From 106f55b4c2333ed2c6173c19f44d7a969faa5087 Mon Sep 17 00:00:00 2001 From: Mantas Masalskis Date: Mon, 15 Nov 2021 15:26:25 +0100 Subject: [PATCH] Fixes #3872 - Agent with CREATE only permission acts "on behalf" ticket customer on shared organizations --- .../article/adds_metadata_origin_by_id.rb | 4 ++++ .../article/adds_metadata_general_spec.rb | 20 +++++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/app/models/ticket/article/adds_metadata_origin_by_id.rb b/app/models/ticket/article/adds_metadata_origin_by_id.rb index e91ad567e..eb6415f78 100644 --- a/app/models/ticket/article/adds_metadata_origin_by_id.rb +++ b/app/models/ticket/article/adds_metadata_origin_by_id.rb @@ -29,6 +29,10 @@ module Ticket::Article::AddsMetadataOriginById type_name = type.name return true if type_name != 'phone' && type_name != 'note' && type_name != 'web' + organization = created_by.organization + + return true if organization&.shared? && organization.members.include?(ticket.customer) + self.origin_by_id = ticket.customer_id end end diff --git a/spec/models/ticket/article/adds_metadata_general_spec.rb b/spec/models/ticket/article/adds_metadata_general_spec.rb index 79b2c6d5f..3143851c3 100644 --- a/spec/models/ticket/article/adds_metadata_general_spec.rb +++ b/spec/models/ticket/article/adds_metadata_general_spec.rb @@ -31,4 +31,24 @@ RSpec.describe Ticket::Article::AddsMetadataGeneral do end end end + + context 'when Agent-Customer in shared organization creates Article' do + let(:organization) { create(:organization, shared: true) } + let(:agent_a) { create(:agent_and_customer, organization: organization) } + let(:agent_b) { create(:agent_and_customer, organization: organization) } + let(:group) { create(:group) } + let(:ticket) { create(:ticket, group: group, owner: agent_a, customer: agent_b) } + + before do + [agent_a, agent_b].each do |elem| + elem.user_groups.create group: group, access: 'create' + end + end + + it '#origin_by is set correctly', current_user_id: -> { agent_a.id } do + article = create(:ticket_article, :inbound_web, ticket: ticket) + + expect(article.origin_by).to be_nil + end + end end