Improved validation messages of controllers.
This commit is contained in:
parent
14e1b5a404
commit
2820639c42
12 changed files with 405 additions and 50 deletions
|
@ -278,7 +278,7 @@ class ApplicationController < ActionController::Base
|
||||||
permission: auth_param[:permission],
|
permission: auth_param[:permission],
|
||||||
inactive_user: true,
|
inactive_user: true,
|
||||||
)
|
)
|
||||||
raise Exceptions::NotAuthorized, 'No permission (token)!' if !user
|
raise Exceptions::NotAuthorized, 'Not authorized (token)!' if !user
|
||||||
end
|
end
|
||||||
@_token_auth = token # remember for permission_check
|
@_token_auth = token # remember for permission_check
|
||||||
return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
|
return authentication_check_prerequesits(user, 'token_auth', auth_param) if user
|
||||||
|
@ -319,7 +319,7 @@ class ApplicationController < ActionController::Base
|
||||||
|
|
||||||
# check scopes / permission check
|
# check scopes / permission check
|
||||||
if auth_param[:permission] && !user.permissions?(auth_param[:permission])
|
if auth_param[:permission] && !user.permissions?(auth_param[:permission])
|
||||||
raise Exceptions::NotAuthorized, 'No permission (user)!'
|
raise Exceptions::NotAuthorized, 'Not authorized (user)!'
|
||||||
end
|
end
|
||||||
|
|
||||||
current_user_set(user)
|
current_user_set(user)
|
||||||
|
@ -364,11 +364,11 @@ class ApplicationController < ActionController::Base
|
||||||
permission: key,
|
permission: key,
|
||||||
)
|
)
|
||||||
return false if user
|
return false if user
|
||||||
raise Exceptions::NotAuthorized, 'No permission (token)!'
|
raise Exceptions::NotAuthorized, 'Not authorized (token)!'
|
||||||
end
|
end
|
||||||
|
|
||||||
return false if current_user && current_user.permissions?(key)
|
return false if current_user && current_user.permissions?(key)
|
||||||
raise Exceptions::NotAuthorized, 'No permission (user)!'
|
raise Exceptions::NotAuthorized, 'Not authorized (user)!'
|
||||||
end
|
end
|
||||||
|
|
||||||
def valid_session_with_user
|
def valid_session_with_user
|
||||||
|
@ -543,6 +543,14 @@ class ApplicationController < ActionController::Base
|
||||||
if error =~ /(already exists|duplicate key|duplicate entry)/i
|
if error =~ /(already exists|duplicate key|duplicate entry)/i
|
||||||
data[:error_human] = 'Object already exists!'
|
data[:error_human] = 'Object already exists!'
|
||||||
end
|
end
|
||||||
|
if error =~ /null value in column "(.+?)" violates not-null constraint/i
|
||||||
|
data[:error_human] = "Attribute '#{$1}' required!"
|
||||||
|
end
|
||||||
|
|
||||||
|
if Rails.env.production? && !data[:error_human].empty?
