3 %# Copyright (c) 1996-2003 Jesse Vincent <jesse@bestpractical.com>
5 %# (Except where explictly superceded by other copyright notices)
7 %# This work is made available to you under the terms of Version 2 of
8 %# the GNU General Public License. A copy of that license should have
9 %# been provided with this software, but in any event can be snarfed
12 %# This work is distributed in the hope that it will be useful, but
13 %# WITHOUT ANY WARRANTY; without even the implied warranty of
14 %# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 %# General Public License for more details.
17 %# Unless otherwise specified, all modifications, corrections or
18 %# extensions to this work which alter its source code become the
19 %# property of Best Practical Solutions, LLC when submitted for
20 %# inclusion in the work.
24 %# REST/1.0/ticket/comment
32 use RT::Interface::REST;
33 use File::Temp qw(tempfile);
35 my $ticket = new RT::Ticket $session{CurrentUser};
36 my $object = $r->path_info;
37 my $status = "200 Ok";
41 # http://.../REST/1.0/ticket/comment/1
42 my ($c, $o, $k, $e) = @{ form_parse($content)->[0] };
45 $output = "Empty form submitted.\n";
48 $c = "# Syntax error.";
49 $output = form_compose([[$c, $o, $k, $e]]);
51 $status = "400 Bad Request";
56 $object ||= $k->{Ticket};
57 unless ($object =~ /^\d+/) {
58 $output = "Invalid ticket id: `$object'.\n";
59 $status = "400 Bad Request";
62 if ($k->{Ticket} && $object ne $k->{Ticket}) {
63 $output = "The submitted form and URL specify different tickets.\n";
64 $status = "400 Bad Request";
68 ($action = $k->{Action}) =~ s/^(.)(.*)$/\U$1\L$2\E/;
69 unless ($action =~ /^(?:Comment|Correspond)$/) {
70 $output = "Invalid action: `$action'.\n";
71 $status = "400 Bad Request";
75 my $text = $k->{Text};
76 my @atts = @{ vsplit($k->{Attachment}) };
78 if (!$k->{Text} && @atts == 0) {
79 $status = "400 Bad Request";
80 $output = "Empty comment with no attachments submitted.\n";
84 my $cgi = $m->cgi_object;
85 my $ent = MIME::Entity->build(Type => "multipart/mixed");
86 $ent->attach(Data => $k->{Text}) if $k->{Text};
89 foreach my $att (@atts) {
92 $file =~ s#^.*[\\/]##;
94 my $fh = $cgi->upload("attachment_$i");
97 my ($w, $tmp) = tempfile();
98 my $info = $cgi->uploadInfo();
100 while (sysread($fh, $buf, 8192)) {
106 Type => $info->{'Content-Type'} || guess_media_type($tmp),
108 Disposition => "attachment"
112 $status = "400 Bad Request";
113 $output = "No attachment for $att.\n";
120 $ticket->Load($object);
121 unless ($ticket->Id) {
122 $output = "Couldn't load ticket id: `$object'.\n";
123 $status = "404 Ticket not found";
126 unless ($ticket->CurrentUserHasRight('ModifyTicket') ||
127 ($action eq "Comment" &&
128 $ticket->CurrentUserHasRight("CommentOnTicket")) ||
129 ($action eq "Correspond" &&
130 $ticket->CurrentUserHasRight("ReplyToTicket")))
132 $output = "You are not allowed to $action on ticket $object.\n";
133 $status = "403 Permission denied";
137 my $cc = join ", ", @{ vsplit($k->{Cc}) };
138 my $bcc = join ", ", @{ vsplit($k->{Bcc}) };
139 my ($n, $s) = $ticket->$action(MIMEObj => $ent,
141 BccMessageTo => $bcc,
142 TimeTaken => $k->{TimeWorked} || 0);
147 RT/<% $RT::VERSION %> <% $status %>