Some changes to improve overall UX

7 years ago · 39c5886880
parent ee4ba00fe9
commit 39c5886880
11 changed files with 55 additions and 24 deletions
--- a/api/BusinessLogic/Attachments/AttachmentHandler.php
+++ b/api/BusinessLogic/Attachments/AttachmentHandler.php
@ -3,6 +3,7 @@
 namespace BusinessLogic\Attachments;


+use BusinessLogic\Exceptions\AccessViolationException;
 use BusinessLogic\Exceptions\ApiFriendlyException;
 use BusinessLogic\Exceptions\ValidationException;
 use BusinessLogic\Security\UserContext;
@ -55,12 +56,16 @@ class AttachmentHandler {

        $ticket = $this->ticketGateway->getTicketById($createAttachmentModel->ticketId, $heskSettings);

+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$createAttachmentModel->ticketId} not found", "Ticket Not Found", 404);
+        }
+
        $extraPermissions = $createAttachmentModel->isEditing
            ? array(UserPrivilege::CAN_EDIT_TICKETS)
            : array();

        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, $extraPermissions)) {
-            throw new \Exception("User does not have access to ticket {$ticket->id} being created / edited!");
+            throw new AccessViolationException("User does not have access to ticket {$ticket->id} being created / edited!");
        }

        $cleanedFileName = $this->cleanFileName($createAttachmentModel->displayName);
@ -99,8 +104,12 @@ class AttachmentHandler {
    function deleteAttachmentFromTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
+        }
+
        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) {
-            throw new \Exception("User does not have access to ticket {$ticketId} being created / edited!");
+            throw new AccessViolationException("User does not have access to ticket {$ticketId} being created / edited!");
        }

        $indexToRemove = -1;
--- a/api/BusinessLogic/Attachments/AttachmentRetriever.php
+++ b/api/BusinessLogic/Attachments/AttachmentRetriever.php
@ -3,6 +3,8 @@
 namespace BusinessLogic\Attachments;


+use BusinessLogic\Exceptions\AccessViolationException;
+use BusinessLogic\Exceptions\ApiFriendlyException;
 use BusinessLogic\Security\UserToTicketChecker;
 use DataAccess\Attachments\AttachmentGateway;
 use DataAccess\Files\FileReader;
@ -31,8 +33,12 @@ class AttachmentRetriever {
    function getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $heskSettings) {
        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

-        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) {
-            throw new \Exception("User does not have access to attachment {$attachmentId}!");
+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
+        }
+
+        if ($this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings)) {
+            throw new AccessViolationException("User does not have access to attachment {$attachmentId}!");
        }

        $attachment = $this->attachmentGateway->getAttachmentById($attachmentId, $heskSettings);
--- a/api/BusinessLogic/Exceptions/AccessViolationException.php
+++ b/api/BusinessLogic/Exceptions/AccessViolationException.php
@ -0,0 +1,10 @@
+<?php
+
+namespace BusinessLogic\Exceptions;
+
+
+class AccessViolationException extends ApiFriendlyException {
+    function __construct($message) {
+        parent::__construct($message, 'Access Exception', 403);
+    }
+}
--- a/api/BusinessLogic/Statuses/Status.php
+++ b/api/BusinessLogic/Statuses/Status.php
@ -18,7 +18,7 @@ class Status {

        $localizedLanguages = array();
        while ($languageRow = hesk_dbFetchAssoc($languageRs)) {
-            $localizedLanguages[$languageRow['language']] = new StatusLanguage($languageRow['language'], $languageRow['text']);
+            $localizedLanguages[$languageRow['language']] = $languageRow['text'];
        }
        $status->localizedNames = $localizedLanguages;
        $status->sort = intval($row['sort']);
--- a/api/BusinessLogic/Statuses/StatusLanguage.php
+++ b/api/BusinessLogic/Statuses/StatusLanguage.php
@ -1,14 +0,0 @@
-<?php
-
-namespace BusinessLogic\Statuses;
-
-
-class StatusLanguage {
-    public $language;
-    public $text;
-
-    function __construct($language, $text) {
-        $this->language = $language;
-        $this->text = $text;
-    }
-}
--- a/api/BusinessLogic/Tickets/TicketDeleter.php
+++ b/api/BusinessLogic/Tickets/TicketDeleter.php
@ -4,6 +4,8 @@ namespace BusinessLogic\Tickets;


 use BusinessLogic\Attachments\AttachmentHandler;
+use BusinessLogic\Exceptions\AccessViolationException;
+use BusinessLogic\Exceptions\ApiFriendlyException;
 use BusinessLogic\Security\UserPrivilege;
 use BusinessLogic\Security\UserToTicketChecker;
 use DataAccess\Tickets\TicketGateway;
@ -27,9 +29,13 @@ class TicketDeleter {
    function deleteTicket($ticketId, $userContext, $heskSettings) {
        $ticket = $this->ticketGateway->getTicketById($ticketId, $heskSettings);