|
||||||
|
data[:error] = data[:error_human]
|
||||||
|
data.delete('error_human')
|
||||||
|
end
|
||||||
data
|
data
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -598,7 +606,11 @@ class ApplicationController < ActionController::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def unauthorized(e)
|
def unauthorized(e)
|
||||||
error = model_match_error(e.message)
|
message = e.message
|
||||||
|
if message == 'Exceptions::NotAuthorized'
|
||||||
|
message = 'Not authorized'
|
||||||
|
end
|
||||||
|
error = model_match_error(message)
|
||||||
if error && error[:error]
|
if error && error[:error]
|
||||||
response.headers['X-Failure'] = error[:error_human] || error[:error]
|
response.headers['X-Failure'] = error[:error_human] || error[:error]
|
||||||
end
|
end
|
||||||
|
|
|
@ -74,6 +74,14 @@ class TicketsController < ApplicationController
|
||||||
clean_params = Ticket.param_association_lookup(params)
|
clean_params = Ticket.param_association_lookup(params)
|
||||||
clean_params = Ticket.param_cleanup(clean_params, true)
|
clean_params = Ticket.param_cleanup(clean_params, true)
|
||||||
|
|
||||||
|
# overwrite params
|
||||||
|
if !current_user.permissions?('ticket.agent')
|
||||||
|
[:owner, :owner_id, :customer, :customer_id, :organization, :organization_id, :preferences].each { |key|
|
||||||
|
clean_params.delete(key)
|
||||||
|
}
|
||||||
|
clean_params[:customer_id] = current_user.id
|
||||||
|
end
|
||||||
|
|
||||||
# try to create customer if needed
|
# try to create customer if needed
|
||||||
if clean_params[:customer_id] && clean_params[:customer_id] =~ /^guess:(.+?)$/
|
if clean_params[:customer_id] && clean_params[:customer_id] =~ /^guess:(.+?)$/
|
||||||
email = $1
|
email = $1
|
||||||
|
@ -105,10 +113,7 @@ class TicketsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
# create ticket
|
# create ticket
|
||||||
if !ticket.save
|
ticket.save!
|
||||||
render json: ticket.errors, status: :unprocessable_entity
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
# create tags if given
|
# create tags if given
|
||||||
if params[:tags] && !params[:tags].empty?
|
if params[:tags] && !params[:tags].empty?
|
||||||
|
@ -128,12 +133,6 @@ class TicketsController < ApplicationController
|
||||||
article_create(ticket, params[:article])
|
article_create(ticket, params[:article])
|
||||||
end
|
end
|
||||||
|
|
||||||
if params[:expand]
|
|
||||||
result = ticket.attributes_with_relation_names
|
|
||||||
render json: result, status: :created
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
# create links (e. g. in case of ticket split)
|
# create links (e. g. in case of ticket split)
|
||||||
# links: {
|
# links: {
|
||||||
# Ticket: {
|
# Ticket: {
|
||||||
|
@ -161,6 +160,12 @@ class TicketsController < ApplicationController
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if params[:expand]
|
||||||
|
result = ticket.attributes_with_relation_names
|
||||||
|
render json: result, status: :created
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
render json: ticket, status: :created
|
render json: ticket, status: :created
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -174,22 +179,26 @@ class TicketsController < ApplicationController
|
||||||
clean_params = Ticket.param_association_lookup(params)
|
clean_params = Ticket.param_association_lookup(params)
|
||||||
clean_params = Ticket.param_cleanup(clean_params, true)
|
clean_params = Ticket.param_cleanup(clean_params, true)
|
||||||
|
|
||||||
if ticket.update_attributes(clean_params)
|
# overwrite params
|
||||||
|
if !current_user.permissions?('ticket.agent')
|
||||||
if params[:article]
|
[:owner, :owner_id, :customer, :customer_id, :organization, :organization_id, :preferences].each { |key|
|
||||||
article_create(ticket, params[:article])
|
clean_params.delete(key)
|
||||||
end
|
}
|
||||||
|
|
||||||
if params[:expand]
|
|
||||||
result = ticket.attributes_with_relation_names
|
|
||||||
render json: result, status: :ok
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
render json: ticket, status: :ok
|
|
||||||
else
|
|
||||||
render json: ticket.errors, status: :unprocessable_entity
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
ticket.update_attributes!(clean_params)
|
||||||
|
|
||||||
|
if params[:article]
|
||||||
|
article_create(ticket, params[:article])
|
||||||
|
end
|
||||||
|
|
||||||
|
if params[:expand]
|
||||||
|
result = ticket.attributes_with_relation_names
|
||||||
|
render json: result, status: :ok
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
render json: ticket, status: :ok
|
||||||
end
|
end
|
||||||
|
|
||||||
# DELETE /api/v1/tickets/1
|
# DELETE /api/v1/tickets/1
|
||||||
|
@ -199,7 +208,9 @@ class TicketsController < ApplicationController
|
||||||
ticket = Ticket.find(params[:id])
|
ticket = Ticket.find(params[:id])
|
||||||
ticket_permission(ticket)
|
ticket_permission(ticket)
|
||||||
|
|
||||||
ticket.destroy
|
raise Exceptions::NotAuthorized, 'Not authorized (admin permission required)!' if !current_user.permissions?('admin')
|
||||||
|
|
||||||
|
ticket.destroy!
