123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722 |
- # Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/
- class TicketsController < ApplicationController
- include CreatesTicketArticles
- include ClonesTicketArticleAttachments
- include ChecksUserAttributesByCurrentUserPermission
- include TicketStats
- prepend_before_action :authentication_check
- before_action :follow_up_possible_check, only: :update
- # GET /api/v1/tickets
- def index
- offset = 0
- per_page = 100
- if params[:page] && params[:per_page]
- offset = (params[:page].to_i - 1) * params[:per_page].to_i
- per_page = params[:per_page].to_i
- end
- if per_page > 100
- per_page = 100
- end
- access_condition = Ticket.access_condition(current_user, 'read')
- tickets = Ticket.where(access_condition).order(id: 'ASC').offset(offset).limit(per_page)
- if response_expand?
- list = []
- tickets.each do |ticket|
- list.push ticket.attributes_with_association_names
- end
- render json: list, status: :ok
- return
- end
- if response_full?
- assets = {}
- item_ids = []
- tickets.each do |item|
- item_ids.push item.id
- assets = item.assets(assets)
- end
- render json: {
- record_ids: item_ids,
- assets: assets,
- }, status: :ok
- return
- end
- render json: tickets
- end
- # GET /api/v1/tickets/1
- def show
- ticket = Ticket.find(params[:id])
- access!(ticket, 'read')
- if response_expand?
- result = ticket.attributes_with_association_names
- render json: result, status: :ok
- return
- end
- if response_full?
- full = Ticket.full(params[:id])
- render json: full
- return
- end
- if response_all?
- render json: ticket_all(ticket)
- return
- end
- render json: ticket
- end
- # POST /api/v1/tickets
- def create
- customer = {}
- if params[:customer].class == ActionController::Parameters
- customer = params[:customer]
- params.delete(:customer)
- end
- clean_params = Ticket.association_name_to_id_convert(params)
- # overwrite params
- if !current_user.permissions?('ticket.agent')
- %i[owner owner_id customer customer_id organization organization_id preferences].each do |key|
- clean_params.delete(key)
- end
- clean_params[:customer_id] = current_user.id
- end
- # try to create customer if needed
- if clean_params[:customer_id].present? && clean_params[:customer_id] =~ /^guess:(.+?)$/
- email = $1
- if email !~ /@/ || email =~ /(>|<|\||\!|"|§|'|\$|%|&|\(|\)|\?|\s)/
- render json: { error: 'Invalid email of customer' }, status: :unprocessable_entity
- return
- end
- local_customer = User.find_by(email: email.downcase)
- if !local_customer
- role_ids = Role.signup_role_ids
- local_customer = User.create(
- firstname: '',
- lastname: '',
- email: email,
- password: '',
- active: true,
- role_ids: role_ids,
- )
- end
- clean_params[:customer_id] = local_customer.id
- end
- # try to create customer if needed
- if clean_params[:customer_id].blank? && customer.present?
- check_attributes_by_current_user_permission(customer)
- clean_customer = User.association_name_to_id_convert(customer)
- local_customer = nil
- if !local_customer && clean_customer[:id].present?
- local_customer = User.find_by(id: clean_customer[:id])
- end
- if !local_customer && clean_customer[:email].present?
- local_customer = User.find_by(email: clean_customer[:email].downcase)
- end
- if !local_customer && clean_customer[:login].present?
- local_customer = User.find_by(login: clean_customer[:login].downcase)
- end
- if !local_customer
- role_ids = Role.signup_role_ids
- local_customer = User.new(clean_customer)
- local_customer.role_ids = role_ids
- local_customer.save!
- end
- clean_params[:customer_id] = local_customer.id
- end
- clean_params = Ticket.param_cleanup(clean_params, true)
- ticket = Ticket.new(clean_params)
- # check if article is given
- if !params[:article]
- render json: { error: 'article hash is missing' }, status: :unprocessable_entity
- return
- end
- # create ticket
- ticket.save!
- ticket.with_lock do
- # create tags if given
- if params[:tags].present?
- tags = params[:tags].split(/,/)
- tags.each do |tag|
- ticket.tag_add(tag)
- end
- end
- # create article if given
- if params[:article]
- article_create(ticket, params[:article])
- end
- end
- # create links (e. g. in case of ticket split)
- # links: {
- # Ticket: {
- # parent: [ticket_id1, ticket_id2, ...]
