From 8ca265837ff7d94e26ba829fde78dd7b67867f0b Mon Sep 17 00:00:00 2001
From: Dot-Rar <dotrar@protonmail.com>
Date: Wed, 26 Feb 2020 19:55:07 +0000
Subject: [PATCH] ticket close listener

---
 app/http/endpoints/manage/sendmessage.go | 6 ++++++
 app/http/endpoints/manage/ticketview.go  | 6 ++++++
 app/http/endpoints/manage/viewlog.go     | 2 ++
 app/http/server.go                       | 1 +
 4 files changed, 15 insertions(+)

diff --git a/app/http/endpoints/manage/sendmessage.go b/app/http/endpoints/manage/sendmessage.go
index f9ca2be..d5f880c 100644
--- a/app/http/endpoints/manage/sendmessage.go
+++ b/app/http/endpoints/manage/sendmessage.go
@@ -57,6 +57,12 @@ func SendMessage(ctx *gin.Context) {
 		ticket := <-ticketChan
 		exists := ticket != table.Ticket{}
 
+		// Verify that the user has permission to be here
+		if ticket.Guild != guildId {
+			ctx.Redirect(302, fmt.Sprintf("/manage/%s/tickets", guildIdStr))
+			return
+		}
+
 		contentType := discord.ApplicationJson
 
 		if exists {
diff --git a/app/http/endpoints/manage/ticketview.go b/app/http/endpoints/manage/ticketview.go
index d68a526..9c10184 100644
--- a/app/http/endpoints/manage/ticketview.go
+++ b/app/http/endpoints/manage/ticketview.go
@@ -67,6 +67,12 @@ func TicketViewHandler(ctx *gin.Context) {
 			return
 		}
 
+		// Verify that the user has permission to be here
+		if ticket.Guild != guildId {
+			ctx.Redirect(302, fmt.Sprintf("/manage/%s/tickets", guildIdStr))
+			return
+		}
+
 		// Get messages
 		var messages []objects.Message
 		// We want to show users error messages so they can report them
diff --git a/app/http/endpoints/manage/viewlog.go b/app/http/endpoints/manage/viewlog.go
index 36eb5a0..74539d4 100644
--- a/app/http/endpoints/manage/viewlog.go
+++ b/app/http/endpoints/manage/viewlog.go
@@ -53,6 +53,8 @@ func LogViewHandler(ctx *gin.Context) {
 		}
 
 		uuid := ctx.Param("uuid")
+
+		// Doesn't need guild = ticket.guild check, since we select where uuid=uuid and guild=guild
 		cdnUrl := table.GetCdnUrl(guildId, uuid)
 
 		if cdnUrl == "" {
diff --git a/app/http/server.go b/app/http/server.go
index e532070..1eece7d 100644
--- a/app/http/server.go
+++ b/app/http/server.go
@@ -55,6 +55,7 @@ func StartServer() {
 
 	router.GET("/manage/:id/tickets", manage.TicketListHandler)
 	router.GET("/manage/:id/tickets/view/:uuid", manage.TicketViewHandler)
+	router.POST("/manage/:id/tickets/view/:uuid/close", manage.TicketCloseHandler)
 	router.POST("/manage/:id/tickets/view/:uuid", manage.SendMessage)
 	router.GET("/webchat", manage.WebChatWs)