diff --git a/app/controllers/customers_controller.rb b/app/controllers/customers_controller.rb index cb91fb2..9dada65 100644 --- a/app/controllers/customers_controller.rb +++ b/app/controllers/customers_controller.rb @@ -134,6 +134,23 @@ class CustomersController < ApplicationController end end + # creates new customer view tokens, removes expired tokens & redirects to newly created customer view with new token. + def share + + Thread.new do + logger.debug "Removing expired customer tokens" + CustomerToken.remove_expired_tokens + ActiveRecord::Base.connection.close + end + + begin + issue = Issue.find_by_id(params[:id]) + redirect_to "#{Redmine::Utils::relative_url_root}/customers/view/#{issue.share_token.token}" + rescue + render_404 + end + end + # displays an issue for a customer with a provided security CustomerToken def view diff --git a/app/models/customer_token.rb b/app/models/customer_token.rb index dce986f..d8e7cdb 100644 --- a/app/models/customer_token.rb +++ b/app/models/customer_token.rb @@ -11,7 +11,6 @@ class CustomerToken < ActiveRecord::Base unloadable has_many :issues - #attr_accessible :token, :expires_at, :issue_id validates_presence_of :expires_at, :issue_id before_create :generate_token @@ -20,4 +19,9 @@ class CustomerToken < ActiveRecord::Base def generate_token self.token = SecureRandom.base64(15).tr('+/=lIO0', OAUTH_CONSUMER_SECRET) end + + def remove_expired_tokens + CustomerToken.where("expires_at < ?", Time.now).destroy_all + end + end diff --git a/config/routes.rb b/config/routes.rb index b738998..ac4b465 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,6 +1,6 @@ #The MIT License (MIT) # -#Copyright (c) 2017 rick barrette +#Copyright (c) 2022 rick barrette # #Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: # @@ -28,6 +28,7 @@ get 'qbo/bill/:id', :to => 'qbo#bill', as: :bill #customer issue view get 'customers/view/:token', :to => 'customers#view', as: :view +get 'customers/share/:id', :to => 'customers#share', as: :share #payments resources :payments @@ -48,5 +49,3 @@ end #allow for just vehicles too resources :vehicles - -#resources :qbo_estimates diff --git a/lib/issues_show_hook_listener.rb b/lib/issues_show_hook_listener.rb index 1350248..470816d 100644 --- a/lib/issues_show_hook_listener.rb +++ b/lib/issues_show_hook_listener.rb @@ -62,7 +62,7 @@ class IssuesShowHookListener < Redmine::Hook::ViewListener def view_issues_show_description_bottom(context={}) bill_button = button_to "Bill Time", "#{Redmine::Utils::relative_url_root}/qbo/bill/#{context[:issue].id}", method: :get if User.current.admin? - share_button = button_to "Share", "#{Redmine::Utils::relative_url_root}/customers/view/#{context[:issue].share_token.token}", method: :get if User.current.logged? + share_button = button_to "Share", "#{Redmine::Utils::relative_url_root}/customers/share/#{context[:issue].id}", method: :get if User.current.logged? return "
#{bill_button} #{share_button}" end