|
||||||
|
|
||||||
head :ok
|
head :ok
|
||||||
end
|
end
|
||||||
|
@ -612,8 +623,36 @@ class TicketsController < ApplicationController
|
||||||
form_id = params[:form_id]
|
form_id = params[:form_id]
|
||||||
params.delete(:form_id)
|
params.delete(:form_id)
|
||||||
|
|
||||||
|
# check min. params
|
||||||
|
raise 'Need at least article: { body: "some text" }' if !params[:body]
|
||||||
|
|
||||||
|
# fill default values
|
||||||
|
if params[:type_id].empty?
|
||||||
|
params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
|
||||||
|
end
|
||||||
|
if params[:sender_id].empty?
|
||||||
|
sender = 'Customer'
|
||||||
|
if current_user.permissions?('ticket.agent')
|
||||||
|
sender = 'Agent'
|
||||||
|
end
|
||||||
|
params[:sender_id] = Ticket::Article::Sender.lookup(name: sender).id
|
||||||
|
end
|
||||||
|
|
||||||
clean_params = Ticket::Article.param_association_lookup(params)
|
clean_params = Ticket::Article.param_association_lookup(params)
|
||||||
clean_params = Ticket::Article.param_cleanup(clean_params, true)
|
clean_params = Ticket::Article.param_cleanup(clean_params, true)
|
||||||
|
|
||||||
|
# overwrite params
|
||||||
|
if !current_user.permissions?('ticket.agent')
|
||||||
|
clean_params[:sender_id] = Ticket::Article::Sender.lookup(name: 'Customer').id
|
||||||
|
clean_params.delete(:sender)
|
||||||
|
type = Ticket::Article::Type.lookup(id: clean_params[:type_id])
|
||||||
|
if type !~ /^(note|web)$/
|
||||||
|
clean_params[:type_id] = Ticket::Article::Type.lookup(name: 'note').id
|
||||||
|
end
|
||||||
|
clean_params.delete(:type)
|
||||||
|
clean_params[:internal] = false
|
||||||
|
end
|
||||||
|
|
||||||
article = Ticket::Article.new(clean_params)
|
article = Ticket::Article.new(clean_params)
|
||||||
article.ticket_id = ticket.id
|
article.ticket_id = ticket.id
|
||||||
|
|
||||||
|
@ -646,10 +685,7 @@ class TicketsController < ApplicationController
|
||||||
o_id: form_id,
|
o_id: form_id,
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
if !article.save
|
article.save!
|
||||||
render json: article.errors, status: :unprocessable_entity
|
|
||||||
return
|
|
||||||
end
|
|
||||||
|
|
||||||
# remove attachments from upload cache
|
# remove attachments from upload cache
|
||||||
return if !form_id
|
return if !form_id
|
||||||
|
|
|
@ -13,11 +13,13 @@ class Observer::Ticket::Article::CommunicateEmail < ActiveRecord::Observer
|
||||||
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
||||||
|
|
||||||
# if sender is customer, do not communicate
|
# if sender is customer, do not communicate
|
||||||
|
return if !record.sender_id
|
||||||
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
||||||
return 1 if sender.nil?
|
return 1 if sender.nil?
|
||||||
return 1 if sender['name'] == 'Customer'
|
return 1 if sender['name'] == 'Customer'
|
||||||
|
|
||||||
# only apply on emails
|
# only apply on emails
|
||||||
|
return if !record.type_id
|
||||||
type = Ticket::Article::Type.lookup(id: record.type_id)
|
type = Ticket::Article::Type.lookup(id: record.type_id)
|
||||||
return if type['name'] != 'email'
|
return if type['name'] != 'email'
|
||||||
|
|
||||||
|
|
|
@ -15,11 +15,13 @@ class Observer::Ticket::Article::CommunicateFacebook < ActiveRecord::Observer
|
||||||
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
||||||
|
|
||||||
# if sender is customer, do not communicate
|
# if sender is customer, do not communicate
|
||||||
|
return if !record.sender_id
|
||||||
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
||||||
return 1 if sender.nil?
