Refactored all controller mini tests and migrated them to rspec request specs

.gitlab-ci.yml

@@ -78,7 +78,6 @@ test:unit:mysql:
     - rake db:migrate
     - rake db:seed
     - rake test:units
-    - rake test:controllers
     - ruby -I test/ test/integration/object_manager_test.rb
     - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
     - ruby -I test/ test/integration/package_test.rb
@@ -96,7 +95,6 @@ test:unit:postgresql:
     - rake db:migrate
     - rake db:seed
     - rake test:units
-    - rake test:controllers
     - ruby -I test/ test/integration/object_manager_test.rb
     - ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
     - ruby -I test/ test/integration/package_test.rb
@@ -242,11 +240,8 @@ test:integration:es_mysql:
     - rake db:migrate
     - ruby -I test/ test/integration/elasticsearch_active_test.rb
     - ruby -I test/ test/integration/elasticsearch_test.rb
-    - ruby -I test/ test/controllers/search_controller_test.rb
     - ruby -I test/ test/integration/report_test.rb
-    - ruby -I test/ test/controllers/form_controller_test.rb
-    - ruby -I test/ test/controllers/users_controller_test.rb
-    - ruby -I test/ test/controllers/organizations_controller_test.rb
+    - bundle exec rspec --tag searchindex
     - rake db:drop
 
 test:integration:es_postgresql:
@@ -262,11 +257,8 @@ test:integration:es_postgresql:
     - rake db:migrate
     - ruby -I test/ test/integration/elasticsearch_active_test.rb
     - ruby -I test/ test/integration/elasticsearch_test.rb
-    - ruby -I test/ test/controllers/search_controller_test.rb
     - ruby -I test/ test/integration/report_test.rb
-    - ruby -I test/ test/controllers/form_controller_test.rb
-    - ruby -I test/ test/controllers/users_controller_test.rb
-    - ruby -I test/ test/controllers/organizations_controller_test.rb
+    - bundle exec rspec --tag searchindex
     - rake db:drop
 
 test:integration:zendesk_mysql:

spec/factories/email_address.rb

@@ -1,7 +1,7 @@
 FactoryBot.define do
   factory :email_address do
-    email         'zammad@localhost'
-    realname      'zammad'
+    sequence(:email) { |n| "zammad#{n}@localhost.com" }
+    sequence(:realname) { |n| "zammad#{n}" }
     channel_id    1
     created_by_id 1
     updated_by_id 1

spec/factories/ticket/time_accounting.rb

@@ -0,0 +1,10 @@
+FactoryBot.define do
+  factory :ticket_time_accounting, class: Ticket::TimeAccounting do
+    ticket_id { FactoryBot.create(:ticket).id }
+    ticket_article_id { FactoryBot.create(:ticket_article).id }
+    time_unit 200
+    created_by_id 1
+    created_at Time.zone.now
+    updated_at Time.zone.now
+  end
+end