+        if ($ticket === null) {
+            throw new ApiFriendlyException("Ticket {$ticketId} not found!", "Ticket Not Found", 404);
+        }
+
        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings,
            array(UserPrivilege::CAN_DELETE_TICKETS))) {
-            throw new \Exception("User does not have access to ticket {$ticketId}");
+            throw new AccessViolationException("User does not have access to ticket {$ticketId}");
        }

        foreach ($ticket->attachments as $attachment) {
--- a/api/BusinessLogic/Tickets/TicketEditor.php
+++ b/api/BusinessLogic/Tickets/TicketEditor.php
@ -3,6 +3,7 @@
 namespace BusinessLogic\Tickets;


+use BusinessLogic\Exceptions\AccessViolationException;
 use BusinessLogic\Exceptions\ApiFriendlyException;
 use BusinessLogic\Exceptions\ValidationException;
 use BusinessLogic\Security\UserContext;
@ -43,7 +44,7 @@ class TicketEditor {
        }

        if (!$this->userToTicketChecker->isTicketAccessibleToUser($userContext, $ticket, $heskSettings, array(UserPrivilege::CAN_EDIT_TICKETS))) {
-            throw new \Exception("User does not have access to ticket {$editTicketModel->id}");
+            throw new AccessViolationException("User does not have access to ticket {$editTicketModel->id}");
        }

        $this->validate($editTicketModel, $ticket->categoryId, $heskSettings);
@ -88,7 +89,7 @@ class TicketEditor {
            $customFieldNumber = intval(str_replace('custom', '', $key));

            //TODO test this
-            if (!array_key_exists($customFieldNumber, $editTicketModel->customFields)) {
+            if ($editTicketModel->customFields === null || !array_key_exists($customFieldNumber, $editTicketModel->customFields)) {
                continue;
            }

--- a/api/Controllers/Attachments/StaffTicketAttachmentsController.php
+++ b/api/Controllers/Attachments/StaffTicketAttachmentsController.php
@ -22,7 +22,7 @@ class StaffTicketAttachmentsController {

        $contents = $attachmentRetriever->getAttachmentContentsForTicket($ticketId, $attachmentId, $userContext, $hesk_settings);

-        output(array('contents' => base64_encode($contents)));
+        output(array('contents' => $contents));
    }

    private function verifyAttachmentsAreEnabled($heskSettings) {
@ -51,6 +51,7 @@ class StaffTicketAttachmentsController {
        $model = new CreateAttachmentForTicketModel();
        $model->attachmentContents = Helpers::safeArrayGet($json, 'data');
        $model->displayName = Helpers::safeArrayGet($json, 'displayName');
+        $model->isEditing = Helpers::safeArrayGet($json, 'isEditing');
        $model->ticketId = $ticketId;

        return $model;
--- a/api/Controllers/Categories/CategoryController.php
+++ b/api/Controllers/Categories/CategoryController.php
@ -3,10 +3,16 @@
 namespace Controllers\Categories;

 use BusinessLogic\Categories\CategoryRetriever;
+use BusinessLogic\Exceptions\ApiFriendlyException;

 class CategoryController {
    function get($id) {
        $categories = self::getAllCategories();
+
+        if (!isset($categories[$id])) {
+            throw new ApiFriendlyException("Category {$id} not found!", "Category Not Found", 404);
+        }
+
        output($categories[$id]);
    }

--- a/api/Controllers/Tickets/StaffTicketController.php
+++ b/api/Controllers/Tickets/StaffTicketController.php
@ -17,6 +17,8 @@ class StaffTicketController {
        $ticketDeleter = $applicationContext->get[TicketDeleter::class];

        $ticketDeleter->deleteTicket($id, $userContext, $hesk_settings);
+
+        http_response_code(204);
    }

    function put($id) {
--- a/api/DataAccess/Logging/LoggingGateway.php
+++ b/api/DataAccess/Logging/LoggingGateway.php
@ -36,7 +36,11 @@ class LoggingGateway extends CommonDao {

        hesk_dbQuery("INSERT INTO `" . hesk_dbEscape($heskSettings['db_pfix']) . "logging` (`username`, `message`, `severity`, `location`, `timestamp`, `stack_trace`)
        VALUES ('" . hesk_dbEscape($userContext->username) . "',
-        '" . hesk_dbEscape($message) . "', " . intval($severity) . ", '" . hesk_dbEscape($location) . "', NOW(), '" . hesk_dbEscape($stackTrace) . "')");
+            '" . hesk_dbEscape(addslashes($message)) . "', 
+            " . intval($severity) . ", 
+            '" . hesk_dbEscape(addslashes($location)) . "', 
+            NOW(), 
+            '" . hesk_dbEscape(addslashes($stackTrace)) . "')");

        $insertedId = hesk_dbInsertID();