|
return 1 if sender.nil?
|
||||||
return 1 if sender['name'] == 'Customer'
|
return 1 if sender['name'] == 'Customer'
|
||||||
|
|
||||||
# only apply for facebook
|
# only apply for facebook
|
||||||
|
return if !record.type_id
|
||||||
type = Ticket::Article::Type.lookup(id: record.type_id)
|
type = Ticket::Article::Type.lookup(id: record.type_id)
|
||||||
return if type['name'] !~ /\Afacebook/
|
return if type['name'] !~ /\Afacebook/
|
||||||
|
|
||||||
|
|
|
@ -13,11 +13,13 @@ class Observer::Ticket::Article::CommunicateTwitter < ActiveRecord::Observer
|
||||||
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
||||||
|
|
||||||
# if sender is customer, do not communicate
|
# if sender is customer, do not communicate
|
||||||
|
return if !record.sender_id
|
||||||
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
||||||
return if sender.nil?
|
return if sender.nil?
|
||||||
return if sender['name'] == 'Customer'
|
return if sender['name'] == 'Customer'
|
||||||
|
|
||||||
# only apply on tweets
|
# only apply on tweets
|
||||||
|
return if !record.type_id
|
||||||
type = Ticket::Article::Type.lookup(id: record.type_id)
|
type = Ticket::Article::Type.lookup(id: record.type_id)
|
||||||
return if type['name'] !~ /\Atwitter/i
|
return if type['name'] !~ /\Atwitter/i
|
||||||
|
|
||||||
|
|
|
@ -13,11 +13,13 @@ class Observer::Ticket::Article::FillupFromEmail < ActiveRecord::Observer
|
||||||
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
||||||
|
|
||||||
# if sender is customer, do not change anything
|
# if sender is customer, do not change anything
|
||||||
|
return if !record.sender_id
|
||||||
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
||||||
return if sender.nil?
|
return if sender.nil?
|
||||||
return if sender['name'] == 'Customer'
|
return if sender['name'] == 'Customer'
|
||||||
|
|
||||||
# set email attributes
|
# set email attributes
|
||||||
|
return if !record.type_id
|
||||||
type = Ticket::Article::Type.lookup(id: record.type_id)
|
type = Ticket::Article::Type.lookup(id: record.type_id)
|
||||||
return if type['name'] != 'email'
|
return if type['name'] != 'email'
|
||||||
|
|
||||||
|
|
|
@ -13,6 +13,7 @@ class Observer::Ticket::Article::FillupFromGeneral < ActiveRecord::Observer
|
||||||
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
return if ApplicationHandleInfo.current.split('.')[1] == 'postmaster'
|
||||||
|
|
||||||
# if sender is customer, do not change anything
|
# if sender is customer, do not change anything
|
||||||
|
return if !record.sender_id
|
||||||
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
sender = Ticket::Article::Sender.lookup(id: record.sender_id)
|
||||||
return if sender.nil?
|
return if sender.nil?