spec/requests/api_auth_on_behalf_of_spec.rb

@@ -0,0 +1,164 @@
+require 'rails_helper'
+
+RSpec.describe 'Api Auth On Behalf Of', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user, groups: Group.all)
+  end
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do
+      params = {
+        title: 'a new ticket #3',
+        group: 'Users',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(admin_user, on_behalf_of: customer_user.id)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(customer_user.id).to eq(json_response['created_by_id'])
+    end
+
+    it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do
+      ActivityStream.cleanup(1.year)
+
+      params = {
+        title: 'a new ticket #3',
+        group: 'Users',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(admin_user, on_behalf_of: customer_user.login)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+      json_response_ticket = json_response
+      expect(json_response_ticket).to be_a_kind_of(Hash)
+      expect(customer_user.id).to eq(json_response_ticket['created_by_id'])
+
+      authenticated_as(admin_user)
+      get '/api/v1/activity_stream?full=true', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      json_response_activity = json_response
+      expect(json_response_activity).to be_a_kind_of(Hash)
+
+      ticket_created = nil
+      json_response_activity['record_ids'].each do |record_id|
+        activity_stream = ActivityStream.find(record_id)
+        next if activity_stream.object.name != 'Ticket'
+        next if activity_stream.o_id != json_response_ticket['id'].to_i
+        ticket_created = activity_stream
+      end
+
+      expect(ticket_created).to be_truthy
+      expect(customer_user.id).to eq(ticket_created.created_by_id)
+
+      get '/api/v1/activity_stream', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      json_response_activity = json_response
+      expect(json_response_activity).to be_a_kind_of(Array)
+
+      ticket_created = nil
+      json_response_activity.each do |record|
+        activity_stream = ActivityStream.find(record['id'])
+        next if activity_stream.object.name != 'Ticket'
+        next if activity_stream.o_id != json_response_ticket['id']
+        ticket_created = activity_stream
+      end
+
+      expect(ticket_created).to be_truthy
+      expect(customer_user.id).to eq(ticket_created.created_by_id)
+    end
+
+    it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do
+      params = {
+        title: 'a new ticket #3',
+        group: 'Users',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(admin_user, on_behalf_of: customer_user.email)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(customer_user.id).to eq(json_response['created_by_id'])
+    end
+
+    it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do
+      params = {
+        title: 'a new ticket #3',
+        group: 'Users',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(admin_user, on_behalf_of: 99_449_494_949)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq("No such user '99449494949'")
+    end
+
+    it 'does X-On-Behalf-Of auth - ticket create customer for admin' do
+      params = {
+        title: 'a new ticket #3',
+        group: 'Users',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(customer_user, on_behalf_of: admin_user.email)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!")
+    end
+
+    it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
+      params = {
+        title: 'a new ticket #3',
+        group: 'secret1234',
+        priority: '2 normal',
+        state: 'new',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some test 123',
+        },
+      }
+      authenticated_as(admin_user, on_behalf_of: customer_user.email)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(422)
+      expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"')
+    end
+  end
+end

