoom.find_by id: shared_draft_id
- if shared_draft && shared_draft.ticket != ticket
- raise Exceptions::UnprocessableEntity, __('Shared draft cannot be selected for this ticket.')
- end
- shared_draft&.destroy
- end
- article_create(ticket, params[:article])
- end
- end
- if response_expand?
- result = ticket.reload.attributes_with_association_names
- render json: result, status: :ok
- return
- end
- if response_full?
- full = Ticket.full(params[:id])
- render json: full, status: :ok
- return
- end
- if response_all?
- render json: ticket_all(ticket.reload), status: :ok
- return
- end
- render json: ticket.reload.attributes_with_association_ids, status: :ok
- end
- # DELETE /api/v1/tickets/1
- def destroy
- ticket = Ticket.find(params[:id])
- authorize!(ticket)
- ticket.destroy!
- head :ok
- end
- # GET /api/v1/ticket_customer
- # GET /api/v1/tickets_customer
- def ticket_customer
- # return result
- result = Ticket::ScreenOptions.list_by_customer(
- current_user: current_user,
- customer_id: params[:customer_id],
- limit: 15,
- )
- render json: result
- end
- # GET /api/v1/ticket_history/1
- def ticket_history
- # get ticket data
- ticket = Ticket.find(params[:id])
- authorize!(ticket, :show?)
- # get history of ticket
- render json: ticket.history_get(true)
- end
- # GET /api/v1/ticket_related/1
- def ticket_related
- ticket = Ticket.find(params[:ticket_id])
- assets = ticket.assets({})
- tickets = TicketPolicy::ReadScope.new(current_user).resolve
- .where(
- customer_id: ticket.customer_id,
- state_id: Ticket::State.by_category(:open).select(:id),
- )
- .where.not(id: ticket.id)
- .reorder(created_at: :desc)
- .limit(6)
- # if we do not have open related tickets, search for any tickets
- tickets ||= TicketPolicy::ReadScope.new(current_user).resolve
- .where(customer_id: ticket.customer_id)
- .where.not(state_id: Ticket::State.by_category_ids(:merged))
- .where.not(id: ticket.id)
- .reorder(created_at: :desc)
- .limit(6)
- # get related assets
- ticket_ids_by_customer = []
- tickets.each do |ticket_list|
- ticket_ids_by_customer.push ticket_list.id
- assets = ticket_list.assets(assets)
- end
- ticket_ids_recent_viewed = []
- recent_views = RecentView.list(current_user, 8, 'Ticket')
- recent_views.each do |recent_view|
- next if recent_view.object.name != 'Ticket'
- next if recent_view.o_id == ticket.id
- ticket_ids_recent_viewed.push recent_view.o_id
- recent_view_ticket = Ticket.find(recent_view.o_id)
- assets = recent_view_ticket.assets(assets)
- end
- # return result
- render json: {
- assets: assets,
- ticket_ids_by_customer: ticket_ids_by_customer,
- ticket_ids_recent_viewed: ticket_ids_recent_viewed,
- }
- end
- # GET /api/v1/ticket_recent
- def ticket_recent
- ticket_ids = RecentView.list(current_user, 10, Ticket.name).map(&:o_id)
- tickets = ticket_ids.map { |elem| Ticket.lookup(id: elem) }
- assets = ApplicationModel::CanAssets.reduce(tickets)
- render json: {
- assets: assets,
- ticket_ids_recent_viewed: ticket_ids
- }
- end
- # PUT /api/v1/ticket_merge/1/1
- def ticket_merge
- # check target ticket
- target_ticket = Ticket.find_by(number: params[:target_ticket_number])
- if !target_ticket
- render json: {
- result: 'failed',
- message: __('The target ticket number could not be found.'),
- }
- return
- end
- # check source ticket
- source_ticket = Ticket.find_by(id: params[:source_ticket_id])
- if !source_ticket
- render json: {
- result: 'failed',
- message: __('The source ticket could not be found.'),
- }
- return
- end
- # merge ticket
- Service::Ticket::Merge.new(current_user:).execute(source_ticket:, target_ticket:)
- # return result
- render json: {
- result: 'success',
- target_ticket: target_ticket.attributes,
- source_ticket: source_ticket.attributes,
- }
- end
- # GET /api/v1/ticket_split
- def ticket_split
- ticket = Ticket.find(params[:ticket_id])
- authorize!(ticket, :show?)
- assets = ticket.assets({})
- article = Ticket::Article.find(params[:article_id])
- authorize!(article.ticket, :show?)
