Skip to content

Bugfix: Validation consumption#225

Open
giovanny07 wants to merge 3 commits intopluginsGLPI:mainfrom
giovanny07:bugfix/validation-consumption
Open

Bugfix: Validation consumption#225
giovanny07 wants to merge 3 commits intopluginsGLPI:mainfrom
giovanny07:bugfix/validation-consumption

Conversation

@giovanny07
Copy link
Copy Markdown

@giovanny07 giovanny07 commented Apr 24, 2026

Checklist before requesting a review

  • I have performed a self-review of my code.
  • I have added tests (when available) that prove my fix is effective or that my feature works.
  • I have updated the CHANGELOG with a short functional description of the fix or new feature.

Description

This PR centralizes credit consumption validation so both the manual ticket form and the hook-driven followup/task/solution flow
use the same server-side rules. It also prevents selecting vouchers outside their valid begin/end date window and fixes the
ticket-tab JavaScript that broke the quantity field when selecting a voucher.

Validation performed:

  • find inc front ajax -name '*.php' -print0 | xargs -0 -n1 php -l
  • git diff --check
  • Manual UI validation of voucher selection and quantity behavior in the ticket form

@stonebuzz stonebuzz requested review from Rom1-B and stonebuzz April 27, 2026 07:41
stonebuzz
stonebuzz requested changes May 4, 2026
View reviewed changes
Comment thread front/ticket.form.php Outdated
ERROR,
);
Html::back();
if (!Session::haveRight('ticket', UPDATE) && !Session::haveRight(Entity::$rightname, UPDATE)) {
Copy link
Copy Markdown
Contributor

@stonebuzz stonebuzz May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why add a validation check when modifying an entity?
A technician updating a ticket (including data coming from the credit plugin) does not necessarily have the permissions required to update the associated entity.

Comment thread inc/ticket.class.php Outdated
Comment on lines +268 to +308
$ticket_id = filter_var(
$input['tickets_id'] ?? null,
FILTER_VALIDATE_INT,
['options' => ['min_range' => 1]],
);
if ($ticket_id === false) {
Session::addMessageAfterRedirect(
__s('Ticket is mandatory.', 'credit'),
true,
ERROR,
);
return false;
}

$credit_id = filter_var(
$input['plugin_credit_entities_id'] ?? null,
FILTER_VALIDATE_INT,
['options' => ['min_range' => 1]],
);
if ($credit_id === false) {
Session::addMessageAfterRedirect(
__s('Credit voucher entity must be selected.', 'credit'),
true,
ERROR,
);
return false;
}

$consumed = filter_var(
$input['consumed'] ?? null,
FILTER_VALIDATE_INT,
['options' => ['min_range' => 1]],
);
if ($consumed === false) {
Session::addMessageAfterRedirect(
__s('Credit voucher quantity must be greater than 0.', 'credit'),
true,
ERROR,
);
return false;
}
Copy link
Copy Markdown
Contributor

@stonebuzz stonebuzz May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Redundant code with prepareInputForUpdate
This logic duplicates functionality already present in prepareInputForUpdate.
It could be refactored into a dedicated checkInput function, or merged into getValidatedConsumptionInput, which should be renamed accordingly to better reflect its broader responsibility.

Comment thread CHANGELOG.md Outdated

- Improve consumed credits modal readability and open related tickets in a new tab
- Show credit vouchers list in entity tab for read-only users while keeping add/config forms restricted to editable contexts.
- Centralize credit consumption validation, prevent invalid voucher selections outside the validity window, and fix the ticket tab quantity field behavior.
Copy link
Copy Markdown
Contributor

@stonebuzz stonebuzz May 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- Centralize credit consumption validation, prevent invalid voucher selections outside the validity window, and fix the ticket tab quantity field behavior.
- Improve credit validation and voucher handling.

Rom1-B
Rom1-B requested changes May 4, 2026
View reviewed changes
Comment thread front/ticket.form.php

use Glpi\Exception\Http\BadRequestHttpException;

Session::haveRight("ticket", UPDATE);
Copy link
Copy Markdown
Contributor

@Rom1-B Rom1-B Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Session::haveRight("ticket", UPDATE);
Session::checkRight(\Ticket::class, UPDATE);

Comment thread front/ticket.form.php
Comment on lines -37 to -50
if ($_REQUEST['plugin_credit_entities_id'] == 0) {
Session::addMessageAfterRedirect(
__s('Credit voucher entity must be selected.', 'credit'),
true,
ERROR,
);
Html::back();
} elseif ($_REQUEST['plugin_credit_quantity'] == 0) {
Session::addMessageAfterRedirect(
__s('Credit voucher quantity must be greater than 0.', 'credit'),
true,
ERROR,
);
Html::back();
Copy link
Copy Markdown
Contributor

@Rom1-B Rom1-B Apr 29, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why remove these checks?

@stonebuzz
Copy link
Copy Markdown
Contributor

stonebuzz commented May 5, 2026

Hi @giovanny07

can you rebase ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stonebuzz stonebuzz stonebuzz requested changes

@Rom1-B Rom1-B Rom1-B requested changes

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@giovanny07 @stonebuzz @Rom1-B