diff options
Diffstat (limited to 'rt/share/html/REST/1.0/ticket/comment')
| -rwxr-xr-x | rt/share/html/REST/1.0/ticket/comment | 177 |
1 files changed, 177 insertions, 0 deletions
diff --git a/rt/share/html/REST/1.0/ticket/comment b/rt/share/html/REST/1.0/ticket/comment new file mode 100755 index 000000000..000f35288 --- /dev/null +++ b/rt/share/html/REST/1.0/ticket/comment @@ -0,0 +1,177 @@ +%# BEGIN BPS TAGGED BLOCK {{{ +%# +%# COPYRIGHT: +%# +%# This software is Copyright (c) 1996-2009 Best Practical Solutions, LLC +%# <jesse@bestpractical.com> +%# +%# (Except where explicitly superseded by other copyright notices) +%# +%# +%# LICENSE: +%# +%# This work is made available to you under the terms of Version 2 of +%# the GNU General Public License. A copy of that license should have +%# been provided with this software, but in any event can be snarfed +%# from www.gnu.org. +%# +%# This work is distributed in the hope that it will be useful, but +%# WITHOUT ANY WARRANTY; without even the implied warranty of +%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +%# General Public License for more details. +%# +%# You should have received a copy of the GNU General Public License +%# along with this program; if not, write to the Free Software +%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +%# 02110-1301 or visit their web page on the internet at +%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html. +%# +%# +%# CONTRIBUTION SUBMISSION POLICY: +%# +%# (The following paragraph is not intended to limit the rights granted +%# to you to modify and distribute this software under the terms of +%# the GNU General Public License and is only of importance to you if +%# you choose to contribute your changes and enhancements to the +%# community by submitting them to Best Practical Solutions, LLC.) +%# +%# By intentionally submitting any modifications, corrections or +%# derivatives to this work, or any other work intended for use with +%# Request Tracker, to Best Practical Solutions, LLC, you confirm that +%# you are the copyright holder for those contributions and you grant +%# Best Practical Solutions, LLC a nonexclusive, worldwide, irrevocable, +%# royalty-free, perpetual, license to use, copy, create derivative +%# works based on those contributions, and sublicense and distribute +%# those contributions and any derivatives thereof. +%# +%# END BPS TAGGED BLOCK }}} +%# REST/1.0/ticket/comment +%# +<%ARGS> +$content +</%ARGS> +<%INIT> +use MIME::Entity; +use LWP::MediaTypes; +use RT::Interface::REST; +use File::Temp qw(tempfile); + +my $ticket = new RT::Ticket $session{CurrentUser}; +my $object = $r->path_info; +my $status = "200 Ok"; +my $output; +my $action; + +# http://.../REST/1.0/ticket/1/comment +my ($c, $o, $k, $e) = @{ form_parse($content)->[0] }; +if ($e || !$o) { + if (!$o) { + $output = "Empty form submitted.\n"; + } + else { + $c = "# Syntax error."; + $output = form_compose([[$c, $o, $k, $e]]); + } + $status = "400 Bad Request"; + goto OUTPUT; +} + +$object =~ s#^/##; +$object ||= $k->{Ticket}; +unless ($object =~ /^\d+/) { + $output = "Invalid ticket id: `$object'.\n"; + $status = "400 Bad Request"; + goto OUTPUT; +} +if ($k->{Ticket} && $object ne $k->{Ticket}) { + $output = "The submitted form and URL specify different tickets.\n"; + $status = "400 Bad Request"; + goto OUTPUT; +} + +($action = $k->{Action}) =~ s/^(.)(.*)$/\U$1\L$2\E/; +unless ($action =~ /^(?:Comment|Correspond)$/) { + $output = "Invalid action: `$action'.\n"; + $status = "400 Bad Request"; + goto OUTPUT; +} + +my $text = $k->{Text}; +my @atts = @{ vsplit($k->{Attachment}) }; + +if (!$k->{Text} && @atts == 0) { + $status = "400 Bad Request"; + $output = "Empty comment with no attachments submitted.\n"; + goto OUTPUT; +} + +my $cgi = $m->cgi_object; +my $ent = MIME::Entity->build(Type => "multipart/mixed"); +$ent->attach(Data => $k->{Text}) if $k->{Text}; + +my $i = 1; +foreach my $att (@atts) { + local $/=undef; + my $file = $att; + $file =~ s#^.*[\\/]##; + + my $fh = $cgi->upload("attachment_$i"); + if ($fh) { + my $buf; + my ($w, $tmp) = tempfile(); + my $info = $cgi->uploadInfo(); + + while (sysread($fh, $buf, 8192)) { + syswrite($w, $buf); + } + + $ent->attach( + Path => $tmp, + Type => $info->{'Content-Type'} || guess_media_type($tmp), + Filename => $file, + Disposition => "attachment" + ); + } + else { + $status = "400 Bad Request"; + $output = "No attachment for $att.\n"; + goto OUTPUT; + } + + $i++; +} + +$ticket->Load($object); +unless ($ticket->Id) { + $output = "Couldn't load ticket id: `$object'.\n"; + $status = "404 Ticket not found"; + goto OUTPUT; +} +unless ($ticket->CurrentUserHasRight('ModifyTicket') || + ($action eq "Comment" && + $ticket->CurrentUserHasRight("CommentOnTicket")) || + ($action eq "Correspond" && + $ticket->CurrentUserHasRight("ReplyToTicket"))) +{ + $output = "You are not allowed to $action on ticket $object.\n"; + $status = "403 Permission denied"; + goto OUTPUT; +} + +my $cc = join ", ", @{ vsplit($k->{Cc}) }; +my $bcc = join ", ", @{ vsplit($k->{Bcc}) }; +my ($n, $s) = $ticket->$action(MIMEObj => $ent, + CcMessageTo => $cc, + BccMessageTo => $bcc, + TimeTaken => $k->{TimeWorked} || 0); +$output = $s; +if ($k->{Status}) { + my ($status_n, $status_s) = $ticket->SetStatus($k->{'Status'} ); + $output .= "\n".$status_s; +} + +OUTPUT: +</%INIT> +RT/<% $RT::VERSION %> <% $status %> + +<% $output |n %> |