tickets_controller.rb 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710
  1. # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
  2. class TicketsController < ApplicationController
  3. prepend_before_action :authentication_check
  4. # GET /api/v1/tickets
  5. def index
  6. offset = 0
  7. per_page = 100
  8. if params[:page] && params[:per_page]
  9. offset = (params[:page].to_i - 1) * params[:per_page].to_i
  10. per_page = params[:per_page].to_i
  11. end
  12. if per_page > 100
  13. per_page = 100
  14. end
  15. access_condition = Ticket.access_condition(current_user)
  16. tickets = Ticket.where(access_condition).order(id: 'ASC').offset(offset).limit(per_page)
  17. if params[:expand]
  18. list = []
  19. tickets.each { |ticket|
  20. list.push ticket.attributes_with_association_names
  21. }
  22. render json: list, status: :ok
  23. return
  24. end
  25. if params[:full]
  26. assets = {}
  27. item_ids = []
  28. tickets.each { |item|
  29. item_ids.push item.id
  30. assets = item.assets(assets)
  31. }
  32. render json: {
  33. record_ids: item_ids,
  34. assets: assets,
  35. }, status: :ok
  36. return
  37. end
  38. render json: tickets
  39. end
  40. # GET /api/v1/tickets/1
  41. def show
  42. # permission check
  43. ticket = Ticket.find(params[:id])
  44. ticket_permission(ticket)
  45. if params[:expand]
  46. result = ticket.attributes_with_association_names
  47. render json: result, status: :ok
  48. return
  49. end
  50. if params[:full]
  51. full = Ticket.full(params[:id])
  52. render json: full
  53. return
  54. end
  55. if params[:all]
  56. render json: ticket_all(ticket)
  57. return
  58. end
  59. render json: ticket
  60. end
  61. # POST /api/v1/tickets
  62. def create
  63. clean_params = Ticket.association_name_to_id_convert(params)
  64. # overwrite params
  65. if !current_user.permissions?('ticket.agent')
  66. [:owner, :owner_id, :customer, :customer_id, :organization, :organization_id, :preferences].each { |key|
  67. clean_params.delete(key)
  68. }
  69. clean_params[:customer_id] = current_user.id
  70. end
  71. # try to create customer if needed
  72. if clean_params[:customer_id] && clean_params[:customer_id] =~ /^guess:(.+?)$/
  73. email = $1
  74. if email !~ /@/ || email =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?|\s)/
  75. render json: { error: 'Invalid email of customer' }, status: :unprocessable_entity
  76. return
  77. end
  78. customer = User.find_by(email: email)
  79. if !customer
  80. role_ids = Role.signup_role_ids
  81. customer = User.create(
  82. firstname: '',
  83. lastname: '',
  84. email: email,
  85. password: '',
  86. active: true,
  87. role_ids: role_ids,
  88. )
  89. end
  90. clean_params[:customer_id] = customer.id
  91. end
  92. clean_params = Ticket.param_cleanup(clean_params, true)
  93. ticket = Ticket.new(clean_params)
  94. # check if article is given
  95. if !params[:article]
  96. render json: { error: 'article hash is missing' }, status: :unprocessable_entity
  97. return
  98. end
  99. # create ticket
  100. ticket.save!
  101. ticket.with_lock do
  102. # create tags if given
  103. if params[:tags] && !params[:tags].empty?
  104. tags = params[:tags].split(/,/)
  105. tags.each { |tag|
  106. Tag.tag_add(
  107. object: 'Ticket',
  108. o_id: ticket.id,
  109. item: tag,
  110. created_by_id: current_user.id,
  111. )
  112. }
  113. end
  114. # create article if given
  115. if params[:article]
  116. article_create(ticket, params[:article])
  117. end
  118. end
  119. # create links (e. g. in case of ticket split)
  120. # links: {
  121. # Ticket: {
  122. # parent: [ticket_id1, ticket_id2, ...]
  123. # normal: [ticket_id1, ticket_id2, ...]
  124. # child: [ticket_id1, ticket_id2, ...]
