Improved validation messages of controllers.

This commit is contained in:
Martin Edenhofer 2016-08-24 13:42:22 +02:00
parent 828cdd0347
commit 2078a079cd
5 changed files with 350 additions and 115 deletions

View file

@ -356,6 +356,87 @@ class ApplicationController < ActionController::Base
raise Exceptions::NotAuthorized raise Exceptions::NotAuthorized
end end
def article_create(ticket, params)
# create article if given
form_id = params[:form_id]
params.delete(:form_id)
# check min. params
raise 'Need at least article: { body: "some text" }' if !params[:body]
# fill default values
if params[:type_id].empty? && params[:type].empty?
params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
end
if params[:sender_id].empty? && params[:sender].empty?
sender = 'Customer'
if current_user.permissions?('ticket.agent')
sender = 'Agent'
end
params[:sender_id] = Ticket::Article::Sender.lookup(name: sender).id
end
clean_params = Ticket::Article.param_association_lookup(params)
clean_params = Ticket::Article.param_cleanup(clean_params, true)
# overwrite params
if !current_user.permissions?('ticket.agent')
clean_params[:sender_id] = Ticket::Article::Sender.lookup(name: 'Customer').id
clean_params.delete(:sender)
type = Ticket::Article::Type.lookup(id: clean_params[:type_id])
if type.name !~ /^(note|web)$/
clean_params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
end
clean_params.delete(:type)
clean_params[:internal] = false
end
article = Ticket::Article.new(clean_params)
article.ticket_id = ticket.id
# store dataurl images to store
if form_id && article.body && article.content_type =~ %r{text/html}i
article.body.gsub!( %r{(<img\s.+?src=")(data:image/(jpeg|png);base64,.+?)">}i ) { |_item|
file_attributes = StaticAssets.data_url_attributes($2)
cid = "#{ticket.id}.#{form_id}.#{rand(999_999)}@#{Setting.get('fqdn')}"
headers_store = {
'Content-Type' => file_attributes[:mime_type],
'Mime-Type' => file_attributes[:mime_type],
'Content-ID' => cid,
'Content-Disposition' => 'inline',
}
store = Store.add(
object: 'UploadCache',
o_id: form_id,
data: file_attributes[:content],
filename: cid,
preferences: headers_store
)
"#{$1}cid:#{cid}\">"
}
end
# find attachments in upload cache
if form_id
article.attachments = Store.list(
object: 'UploadCache',
o_id: form_id,
)
end
article.save!
# remove attachments from upload cache
return article if !form_id
Store.remove(
object: 'UploadCache',
o_id: form_id,
)
article
end
def permission_check(key) def permission_check(key)
if @_token_auth if @_token_auth
user = Token.check( user = Token.check(

View file

@ -18,10 +18,7 @@ class TicketArticlesController < ApplicationController
if params[:expand] if params[:expand]
result = article.attributes_with_relation_names result = article.attributes_with_relation_names
# add attachments
result[:attachments] = article.attachments result[:attachments] = article.attachments
render json: result, status: :ok render json: result, status: :ok
return return
end end
@ -49,7 +46,6 @@ class TicketArticlesController < ApplicationController
# ignore internal article if customer is requesting # ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer') next if article.internal == true && current_user.permissions?('ticket.customer')
result = article.attributes_with_relation_names result = article.attributes_with_relation_names
# add attachments # add attachments
@ -83,7 +79,6 @@ class TicketArticlesController < ApplicationController
# ignore internal article if customer is requesting # ignore internal article if customer is requesting
next if article.internal == true && current_user.permissions?('ticket.customer') next if article.internal == true && current_user.permissions?('ticket.customer')
articles.push article.attributes_with_relation_names articles.push article.attributes_with_relation_names
} }
render json: articles render json: articles
@ -91,35 +86,24 @@ class TicketArticlesController < ApplicationController
# POST /articles # POST /articles
def create def create
form_id = params[:form_id] ticket = Ticket.find(params[:ticket_id])
ticket_permission(ticket)
article = article_create(ticket, params)
clean_params = Ticket::Article.param_association_lookup(params) if params[:expand]
clean_params = Ticket::Article.param_cleanup(clean_params, true) result = article.attributes_with_relation_names
article = Ticket::Article.new(clean_params) result[:attachments] = article.attachments
render json: result, status: :created
# permission check return
article_permission(article)
# find attachments in upload cache
if form_id
article.attachments = Store.list(
object: 'UploadCache',
o_id: form_id,
)
end end
if article.save if params[:full]
full = Ticket::Article.full(params[:id])
# remove attachments from upload cache render json: full, status: :created
Store.remove( return
object: 'UploadCache',
o_id: form_id,
)
render json: article, status: :created
else
render json: article.errors, status: :unprocessable_entity
end end
render json: article.attributes_with_relation_names, status: :created
end end
# PUT /articles/1 # PUT /articles/1
@ -129,23 +113,49 @@ class TicketArticlesController < ApplicationController
article = Ticket::Article.find(params[:id]) article = Ticket::Article.find(params[:id])
article_permission(article) article_permission(article)
if !current_user.permissions?('ticket.agent') && !current_user.permissions?('admin')
raise Exceptions::NotAuthorized, 'Not authorized (ticket.agent or admin permission required)!'
end
clean_params = Ticket::Article.param_association_lookup(params) clean_params = Ticket::Article.param_association_lookup(params)
clean_params = Ticket::Article.param_cleanup(clean_params, true) clean_params = Ticket::Article.param_cleanup(clean_params, true)
if article.update_attributes(clean_params) article.update_attributes!(clean_params)
render json: article, status: :ok
else if params[:expand]
render json: article.errors, status: :unprocessable_entity result = article.attributes_with_relation_names
result[:attachments] = article.attachments
render json: result, status: :ok
return
end end
if params[:full]
full = Ticket::Article.full(params[:id])
render json: full, status: :ok
return
end
render json: article.attributes_with_relation_names, status: :ok
end end
# DELETE /articles/1 # DELETE /articles/1
def destroy def destroy
article = Ticket::Article.find(params[:id]) article = Ticket::Article.find(params[:id])
article_permission(article) article_permission(article)
article.destroy
if current_user.permissions?('admin')
article.destroy!
head :ok head :ok
return
end
if current_user.permissions?('ticket.agent') && article.created_by_id == current_user.id && article.type.name == 'note'
article.destroy!
head :ok
return
end
raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!'
end end
# DELETE /ticket_attachment_upload # DELETE /ticket_attachment_upload

