ticket_articles_controller.rb 7.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class TicketArticlesController < ApplicationController
  3. include CreatesTicketArticles
  4. include ClonesTicketArticleAttachments
  5. include CalendarPreview
  6. prepend_before_action -> { authorize! }, only: %i[index import_example import_start]
  7. prepend_before_action :authentication_check
  8. # GET /articles
  9. def index
  10. model_index_render(Ticket::Article, params)
  11. end
  12. # GET /articles/1
  13. def show
  14. article = Ticket::Article.find(params[:id])
  15. authorize!(article)
  16. if response_expand?
  17. result = article.attributes_with_association_names
  18. render json: result, status: :ok
  19. return
  20. end
  21. if response_full?
  22. full = Ticket::Article.full(params[:id])
  23. render json: full
  24. return
  25. end
  26. render json: article.attributes_with_association_names
  27. end
  28. # GET /ticket_articles/by_ticket/1
  29. def index_by_ticket
  30. ticket = Ticket.find(params[:id])
  31. authorize!(ticket, :show?)
  32. articles = []
  33. if response_expand?
  34. ticket.articles.each do |article|
  35. next if !authorized?(article, :show?)
  36. result = article.attributes_with_association_names
  37. articles.push result
  38. end
  39. render json: articles, status: :ok
  40. return
  41. end
  42. if response_full?
  43. assets = {}
  44. record_ids = []
  45. ticket.articles.each do |article|
  46. next if !authorized?(article, :show?)
  47. record_ids.push article.id
  48. assets = article.assets({})
  49. end
  50. render json: {
  51. record_ids: record_ids,
  52. assets: assets,
  53. }, status: :ok
  54. return
  55. end
  56. ticket.articles.each do |article|
  57. next if !authorized?(article, :show?)
  58. articles.push article.attributes_with_association_names
  59. end
  60. render json: articles, status: :ok
  61. end
  62. # POST /articles
  63. def create
  64. ticket = Ticket.find(params[:ticket_id])
  65. authorize!(ticket)
  66. article = article_create(ticket, params)
  67. if response_expand?
  68. result = article.attributes_with_association_names
  69. render json: result, status: :created
  70. return
  71. end
  72. if response_full?
  73. full = Ticket::Article.full(params[:id])
  74. render json: full, status: :created
  75. return
  76. end
  77. render json: article.attributes_with_association_names, status: :created
  78. end
  79. # PUT /articles/1
  80. def update
  81. article = Ticket::Article.find(params[:id])
  82. authorize!(article)
  83. # only update internal and highlight info
  84. clean_params = {}
  85. if !params[:internal].nil?
  86. clean_params[:internal] = params[:internal]
  87. end
  88. if params.dig(:preferences, :highlight).present?
  89. clean_params = article.param_preferences_merge(clean_params.merge(
  90. preferences: {
  91. highlight: params[:preferences][:highlight].to_s
  92. }
  93. ))
  94. end
  95. article.update!(clean_params)
  96. if response_expand?
  97. result = article.attributes_with_association_names
  98. render json: result, status: :ok
  99. return
  100. end
  101. if response_full?
  102. full = Ticket::Article.full(params[:id])
  103. render json: full, status: :ok
  104. return
  105. end
  106. render json: article.attributes_with_association_names, status: :ok
  107. end
  108. # DELETE /api/v1/ticket_articles/:id
  109. def destroy
  110. article = Ticket::Article.find(params[:id])
  111. authorize!(article)
  112. article.destroy!
  113. render json: {}, status: :ok
  114. end
  115. # POST /ticket_attachment_upload_clone_by_article
  116. def ticket_attachment_upload_clone_by_article
  117. article = Ticket::Article.find(params[:article_id])
  118. authorize!(article.ticket, :show?)
  119. render json: {
  120. attachments: article_attachments_clone(article),
  121. }
  122. end
  123. # GET /ticket_attachment/:ticket_id/:article_id/:id
  124. def attachment
  125. ticket = Ticket.lookup(id: params[:ticket_id])
  126. authorize!(ticket, :show?)
  127. article = Ticket::Article.find(params[:article_id])
  128. if ticket.id != article.ticket_id
  129. # check if requested ticket got merged
  130. if ticket.state.state_type.name != 'merged'
  131. raise Exceptions::Forbidden, __('The article does not belong to the specified ticket.')
  132. end
  133. ticket = article.ticket
  134. authorize!(ticket, :show?)
  135. end
  136. list = article.attachments || []
  137. access = false
  138. list.each do |item|
  139. if item.id.to_i == params[:id].to_i
  140. access = true
  141. end
  142. end
  143. raise Exceptions::Forbidden, __('The file does not belong to the specified article.') if !access
  144. # preview calendar attachments
  145. return render_calendar_preview if params[:view] == 'preview' && params[:type] == 'calendar'
  146. content = download_file.content(params[:view])
  147. send_data(
  148. content,
  149. filename: download_file.filename,
  150. type: download_file.content_type,
  151. disposition: download_file.disposition
  152. )
  153. end
  154. # GET /ticket_article_plain/1
  155. def article_plain
  156. article = Ticket::Article.find(params[:id])
  157. authorize!(article, :show?)
  158. file = article.as_raw
  159. # find file
  160. return if !file
  161. send_data(
  162. file.content,
  163. filename: file.filename,
  164. type: 'message/rfc822',
  165. disposition: 'inline'
  166. )
  167. end
  168. # @path [GET] /ticket_articles/import_example
  169. #
  170. # @summary Download of example CSV file.
  171. # @notes The requester have 'admin' permissions to be able to download it.
  172. # @example curl -u 'me@example.com:test' http://localhost:3000/api/v1/ticket_articles/import_example
  173. #
  174. # @response_message 200 File download.
  175. # @response_message 403 Forbidden / Invalid session.
  176. def import_example
  177. csv_string = Ticket::Article.csv_example(
  178. col_sep: ',',
  179. )
  180. send_data(
  181. csv_string,
  182. filename: 'example.csv',
  183. type: 'text/csv',
  184. disposition: 'attachment'
  185. )
  186. end
  187. # @path [POST] /ticket_articles/import
  188. #
  189. # @summary Starts import.
  190. # @notes The requester have 'admin' permissions to be create a new import.
  191. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import?try=true'
  192. # @example curl -u 'me@example.com:test' -F 'file=@/path/to/file/ticket_articles.csv' 'https://your.zammad/api/v1/ticket_articles/import'
  193. #
  194. # @response_message 201 Import started.
  195. # @response_message 403 Forbidden / Invalid session.
  196. def import_start
  197. if Setting.get('import_mode') != true
  198. raise __('Tickets can only be imported if system is in import mode.')
  199. end
  200. string = params[:data]
  201. if string.blank? && params[:file].present?
  202. string = params[:file].read.force_encoding('utf-8')
  203. end
  204. raise Exceptions::UnprocessableEntity, __('No source data submitted!') if string.blank?
  205. result = Ticket::Article.csv_import(
  206. string: string,
  207. parse_params: {
  208. col_sep: ';',
  209. },
  210. try: params[:try],
  211. )
  212. render json: result, status: :ok
  213. end
  214. def retry_security_process
  215. article = Ticket::Article.find(params[:id])
  216. authorize!(article, :update?)
  217. result = SecureMailing.retry(article)
  218. render json: result
  219. end
  220. private
  221. def render_calendar_preview
  222. data = parse_calendar(download_file)
  223. render json: data, status: :ok
  224. rescue => e
  225. logger.error e
  226. render json: { error: __('The preview cannot be generated. The format is corrupted or not supported.') }, status: :unprocessable_entity
  227. end
  228. end