Fixed issue #588 - API Call crashes webinterface - or search?

This commit is contained in:
Martin Edenhofer 2017-01-05 16:38:12 +01:00
parent cec2a051da
commit 11a6930c44
3 changed files with 114 additions and 5 deletions

View file

@ -76,7 +76,6 @@ class TicketsController < ApplicationController
# POST /api/v1/tickets
def create
clean_params = Ticket.param_association_lookup(params)
clean_params = Ticket.param_cleanup(clean_params, true)
# overwrite params
if !current_user.permissions?('ticket.agent')
@ -108,6 +107,7 @@ class TicketsController < ApplicationController
clean_params[:customer_id] = customer.id
end
clean_params = Ticket.param_cleanup(clean_params, true)
ticket = Ticket.new(clean_params)
# check if article is given
@ -283,6 +283,8 @@ class TicketsController < ApplicationController
ticket_lists = Ticket
.where(
customer_id: ticket.customer_id,
).where.not(
state_id: Ticket::State.by_category('merged')
)
.where(access_condition)
.where('id != ?', [ ticket.id ])
@ -303,6 +305,7 @@ class TicketsController < ApplicationController
next if recent_view['object'] != 'Ticket'
ticket_ids_recent_viewed.push recent_view['o_id']
recent_view_ticket = Ticket.find(recent_view['o_id'])
next if recent_view_ticket.state.state_type.name == 'merged'
assets = recent_view_ticket.assets(assets)
}
@ -491,6 +494,9 @@ class TicketsController < ApplicationController
user_ticket_volume_by_year = []
if params[:user_id]
user = User.lookup(id: params[:user_id])
if !user
raise "No such user with id #{params[:user_id]}"
end
condition = {
'ticket.state_id' => {
operator: 'is',
@ -661,7 +667,7 @@ class TicketsController < ApplicationController
# get related users
article_ids = []
ticket.articles.order('created_at ASC, id ASC').each { |article|
ticket.articles.each { |article|
# ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer')

View file

@ -93,6 +93,17 @@ returns
clean_params = {}
new.attributes.each { |attribute, _value|
next if !data.key?(attribute.to_sym)
# check reference records, referenced by _id attributes
reflect_on_all_associations.map { |assoc|
class_name = assoc.options[:class_name]
next if !class_name
name = "#{assoc.name}_id".to_sym
next if !data.key?(name)
next if data[name].blank?
next if assoc.klass.lookup(id: data[name])
raise ArgumentError, "Invalid value for param '#{name}': #{data[name].inspect}"
}
clean_params[attribute.to_sym] = data[attribute.to_sym]
}

View file

@ -127,12 +127,104 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(@agent.id, result['created_by_id'])
end
test '01.04 ticket create with agent - minimal article with guess customer' do
test '01.04 ticket create with agent - wrong owner_id - 0' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #4',
group: 'Users',
priority: '2 normal',
owner_id: 0,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid value for param \'owner_id\': 0', result['error'])
end
test '01.05 ticket create with agent - wrong owner_id - ""' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #5',
group: 'Users',
priority: '2 normal',
owner_id: '',
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
#assert_response(422)
#result = JSON.parse(@response.body)
#assert_equal(Hash, result.class)
#assert_equal('Invalid value for param \'owner_id\': ""', result['error'])
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #5', result['title'])
assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
end
test '01.06 ticket create with agent - wrong owner_id - 99999' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #6',
group: 'Users',
priority: '2 normal',
owner_id: 99_999,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Invalid value for param \'owner_id\': 99999', result['error'])
end
test '01.07 ticket create with agent - wrong owner_id - nil' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #7',
group: 'Users',
priority: '2 normal',
owner_id: nil,
state: 'new',
customer_id: @customer_without_org.id,
article: {
body: 'some test 123',
},
}
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #7', result['title'])
assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
end
test '01.08 ticket create with agent - minimal article with guess customer' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
params = {
title: 'a new ticket #8',
group: 'Users',
priority: '2 normal',
state: 'new',
customer_id: 'guess:some_new_customer@example.com',
article: {
@ -144,7 +236,7 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #4', result['title'])
assert_equal('a new ticket #8', result['title'])
assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])