spec/requests/api_auth_spec.rb

@@ -0,0 +1,383 @@
+require 'rails_helper'
+
+RSpec.describe 'Api Auth', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does basic auth - admin' do
+
+      Setting.set('api_password_access', false)
+      authenticated_as(admin_user)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API password access disabled!')
+
+      Setting.set('api_password_access', true)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+    end
+
+    it 'does basic auth - agent' do
+
+      Setting.set('api_password_access', false)
+      authenticated_as(agent_user)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API password access disabled!')
+
+      Setting.set('api_password_access', true)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+    end
+
+    it 'does basic auth - customer' do
+
+      Setting.set('api_password_access', false)
+      authenticated_as(customer_user)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API password access disabled!')
+
+      Setting.set('api_password_access', true)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+    end
+
+    it 'does token auth - admin' do
+
+      admin_token = create(
+        :token,
+        action:      'api',
+        persistent:  true,
+        user_id:     admin_user.id,
+        preferences: {
+          permission: ['admin.session'],
+        },
+      )
+
+      authenticated_as(admin_user, token: admin_token)
+
+      Setting.set('api_token_access', false)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API token access disabled!')
+
+      Setting.set('api_token_access', true)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+
+      admin_token.preferences[:permission] = ['admin.session_not_existing']
+      admin_token.save!
+
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized (token)!')
+
+      admin_token.preferences[:permission] = []
+      admin_token.save!
+
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized (token)!')
+
+      admin_user.active = false
+      admin_user.save!
+
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('User is inactive!')
+
+      admin_token.preferences[:permission] = ['admin.session']
+      admin_token.save!
+
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('User is inactive!')
+
+      admin_user.active = true
+      admin_user.save!
+
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+
+      get '/api/v1/roles', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized (token)!')
+
+      admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
+      admin_token.save!
+
+      get '/api/v1/roles', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      admin_token.preferences[:permission] = ['ticket.agent']
+      admin_token.save!
+
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)}"
+      post '/api/v1/organizations', params: { name: name }, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)} - 2"
+      put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+      admin_token.preferences[:permission] = ['admin.organization']
+      admin_token.save!
+
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)}"
+      post '/api/v1/organizations', params: { name: name }, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)} - 2"
+      put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+      admin_token.preferences[:permission] = ['admin']
+      admin_token.save!
+
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)}"
+      post '/api/v1/organizations', params: { name: name }, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)} - 2"
+      put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq(name)
+      expect(json_response).to be_truthy
+
+    end
+
+    it 'does token auth - agent' do
+
+      agent_token = create(
+        :token,
+        action:     'api',
+        persistent: true,
+        user_id:    agent_user.id,
+      )
+
+      authenticated_as(agent_user, token: agent_token)
+
+      Setting.set('api_token_access', false)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API token access disabled!')
+
+      Setting.set('api_token_access', true)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)}"
+      post '/api/v1/organizations', params: { name: name }, as: :json
+      expect(response).to have_http_status(401)
+
+    end
+
+    it 'does token auth - customer' do
+
+      customer_token = create(
+        :token,
+        action:     'api',
+        persistent: true,
+        user_id:    customer_user.id,
+      )
+
+      authenticated_as(customer_user, token: customer_token)
+
+      Setting.set('api_token_access', false)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API token access disabled!')
+
+      Setting.set('api_token_access', true)
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      name = "some org name #{rand(999_999_999)}"
+      post '/api/v1/organizations', params: { name: name }, as: :json
+      expect(response).to have_http_status(401)
+    end
+
+    it 'does token auth - invalid user - admin' do
+
+      admin_token = create(
+        :token,
+        action:     'api',
+        persistent: true,
+        user_id:    admin_user.id,
+      )
+
+      authenticated_as(admin_user, token: admin_token)
+
+      admin_user.active = false
+      admin_user.save!
+
+      Setting.set('api_token_access', false)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('API token access disabled!')
+
+      Setting.set('api_token_access', true)
+      get '/api/v1/sessions', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('User is inactive!')
+    end
+
+    it 'does token auth - expired' do
+
+      Setting.set('api_token_access', true)
+
+      admin_token = create(
+        :token,
+        action:     'api',
+        persistent: true,
+        user_id:    admin_user.id,
+        expires_at: Time.zone.today
+      )
+
+      authenticated_as(admin_user, token: admin_token)
+
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized (token expired)!')
+
+      admin_token.reload
+      expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
+    end
+
+    it 'does token auth - not expired' do
+
+      Setting.set('api_token_access', true)
+
+      admin_token = create(
+        :token,
+        action:     'api',
+        persistent: true,
+        user_id:    admin_user.id,
+        expires_at: Time.zone.tomorrow
+      )
+
+      authenticated_as(admin_user, token: admin_token)
+
+      get '/api/v1/tickets', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+
+      admin_token.reload
+      expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
+    end
+
+    it 'does session auth - admin' do
+      create(:admin_user, login: 'api-admin@example.com', password: 'adminpw')
+
+      post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(response).to have_http_status(201)
+
+      get '/api/v1/sessions', params: {}
+      expect(response).to have_http_status(200)
+      expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+    end
+  end
+end

spec/requests/basic_spec.rb

@@ -0,0 +1,112 @@
+require 'rails_helper'
+
+RSpec.describe 'Basics', type: :request do
+
+  describe 'request handling' do
+
+    it 'does json requests' do
+
+      # 404
+      get '/not_existing_url', as: :json
+      expect(response).to have_http_status(404)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('No route matches [GET] /not_existing_url')
+
+      # 401
+      get '/api/v1/organizations', as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+
+      # 422
+      get '/tests/unprocessable_entity', as: :json
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('some error message')
+
+      # 401
+      get '/tests/not_authorized', as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('some error message')
+
+      # 401
+      get '/tests/ar_not_found', as: :json
+      expect(response).to have_http_status(404)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('some error message')
+
+      # 500
+      get '/tests/standard_error', as: :json
+      expect(response).to have_http_status(500)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('some error message')
+
+      # 422
+      get '/tests/argument_error', as: :json
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('some error message')
+    end
+
+    it 'does html requests' do
+
+      # 404
+      get '/not_existing_url'
+      expect(response).to have_http_status(404)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>404: Not Found</title>})
+      expect(response.body).to match(%r{<h1>404: Requested Ressource was not found.</h1>})
+      expect(response.body).to match(%r{No route matches \[GET\] /not_existing_url})
+
+      # 401
+      get '/api/v1/organizations'
+      expect(response).to have_http_status(401)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>401: Unauthorized</title>})
+      expect(response.body).to match(%r{<h1>401: Unauthorized</h1>})
+      expect(response.body).to match(/authentication failed/)
+
+      # 422
+      get '/tests/unprocessable_entity'
+      expect(response).to have_http_status(422)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>422: Unprocessable Entity</title>})
+      expect(response.body).to match(%r{<h1>422: The change you wanted was rejected.</h1>})
+      expect(response.body).to match(/some error message/)
+
+      # 401
+      get '/tests/not_authorized'
+      expect(response).to have_http_status(401)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>401: Unauthorized</title>})
+      expect(response.body).to match(%r{<h1>401: Unauthorized</h1>})
+      expect(response.body).to match(/some error message/)
+
+      # 401
+      get '/tests/ar_not_found'
+      expect(response).to have_http_status(404)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>404: Not Found</title>})
+      expect(response.body).to match(%r{<h1>404: Requested Ressource was not found.</h1>})
+      expect(response.body).to match(/some error message/)
+
+      # 500
+      get '/tests/standard_error'
+      expect(response).to have_http_status(500)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>500: Something went wrong</title>})
+      expect(response.body).to match(%r{<h1>500: We're sorry, but something went wrong.</h1>})
+      expect(response.body).to match(/some error message/)
+
+      # 422
+      get '/tests/argument_error'
+      expect(response).to have_http_status(422)
+      expect(response.body).to match(/<html/)
+      expect(response.body).to match(%r{<title>422: Unprocessable Entity</title>})
+      expect(response.body).to match(%r{<h1>422: The change you wanted was rejected.</h1>})
+      expect(response.body).to match(/some error message/)
+    end
+  end
+
+end

spec/requests/calendar_spec.rb

@@ -0,0 +1,63 @@
+require 'rails_helper'
+
+RSpec.describe 'Calendars', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does calendar index with nobody' do
+      get '/api/v1/calendars', as: :json
+      expect(response).to have_http_status(401)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+
+      get '/api/v1/calendars_init', as: :json
+      expect(response).to have_http_status(401)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does calendar index with admin' do
+      authenticated_as(admin_user)
+      get '/api/v1/calendars', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      expect(json_response.count).to eq(1)
+
+      get '/api/v1/calendars?expand=true', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      expect(json_response.count).to eq(1)
+
+      get '/api/v1/calendars?full=true', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['record_ids']).to be_truthy
+      expect(json_response['record_ids'].count).to eq(1)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']).to be_present
+
+      # index
+      get '/api/v1/calendars_init', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['record_ids']).to be_truthy
+      expect(json_response['ical_feeds']).to be_truthy
+      expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Denmark')
+      expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Austria')
+      expect(json_response['timezones']).to be_truthy
+      expect(json_response['timezones']['Africa/Johannesburg']).to eq(2)
+      expect(json_response['timezones']['America/Sitka']).to eq(-8)
+      expect(json_response['assets']).to be_truthy
+    end
+  end
+
+end

