SMusatov
/
zammad
зеркало из https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
							# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/

class FormController < ApplicationController

  def config
    return if !enabled?

    api_path  = Rails.configuration.api_path
    http_type = Setting.get('http_type')
    fqdn      = Setting.get('fqdn')

    endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"

    config = {
      enabled:  Setting.get('form_ticket_create'),
      endpoint: endpoint,
    }

    render json: config, status: :ok
  end

  def submit
    return if !enabled?

    # validate input
    errors = {}
    if !params[:name] || params[:name].empty?
      errors['name'] = 'required'
    end
    if !params[:email] || params[:email].empty?
      errors['email'] = 'required'
    end
    if params[:email] !~ /@/
      errors['email'] = 'invalid'
    end
    if params[:email] =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?)/
      errors['email'] = 'invalid'
    end
    if !params[:title] || params[:title].empty?
      errors['title'] = 'required'
    end
    if !params[:body] || params[:body].empty?
      errors['body'] = 'required'
    end

    if errors && !errors.empty?
      render json: {
        errors: errors
      }, status: :ok
      return
    end

    name = params[:name].strip
    email = params[:email].strip.downcase

    customer = User.find_by(email: email)
    if !customer
      roles = Role.where( name: 'Customer' )
      customer = User.create(
        firstname: name,
        lastname: '',
        email: email,
        password: '',
        active: true,
        roles: roles,
        updated_by_id: 1,
        created_by_id: 1,
      )
    end

    ticket = Ticket.create(
      group_id: 1,
      customer_id: customer.id,
      title: params[:title],
      state_id: Ticket::State.find_by( name: 'new' ).id,
      priority_id: Ticket::Priority.find_by( name: '2 normal' ).id,
      updated_by_id: customer.id,
      created_by_id: customer.id,
    )

    article = Ticket::Article.create(
      ticket_id: ticket.id,
      type_id: Ticket::Article::Type.find_by( name: 'web' ).id,
      sender_id: Ticket::Article::Sender.find_by( name: 'Customer' ).id,
      body: params[:body],
      from: email,
      subject: params[:title],
      internal: false,
      updated_by_id: customer.id,
      created_by_id: customer.id,
    )

    result = {}
    render json: result, status: :ok
  end

  private

  def enabled?
    return true if Setting.get('form_ticket_create')
    response_access_deny
    false
  end

end