|
||||||
return if sender['name'] == 'Customer'
|
return if sender['name'] == 'Customer'
|
||||||
|
@ -20,6 +21,7 @@ class Observer::Ticket::Article::FillupFromGeneral < ActiveRecord::Observer
|
||||||
# set from if not given
|
# set from if not given
|
||||||
return if record.from
|
return if record.from
|
||||||
|
|
||||||
|
return if !record.created_by_id
|
||||||
user = User.find(record.created_by_id)
|
user = User.find(record.created_by_id)
|
||||||
record.from = "#{user.firstname} #{user.lastname}"
|
record.from = "#{user.firstname} #{user.lastname}"
|
||||||
end
|
end
|
||||||
|
|
|
@ -22,6 +22,7 @@ class Observer::Ticket::CloseTime < ActiveRecord::Observer
|
||||||
return true if record.close_time
|
return true if record.close_time
|
||||||
|
|
||||||
# check if ticket is closed now
|
# check if ticket is closed now
|
||||||
|
return if !record.state_id
|
||||||
state = Ticket::State.lookup(id: record.state_id)
|
state = Ticket::State.lookup(id: record.state_id)
|
||||||
state_type = Ticket::StateType.lookup(id: state.state_type_id)
|
state_type = Ticket::StateType.lookup(id: state.state_type_id)
|
||||||
return true if state_type.name != 'closed'
|
return true if state_type.name != 'closed'
|
||||||
|
|
|
@ -140,7 +140,7 @@ class ApiAuthControllerTest < ActionDispatch::IntegrationTest
|
||||||
assert_response(401)
|
assert_response(401)
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_equal('No permission (token)!', result['error'])
|
assert_equal('Not authorized (token)!', result['error'])
|
||||||
|
|
||||||
admin_token.preferences[:permission] = []
|
admin_token.preferences[:permission] = []
|
||||||
admin_token.save!
|
admin_token.save!
|
||||||
|
@ -149,7 +149,7 @@ class ApiAuthControllerTest < ActionDispatch::IntegrationTest
|
||||||
assert_response(401)
|
assert_response(401)
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_equal('No permission (token)!', result['error'])
|
assert_equal('Not authorized (token)!', result['error'])
|
||||||
|
|
||||||
@admin.active = false
|
@admin.active = false
|
||||||
@admin.save!
|
@admin.save!
|
||||||
|
@ -182,7 +182,7 @@ class ApiAuthControllerTest < ActionDispatch::IntegrationTest
|
||||||
assert_response(401)
|
assert_response(401)
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_equal('No permission (token)!', result['error'])
|
assert_equal('Not authorized (token)!', result['error'])
|
||||||
|
|
||||||
admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
|
admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
|
||||||
admin_token.save!
|
admin_token.save!
|
||||||
|
|
|
@ -111,7 +111,7 @@ class PackagesControllerTest < ActionDispatch::IntegrationTest
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_not(result['packages'])
|
assert_not(result['packages'])
|
||||||
assert_equal('No permission (user)!', result['error'])
|
assert_equal('Not authorized (user)!', result['error'])
|
||||||
end
|
end
|
||||||
|
|
||||||
test '06 packages index with customer' do
|
test '06 packages index with customer' do
|
||||||
|
@ -125,7 +125,7 @@ class PackagesControllerTest < ActionDispatch::IntegrationTest
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_not(result['packages'])
|
assert_not(result['packages'])
|
||||||
assert_equal('No permission (user)!', result['error'])
|
assert_equal('Not authorized (user)!', result['error'])
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -82,7 +82,7 @@ class SettingsControllerTest < ActionDispatch::IntegrationTest
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_not(result['settings'])
|
assert_not(result['settings'])
|
||||||
assert_equal('No permission (user)!', result['error'])
|
assert_equal('Not authorized (user)!', result['error'])
|
||||||
end
|
end
|
||||||
|
|
||||||
test 'settings index with customer' do
|
test 'settings index with customer' do
|
||||||
|
@ -95,7 +95,7 @@ class SettingsControllerTest < ActionDispatch::IntegrationTest
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_not(result['settings'])
|
assert_not(result['settings'])
|
||||||
assert_equal('No permission (user)!', result['error'])
|
assert_equal('Not authorized (user)!', result['error'])
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -50,10 +50,83 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
test '01 ticket create with agent' do
|
test '01.01 ticket create with agent - missing group' do
|
||||||
|
|
||||||
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #1',
|
||||||
|
article: {
|
||||||
|
content_type: 'text/plain', # or text/html
|
||||||
|
body: 'some body',
|
||||||
|
sender: 'Customer',
|
||||||
|