spec/requests/form_spec.rb

@@ -0,0 +1,221 @@
+require 'rails_helper'
+
+RSpec.describe 'Form', type: :request, searchindex: true do
+
+  before(:each) do
+    rebuild_searchindex
+  end
+
+  describe 'request handling' do
+
+    it 'does get config call' do
+      post '/api/v1/form_config', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+    end
+
+    it 'does get config call' do
+      Setting.set('form_ticket_create', true)
+      post '/api/v1/form_config', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+
+    end
+
+    it 'does get config call & do submit' do
+      Setting.set('form_ticket_create', true)
+      fingerprint = SecureRandom.hex(40)
+      post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['enabled']).to eq(true)
+      expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+      expect(json_response['token']).to be_truthy
+      token = json_response['token']
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_truthy
+      expect(json_response['errors']['name']).to eq('required')
+      expect(json_response['errors']['email']).to eq('required')
+      expect(json_response['errors']['title']).to eq('required')
+      expect(json_response['errors']['body']).to eq('required')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_truthy
+      expect(json_response['errors']['name']).to eq('required')
+      expect(json_response['errors']['email']).to eq('invalid')
+      expect(json_response['errors']['title']).to eq('required')
+      expect(json_response['errors']['body']).to eq('required')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_falsey
+      expect(json_response['ticket']).to be_truthy
+      expect(json_response['ticket']['id']).to be_truthy
+      expect(json_response['ticket']['number']).to be_truthy
+
+      travel 5.hours
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_falsey
+      expect(json_response['ticket']).to be_truthy
+      expect(json_response['ticket']['id']).to be_truthy
+      expect(json_response['ticket']['number']).to be_truthy
+
+      travel 20.hours
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+      expect(response).to have_http_status(401)
+
+    end
+
+    it 'does get config call & do submit' do
+      Setting.set('form_ticket_create', true)
+      fingerprint = SecureRandom.hex(40)
+      post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['enabled']).to eq(true)
+      expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+      expect(json_response['token']).to be_truthy
+      token = json_response['token']
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_truthy
+      expect(json_response['errors']['name']).to eq('required')
+      expect(json_response['errors']['email']).to eq('required')
+      expect(json_response['errors']['title']).to eq('required')
+      expect(json_response['errors']['body']).to eq('required')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_truthy
+      expect(json_response['errors']['name']).to eq('required')
+      expect(json_response['errors']['email']).to eq('invalid')
+      expect(json_response['errors']['title']).to eq('required')
+      expect(json_response['errors']['body']).to eq('required')
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['errors']).to be_truthy
+      expect(json_response['errors']['email']).to eq('invalid')
+
+    end
+
+    it 'does limits' do
+      skip('No ES configured') if !SearchIndexBackend.enabled?
+
+      Setting.set('form_ticket_create', true)
+      fingerprint = SecureRandom.hex(40)
+      post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['enabled']).to eq(true)
+      expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+      expect(json_response['token']).to be_truthy
+      token = json_response['token']
+
+      (1..20).each do |count|
+        travel 10.seconds
+        post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }, as: :json
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_a_kind_of(Hash)
+
+        expect(json_response['errors']).to be_falsey
+        expect(json_response['errors']).to be_falsey
+        expect(json_response['ticket']).to be_truthy
+        expect(json_response['ticket']['id']).to be_truthy
+        expect(json_response['ticket']['number']).to be_truthy
+        Scheduler.worker(true)
+        sleep 1 # wait until elasticsearch is index
+      end
+
+      sleep 10 # wait until elasticsearch is index
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to be_truthy
+
+      @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
+
+      (1..20).each do |count|
+        travel 10.seconds
+        post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json
+        expect(response).to have_http_status(200)
+        expect(json_response).to be_a_kind_of(Hash)
+
+        expect(json_response['errors']).to be_falsey
+        expect(json_response['ticket']).to be_truthy
+        expect(json_response['ticket']['id']).to be_truthy
+        expect(json_response['ticket']['number']).to be_truthy
+        Scheduler.worker(true)
+        sleep 1 # wait until elasticsearch is index
+      end
+
+      sleep 10 # wait until elasticsearch is index
+
+      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to be_truthy
+    end
+
+    it 'does customer_ticket_create false disables form' do
+      Setting.set('form_ticket_create', false)
+      Setting.set('customer_ticket_create', true)
+
+      fingerprint = SecureRandom.hex(40)
+
+      post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+      token = json_response['token']
+      params = {
+        fingerprint: fingerprint,
+        token: token,
+        name: 'Bob Smith',
+        email: 'discard@znuny.com',
+        title: 'test',
+        body: 'hello'
+      }
+
+      post '/api/v1/form_submit', params: params, as: :json
+
+      expect(response).to have_http_status(401)
+    end
+  end
+end