  125. # },
  126. # }
  127. if params[:links]
  128. raise 'Invalid link structure' if params[:links].to_h.class != Hash
  129. params[:links].each { |target_object, link_types_with_object_ids|
  130. raise 'Invalid link structure (Object)' if link_types_with_object_ids.to_h.class != Hash
  131. link_types_with_object_ids.each { |link_type, object_ids|
  132. raise 'Invalid link structure (Object->LinkType)' if object_ids.class != Array
  133. object_ids.each { |local_object_id|
  134. link = Link.add(
  135. link_type: link_type,
  136. link_object_target: target_object,
  137. link_object_target_value: local_object_id,
  138. link_object_source: 'Ticket',
  139. link_object_source_value: ticket.id,
  140. )
  141. }
  142. }
  143. }
  144. end
  145. if params[:expand]
  146. result = ticket.reload.attributes_with_association_names
  147. render json: result, status: :created
  148. return
  149. end
  150. if params[:all]
  151. render json: ticket_all(ticket.reload)
  152. return
  153. end
  154. render json: ticket.reload, status: :created
  155. end
  156. # PUT /api/v1/tickets/1
  157. def update
  158. # permission check
  159. ticket = Ticket.find(params[:id])
  160. ticket_permission(ticket)
  161. clean_params = Ticket.association_name_to_id_convert(params)
  162. clean_params = Ticket.param_cleanup(clean_params, true)
  163. # overwrite params
  164. if !current_user.permissions?('ticket.agent')
  165. [:owner, :owner_id, :customer, :customer_id, :organization, :organization_id, :preferences].each { |key|
  166. clean_params.delete(key)
  167. }
  168. end
  169. ticket.with_lock do
  170. ticket.update_attributes!(clean_params)
  171. if params[:article]
  172. article_create(ticket, params[:article])
  173. end
  174. end
  175. if params[:expand]
  176. result = ticket.reload.attributes_with_association_names
  177. render json: result, status: :ok
  178. return
  179. end
  180. if params[:all]
  181. render json: ticket_all(ticket.reload)
  182. return
  183. end
  184. render json: ticket.reload, status: :ok
  185. end
  186. # DELETE /api/v1/tickets/1
  187. def destroy
  188. # permission check
  189. ticket = Ticket.find(params[:id])
  190. ticket_permission(ticket)
  191. raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!' if !current_user.permissions?('admin')
  192. ticket.destroy!
  193. head :ok
  194. end
  195. # GET /api/v1/ticket_customer
  196. # GET /api/v1/tickets_customer
  197. def ticket_customer
  198. # return result
  199. result = Ticket::ScreenOptions.list_by_customer(
  200. customer_id: params[:customer_id],
  201. limit: 15,
  202. )
  203. render json: result
  204. end
  205. # GET /api/v1/ticket_history/1
  206. def ticket_history
  207. # get ticket data
  208. ticket = Ticket.find(params[:id])
  209. # permission check
  210. ticket_permission(ticket)
  211. # get history of ticket
  212. history = ticket.history_get(true)
  213. # return result
  214. render json: history
  215. end
  216. # GET /api/v1/ticket_related/1
  217. def ticket_related
  218. ticket = Ticket.find(params[:ticket_id])
  219. assets = ticket.assets({})
  220. # open tickets by customer
  221. access_condition = Ticket.access_condition(current_user)
  222. ticket_lists = Ticket
  223. .where(
  224. customer_id: ticket.customer_id,
  225. state_id: Ticket::State.by_category('open')
  226. )
  227. .where(access_condition)
  228. .where('id != ?', [ ticket.id ])
  229. .order('created_at DESC')
  230. .limit(6)
  231. # if we do not have open related tickets, search for any tickets
  232. if ticket_lists.empty?
