X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FTicketSystem%2FRT_Internal.pm;h=6b2d3544c9887d0e55c6f592aeac718e6f2c2606;hb=9e0d1dacd8db275dff7f5827bc65b3f1531f8882;hp=665c16692c5801ff06d41c0c7d74be345486e0da;hpb=e5d6af11f52aabe8c9e6e12ce43c3401ccf025a8;p=freeside.git

diff --git a/FS/FS/TicketSystem/RT_Internal.pm b/FS/FS/TicketSystem/RT_Internal.pm
index 665c16692..6b2d3544c 100644
--- a/FS/FS/TicketSystem/RT_Internal.pm
+++ b/FS/FS/TicketSystem/RT_Internal.pm
@@ -111,7 +111,7 @@ properly.
 # create an RT::Tickets object for a specified custnum or svcnum
 
 sub _tickets_search {
-  my ( $self, $type, $number, $limit, $priority ) = @_;
+  my( $self, $type, $number, $limit, $priority, $status, $queueid ) = @_;
 
   $type =~ /^Customer|Service$/ or die "invalid type: $type";
   $number =~ /^\d+$/ or die "invalid custnum/svcnum: $number";
@@ -136,9 +136,30 @@ sub _tickets_search {
     }
   }
 
-  $rtql .= ' AND ( ' .
-           join(' OR ', map { "Status = '$_'" } $self->statuses) .
-           ' )';
+  my @statuses;
+  if ( defined($status) && $status ) {
+    if ( ref($status) ) {
+      if ( ref($status) eq 'HASH' ) {
+        @statuses = grep $status->{$_}, keys %$status;
+      } elsif ( ref($status) eq 'ARRAY' ) {
+        @statuses = @$status;
+      } else {
+        #what should be the failure mode here?  die?  return no tickets?
+        die 'unknown status ref '. ref($status);
+      }
+    } else {
+      @statuses = ( $status );
+    }
+    @statuses = grep /^\w+$/, @statuses; #injection prevention
+  } else {
+    @statuses = $self->statuses;
+  }
+
+  $rtql .= ' AND ( '.
+                      join(' OR ', map { "Status = '$_'" } @statuses).
+               ' ) ';
+
+  $rtql .= " AND Queue = $queueid " if $queueid;
 
   warn "$me _customer_tickets_search:\n$rtql\n" if $DEBUG;
   $Tickets->FromSQL($rtql);
@@ -435,23 +456,24 @@ sub get_ticket_object {
   my $self = shift;
   my ($session, %opt) = @_;
   $session = $self->session(shift);
-  my $Ticket = RT::Ticket->new($session->{CurrentUser});
-  $Ticket->Load($opt{'ticket_id'});
-  return if ( !$Ticket->id );
-  my $custnum = $opt{'custnum'};
-  if ( defined($custnum) && $custnum =~ /^\d+$/ ) {
-    # probably the most efficient way to check ticket ownership
-    my $Link = RT::Link->new($session->{CurrentUser});
-    $Link->LoadByCols( LocalBase => $opt{'ticket_id'},
-                       Type      => 'MemberOf',
-                       Target    => "freeside://freeside/cust_main/$custnum",
-                     );
-    return if ( !$Link->id );
+  # use a small search here so we can check ticket ownership
+  my $query;
+  if ( $opt{'ticket_id'} =~ /^(\d+)$/ ) {
+    $query = "id = $1";
+  } else {
+    return;
+  }
+  if ( $opt{'custnum'} =~ /^(\d+)$/ ) {
+    $query .= " AND Customer.number = $1"; # also checks ownership via services
   }
-  return $Ticket;
+  my $Tickets = RT::Tickets->new($session->{CurrentUser});
+  $Tickets->FromSQL($query);
+  if ( $DEBUG ) { # temporary for RT#39536
+    warn "[get_ticket_object] " . $Tickets->BuildSelectQuery . "\n\n";
+  }
+  return $Tickets->First;
 }
 
-
 =item correspond_ticket SESSION_HASHREF, OPTION => VALUE ...
 
 Class method. Correspond on a ticket. If there is an error, returns the scalar
@@ -553,7 +575,7 @@ sub _web_external_auth {
 
           # now get user specific information, to better create our user.
           my $new_user_info
-              = RT::Interface::Web::WebExternalAutoInfo($user);
+              = RT::Interface::Web::WebRemoteUserAutocreateInfo($user);
 
           # set the attributes that have been defined.
           # FIXME: this is a horrible kludge. I'm sure there's something cleaner