- # normal: [ticket_id1, ticket_id2, ...]
- # child: [ticket_id1, ticket_id2, ...]
- # },
- # }
- if params[:links].present?
- link = params[:links].permit!.to_h
- raise Exceptions::UnprocessableEntity, 'Invalid link structure' if !link.is_a? Hash
- link.each do |target_object, link_types_with_object_ids|
- raise Exceptions::UnprocessableEntity, 'Invalid link structure (Object)' if !link_types_with_object_ids.is_a? Hash
- link_types_with_object_ids.each do |link_type, object_ids|
- raise Exceptions::UnprocessableEntity, 'Invalid link structure (Object->LinkType)' if !object_ids.is_a? Array
- object_ids.each do |local_object_id|
- link = Link.add(
- link_type: link_type,
- link_object_target: target_object,
- link_object_target_value: local_object_id,
- link_object_source: 'Ticket',
- link_object_source_value: ticket.id,
- )
- end
- end
- end
- end
- if response_expand?
- result = ticket.reload.attributes_with_association_names
- render json: result, status: :created
- return
- end
- if response_full?
- full = Ticket.full(ticket.id)
- render json: full, status: :created
- return
- end
- if response_all?
- render json: ticket_all(ticket.reload), status: :created
- return
- end
- render json: ticket.reload.attributes_with_association_ids, status: :created
- end
- # PUT /api/v1/tickets/1
- def update
- ticket = Ticket.find(params[:id])
- access!(ticket, 'change')
- clean_params = Ticket.association_name_to_id_convert(params)
- clean_params = Ticket.param_cleanup(clean_params, true)
- # only apply preferences changes (keep not updated keys/values)
- clean_params = ticket.param_preferences_merge(clean_params)
- # overwrite params
- if !current_user.permissions?('ticket.agent')
- %i[owner owner_id customer customer_id organization organization_id preferences].each do |key|
- clean_params.delete(key)
- end
- end
- ticket.with_lock do
- ticket.update!(clean_params)
- if params[:article]
- article_create(ticket, params[:article])
- end
- end
- if response_expand?
- result = ticket.reload.attributes_with_association_names
- render json: result, status: :ok
- return
- end
- if response_full?
- full = Ticket.full(params[:id])
- render json: full, status: :ok
- return
- end
- if response_all?
- render json: ticket_all(ticket.reload), status: :ok
- return
- end
- render json: ticket.reload.attributes_with_association_ids, status: :ok
- end
- # DELETE /api/v1/tickets/1
- def destroy
- ticket = Ticket.find(params[:id])
- access!(ticket, 'delete')
- raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!' if !current_user.permissions?('admin')
- ticket.destroy!
- head :ok
- end
- # GET /api/v1/ticket_customer
- # GET /api/v1/tickets_customer
- def ticket_customer
- # return result
- result = Ticket::ScreenOptions.list_by_customer(
- customer_id: params[:customer_id],
- limit: 15,
- )
- render json: result
- end
- # GET /api/v1/ticket_history/1
- def ticket_history
- # get ticket data
- ticket = Ticket.find(params[:id])
- access!(ticket, 'read')
- # get history of ticket
- history = ticket.history_get(true)
- # return result
- render json: history
- end
- # GET /api/v1/ticket_related/1
- def ticket_related
- ticket = Ticket.find(params[:ticket_id])
- assets = ticket.assets({})
- # open tickets by customer
- access_condition = Ticket.access_condition(current_user, 'read')
- ticket_lists = Ticket
- .where(
- customer_id: ticket.customer_id,
- state_id: Ticket::State.by_category(:open)
- )
- .where(access_condition)
- .where('id != ?', [ ticket.id ])
- .order('created_at DESC')
- .limit(6)
- # if we do not have open related tickets, search for any tickets
- if ticket_lists.blank?
