2021-06-01 12:20:20 +00:00
|
|
|
|
# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
|
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
|
|
describe TicketPolicy do
|
|
|
|
|
subject { described_class.new(user, record) }
|
|
|
|
|
|
|
|
|
|
let(:record) { create(:ticket) }
|
|
|
|
|
|
|
|
|
|
context 'when given ticket’s owner' do
|
|
|
|
|
let(:user) { record.owner }
|
|
|
|
|
|
2021-07-23 13:07:16 +00:00
|
|
|
|
it { is_expected.to forbid_actions(%i[show full]) }
|
2020-09-08 12:51:34 +00:00
|
|
|
|
|
|
|
|
|
context 'when owner has ticket.agent permission' do
|
|
|
|
|
|
|
|
|
|
let(:user) do
|
|
|
|
|
create(:agent, groups: [record.group]).tap do |user|
|
|
|
|
|
record.update!(owner: user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it { is_expected.to permit_actions(%i[show full]) }
|
|
|
|
|
end
|
2020-03-19 09:39:51 +00:00
|
|
|
|
end
|
|
|
|
|
|
2020-08-20 07:10:08 +00:00
|
|
|
|
context 'when given user that is agent and customer' do
|
|
|
|
|
let(:user) { create(:agent_and_customer, groups: [record.group]) }
|
|
|
|
|
|
|
|
|
|
it { is_expected.to permit_actions(%i[show full]) }
|
|
|
|
|
end
|
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
|
context 'when given a user that is neither owner nor customer' do
|
2020-06-19 09:17:18 +00:00
|
|
|
|
let(:user) { create(:agent) }
|
2020-03-19 09:39:51 +00:00
|
|
|
|
|
2021-07-23 13:07:16 +00:00
|
|
|
|
it { is_expected.to forbid_actions(%i[show full]) }
|
2020-03-19 09:39:51 +00:00
|
|
|
|
|
|
|
|
|
context 'but the user is an agent with full access to ticket’s group' do
|
|
|
|
|
before { user.group_names_access_map = { record.group.name => 'full' } }
|
|
|
|
|
|
|
|
|
|
it { is_expected.to permit_actions(%i[show full]) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'but the user is a customer from the same organization as ticket’s customer' do
|
|
|
|
|
let(:record) { create(:ticket, customer: customer) }
|
2020-06-19 09:17:18 +00:00
|
|
|
|
let(:customer) { create(:customer, organization: create(:organization)) }
|
|
|
|
|
let(:user) { create(:customer, organization: customer.organization) }
|
2020-03-19 09:39:51 +00:00
|
|
|
|
|
|
|
|
|
context 'and organization.shared is true (default)' do
|
|
|
|
|
|
|
|
|
|
it { is_expected.to permit_actions(%i[show full]) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'but organization.shared is false' do
|
|
|
|
|
before { customer.organization.update(shared: false) }
|
|
|
|
|
|
2021-07-23 13:07:16 +00:00
|
|
|
|
it { is_expected.to forbid_actions(%i[show full]) }
|
2020-03-19 09:39:51 +00:00
|
|
|
|
end
|
|
|
|
|
end
|
2020-09-08 12:51:34 +00:00
|
|
|
|
|
|
|
|
|
context 'when user is admin with group access' do
|
|
|
|
|
let(:user) { create(:user, roles: Role.where(name: %w[Admin])) }
|
|
|
|
|
|
2021-07-23 13:07:16 +00:00
|
|
|
|
it { is_expected.to forbid_actions(%i[show full]) }
|
2020-09-08 12:51:34 +00:00
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
context 'when user is agent' do
|
|
|
|
|
|
|
|
|
|
context 'when owner has ticket.agent permission' do
|
|
|
|
|
|
|
|
|
|
let(:user) do
|
|
|
|
|
create(:agent, groups: [record.group]).tap do |user|
|
|
|
|
|
record.update!(owner: user)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
it { is_expected.to permit_actions(%i[show full]) }
|
|
|
|
|
end
|
|
|
|
|
|
2020-03-19 09:39:51 +00:00
|
|
|
|
end
|
|
|
|
|
end
|