type: 'note',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(500)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Attribute \'group_id\' required!', result['error_human'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.02 ticket create with agent - wrong group' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #2',
|
||||||
|
group: 'not_existing',
|
||||||
|
article: {
|
||||||
|
content_type: 'text/plain', # or text/html
|
||||||
|
body: 'some body',
|
||||||
|
sender: 'Customer',
|
||||||
|
type: 'note',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(500)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('No lookup value found for \'group\': "not_existing"', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.03 ticket create with agent - missing article.body' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #3',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(500)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Need at least article: { body: "some text" }', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '01.03 ticket create with agent - minimal article' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #3',
|
||||||
|
group: 'Users',
|
||||||
|
priority: '2 normal',
|
||||||
|
state: 'new',
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
article: {
|
||||||
|
body: 'some test 123',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(201)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
|
assert_equal('a new ticket #3', result['title'])
|
||||||
|
assert_equal(@customer_without_org.id, result['customer_id'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '02.02 ticket create with agent' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
params = {
|
params = {
|
||||||
title: 'a new ticket #1',
|
title: 'a new ticket #1',
|
||||||
state: 'new',
|
state: 'new',
|
||||||
|
@ -63,8 +136,6 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
|
||||||
article: {
|
article: {
|
||||||
content_type: 'text/plain', # or text/html
|
content_type: 'text/plain', # or text/html
|
||||||
body: 'some body',
|
body: 'some body',
|
||||||
sender: 'Customer',
|
|
||||||
type: 'note',
|
|
||||||
},
|
},
|
||||||
links: {
|
links: {
|
||||||
Ticket: {
|
Ticket: {
|
||||||
|
@ -72,20 +143,245 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
|
||||||
assert_response(201)
|
assert_response(201)
|
||||||
result = JSON.parse(@response.body)
|
result = JSON.parse(@response.body)
|
||||||
assert_equal(Hash, result.class)
|
assert_equal(Hash, result.class)
|
||||||
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
assert_equal('a new ticket #1', result['title'])
|
assert_equal('a new ticket #1', result['title'])
|
||||||
|
|
||||||
links = Link.list(
|
links = Link.list(
|
||||||
link_object: 'Ticket',
|
link_object: 'Ticket',
|
||||||
link_object_value: result['id'],
|
link_object_value: result['id'],
|
||||||
)
|
)
|
||||||
p links.inspect
|
assert_equal('child', links[0]['link_type'])
|
||||||
|
assert_equal('Ticket', links[0]['link_object'])
|
||||||
|
assert_equal(1, links[0]['link_object_value'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '02.03 ticket with wrong ticket id' do
|
||||||
|
group = Group.create_or_update(
|
||||||
|
name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
|
||||||
|
active: true,
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
ticket = Ticket.create!(
|
||||||
|
title: 'ticket with wrong ticket id',
|
||||||
|
group_id: group.id,
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
state: Ticket::State.lookup(name: 'new'),
|
||||||
|
priority: Ticket::Priority.lookup(name: '2 normal'),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
|
||||||
|
params = {
|
||||||
|
title: 'ticket with wrong ticket id - 2',
|
||||||
|
}
|
||||||
|
put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
|
||||||
|
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '02.04 ticket with correct ticket id' do
|
||||||
|
ticket = Ticket.create!(
|
||||||
|
title: 'ticket with corret ticket id',
|
||||||
|
group: Group.lookup(name: 'Users'),
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
state: Ticket::State.lookup(name: 'new'),
|
||||||
|
priority: Ticket::Priority.lookup(name: '2 normal'),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
|
||||||
|
get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id', result['title'])
|
||||||
|
assert_equal(ticket.customer_id, result['customer_id'])
|
||||||
|
|
||||||
|
params = {
|
||||||
|
title: 'ticket with corret ticket id - 2',
|
||||||
|
customer_id: @agent.id,
|
||||||
|
}
|
||||||
|