- assets = article.assets(assets)
- render json: {
- assets: assets,
- attachments: article_attachments_clone(article),
- }
- end
- # GET /api/v1/ticket_create
- def ticket_create
- # get attributes to update
- attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
- view: 'ticket_create',
- screen: 'create_middle',
- current_user: current_user,
- )
- render json: attributes_to_change
- end
- # GET /api/v1/tickets/search
- def search
- model_search_render(Ticket, params)
- end
- # GET /api/v1/ticket_stats
- def stats
- if !params[:user_id] && !params[:organization_id]
- raise __('Need user_id or organization_id as param')
- end
- # lookup open user tickets
- limit = 100
- assets = {}
- user_tickets = {}
- if params[:user_id]
- user = User.lookup(id: params[:user_id])
- if !user
- raise "No such user with id #{params[:user_id]}"
- end
- conditions = {
- closed_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category_ids(:closed),
- },
- 'ticket.customer_id' => {
- operator: 'is',
- value: user.id,
- },
- },
- open_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category_ids(:open),
- },
- 'ticket.customer_id' => {
- operator: 'is',
- value: user.id,
- },
- },
- }
- conditions.each do |key, local_condition|
- user_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
- end
- # generate stats by user
- condition = {
- 'tickets.customer_id' => user.id,
- }
- user_tickets[:volume_by_year] = ticket_stats_last_year(condition)
- end
- # lookup open org tickets
- org_tickets = {}
- organization_ids = Array(params[:organization_id])
- if organization_ids.present?
- organization_ids.each do |organization_id|
- organization = Organization.lookup(id: organization_id)
- if !organization
- raise "No such organization with id #{organization_id}"
- end
- end
- conditions = {
- closed_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category_ids(:closed),
- },
- 'ticket.organization_id' => {
- operator: 'is',
- value: organization_ids,
- },
- },
- open_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category_ids(:open),
- },
- 'ticket.organization_id' => {
- operator: 'is',
- value: organization_ids,
- },
- },
- }
- conditions.each do |key, local_condition|
- org_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
- end
- # generate stats by org
- condition = {
- 'tickets.organization_id' => organization_ids,
- }
- org_tickets[:volume_by_year] = ticket_stats_last_year(condition)
- end
- # return result
- render json: {
- user: user_tickets,
- organization: org_tickets,
- assets: assets,
- }
- end
- # @path [GET] /tickets/import_example
- #
- # @summary Download of example CSV file.
- # @notes The requester have 'admin' permissions to be able to download it.
- # @example curl -u #{login}:#{password} http://localhost:3000/api/v1/tickets/import_example
- #
- # @response_message 200 File download.
- # @response_message 403 Forbidden / Invalid session.
- def import_example
- csv_string = Ticket.csv_example(
- col_sep: ',',
- )
- send_data(
- csv_string,
- filename: 'example.csv',
- type: 'text/csv',
- disposition: 'attachment'
- )
- end
- # @path [POST] /tickets/import
- #
- # @summary Starts import.
- # @notes The requester have 'admin' permissions to be create a new import.
- # @example curl -u #{login}:#{password} -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import?try=true'
- # @example curl -u #{login}:#{password} -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import'
- #
- # @response_message 201 Import started.
- # @response_message 403 Forbidden / Invalid session.
- def import_start
- if Setting.get('import_mode') != true
- raise __('Tickets can only be imported if system is in import mode.')
- end
- string = params[:data]
- if string.blank? && params[:file].present?
- string = params[:file].read.force_encoding('utf-8')
- end
- raise Exceptions::UnprocessableEntity, __('No source data submitted!') if string.blank?
- result = Ticket.csv_import(
- string: string,
- parse_params: {
- col_sep: params[:col_sep] || ',',
- },
- try: params[:try],
- )
- render json: result, status: :ok
- end
- private
- def ticket_all(ticket)
- # get attributes to update
- attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
- current_user: current_user,
- ticket: ticket,
- screen: 'edit',
- )
- # get related users
- assets = attributes_to_change[:assets]
- assets = ticket.assets(assets)
- # get related users
- article_ids = []
- ticket.articles.each do |article|
- next if !authorized?(article, :show?)
- article_ids.push article.id
- assets = article.assets(assets)
- end
- # get links
- links = Link.list(
- link_object: 'Ticket',
- link_object_value: ticket.id,
- user: current_user,
- )
- assets = Link.reduce_assets(assets, links)
- # get tags
- tags = ticket.tag_list
- # get time units
- time_accountings = ticket.ticket_time_accounting.map { |row| row.slice(:id, :ticket_id, :ticket_article_id, :time_unit, :type_id) }
- # get mentions
- mentions = Mention.where(mentionable: ticket).reorder(created_at: :desc)
- mentions.each do |mention|
- assets = mention.assets(assets)
- end
- if (draft = ticket.shared_draft) && authorized?(draft, :show?)
- assets = draft.assets(assets)
- end
- if Setting.get('checklist') && current_user.permissions?('ticket.agent')
- ticket.checklist&.assets(assets)
- ticket.referencing_checklists
- .includes(:ticket)
- .each do |elem|
- elem.assets(assets)
- elem.ticket.assets(assets) if elem.ticket.authorized_asset?
- end
- end
- # return result
- {
- ticket_id: ticket.id,
- ticket_article_ids: article_ids,
- assets: assets,
- links: links,
- tags: tags,
- mentions: mentions.pluck(:id),
- time_accountings: time_accountings,
- form_meta: attributes_to_change[:form_meta],
- }
- end
- end
|