Fixed issue #588 - API Call crashes webinterface - or search?
This commit is contained in:
parent
cec2a051da
commit
11a6930c44
3 changed files with 114 additions and 5 deletions
|
@ -76,7 +76,6 @@ class TicketsController < ApplicationController
|
||||||
# POST /api/v1/tickets
|
# POST /api/v1/tickets
|
||||||
def create
|
def create
|
||||||
clean_params = Ticket.param_association_lookup(params)
|
clean_params = Ticket.param_association_lookup(params)
|
||||||
clean_params = Ticket.param_cleanup(clean_params, true)
|
|
||||||
|
|
||||||
# overwrite params
|
# overwrite params
|
||||||
if !current_user.permissions?('ticket.agent')
|
if !current_user.permissions?('ticket.agent')
|
||||||
|
@ -108,6 +107,7 @@ class TicketsController < ApplicationController
|
||||||
clean_params[:customer_id] = customer.id
|
clean_params[:customer_id] = customer.id
|
||||||
end
|
end
|
||||||
|
|
||||||
|
clean_params = Ticket.param_cleanup(clean_params, true)
|
||||||
ticket = Ticket.new(clean_params)
|
ticket = Ticket.new(clean_params)
|
||||||
|
|
||||||
# check if article is given
|
# check if article is given
|
||||||
|
@ -283,6 +283,8 @@ class TicketsController < ApplicationController
|
||||||
ticket_lists = Ticket
|
ticket_lists = Ticket
|
||||||
.where(
|
.where(
|
||||||
customer_id: ticket.customer_id,
|
customer_id: ticket.customer_id,
|
||||||
|
).where.not(
|
||||||
|
state_id: Ticket::State.by_category('merged')
|
||||||
)
|
)
|
||||||
.where(access_condition)
|
.where(access_condition)
|
||||||
.where('id != ?', [ ticket.id ])
|
.where('id != ?', [ ticket.id ])
|
||||||
|
@ -303,6 +305,7 @@ class TicketsController < ApplicationController
|
||||||
next if recent_view['object'] != 'Ticket'
|
next if recent_view['object'] != 'Ticket'
|
||||||
ticket_ids_recent_viewed.push recent_view['o_id']
|
ticket_ids_recent_viewed.push recent_view['o_id']
|
||||||
recent_view_ticket = Ticket.find(recent_view['o_id'])
|
recent_view_ticket = Ticket.find(recent_view['o_id'])
|
||||||
|
next if recent_view_ticket.state.state_type.name == 'merged'
|
||||||
assets = recent_view_ticket.assets(assets)
|
assets = recent_view_ticket.assets(assets)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -491,6 +494,9 @@ class TicketsController < ApplicationController
|
||||||
user_ticket_volume_by_year = []
|
user_ticket_volume_by_year = []
|
||||||
if params[:user_id]
|
if params[:user_id]
|
||||||
user = User.lookup(id: params[:user_id])
|
user = User.lookup(id: params[:user_id])
|
||||||
|
if !user
|
||||||
|
raise "No such user with id #{params[:user_id]}"
|
||||||
|
end
|
||||||
condition = {
|
condition = {
|
||||||
'ticket.state_id' => {
|
'ticket.state_id' => {
|
||||||
operator: 'is',
|
operator: 'is',
|
||||||
|
@ -661,7 +667,7 @@ class TicketsController < ApplicationController
|
||||||
|
|
||||||
# get related users
|
# get related users
|
||||||
article_ids = []
|
article_ids = []
|
||||||
ticket.articles.order('created_at ASC, id ASC').each { |article|
|
ticket.articles.each { |article|
|
||||||
|
|
||||||
# ignore internal article if customer is requesting
|
# ignore internal article if customer is requesting
|
||||||
next if article.internal == true && current_user.permissions?('ticket.customer')
|
next if article.internal == true && current_user.permissions?('ticket.customer')
|
||||||
|
|
|
@ -93,6 +93,17 @@ returns
|
||||||
clean_params = {}
|
clean_params = {}
|
||||||
new.attributes.each { |attribute, _value|
|
new.attributes.each { |attribute, _value|
|
||||||
next if !data.key?(attribute.to_sym)
|
next if !data.key?(attribute.to_sym)
|
||||||
|
|
||||||
|
# check reference records, referenced by _id attributes
|
||||||
|
reflect_on_all_associations.map { |assoc|
|
||||||
|
class_name = assoc.options[:class_name]
|
||||||
|
next if !class_name
|
||||||
|
name = "#{assoc.name}_id".to_sym
|
||||||
|
next if !data.key?(name)
|
||||||
|
next if data[name].blank?