View file

@ -617,85 +617,6 @@ class TicketsController < ApplicationController
ticket_ids ticket_ids
end end
def article_create(ticket, params)
# create article if given
form_id = params[:form_id]
params.delete(:form_id)
# check min. params
raise 'Need at least article: { body: "some text" }' if !params[:body]
# fill default values
if params[:type_id].empty?
params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
end
if params[:sender_id].empty?
sender = 'Customer'
if current_user.permissions?('ticket.agent')
sender = 'Agent'
end
params[:sender_id] = Ticket::Article::Sender.lookup(name: sender).id
end
clean_params = Ticket::Article.param_association_lookup(params)
clean_params = Ticket::Article.param_cleanup(clean_params, true)
# overwrite params
if !current_user.permissions?('ticket.agent')
clean_params[:sender_id] = Ticket::Article::Sender.lookup(name: 'Customer').id
clean_params.delete(:sender)
type = Ticket::Article::Type.lookup(id: clean_params[:type_id])
if type !~ /^(note|web)$/
clean_params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
end
clean_params.delete(:type)
clean_params[:internal] = false
end
article = Ticket::Article.new(clean_params)
article.ticket_id = ticket.id
# store dataurl images to store
if form_id && article.body && article.content_type =~ %r{text/html}i
article.body.gsub!( %r{(<img\s.+?src=")(data:image/(jpeg|png);base64,.+?)">}i ) { |_item|
file_attributes = StaticAssets.data_url_attributes($2)
cid = "#{ticket.id}.#{form_id}.#{rand(999_999)}@#{Setting.get('fqdn')}"
headers_store = {
'Content-Type' => file_attributes[:mime_type],
'Mime-Type' => file_attributes[:mime_type],
'Content-ID' => cid,
'Content-Disposition' => 'inline',
}
store = Store.add(
object: 'UploadCache',
o_id: form_id,
data: file_attributes[:content],
filename: cid,
preferences: headers_store
)
"#{$1}cid:#{cid}\">"
}
end
# find attachments in upload cache
if form_id
article.attachments = Store.list(
object: 'UploadCache',
o_id: form_id,
)
end
article.save!
# remove attachments from upload cache
return if !form_id
Store.remove(
object: 'UploadCache',
o_id: form_id,
)
end
def ticket_all(ticket) def ticket_all(ticket)
# get attributes to update # get attributes to update

View file

@ -40,6 +40,7 @@ Zammad::Application.routes.draw do
match api_path + '/ticket_articles/by_ticket/:id', to: 'ticket_articles#index_by_ticket', via: :get match api_path + '/ticket_articles/by_ticket/:id', to: 'ticket_articles#index_by_ticket', via: :get
match api_path + '/ticket_articles', to: 'ticket_articles#create', via: :post match api_path + '/ticket_articles', to: 'ticket_articles#create', via: :post
match api_path + '/ticket_articles/:id', to: 'ticket_articles#update', via: :put match api_path + '/ticket_articles/:id', to: 'ticket_articles#update', via: :put
match api_path + '/ticket_articles/:id', to: 'ticket_articles#destroy', via: :delete
match api_path + '/ticket_attachment/:ticket_id/:article_id/:id', to: 'ticket_articles#attachment', via: :get match api_path + '/ticket_attachment/:ticket_id/:article_id/:id', to: 'ticket_articles#attachment', via: :get
match api_path + '/ticket_attachment_upload', to: 'ticket_articles#ticket_attachment_upload_add', via: :post match api_path + '/ticket_attachment_upload', to: 'ticket_articles#ticket_attachment_upload_add', via: :post
match api_path + '/ticket_attachment_upload', to: 'ticket_articles#ticket_attachment_upload_delete', via: :delete match api_path + '/ticket_attachment_upload', to: 'ticket_articles#ticket_attachment_upload_delete', via: :delete

