支持工单功能(3/10)
*后端部分 *工单内容上存在安全问题(XSS)
This commit is contained in:
parent
d5d5e92f3c
commit
0942b89b26
@ -2,6 +2,7 @@
|
||||
|
||||
namespace app\controllers;
|
||||
|
||||
use app\models\TicketReplies;
|
||||
use app\models\Tickets;
|
||||
use app\models\TicketsSearch;
|
||||
use Yii;
|
||||
@ -10,7 +11,6 @@ use yii\filters\AccessControl;
|
||||
use yii\web\Controller;
|
||||
use yii\web\NotFoundHttpException;
|
||||
use yii\filters\VerbFilter;
|
||||
use yii\web\Request;
|
||||
use yii\web\Response;
|
||||
|
||||
/**
|
||||
@ -74,11 +74,31 @@ class TicketsController extends Controller
|
||||
*/
|
||||
public function actionView(int $id): string
|
||||
{
|
||||
//fetch all replies for this ticket
|
||||
$ticketReplies = $this->findTicketReplies($id);
|
||||
//json
|
||||
$json = json_encode($ticketReplies);
|
||||
return $this->render('view', [
|
||||
'model' => $this->findModel($id),
|
||||
'ticketReplies' => $json,
|
||||
]);
|
||||
}
|
||||
|
||||
protected function findTicketReplies(int $ticketId): array
|
||||
{
|
||||
$ticketReplies = TicketReplies::find()
|
||||
->where(['ticket_id' => $ticketId])
|
||||
->orderBy(['created_at' => SORT_ASC])
|
||||
->all();
|
||||
|
||||
$result = [];
|
||||
foreach ($ticketReplies as $reply) {
|
||||
$result[] = $reply->toArray();
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new Tickets model.
|
||||
* If creation is successful, the browser will be redirected to the 'view' page.
|
||||
@ -97,7 +117,8 @@ class TicketsController extends Controller
|
||||
$model->created_at = date('Y-m-d H:i:s');
|
||||
$model->updated_at = date('Y-m-d H:i:s');
|
||||
|
||||
if($model->save()){
|
||||
if ($model->save()) {
|
||||
Yii::$app->session->setFlash('success', '工单创建成功');
|
||||
return $this->redirect(['view', 'id' => $model->id]);
|
||||
}
|
||||
}
|
||||
|
@ -15,6 +15,7 @@ use yii\db\ActiveRecord;
|
||||
* @property string $message 消息内容
|
||||
* @property string $created_at 发送时间
|
||||
* @property string $ip ip地址
|
||||
* @property int $is_admin 是否是管理员回复
|
||||
*
|
||||
* @property Tickets $ticket
|
||||
* @property User $user
|
||||
@ -35,8 +36,8 @@ class TicketReplies extends ActiveRecord
|
||||
public function rules(): array
|
||||
{
|
||||
return [
|
||||
[['ticket_id', 'user_id', 'message', 'ip'], 'required'],
|
||||
[['ticket_id', 'user_id'], 'integer'],
|
||||
[['ticket_id', 'user_id', 'message', 'ip', 'is_admin'], 'required'],
|
||||
[['ticket_id', 'user_id', 'is_admin'], 'integer'],
|
||||
[['message'], 'string'],
|
||||
[['created_at'], 'safe'],
|
||||
[['ip'], 'string', 'max' => 150],
|
||||
@ -57,6 +58,7 @@ class TicketReplies extends ActiveRecord
|
||||
'message' => '消息内容',
|
||||
'created_at' => '发送时间',
|
||||
'ip' => 'ip地址',
|
||||
'is_admin' => '是否是管理员回复'
|
||||
];
|
||||
}
|
||||
|
||||
@ -79,4 +81,18 @@ class TicketReplies extends ActiveRecord
|
||||
{
|
||||
return $this->hasOne(User::class, ['id' => 'user_id']);
|
||||
}
|
||||
|
||||
public function toArray(array $fields = [], array $expand = [], $recursive = true): array
|
||||
{
|
||||
|
||||
return [
|
||||
'id' => $this->id,
|
||||
'ticket_id' => $this->ticket_id,
|
||||
'name' => ($this->is_admin === 1) ? $this->user->username : '您',
|
||||
'message' => $this->message,
|
||||
'created_at' => $this->created_at,
|
||||
'ip' => $this->ip,
|
||||
'is_admin' => $this->is_admin,
|
||||
];
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user