Bug: Ticket edition was not accessible by agent

xaviqv · xaviqv · commit 989ce7235998 · 2018-11-18T18:42:55.000+01:00
diff --git a/src/Controllers/TicketsController.php b/src/Controllers/TicketsController.php
@@ -35,7 +35,7 @@ public function __construct(Ticket $tickets, \PanicHDMember $member)
     {
         $this->middleware('PanicHD\PanicHD\Middleware\EnvironmentReadyMiddleware', ['only' => ['create']]);
 		$this->middleware('PanicHD\PanicHD\Middleware\UserAccessMiddleware', ['only' => ['show', 'downloadAttachment', 'viewAttachment']]);
-        $this->middleware('PanicHD\PanicHD\Middleware\AgentAccessMiddleware', ['only' => ['edit', 'edit_with_values', 'update', 'changeAgent', 'changePriority', 'hide']]);
+        $this->middleware('PanicHD\PanicHD\Middleware\AgentAccessMiddleware', ['only' => ['edit', 'update', 'changeAgent', 'changePriority', 'hide']]);
         $this->middleware('PanicHD\PanicHD\Middleware\IsAdminMiddleware', ['only' => ['destroy']]);
 
         $this->tickets = $tickets;
diff --git a/src/Middleware/AgentAccessMiddleware.php b/src/Middleware/AgentAccessMiddleware.php
@@ -20,28 +20,28 @@ class AgentAccessMiddleware
     public function handle($request, Closure $next)
     {
 		$member = \PanicHDMember::findOrFail(auth()->user()->id);
-		
-		// Granted to all Admins		
+
+		// Granted to all Admins
 		if ($member->isAdmin()) {
             return $next($request);
         }
-		
+
 		// Get Ticket instance. Fails if not found
 		$ticket = $this->getRouteTicket($request);
-		
+
 		if ($member->isAgent()) {
 			// Assigned Agent has access always
 			if ($member->isAssignedAgent($ticket->id)){
 				return $next($request);
 			}
-			
+
 			if ($member->currentLevel() > 1 and Setting::grab('agent_restrict') == 0){
 				// Check if element is a visible item for this agent
 				if ($member->categories()->where('id',$this->getRouteCategory($request)->id)->count() == 1){
 					return $next($request);
 				}
 			}
-		}		
+		}
 
         return redirect()->action('\PanicHD\PanicHD\Controllers\TicketsController@index')
             ->with('warning', trans('panichd::lang.you-are-not-permitted-to-access'));
diff --git a/src/Traits/TicketRoutes.php b/src/Traits/TicketRoutes.php
@@ -15,7 +15,7 @@ trait TicketRoutes
     protected $mod_route_prefix;
 	protected $mod_route_suffix;
 	protected $route_ticket;
-	
+
 	public function __construct(Request $request)
 	{
 		$a_route = explode('.', $request->route()->getName());
@@ -31,18 +31,18 @@ public function __construct(Request $request)
 			default:
 				$this->mod_route_prefix = current($a_route);
 		}
-		
+
 		// last($a_route) == Route suffix
 		if (in_array(last($a_route), ['download-attachment', 'view-attachment'])){
 			$this->mod_route_suffix = "get-attachment";
 		}else{
 			$this->mod_route_suffix = last($a_route);
 		}
-		
+
 		$this->route_ticket = false;
-	}	
+	}
+
 
-	
 	/**
      * Returns related ticket instance to current route
      *
@@ -73,13 +73,12 @@ public function getRouteTicket($request)
 			}else{
 				$ticket_id = $request->get('ticket_id');
 			}
-			
         }
-		
+
 		$this->route_ticket = Ticket::findOrFail($ticket_id);
 		return $this->route_ticket;
     }
-	
+
 	/**
      * Returns related category instance to current route
      *
@@ -97,8 +96,8 @@ public function getRouteCategory($request)
 				$category_id = $this->route_ticket->category_id;
 			}
 		}
-				
+
 		$cat = Category::findOrFail($category_id);
 		return $cat;
 	}
-}
+}
diff --git a/src/routes.php b/src/routes.php
@@ -30,7 +30,7 @@
       ->name("$main_route.create");
 
    // Open Ticket edit page with optional parameters set by URL
-   Route::get("$main_route_path/{id}/edit/{parameters?}", 'PanicHD\PanicHD\Controllers\TicketsController@edit')
+   Route::get("$main_route_path/{ticket}/edit/{parameters?}", 'PanicHD\PanicHD\Controllers\TicketsController@edit')
        ->where('parameters', '(.*)')
        ->name("$main_route.edit");
 
