Fixes #3872 - Agent with CREATE only permission acts "on behalf" ticket customer on shared organizations

This commit is contained in:
Mantas Masalskis 2021-11-15 15:26:25 +01:00 committed by Mantas Masalskis
parent 04d1459121
commit 106f55b4c2
2 changed files with 24 additions and 0 deletions

View file

@ -29,6 +29,10 @@ module Ticket::Article::AddsMetadataOriginById
type_name = type.name
return true if type_name != 'phone' && type_name != 'note' && type_name != 'web'
organization = created_by.organization
return true if organization&.shared? && organization.members.include?(ticket.customer)
self.origin_by_id = ticket.customer_id
end
end

View file

@ -31,4 +31,24 @@ RSpec.describe Ticket::Article::AddsMetadataGeneral do
end
end
end
context 'when Agent-Customer in shared organization creates Article' do
let(:organization) { create(:organization, shared: true) }
let(:agent_a) { create(:agent_and_customer, organization: organization) }
let(:agent_b) { create(:agent_and_customer, organization: organization) }
let(:group) { create(:group) }
let(:ticket) { create(:ticket, group: group, owner: agent_a, customer: agent_b) }
before do
[agent_a, agent_b].each do |elem|
elem.user_groups.create group: group, access: 'create'
end
end
it '#origin_by is set correctly', current_user_id: -> { agent_a.id } do
article = create(:ticket_article, :inbound_web, ticket: ticket)
expect(article.origin_by).to be_nil
end
end
end