  233. ticket_lists = Ticket
  234. .where(
  235. customer_id: ticket.customer_id,
  236. ).where.not(
  237. state_id: Ticket::State.by_category('merged')
  238. )
  239. .where(access_condition)
  240. .where('id != ?', [ ticket.id ])
  241. .order('created_at DESC')
  242. .limit(6)
  243. end
  244. # get related assets
  245. ticket_ids_by_customer = []
  246. ticket_lists.each { |ticket_list|
  247. ticket_ids_by_customer.push ticket_list.id
  248. assets = ticket_list.assets(assets)
  249. }
  250. ticket_ids_recent_viewed = []
  251. recent_views = RecentView.list(current_user, 8, 'Ticket')
  252. recent_views.each { |recent_view|
  253. next if recent_view['object'] != 'Ticket'
  254. ticket_ids_recent_viewed.push recent_view['o_id']
  255. recent_view_ticket = Ticket.find(recent_view['o_id'])
  256. next if recent_view_ticket.state.state_type.name == 'merged'
  257. assets = recent_view_ticket.assets(assets)
  258. }
  259. # return result
  260. render json: {
  261. assets: assets,
  262. ticket_ids_by_customer: ticket_ids_by_customer,
  263. ticket_ids_recent_viewed: ticket_ids_recent_viewed,
  264. }
  265. end
  266. # GET /api/v1/ticket_merge/1/1
  267. def ticket_merge
  268. # check master ticket
  269. ticket_master = Ticket.find_by(number: params[:master_ticket_number])
  270. if !ticket_master
  271. render json: {
  272. result: 'faild',
  273. message: 'No such master ticket number!',
  274. }
  275. return
  276. end
  277. # permission check
  278. ticket_permission(ticket_master)
  279. # check slave ticket
  280. ticket_slave = Ticket.find_by(id: params[:slave_ticket_id])
  281. if !ticket_slave
  282. render json: {
  283. result: 'faild',
  284. message: 'No such slave ticket!',
  285. }
  286. return
  287. end
  288. # permission check
  289. ticket_permission(ticket_slave)
  290. # check diffetent ticket ids
  291. if ticket_slave.id == ticket_master.id
  292. render json: {
  293. result: 'faild',
  294. message: 'Can\'t merge ticket with it self!',
  295. }
  296. return
  297. end
  298. # merge ticket
  299. ticket_slave.merge_to(
  300. ticket_id: ticket_master.id,
  301. created_by_id: current_user.id,
  302. )
  303. # return result
  304. render json: {
  305. result: 'success',
  306. master_ticket: ticket_master.attributes,
  307. slave_ticket: ticket_slave.attributes,
  308. }
  309. end
  310. # GET /api/v1/ticket_split
  311. def ticket_split
  312. # permission check
  313. ticket = Ticket.find(params[:ticket_id])
  314. ticket_permission(ticket)
  315. assets = ticket.assets({})
  316. # get related articles
  317. article = Ticket::Article.find(params[:article_id])
  318. assets = article.assets(assets)
  319. render json: {
  320. assets: assets
  321. }
  322. end
  323. # GET /api/v1/ticket_create
  324. def ticket_create
  325. # get attributes to update
  326. attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
  327. user: current_user,
  328. )
  329. render json: attributes_to_change
  330. end
  331. # GET /api/v1/tickets/search
  332. def search
  333. # permit nested conditions
  334. if params[:condition]
  335. params.require(:condition).permit!
  336. end
  337. # set limit for pagination if needed
  338. if params[:page] && params[:per_page]
  339. params[:limit] = params[:page].to_i * params[:per_page].to_i
  340. end
  341. if params[:limit] && params[:limit].to_i > 100
  342. params[:limit].to_i = 100
  343. end
  344. # build result list
  345. tickets = Ticket.search(
  346. limit: params[:limit],
  347. query: params[:query],
  348. condition: params[:condition],
  349. current_user: current_user,
  350. )
  351. # do pagination if needed
  352. if params[:page] && params[:per_page]
  353. offset = (params[:page].to_i - 1) * params[:per_page].to_i
  354. tickets = tickets.slice(offset, params[:per_page].to_i) || []
  355. end
  356. if params[:expand]
  357. list = []
  358. tickets.each { |ticket|
  359. list.push ticket.attributes_with_association_names
  360. }
  361. render json: list, status: :ok
  362. return
  363. end
  364. assets = {}
  365. ticket_result = []
  366. tickets.each do |ticket|
  367. ticket_result.push ticket.id
  368. assets = ticket.assets(assets)
  369. end
  370. # return result
  371. render json: {
  372. tickets: ticket_result,
  373. tickets_count: tickets.count,
  374. assets: assets,
  375. }
  376. end
  377. # GET /api/v1/tickets/selector
  378. def selector
  379. permission_check('admin.*')
  380. ticket_count, tickets = Ticket.selectors(params[:condition], 6)
  381. assets = {}
  382. ticket_ids = []
  383. if tickets
  384. tickets.each do |ticket|
  385. ticket_ids.push ticket.id
  386. assets = ticket.assets(assets)
  387. end
  388. end
  389. # return result
  390. render json: {
  391. ticket_ids: ticket_ids,
  392. ticket_count: ticket_count || 0,
  393. assets: assets,
  394. }
  395. end
  396. # GET /api/v1/ticket_stats
  397. def stats
  398. if !params[:user_id] && !params[:organization_id]
  399. raise 'Need user_id or organization_id as param'
  400. end
  401. # permission check
  402. #ticket_permission(ticket)
  403. # lookup open user tickets
  404. limit = 100
  405. assets = {}
  406. access_condition = Ticket.access_condition(current_user)
  407. now = Time.zone.now
  408. user_tickets_open_ids = []
  409. user_tickets_closed_ids = []
  410. user_ticket_volume_by_year = []
  411. if params[:user_id]
  412. user = User.lookup(id: params[:user_id])
  413. if !user
  414. raise "No such user with id #{params[:user_id]}"
  415. end
  416. condition = {
  417. 'ticket.state_id' => {
  418. operator: 'is',
  419. value: Ticket::State.by_category('open').map(&:id),
  420. },
  421. 'ticket.customer_id' => {
  422. operator: 'is',
  423. value: user.id,
  424. },
  425. }
  426. user_tickets_open = Ticket.search(
  427. limit: limit,
  428. condition: condition,
  429. current_user: current_user,
  430. )
  431. user_tickets_open_ids = assets_of_tickets(user_tickets_open, assets)
  432. # lookup closed user tickets
  433. condition = {
  434. 'ticket.state_id' => {
  435. operator: 'is',
  436. value: Ticket::State.by_category('closed').map(&:id),
  437. },
  438. 'ticket.customer_id' => {
  439. operator: 'is',
  440. value: user.id,
  441. },
  442. }
  443. user_tickets_closed = Ticket.search(
  444. limit: limit,
  445. condition: condition,
  446. current_user: current_user,
  447. )
  448. user_tickets_closed_ids = assets_of_tickets(user_tickets_closed, assets)
  449. # generate stats by user
  450. (0..11).each { |month_back|
  451. date_to_check = now - month_back.month
  452. date_start = "#{date_to_check.year}-#{date_to_check.month}-01 00:00:00"
  453. date_end = "#{date_to_check.year}-#{date_to_check.month}-#{date_to_check.end_of_month.day} 00:00:00"
  454. condition = {
  455. 'tickets.customer_id' => user.id,
  456. }
  457. # created
  458. created = Ticket.where('created_at > ? AND created_at < ?', date_start, date_end )
  459. .where(access_condition)
  460. .where(condition)
  461. .count
  462. # closed
  463. closed = Ticket.where('close_at > ? AND close_at < ?', date_start, date_end )
  464. .where(access_condition)
  465. .where(condition)
  466. .count
  467. data = {
  468. month: date_to_check.month,
  469. year: date_to_check.year,
  470. text: Date::MONTHNAMES[date_to_check.month],
  471. created: created,
  472. closed: closed,
  473. }
  474. user_ticket_volume_by_year.push data
  475. }
  476. end
  477. # lookup open org tickets
  478. org_tickets_open_ids = []
  479. org_tickets_closed_ids = []
  480. org_ticket_volume_by_year = []
  481. if params[:organization_id] && !params[:organization_id].empty?
