支持工单功能(7/10)

修复错误的工单所有者判断逻辑阻止用户访问不属于该用户的工单代码清理
2024-04-18 17:15:43 +08:00 · 2024-04-18 17:15:43 +08:00 · 4a5cd54936
commit 4a5cd54936
parent 6e4f2ee254
2 changed files with 10 additions and 23 deletions
--- a/controllers/TicketsController.php
+++ b/controllers/TicketsController.php
@ -75,6 +75,11 @@ class TicketsController extends Controller
     */
    public function actionView(int $id): string
    {
+        //check if this ticket belongs to current user
+        $ticket = Tickets::findOne(['id' => $id, 'user_id' => Yii::$app->user->id]);
+        if ($ticket === null) {
+            throw new NotFoundHttpException('The requested page does not exist.');
+        }
        //fetch all replies for this ticket
        $ticketReplies = $this->findTicketReplies($id);
        //json
@ -134,33 +139,12 @@ class TicketsController extends Controller
        ]);
    }

-    /**
-     * Updates an existing Tickets model.
-     * If update is successful, the browser will be redirected to the 'view' page.
-     * @param int $id 工单id
-     * @return string|Response
-     * @throws NotFoundHttpException if the model cannot be found
-     */
-    public function actionUpdate(int $id): Response|string
-    {
-        $model = $this->findModel($id);
-
-        if ($this->request->isPost && $model->load($this->request->post()) && $model->save()) {
-            return $this->redirect(['view', 'id' => $model->id]);
-        }
-
-        return $this->render('update', [
-            'model' => $model,
-        ]);
-    }
-
    /**
     * NoNoNo, you can't delete a ticket. Just close it.
     * @param int $id 工单id
+     * @param string $from
     * @return Response
     * @throws NotFoundHttpException if the model cannot be found
-     * @throws \Throwable
-     * @throws StaleObjectException
     */
    public function actionDelete(int $id,string $from = 'unset'): Response
    {
@ -192,6 +176,7 @@ class TicketsController extends Controller
     * Ticket reply action
     * For user
     * @return Response
+     * @throws NotFoundHttpException
     */
    public function actionReply(): Response
    {
--- a/models/TicketReplies.php
+++ b/models/TicketReplies.php
@ -84,11 +84,13 @@ class TicketReplies extends ActiveRecord

    public function toArray(array $fields = [], array $expand = [], $recursive = true): array
    {
+        $currentUserId = Yii::$app->user->id; // 获取当前用户ID
+        $name = ($this->user->id === $currentUserId) ? '您' : $this->user->username; // 判断是否是当前用户

        return [
            'id' => $this->id,
            'ticket_id' => $this->ticket_id,
-            'name' => ($this->is_admin === 1) ? $this->user->username : '您',
+            'name' => $name,
            'message' => $this->message,
            'created_at' => $this->created_at,
            'ip' => $this->ip,