View file

@ -123,6 +123,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #3', result['title']) assert_equal('a new ticket #3', result['title'])
assert_equal(@customer_without_org.id, result['customer_id']) assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
end end
test '02.02 ticket create with agent' do test '02.02 ticket create with agent' do
@ -149,6 +151,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(Hash, result.class) assert_equal(Hash, result.class)
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #1', result['title']) assert_equal('a new ticket #1', result['title'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(@agent.id, result['created_by_id'])
links = Link.list( links = Link.list(
link_object: 'Ticket', link_object: 'Ticket',
link_object_value: result['id'], link_object_value: result['id'],
@ -215,6 +219,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id', result['title']) assert_equal('ticket with corret ticket id', result['title'])
assert_equal(ticket.customer_id, result['customer_id']) assert_equal(ticket.customer_id, result['customer_id'])
assert_equal(1, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = { params = {
title: 'ticket with corret ticket id - 2', title: 'ticket with corret ticket id - 2',
@ -227,6 +233,71 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id - 2', result['title']) assert_equal('ticket with corret ticket id - 2', result['title'])
assert_equal(@agent.id, result['customer_id']) assert_equal(@agent.id, result['customer_id'])
assert_equal(@agent.id, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(false, result['internal'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
type: 'email',
internal: true,
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(true, result['internal'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
params = {
subject: 'new subject',
}
put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('new subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(true, result['internal'])
assert_equal(@agent.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (admin permission required)!', result['error'])
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials) delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(401) assert_response(401)
@ -253,6 +324,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id', result['title']) assert_equal('ticket with corret ticket id', result['title'])
assert_equal(ticket.customer_id, result['customer_id']) assert_equal(ticket.customer_id, result['customer_id'])
assert_equal(1, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = { params = {
title: 'ticket with corret ticket id - 2', title: 'ticket with corret ticket id - 2',
@ -265,6 +338,68 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id - 2', result['title']) assert_equal('ticket with corret ticket id - 2', result['title'])
assert_equal(@agent.id, result['customer_id']) assert_equal(@agent.id, result['customer_id'])
assert_equal(@admin.id, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(false, result['internal'])
assert_equal(@admin.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
params = {
subject: 'new subject',
internal: true,
}
put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('new subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(true, result['internal'])
assert_equal(@admin.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
type: 'email',
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(false, result['internal'])
assert_equal(@admin.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials) delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(200) assert_response(200)
@ -288,6 +423,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #c1', result['title']) assert_equal('a new ticket #c1', result['title'])
assert_equal(@customer_without_org.id, result['customer_id']) assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
end end
test '03.02 ticket create with customer with wrong customer' do test '03.02 ticket create with customer with wrong customer' do
@ -311,6 +448,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id']) assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
assert_equal('a new ticket #c2', result['title']) assert_equal('a new ticket #c2', result['title'])
assert_equal(@customer_without_org.id, result['customer_id']) assert_equal(@customer_without_org.id, result['customer_id'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(@customer_without_org.id, result['created_by_id'])
end end
test '03.03 ticket with wrong ticket id' do test '03.03 ticket with wrong ticket id' do
@ -364,6 +503,8 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id', result['title']) assert_equal('ticket with corret ticket id', result['title'])
assert_equal(ticket.customer_id, result['customer_id']) assert_equal(ticket.customer_id, result['customer_id'])
assert_equal(1, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = { params = {
title: 'ticket with corret ticket id - 2', title: 'ticket with corret ticket id - 2',
@ -376,6 +517,87 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
assert_equal(ticket.id, result['id']) assert_equal(ticket.id, result['id'])
assert_equal('ticket with corret ticket id - 2', result['title']) assert_equal('ticket with corret ticket id - 2', result['title'])
assert_equal(ticket.customer_id, result['customer_id']) assert_equal(ticket.customer_id, result['customer_id'])
assert_equal(@customer_without_org.id, result['updated_by_id'])
assert_equal(1, result['created_by_id'])
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@customer_without_org.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (admin permission required)!', result['error'])
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
type: 'email',
sender: 'Agent',
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(@customer_without_org.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (admin permission required)!', result['error'])
params = {
ticket_id: ticket.id,
subject: 'some subject',
body: 'some body',
type: 'web',
sender: 'Agent',
internal: true,
}
post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal(ticket.id, result['ticket_id'])
assert_equal('some subject', result['subject'])
assert_equal('some body', result['body'])
assert_equal('text/plain', result['content_type'])
assert_equal(false, result['internal'])
assert_equal(@customer_without_org.id, result['created_by_id'])
assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
assert_equal(Ticket::Article::Type.lookup(name: 'web').id, result['type_id'])
params = {
subject: 'new subject',
}
put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not authorized (ticket.agent or admin permission required)!', result['error'])
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials) delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
assert_response(401) assert_response(401)