  482. condition = {
  483. 'ticket.state_id' => {
  484. operator: 'is',
  485. value: Ticket::State.by_category('open').map(&:id),
  486. },
  487. 'ticket.organization_id' => {
  488. operator: 'is',
  489. value: params[:organization_id],
  490. },
  491. }
  492. org_tickets_open = Ticket.search(
  493. limit: limit,
  494. condition: condition,
  495. current_user: current_user,
  496. )
  497. org_tickets_open_ids = assets_of_tickets(org_tickets_open, assets)
  498. # lookup closed org tickets
  499. condition = {
  500. 'ticket.state_id' => {
  501. operator: 'is',
  502. value: Ticket::State.by_category('closed').map(&:id),
  503. },
  504. 'ticket.organization_id' => {
  505. operator: 'is',
  506. value: params[:organization_id],
  507. },
  508. }
  509. org_tickets_closed = Ticket.search(
  510. limit: limit,
  511. condition: condition,
  512. current_user: current_user,
  513. )
  514. org_tickets_closed_ids = assets_of_tickets(org_tickets_closed, assets)
  515. # generate stats by org
  516. (0..11).each { |month_back|
  517. date_to_check = now - month_back.month
  518. date_start = "#{date_to_check.year}-#{date_to_check.month}-01 00:00:00"
  519. date_end = "#{date_to_check.year}-#{date_to_check.month}-#{date_to_check.end_of_month.day} 00:00:00"
  520. condition = {
  521. 'tickets.organization_id' => params[:organization_id],
  522. }
  523. # created
  524. created = Ticket.where('created_at > ? AND created_at < ?', date_start, date_end ).where(condition).count
  525. # closed
  526. closed = Ticket.where('close_at > ? AND close_at < ?', date_start, date_end ).where(condition).count
  527. data = {
  528. month: date_to_check.month,
  529. year: date_to_check.year,
  530. text: Date::MONTHNAMES[date_to_check.month],
  531. created: created,
  532. closed: closed,
  533. }
  534. org_ticket_volume_by_year.push data
  535. }
  536. end
  537. # return result
  538. render json: {
  539. user_tickets_open_ids: user_tickets_open_ids,
  540. user_tickets_closed_ids: user_tickets_closed_ids,
  541. org_tickets_open_ids: org_tickets_open_ids,
  542. org_tickets_closed_ids: org_tickets_closed_ids,
  543. user_ticket_volume_by_year: user_ticket_volume_by_year,
  544. org_ticket_volume_by_year: org_ticket_volume_by_year,
  545. assets: assets,
  546. }
  547. end
  548. private
  549. def assets_of_tickets(tickets, assets)
  550. ticket_ids = []
  551. tickets.each do |ticket|
  552. ticket_ids.push ticket.id
  553. assets = ticket.assets(assets)
  554. end
  555. ticket_ids
  556. end
  557. def ticket_all(ticket)
  558. # get attributes to update
  559. attributes_to_change = Ticket::ScreenOptions.attributes_to_change(user: current_user, ticket: ticket)
  560. # get related users
  561. assets = attributes_to_change[:assets]
  562. assets = ticket.assets(assets)
  563. # get related users
  564. article_ids = []
  565. ticket.articles.each { |article|
  566. # ignore internal article if customer is requesting
  567. next if article.internal == true && current_user.permissions?('ticket.customer')
  568. article_ids.push article.id
  569. assets = article.assets(assets)
  570. }
  571. # get links
  572. links = Link.list(
  573. link_object: 'Ticket',
  574. link_object_value: ticket.id,
  575. )
  576. link_list = []
  577. links.each { |item|
  578. link_list.push item
  579. if item['link_object'] == 'Ticket'
  580. linked_ticket = Ticket.lookup(id: item['link_object_value'])
  581. assets = linked_ticket.assets(assets)
  582. end
  583. }
  584. # get tags
  585. tags = Tag.tag_list(
  586. object: 'Ticket',
  587. o_id: ticket.id,
  588. )
  589. # return result
  590. {
  591. ticket_id: ticket.id,
  592. ticket_article_ids: article_ids,
  593. assets: assets,
  594. links: link_list,
  595. tags: tags,
  596. form_meta: attributes_to_change[:form_meta],
  597. }
  598. end
  599. end