put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id - 2', result['title'])
|
||||||
|
assert_equal(@agent.id, result['customer_id'])
|
||||||
|
|
||||||
|
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized (admin permission required)!', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '02.05 ticket with correct ticket id' do
|
||||||
|
ticket = Ticket.create!(
|
||||||
|
title: 'ticket with corret ticket id',
|
||||||
|
group: Group.lookup(name: 'Users'),
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
state: Ticket::State.lookup(name: 'new'),
|
||||||
|
priority: Ticket::Priority.lookup(name: '2 normal'),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
|
||||||
|
get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id', result['title'])
|
||||||
|
assert_equal(ticket.customer_id, result['customer_id'])
|
||||||
|
|
||||||
|
params = {
|
||||||
|
title: 'ticket with corret ticket id - 2',
|
||||||
|
customer_id: @agent.id,
|
||||||
|
}
|
||||||
|
put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id - 2', result['title'])
|
||||||
|
assert_equal(@agent.id, result['customer_id'])
|
||||||
|
|
||||||
|
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
end
|
||||||
|
|
||||||
|
test '03.01 ticket create with customer minimal' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #c1',
|
||||||
|
state: 'new',
|
||||||
|
priority: '2 normal',
|
||||||
|
group: 'Users',
|
||||||
|
article: {
|
||||||
|
body: 'some body',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(201)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
|
assert_equal('a new ticket #c1', result['title'])
|
||||||
|
assert_equal(@customer_without_org.id, result['customer_id'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '03.02 ticket create with customer with wrong customer' do
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
|
||||||
|
params = {
|
||||||
|
title: 'a new ticket #c2',
|
||||||
|
state: 'new',
|
||||||
|
priority: '2 normal',
|
||||||
|
group: 'Users',
|
||||||
|
customer_id: @agent.id,
|
||||||
|
article: {
|
||||||
|
content_type: 'text/plain', # or text/html
|
||||||
|
body: 'some body',
|
||||||
|
sender: 'System',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(201)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
|
||||||
|
assert_equal('a new ticket #c2', result['title'])
|
||||||
|
assert_equal(@customer_without_org.id, result['customer_id'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '03.03 ticket with wrong ticket id' do
|
||||||
|
ticket = Ticket.create!(
|
||||||
|
title: 'ticket with wrong ticket id',
|
||||||
|
group: Group.lookup(name: 'Users'),
|
||||||
|
customer_id: @agent.id,
|
||||||
|
state: Ticket::State.lookup(name: 'new'),
|
||||||
|
priority: Ticket::Priority.lookup(name: '2 normal'),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
|
||||||
|
get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
|
||||||
|
params = {
|
||||||
|
title: 'ticket with wrong ticket id - 2',
|
||||||
|
}
|
||||||
|
put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
|
||||||
|
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized', result['error'])
|
||||||
|
end
|
||||||
|
|
||||||
|
test '03.04 ticket with correct ticket id' do
|
||||||
|
ticket = Ticket.create!(
|
||||||
|
title: 'ticket with corret ticket id',
|
||||||
|
group: Group.lookup(name: 'Users'),
|
||||||
|
customer_id: @customer_without_org.id,
|
||||||
|
state: Ticket::State.lookup(name: 'new'),
|
||||||
|
priority: Ticket::Priority.lookup(name: '2 normal'),
|
||||||
|
updated_by_id: 1,
|
||||||
|
created_by_id: 1,
|
||||||
|
)
|
||||||
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
|
||||||
|
get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id', result['title'])
|
||||||
|
assert_equal(ticket.customer_id, result['customer_id'])
|
||||||
|
|
||||||
|
params = {
|
||||||
|
title: 'ticket with corret ticket id - 2',
|
||||||
|
customer_id: @agent.id,
|
||||||
|
}
|
||||||
|
put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(200)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal(ticket.id, result['id'])
|
||||||
|
assert_equal('ticket with corret ticket id - 2', result['title'])
|
||||||
|
assert_equal(ticket.customer_id, result['customer_id'])
|
||||||
|
|
||||||
|
delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
||||||
|
assert_response(401)
|
||||||
|
result = JSON.parse(@response.body)
|
||||||
|
assert_equal(Hash, result.class)
|
||||||
|
assert_equal('Not authorized (admin permission required)!', result['error'])
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue