Merge branch 'master' of git.freeside.biz:/home/git/freeside

[freeside.git] / rt / share / html / REST / 1.0 / ticket / comment

%# BEGIN BPS TAGGED BLOCK {{{
%#
%# COPYRIGHT:
%#
%# This software is Copyright (c) 1996-2013 Best Practical Solutions, LLC
%#                                          <sales@bestpractical.com>
%#
%# (Except where explicitly superseded by other copyright notices)
%#
%#
%# LICENSE:
%#
%# This work is made available to you under the terms of Version 2 of
%# the GNU General Public License. A copy of that license should have
%# been provided with this software, but in any event can be snarfed
%# from www.gnu.org.
%#
%# This work is distributed in the hope that it will be useful, but
%# WITHOUT ANY WARRANTY; without even the implied warranty of
%# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
%# General Public License for more details.
%#
%# You should have received a copy of the GNU General Public License
%# along with this program; if not, write to the Free Software
%# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
%# 02110-1301 or visit their web page on the internet at
%# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html.
%#
%#
%# CONTRIBUTION SUBMISSION POLICY:
%#
%# (The following paragraph is not intended to limit the rights granted
%# to you to modify and distribute this software under the terms of
%# the GNU General Public License and is only of importance to you if
%# you choose to contribute your changes and enhancements to the
%# community by submitting them to Best Practical Solutions, LLC.)
%#
%# By intentionally submitting any modifications, corrections or
%# derivatives to this work, or any other work intended for use with
%# Request Tracker, to Best Practical Solutions, LLC, you confirm that
%# you are the copyright holder for those contributions and you grant
%# Best Practical Solutions,  LLC a nonexclusive, worldwide, irrevocable,
%# royalty-free, perpetual, license to use, copy, create derivative
%# works based on those contributions, and sublicense and distribute
%# those contributions and any derivatives thereof.
%#
%# END BPS TAGGED BLOCK }}}
%# REST/1.0/ticket/comment
%#
<%ARGS>
$content
</%ARGS>
<%INIT>
use MIME::Entity;
use LWP::MediaTypes;
use RT::Interface::REST;
use File::Temp qw(tempfile);
my @tmp_files;

my $ticket = RT::Ticket->new($session{CurrentUser});
my $object = $r->path_info;
my $status = "200 Ok";
my $output;
my $action;

# http://.../REST/1.0/ticket/1/comment
my ($c, $o, $k, $e) = @{ form_parse($content)->[0] };
if ($e || !$o) {
    if (!$o) {
        $output = "Empty form submitted.\n";
    }
    else {
        $c = "# Syntax error.";
        $output = form_compose([[$c, $o, $k, $e]]);
    }
    $status = "400 Bad Request";
    goto OUTPUT;
}

$object =~ s#^/##;
$object ||= $k->{Ticket};
unless ($object =~ /^\d+/) {
    $output = "Invalid ticket id: `$object'.\n";
    $status = "400 Bad Request";
    goto OUTPUT;
}
if ($k->{Ticket} && $object ne $k->{Ticket}) {
    $output = "The submitted form and URL specify different tickets.\n";
    $status = "400 Bad Request";
    goto OUTPUT;
}

($action = $k->{Action}) =~ s/^(.)(.*)$/\U$1\L$2\E/;
unless ($action =~ /^(?:Comment|Correspond)$/) {
    $output = "Invalid action: `$action'.\n";
    $status = "400 Bad Request";
    goto OUTPUT;
}

my $text = $k->{Text};
my @atts = @{ vsplit($k->{Attachment}) };

if (!$k->{Text} && @atts == 0) {
        $status = "400 Bad Request";
        $output = "Empty comment with no attachments submitted.\n";
        goto OUTPUT;
}

my $cgi = $m->cgi_object;
my $ent = MIME::Entity->build(
    Type => "multipart/mixed",
    'X-RT-Interface' => 'REST',
);
$ent->attach(Data => $k->{Text}) if $k->{Text};

my $i = 1;
foreach my $att (@atts) {
    local $/=undef;
    my $file = $att;
    $file =~ s#^.*[\\/]##;

    my $fh = $cgi->upload("attachment_$i");
    if ($fh) {
        my $buf;
        my ($w, $tmp) = tempfile();
        push @tmp_files, $tmp;
        my $info = $cgi->uploadInfo();

        while (sysread($fh, $buf, 8192)) {
            syswrite($w, $buf);
        }

        $ent->attach(
            Path => $tmp,
            Type => $info->{'Content-Type'} || guess_media_type($tmp),
            Filename => $file,
            Disposition => "attachment"
        );
    }
    else {
        $status = "400 Bad Request";
        $output = "No attachment for $att.\n";
        goto OUTPUT;
    }

    $i++;
}

$ticket->Load($object);
unless ($ticket->Id) {
    $output = "Couldn't load ticket id: `$object'.\n";
    $status = "404 Ticket not found";
    goto OUTPUT;
}
unless ($ticket->CurrentUserHasRight('ModifyTicket') ||
        ($action eq "Comment" &&
         $ticket->CurrentUserHasRight("CommentOnTicket")) ||
        ($action eq "Correspond" &&
         $ticket->CurrentUserHasRight("ReplyToTicket")))
{
    $output = "You are not allowed to $action on ticket $object.\n";
    $status = "403 Permission denied";
    goto OUTPUT;
}

my $cc = join ", ", @{ vsplit($k->{Cc}) };
my $bcc = join ", ", @{ vsplit($k->{Bcc}) };
my ($n, $s) = $ticket->$action(MIMEObj => $ent,
                               CcMessageTo => $cc,
                               BccMessageTo => $bcc,
                               TimeTaken => $k->{TimeWorked} || 0);
$output = $s;
if ($k->{Status}) {
   my  ($status_n, $status_s) = $ticket->SetStatus($k->{'Status'} );   
  $output .= "\n".$status_s;
}

OUTPUT:

unlink @tmp_files;
</%INIT>
RT/<% $RT::VERSION %> <% $status %>

<% $output |n %>