|
||||||
|
next if assoc.klass.lookup(id: data[name])
|
||||||
|
raise ArgumentError, "Invalid value for param '#{name}': #{data[name].inspect}"
|
||||||
|
}
|
||||||
clean_params[attribute.to_sym] = data[attribute.to_sym]
|
clean_params[attribute.to_sym] = data[attribute.to_sym]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -127,12 +127,104 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
|
||||||
assert_equal(@agent.id, result['created_by_id'])
|
assert_equal(@agent.id, result['created_by_id'])
|
||||||
end
|
end
|
||||||
|
|
||||||
test '01.04 ticket create with agent - minimal article with guess customer' do
|
test '01.04 ticket create with agent - wrong owner_id - 0' do
|
||||||
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
params = {
|
params = {
|
||||||
title: 'a new ticket #4',
|
title: 'a new ticket #4',
|
||||||
group: 'Users',
|
group: 'Users',
|
||||||
priority: '2 normal',
|
priority: '2 normal',
|
||||||
|
owner_id: 0,
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {
|
||||||
|
body: 'some test 123',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(422)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Invalid value for param \'owner_id\': 0', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.05 ticket create with agent - wrong owner_id - ""' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #5',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
|
owner_id: '',
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {
|
||||||
|
body: 'some test 123',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
#assert_response(422)
|
||||||
|
#result = JSON.parse(@response.body)
|
||||||
|
#assert_equal(Hash, result.class)
|
||||||
|
#assert_equal('Invalid value for param \'owner_id\': ""', result['error'])
|
||||||
|
assert_response(201)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
|
assert_equal('a new ticket #5', result['title'])
|
||||||
|
assert_equal(@customer_without_org.id, result['customer_id'])
|
||||||
|
assert_equal(@agent.id, result['updated_by_id'])
|
||||||
|
assert_equal(@agent.id, result['created_by_id'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.06 ticket create with agent - wrong owner_id - 99999' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #6',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
|
owner_id: 99_999,
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {
|
||||||
|
body: 'some test 123',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(422)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Invalid value for param \'owner_id\': 99999', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.07 ticket create with agent - wrong owner_id - nil' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #7',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
|
owner_id: nil,
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {
|
||||||
|
body: 'some test 123',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(201)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
|
assert_equal('a new ticket #7', result['title'])
|
||||||
|
assert_equal(@customer_without_org.id, result['customer_id'])
|
||||||
|
assert_equal(@agent.id, result['updated_by_id'])
|
||||||
|
assert_equal(@agent.id, result['created_by_id'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.08 ticket create with agent - minimal article with guess customer' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #8',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
state: 'new',
|
state: 'new',
|
||||||
customer_id: 'guess:some_new_customer@example.com',
|
customer_id: 'guess:some_new_customer@example.com',
|
||||||
article: {
|
article: {
|
||||||
|
@ -144,7 +236,7 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
assert_equal('a new ticket #4', result['title'])
|
assert_equal('a new ticket #8', result['title'])
|
||||||
assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
|
assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
|
||||||
assert_equal(@agent.id, result['updated_by_id'])
|
assert_equal(@agent.id, result['updated_by_id'])
|
||||||
assert_equal(@agent.id, result['created_by_id'])
|
assert_equal(@agent.id, result['created_by_id'])
|
||||||
|
|
Loading…
Reference in a new issue