- ticket_lists = Ticket
- .where(
- customer_id: ticket.customer_id,
- ).where.not(
- state_id: Ticket::State.by_category(:merged)
- )
- .where(access_condition)
- .where('id != ?', [ ticket.id ])
- .order('created_at DESC')
- .limit(6)
- end
- # get related assets
- ticket_ids_by_customer = []
- ticket_lists.each do |ticket_list|
- ticket_ids_by_customer.push ticket_list.id
- assets = ticket_list.assets(assets)
- end
- ticket_ids_recent_viewed = []
- recent_views = RecentView.list(current_user, 8, 'Ticket')
- recent_views.each do |recent_view|
- next if recent_view.object.name != 'Ticket'
- next if recent_view.o_id == ticket.id
- ticket_ids_recent_viewed.push recent_view.o_id
- recent_view_ticket = Ticket.find(recent_view.o_id)
- assets = recent_view_ticket.assets(assets)
- end
- # return result
- render json: {
- assets: assets,
- ticket_ids_by_customer: ticket_ids_by_customer,
- ticket_ids_recent_viewed: ticket_ids_recent_viewed,
- }
- end
- # GET /api/v1/ticket_merge/1/1
- def ticket_merge
- # check master ticket
- ticket_master = Ticket.find_by(number: params[:master_ticket_number])
- if !ticket_master
- render json: {
- result: 'failed',
- message: 'No such master ticket number!',
- }
- return
- end
- access!(ticket_master, 'change')
- # check slave ticket
- ticket_slave = Ticket.find_by(id: params[:slave_ticket_id])
- if !ticket_slave
- render json: {
- result: 'failed',
- message: 'No such slave ticket!',
- }
- return
- end
- access!(ticket_slave, 'change')
- # merge ticket
- ticket_slave.merge_to(
- ticket_id: ticket_master.id,
- created_by_id: current_user.id,
- )
- # return result
- render json: {
- result: 'success',
- master_ticket: ticket_master.attributes,
- slave_ticket: ticket_slave.attributes,
- }
- end
- # GET /api/v1/ticket_split
- def ticket_split
- ticket = Ticket.find(params[:ticket_id])
- access!(ticket, 'read')
- assets = ticket.assets({})
- article = Ticket::Article.find(params[:article_id])
- access!(article.ticket, 'read')
- assets = article.assets(assets)
- render json: {
- assets: assets,
- attachments: article_attachments_clone(article),
- }
- end
- # GET /api/v1/ticket_create
- def ticket_create
- # get attributes to update
- attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
- current_user: current_user,
- )
- render json: attributes_to_change
- end
- # GET /api/v1/tickets/search
- def search
- # permit nested conditions
- if params[:condition]
- params.require(:condition).permit!
- end
- per_page = params[:per_page] || params[:limit] || 50
- per_page = per_page.to_i
- if per_page > 200
- per_page = 200
- end
- page = params[:page] || 1
- page = page.to_i
- offset = (page - 1) * per_page
- query = params[:query]
- if query.respond_to?(:permit!)
- query = query.permit!.to_h
- end
- # build result list
- tickets = Ticket.search(
- query: query,
- condition: params[:condition].to_h,
- limit: per_page,
- offset: offset,
- order_by: params[:order_by],
- sort_by: params[:sort_by],
- current_user: current_user,
- )
- if response_expand?
- list = []
- tickets.each do |ticket|
- list.push ticket.attributes_with_association_names
- end
- render json: list, status: :ok
- return
- end
- assets = {}
- ticket_result = []
- tickets.each do |ticket|
- ticket_result.push ticket.id
- assets = ticket.assets(assets)
- end
- # return result
- render json: {
- tickets: ticket_result,
- tickets_count: tickets.count,
- assets: assets,
- }
- end
- # GET /api/v1/tickets/selector
- def selector
- permission_check('admin.*')
- ticket_count, tickets = Ticket.selectors(params[:condition], 6)
- assets = {}
- ticket_ids = []
- tickets&.each do |ticket|
- ticket_ids.push ticket.id
- assets = ticket.assets(assets)
- end
- # return result
- render json: {
- ticket_ids: ticket_ids,
- ticket_count: ticket_count || 0,
- assets: assets,
- }
- end
- # GET /api/v1/ticket_stats
- def stats
- if !params[:user_id] && !params[:organization_id]
- raise 'Need user_id or organization_id as param'
- end
- # lookup open user tickets
- limit = 100
- assets = {}
- access_condition = Ticket.access_condition(current_user, 'read')
- user_tickets = {}
- if params[:user_id]
- user = User.lookup(id: params[:user_id])
- if !user
- raise "No such user with id #{params[:user_id]}"
- end
- conditions = {
- closed_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category(:closed).pluck(:id),
- },
- 'ticket.customer_id' => {
- operator: 'is',
- value: user.id,
- },
- },
- open_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category(:open).pluck(:id),
- },
- 'ticket.customer_id' => {
- operator: 'is',
- value: user.id,
- },
- },
- }
- conditions.each do |key, local_condition|
- user_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
- end
- # generate stats by user
- condition = {
- 'tickets.customer_id' => user.id,
- }
- user_tickets[:volume_by_year] = ticket_stats_last_year(condition, access_condition)
- end
- # lookup open org tickets
- org_tickets = {}
- if params[:organization_id].present?
