X-Git-Url: http://git.freeside.biz/gitweb/?a=blobdiff_plain;f=FS%2FFS%2FTicketSystem%2FRT_Internal.pm;h=6b2d3544c9887d0e55c6f592aeac718e6f2c2606;hb=9e0d1dacd8db275dff7f5827bc65b3f1531f8882;hp=ffa8c7c1c5c20f2bab3836f0aaf36250b8f57be8;hpb=1c59bba12621e154765a8255534e94a041dfd200;p=freeside.git

diff --git a/FS/FS/TicketSystem/RT_Internal.pm b/FS/FS/TicketSystem/RT_Internal.pm
index ffa8c7c1c..6b2d3544c 100644
--- a/FS/FS/TicketSystem/RT_Internal.pm
+++ b/FS/FS/TicketSystem/RT_Internal.pm
@@ -50,7 +50,7 @@ sub access_right {
 sub session {
   my( $self, $session ) = @_;
 
-  if ( $session && $session->{'Current_User'} ) { # does this even work?
+  if ( $session && $session->{'CurrentUser'} ) { # does this even work?
     warn "$me session: using existing session and CurrentUser: \n".
          Dumper($session->{'CurrentUser'})
       if $DEBUG;
@@ -92,6 +92,7 @@ sub init {
   # this needs to be done on each fork
   warn "$me init: initializing RT\n" if $DEBUG;
   {
+    local $SIG{__WARN__};
     local $SIG{__DIE__};
     eval 'RT::Init("NoSignalHandlers"=>1);';
   }
@@ -110,7 +111,7 @@ properly.
 # create an RT::Tickets object for a specified custnum or svcnum
 
 sub _tickets_search {
-  my ( $self, $type, $number, $limit, $priority ) = @_;
+  my( $self, $type, $number, $limit, $priority, $status, $queueid ) = @_;
 
   $type =~ /^Customer|Service$/ or die "invalid type: $type";
   $number =~ /^\d+$/ or die "invalid custnum/svcnum: $number";
@@ -135,9 +136,30 @@ sub _tickets_search {
     }
   }
 
-  $rtql .= ' AND ( ' .
-           join(' OR ', map { "Status = '$_'" } $self->statuses) .
-           ' )';
+  my @statuses;
+  if ( defined($status) && $status ) {
+    if ( ref($status) ) {
+      if ( ref($status) eq 'HASH' ) {
+        @statuses = grep $status->{$_}, keys %$status;
+      } elsif ( ref($status) eq 'ARRAY' ) {
+        @statuses = @$status;
+      } else {
+        #what should be the failure mode here?  die?  return no tickets?
+        die 'unknown status ref '. ref($status);
+      }
+    } else {
+      @statuses = ( $status );
+    }
+    @statuses = grep /^\w+$/, @statuses; #injection prevention
+  } else {
+    @statuses = $self->statuses;
+  }
+
+  $rtql .= ' AND ( '.
+                      join(' OR ', map { "Status = '$_'" } @statuses).
+               ' ) ';
+
+  $rtql .= " AND Queue = $queueid " if $queueid;
 
   warn "$me _customer_tickets_search:\n$rtql\n" if $DEBUG;
   $Tickets->FromSQL($rtql);
@@ -151,7 +173,7 @@ sub _tickets_search {
 sub href_customer_tickets {
   my ($self, $custnum) = (shift, shift);
   if ($custnum =~ /^(\d+)$/) {
-    return $self->href_search_tickets("Customer.number = $custnum");
+    return $self->href_search_tickets("Customer.number = $custnum", @_);
   }
   warn "bad custnum $custnum"; '';
 }
@@ -159,7 +181,7 @@ sub href_customer_tickets {
 sub href_service_tickets {
   my ($self, $svcnum) = (shift, shift);
   if ($svcnum =~ /^(\d+)$/ ) {
-    return $self->href_search_tickets("Service.number = $svcnum");
+    return $self->href_search_tickets("Service.number = $svcnum", @_);
   }
   warn "bad svcnum $svcnum"; '';
 }
@@ -434,23 +456,24 @@ sub get_ticket_object {
   my $self = shift;
   my ($session, %opt) = @_;
   $session = $self->session(shift);
-  my $Ticket = RT::Ticket->new($session->{CurrentUser});
-  $Ticket->Load($opt{'ticket_id'});
-  return if ( !$Ticket->id );
-  my $custnum = $opt{'custnum'};
-  if ( defined($custnum) && $custnum =~ /^\d+$/ ) {
-    # probably the most efficient way to check ticket ownership
-    my $Link = RT::Link->new($session->{CurrentUser});
-    $Link->LoadByCols( LocalBase => $opt{'ticket_id'},
-                       Type      => 'MemberOf',
-                       Target    => "freeside://freeside/cust_main/$custnum",
-                     );
-    return if ( !$Link->id );
+  # use a small search here so we can check ticket ownership
+  my $query;
+  if ( $opt{'ticket_id'} =~ /^(\d+)$/ ) {
+    $query = "id = $1";
+  } else {
+    return;
+  }
+  if ( $opt{'custnum'} =~ /^(\d+)$/ ) {
+    $query .= " AND Customer.number = $1"; # also checks ownership via services
   }
-  return $Ticket;
+  my $Tickets = RT::Tickets->new($session->{CurrentUser});
+  $Tickets->FromSQL($query);
+  if ( $DEBUG ) { # temporary for RT#39536
+    warn "[get_ticket_object] " . $Tickets->BuildSelectQuery . "\n\n";
+  }
+  return $Tickets->First;
 }
 
-
 =item correspond_ticket SESSION_HASHREF, OPTION => VALUE ...
 
 Class method. Correspond on a ticket. If there is an error, returns the scalar
@@ -552,7 +575,7 @@ sub _web_external_auth {
 
           # now get user specific information, to better create our user.
           my $new_user_info
-              = RT::Interface::Web::WebExternalAutoInfo($user);
+              = RT::Interface::Web::WebRemoteUserAutocreateInfo($user);
 
           # set the attributes that have been defined.
           # FIXME: this is a horrible kludge. I'm sure there's something cleaner
@@ -588,7 +611,7 @@ sub _web_external_auth {
          # we failed to successfully create the user. abort abort abort.
           delete $session->{'CurrentUser'};
 
-          die "can't auto-create RT user"; #an error message would be nice :/
+          die "can't auto-create RT user: $msg"; #an error message would be nice :/
           #$m->abort() unless $RT::WebFallbackToInternalAuth;
           #$m->comp( '/Elements/Login', %ARGS,
           #    Error => loc( 'Cannot create user: [_1]', $msg ) );