Hi,
I'm testing Akeeba Ticket System on my dev site.
I setup the ACL configuration like explained in "Quick Setup" in the chapter 2 of the documentation.
I also enabled the integration with Akeeba DocImport.
Now, using an user in the "Customers" group, i try to create a new ticket for the category "Customer Support".
In my environment writing "performance issue" on the topic match an article in the documentation.
The article will be shown as "related result", but an ajax call fail with a 403 forbidden.
Here the requested url:
http://127.0.0.1:8080/index.php/support/index.php?option=com_ats&view=attempts&format=json&task=save&ats_attempt_id=0&title=performance+&ats_category_id=8&modified_on=&_=1409835281638
The same task is called and fail when the "View" button is pressed.
Here the requested url:
http://127.0.0.1:8080/index.php/support/index.php?option=com_ats&view=attempts&format=json&task=save&ats_attempt_id=0&update_clicks=docimport&_=1409835281640
This is caused by the fact the user don't have the privilege "core.edit" on the component "com_ats", as far as I know, this is not required.
I resolved the issue overriding the method "onBeforeSave" in the class "AtsControllerAttempts" with this implementation.
Is not the best check, but if I have understood correctly, the call only update a table used for statistical purposes.
It's right?
Thanks
Demis
I'm testing Akeeba Ticket System on my dev site.
I setup the ACL configuration like explained in "Quick Setup" in the chapter 2 of the documentation.
I also enabled the integration with Akeeba DocImport.
Now, using an user in the "Customers" group, i try to create a new ticket for the category "Customer Support".
In my environment writing "performance issue" on the topic match an article in the documentation.
The article will be shown as "related result", but an ajax call fail with a 403 forbidden.
Here the requested url:
http://127.0.0.1:8080/index.php/support/index.php?option=com_ats&view=attempts&format=json&task=save&ats_attempt_id=0&title=performance+&ats_category_id=8&modified_on=&_=1409835281638
The same task is called and fail when the "View" button is pressed.
Here the requested url:
http://127.0.0.1:8080/index.php/support/index.php?option=com_ats&view=attempts&format=json&task=save&ats_attempt_id=0&update_clicks=docimport&_=1409835281640
This is caused by the fact the user don't have the privilege "core.edit" on the component "com_ats", as far as I know, this is not required.
I resolved the issue overriding the method "onBeforeSave" in the class "AtsControllerAttempts" with this implementation.
public function onBeforeSave()
{
$category_id = $this->input->getInt('category', 0);
$categories = F0FModel::getTmpInstance('Categories', 'AtsModel')
->category($category_id)
->getList();
return !empty($categories);
}
Is not the best check, but if I have understood correctly, the call only update a table used for statistical purposes.
It's right?
Thanks
Demis