- organization = Organization.lookup(id: params[:organization_id])
- if !organization
- raise "No such organization with id #{params[:organization_id]}"
- end
- conditions = {
- closed_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category(:closed).pluck(:id),
- },
- 'ticket.organization_id' => {
- operator: 'is',
- value: organization.id,
- },
- },
- open_ids: {
- 'ticket.state_id' => {
- operator: 'is',
- value: Ticket::State.by_category(:open).pluck(:id),
- },
- 'ticket.organization_id' => {
- operator: 'is',
- value: organization.id,
- },
- },
- }
- conditions.each do |key, local_condition|
- org_tickets[key] = ticket_ids_and_assets(local_condition, current_user, limit, assets)
- end
- # generate stats by org
- condition = {
- 'tickets.organization_id' => organization.id,
- }
- org_tickets[:volume_by_year] = ticket_stats_last_year(condition, access_condition)
- end
- # return result
- render json: {
- user: user_tickets,
- organization: org_tickets,
- assets: assets,
- }
- end
- # @path [GET] /tickets/import_example
- #
- # @summary Download of example CSV file.
- # @notes The requester have 'admin' permissions to be able to download it.
- # @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/tickets/import_example
- #
- # @response_message 200 File download.
- # @response_message 401 Invalid session.
- def import_example
- permission_check('admin')
- csv_string = Ticket.csv_example(
- col_sep: ',',
- )
- send_data(
- csv_string,
- filename: 'example.csv',
- type: 'text/csv',
- disposition: 'attachment'
- )
- end
- # @path [POST] /tickets/import
- #
- # @summary Starts import.
- # @notes The requester have 'admin' permissions to be create a new import.
- # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import?try=true'
- # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/tickets.csv' 'https://your.zammad/api/v1/tickets/import'
- #
- # @response_message 201 Import started.
- # @response_message 401 Invalid session.
- def import_start
- permission_check('admin')
- if Setting.get('import_mode') != true
- raise 'Only can import tickets if system is in import mode.'
- end
- string = params[:data]
- if string.blank? && params[:file].present?
- string = params[:file].read.force_encoding('utf-8')
- end
- raise Exceptions::UnprocessableEntity, 'No source data submitted!' if string.blank?
- result = Ticket.csv_import(
- string: string,
- parse_params: {
- col_sep: params[:col_sep] || ',',
- },
- try: params[:try],
- )
- render json: result, status: :ok
- end
- private
- def follow_up_possible_check
- ticket = Ticket.find(params[:id])
- return true if ticket.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled
- return true if ticket.state.name != 'closed' # check if the ticket state is already closed
- raise Exceptions::UnprocessableEntity, 'Cannot follow up on a closed ticket. Please create a new ticket.'
- end
- def ticket_all(ticket)
- # get attributes to update
- attributes_to_change = Ticket::ScreenOptions.attributes_to_change(
- current_user: current_user,
- ticket: ticket
- )
- # get related users
- assets = attributes_to_change[:assets]
- assets = ticket.assets(assets)
- # get related users
- article_ids = []
- ticket.articles.each do |article|
- # ignore internal article if customer is requesting
- next if article.internal == true && current_user.permissions?('ticket.customer')
- article_ids.push article.id
- assets = article.assets(assets)
- end
- # get links
- links = Link.list(
- link_object: 'Ticket',
- link_object_value: ticket.id,
- )
- link_list = []
- links.each do |item|
- link_list.push item
- if item['link_object'] == 'Ticket'
- linked_ticket = Ticket.lookup(id: item['link_object_value'])
- assets = linked_ticket.assets(assets)
- end
- end
- # get tags
- tags = ticket.tag_list
- # return result
- {
- ticket_id: ticket.id,
- ticket_article_ids: article_ids,
- assets: assets,
- links: link_list,
- tags: tags,
- form_meta: attributes_to_change[:form_meta],
- }
- end
- end
|