@@ -82,11 +82,11 @@
             ->name("$main_route.reopen");
     //});
 
-			// Returns permission_level for category_id
-        Route::get("$main_route_path/permissionLevel/{category_id?}", [
-            'as'   => $main_route.'-permissionLevel',
-            'uses' => 'PanicHD\PanicHD\Controllers\TicketsController@permissionLevel',
-        ]);
+	// Returns permission_level for category_id
+    Route::get("$main_route_path/permissionLevel/{category_id?}", [
+        'as'   => $main_route.'-permissionLevel',
+        'uses' => 'PanicHD\PanicHD\Controllers\TicketsController@permissionLevel',
+    ]);
 
 	// Ticket list: Change agent for a ticket
 	Route::patch("$main_route_path-change.agent", 'PanicHD\PanicHD\Controllers\TicketsController@changeAgent')

Original file line number	Diff line number	Diff line change
`@@ -35,7 +35,7 @@ public function __construct(Ticket $tickets, \PanicHDMember $member)`
`35`	`35`	`{`
`36`	`36`	`$this->middleware('PanicHD\PanicHD\Middleware\EnvironmentReadyMiddleware', ['only' => ['create']]);`
`37`	`37`	`$this->middleware('PanicHD\PanicHD\Middleware\UserAccessMiddleware', ['only' => ['show', 'downloadAttachment', 'viewAttachment']]);`
`38`		`- $this->middleware('PanicHD\PanicHD\Middleware\AgentAccessMiddleware', ['only' => ['edit', 'edit_with_values', 'update', 'changeAgent', 'changePriority', 'hide']]);`
	`38`	`+ $this->middleware('PanicHD\PanicHD\Middleware\AgentAccessMiddleware', ['only' => ['edit', 'update', 'changeAgent', 'changePriority', 'hide']]);`
`39`	`39`	`$this->middleware('PanicHD\PanicHD\Middleware\IsAdminMiddleware', ['only' => ['destroy']]);`
`40`	`40`
`41`	`41`	`$this->tickets = $tickets;`
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ trait TicketRoutes`
`15`	`15`	`protected $mod_route_prefix;`
`16`	`16`	`protected $mod_route_suffix;`
`17`	`17`	`protected $route_ticket;`
`18`		`-`
	`18`	`+`
`19`	`19`	`public function __construct(Request $request)`
`20`	`20`	`{`
`21`	`21`	`$a_route = explode('.', $request->route()->getName());`
`@@ -31,18 +31,18 @@ public function __construct(Request $request)`
`31`	`31`	`default:`
`32`	`32`	`$this->mod_route_prefix = current($a_route);`
`33`	`33`	`}`
`34`		`-`
	`34`	`+`
`35`	`35`	`// last($a_route) == Route suffix`
`36`	`36`	`if (in_array(last($a_route), ['download-attachment', 'view-attachment'])){`
`37`	`37`	`$this->mod_route_suffix = "get-attachment";`
`38`	`38`	`}else{`
`39`	`39`	`$this->mod_route_suffix = last($a_route);`
`40`	`40`	`}`
`41`		`-`
	`41`	`+`
`42`	`42`	`$this->route_ticket = false;`
`43`		`- }`
	`43`	`+ }`
	`44`	`+`
`44`	`45`
`45`		`-`
`46`	`46`	`/**`
`47`	`47`	`* Returns related ticket instance to current route`
`48`	`48`	`*`
`@@ -73,13 +73,12 @@ public function getRouteTicket($request)`
`73`	`73`	`}else{`
`74`	`74`	`$ticket_id = $request->get('ticket_id');`
`75`	`75`	`}`
`76`		`-`
`77`	`76`	`}`
`78`		`-`
	`77`	`+`
`79`	`78`	`$this->route_ticket = Ticket::findOrFail($ticket_id);`
`80`	`79`	`return $this->route_ticket;`
`81`	`80`	`}`
`82`		`-`
	`81`	`+`
`83`	`82`	`/**`
`84`	`83`	`* Returns related category instance to current route`
`85`	`84`	`*`
`@@ -97,8 +96,8 @@ public function getRouteCategory($request)`
`97`	`96`	`$category_id = $this->route_ticket->category_id;`
`98`	`97`	`}`
`99`	`98`	`}`
`100`		`-`
	`99`	`+`
`101`	`100`	`$cat = Category::findOrFail($category_id);`
`102`	`101`	`return $cat;`
`103`	`102`	`}`
`104`		`-}`
	`103`	`+}`