Fixes #3872 - Agent with CREATE only permission acts "on behalf" ticket customer on shared organizations
This commit is contained in:
parent
04d1459121
commit
106f55b4c2
2 changed files with 24 additions and 0 deletions
|
@ -29,6 +29,10 @@ module Ticket::Article::AddsMetadataOriginById
|
||||||
type_name = type.name
|
type_name = type.name
|
||||||
return true if type_name != 'phone' && type_name != 'note' && type_name != 'web'
|
return true if type_name != 'phone' && type_name != 'note' && type_name != 'web'
|
||||||
|
|
||||||
|
organization = created_by.organization
|
||||||
|
|
||||||
|
return true if organization&.shared? && organization.members.include?(ticket.customer)
|
||||||
|
|
||||||
self.origin_by_id = ticket.customer_id
|
self.origin_by_id = ticket.customer_id
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -31,4 +31,24 @@ RSpec.describe Ticket::Article::AddsMetadataGeneral do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
context 'when Agent-Customer in shared organization creates Article' do
|
||||||
|
let(:organization) { create(:organization, shared: true) }
|
||||||
|
let(:agent_a) { create(:agent_and_customer, organization: organization) }
|
||||||
|
let(:agent_b) { create(:agent_and_customer, organization: organization) }
|
||||||
|
let(:group) { create(:group) }
|
||||||
|
let(:ticket) { create(:ticket, group: group, owner: agent_a, customer: agent_b) }
|
||||||
|
|
||||||
|
before do
|
||||||
|
[agent_a, agent_b].each do |elem|
|
||||||
|
elem.user_groups.create group: group, access: 'create'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
it '#origin_by is set correctly', current_user_id: -> { agent_a.id } do
|
||||||
|
article = create(:ticket_article, :inbound_web, ticket: ticket)
|
||||||
|
|
||||||
|
expect(article.origin_by).to be_nil
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue