form_controller.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. # Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
  2. class FormController < ApplicationController
  3. def config
  4. return if !enabled?
  5. api_path = Rails.configuration.api_path
  6. http_type = Setting.get('http_type')
  7. fqdn = Setting.get('fqdn')
  8. endpoint = "#{http_type}://#{fqdn}#{api_path}/form_submit"
  9. config = {
  10. enabled: Setting.get('form_ticket_create'),
  11. endpoint: endpoint,
  12. }
  13. render json: config, status: :ok
  14. end
  15. def submit
  16. return if !enabled?
  17. # validate input
  18. errors = {}
  19. if !params[:name] || params[:name].empty?
  20. errors['name'] = 'required'
  21. end
  22. if !params[:email] || params[:email].empty?
  23. errors['email'] = 'required'
  24. end
  25. if params[:email] !~ /@/
  26. errors['email'] = 'invalid'
  27. end
  28. if params[:email] =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?)/
  29. errors['email'] = 'invalid'
  30. end
  31. if !params[:title] || params[:title].empty?
  32. errors['title'] = 'required'
  33. end
  34. if !params[:body] || params[:body].empty?
  35. errors['body'] = 'required'
  36. end
  37. if errors && !errors.empty?
  38. render json: {
  39. errors: errors
  40. }, status: :ok
  41. return
  42. end
  43. name = params[:name].strip
  44. email = params[:email].strip.downcase
  45. customer = User.find_by(email: email)
  46. if !customer
  47. roles = Role.where( name: 'Customer' )
  48. customer = User.create(
  49. firstname: name,
  50. lastname: '',
  51. email: email,
  52. password: '',
  53. active: true,
  54. roles: roles,
  55. updated_by_id: 1,
  56. created_by_id: 1,
  57. )
  58. end
  59. ticket = Ticket.create(
  60. group_id: 1,
  61. customer_id: customer.id,
  62. title: params[:title],
  63. state_id: Ticket::State.find_by( name: 'new' ).id,
  64. priority_id: Ticket::Priority.find_by( name: '2 normal' ).id,
  65. updated_by_id: customer.id,
  66. created_by_id: customer.id,
  67. )
  68. article = Ticket::Article.create(
  69. ticket_id: ticket.id,
  70. type_id: Ticket::Article::Type.find_by( name: 'web' ).id,
  71. sender_id: Ticket::Article::Sender.find_by( name: 'Customer' ).id,
  72. body: params[:body],
  73. from: email,
  74. subject: params[:title],
  75. internal: false,
  76. updated_by_id: customer.id,
  77. created_by_id: customer.id,
  78. )
  79. result = {}
  80. render json: result, status: :ok
  81. end
  82. private
  83. def enabled?
  84. return true if Setting.get('form_ticket_create')
  85. response_access_deny
  86. false
  87. end
  88. end