Fixed issue #588 - API Call crashes webinterface - or search?

This commit is contained in:
Martin Edenhofer 2017-01-05 16:38:12 +01:00
parent cec2a051da
commit 11a6930c44
3 changed files with 114 additions and 5 deletions

View file

@ -76,7 +76,6 @@ class TicketsController < ApplicationController
# POST /api/v1/tickets # POST /api/v1/tickets
def create def create
clean_params = Ticket.param_association_lookup(params) clean_params = Ticket.param_association_lookup(params)
clean_params = Ticket.param_cleanup(clean_params, true)
# overwrite params # overwrite params
if !current_user.permissions?('ticket.agent') if !current_user.permissions?('ticket.agent')
@ -108,6 +107,7 @@ class TicketsController < ApplicationController
clean_params[:customer_id] = customer.id clean_params[:customer_id] = customer.id
end end
clean_params = Ticket.param_cleanup(clean_params, true)
ticket = Ticket.new(clean_params) ticket = Ticket.new(clean_params)
# check if article is given # check if article is given
@ -283,6 +283,8 @@ class TicketsController < ApplicationController
ticket_lists = Ticket ticket_lists = Ticket
.where( .where(
customer_id: ticket.customer_id, customer_id: ticket.customer_id,
).where.not(
state_id: Ticket::State.by_category('merged')
) )
.where(access_condition) .where(access_condition)
.where('id != ?', [ ticket.id ]) .where('id != ?', [ ticket.id ])
@ -303,7 +305,8 @@ class TicketsController < ApplicationController
next if recent_view['object'] != 'Ticket' next if recent_view['object'] != 'Ticket'
ticket_ids_recent_viewed.push recent_view['o_id'] ticket_ids_recent_viewed.push recent_view['o_id']
recent_view_ticket = Ticket.find(recent_view['o_id']) recent_view_ticket = Ticket.find(recent_view['o_id'])
assets = recent_view_ticket.assets(assets) next if recent_view_ticket.state.state_type.name == 'merged'
assets = recent_view_ticket.assets(assets)
} }
# return result # return result
@ -491,6 +494,9 @@ class TicketsController < ApplicationController
user_ticket_volume_by_year = [] user_ticket_volume_by_year = []
if params[:user_id] if params[:user_id]
user = User.lookup(id: params[:user_id]) user = User.lookup(id: params[:user_id])
if !user
raise "No such user with id #{params[:user_id]}"
end
condition = { condition = {
'ticket.state_id' => { 'ticket.state_id' => {
operator: 'is', operator: 'is',
@ -661,7 +667,7 @@ class TicketsController < ApplicationController
# get related users # get related users
article_ids = [] article_ids = []
ticket.articles.order('created_at ASC, id ASC').each { |article| ticket.articles.each { |article|
# ignore internal article if customer is requesting # ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer') next if article.internal == true && current_user.permissions?('ticket.customer')

View file

@ -93,6 +93,17 @@ returns
clean_params = {} clean_params = {}
new.attributes.each { |attribute, _value| new.attributes.each { |attribute, _value|
next if !data.key?(attribute.to_sym) next if !data.key?(attribute.to_sym)
# check reference records, referenced by _id attributes
reflect_on_all_associations.map { |assoc|
class_name = assoc.options[:class_name]
next if !class_name
name = "#{assoc.name}_id".to_sym
next if !data.key?(name)
next if data[name].blank?
next if assoc.klass.lookup(id: data[name])
raise ArgumentError, "Invalid value for param '#{name}': #{data[name].inspect}"
}
clean_params[attribute.to_sym] = data[attribute.to_sym] clean_params[attribute.to_sym] = data[attribute.to_sym]
} }

View file

@ -127,12 +127,104 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(@agent.id, result['created_by_id']) assert_equal(@agent.id, result['created_by_id'])
end end
test '01.04 ticket create with agent - minimal article with guess customer' do test '01.04 ticket create with agent - wrong owner_id - 0' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = { params = {
title: 'a new ticket #4', title: 'a new ticket #4',
group: 'Users', group: 'Users',
priority: '2 normal', priority: '2 normal',
owner_id: 0,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid value for param \'owner_id\': 0', result['error'])
end
test '01.05 ticket create with agent - wrong owner_id - ""' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #5',
group: 'Users',
priority: '2 normal',
owner_id: '',
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
#assert_response(422)
#result = JSON.parse(@response.body)
#assert_equal(Hash, result.class)
#assert_equal('Invalid value for param \'owner_id\': ""', result['error'])
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #5', result['title'])
assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
end
test '01.06 ticket create with agent - wrong owner_id - 99999' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #6',
group: 'Users',
priority: '2 normal',
owner_id: 99_999,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid value for param \'owner_id\': 99999', result['error'])
end
test '01.07 ticket create with agent - wrong owner_id - nil' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #7',
group: 'Users',
priority: '2 normal',
owner_id: nil,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #7', result['title'])
assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
end
test '01.08 ticket create with agent - minimal article with guess customer' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #8',
group: 'Users',
priority: '2 normal',
state: 'new', state: 'new',
customer_id: 'guess:some_new_customer@example.com', customer_id: 'guess:some_new_customer@example.com',
article: { article: {
@ -144,7 +236,7 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
result = JSON.parse(@response.body) result = JSON.parse(@response.body)
assert_equal(Hash, result.class) assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #4', result['title']) assert_equal('a new ticket #8', result['title'])
assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id']) assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id']) assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id']) assert_equal(@agent.id, result['created_by_id'])