spec/requests/integration/check_mk_spec.rb

@@ -0,0 +1,237 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration Check MK', type: :request do
+
+  before(:each) do
+    token = SecureRandom.urlsafe_base64(16)
+    Setting.set('check_mk_token', token)
+    Setting.set('check_mk_integration', true)
+  end
+
+  describe 'request handling' do
+    it 'does fail without a token' do
+      post '/api/v1/integration/check_mk/', params: {}
+      expect(response).to have_http_status(404)
+    end
+
+    it 'does fail with invalid token and feature enabled' do
+      post '/api/v1/integration/check_mk/invalid_token', params: {}
+      expect(response).to have_http_status(422)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Invalid token!')
+    end
+
+    it 'does create and close a ticket' do
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_id']).to be_truthy
+      expect(json_response['ticket_number']).to be_truthy
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(1)
+
+      params = {
+        event_id: '123',
+        state: 'up',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).not_to be_empty
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('closed')
+      expect(ticket.articles.count).to eq(2)
+    end
+
+    it 'does double create and auto close' do
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_id']).to be_truthy
+      expect(json_response['ticket_number']).to be_truthy
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(1)
+
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to eq('ticket already open, added note')
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(2)
+
+      params = {
+        event_id: '123',
+        state: 'up',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('closed')
+      expect(ticket.articles.count).to eq(3)
+    end
+
+    it 'does ticket close which get ignored' do
+      params = {
+        event_id: '123',
+        state: 'up',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to eq('no open tickets found, ignore action')
+    end
+
+    it 'does double create and no auto close' do
+      Setting.set('check_mk_auto_close', false)
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_id']).to be_truthy
+      expect(json_response['ticket_number']).to be_truthy
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(1)
+
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to eq('ticket already open, added note')
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(2)
+
+      params = {
+        event_id: '123',
+        state: 'up',
+        host: 'some host',
+        service: 'some service',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to eq('ticket already open, added note')
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(3)
+    end
+
+    it 'does double create and auto close - host only' do
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_id']).to be_truthy
+      expect(json_response['ticket_number']).to be_truthy
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(1)
+
+      params = {
+        event_id: '123',
+        state: 'down',
+        host: 'some host',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to eq('ticket already open, added note')
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('new')
+      expect(ticket.articles.count).to eq(2)
+
+      params = {
+        event_id: '123',
+        state: 'up',
+        host: 'some host',
+      }
+      post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result']).to be_truthy
+      expect(json_response['ticket_ids']).to include(ticket.id)
+
+      ticket.reload
+      expect(ticket.state.name).to eq('closed')
+      expect(ticket.articles.count).to eq(3)
+    end
+  end
+
+end

spec/requests/integration/cti_spec.rb

@@ -0,0 +1,477 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration CTI', type: :request do
+
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let!(:customer_user1) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer1@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer1',
+      phone: '+49 99999 222222',
+      fax: '+49 99999 222223',
+      mobile: '+4912347114711',
+      note: 'Phone at home: +49 99999 222224',
+    )
+  end
+  let!(:customer_user2) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer2@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer2',
+      phone: '+49 99999 222222 2',
+    )
+  end
+  let!(:customer_user3) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer3@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer3',
+      phone: '+49 99999 222222 2',
+    )
+  end
+
+  before(:each) do
+    Cti::Log.destroy_all
+
+    Setting.set('cti_integration', true)
+    Setting.set('cti_config', {
+                  outbound: {
+                    routing_table: [
+                      {
+                        dest: '41*',
+                        caller_id: '41715880339000',
+                      },
+                      {
+                        dest: '491714000000',
+                        caller_id: '41715880339000',
+                      },
+                    ],
+                    default_caller_id: '4930777000000',
+                  },
+                  inbound: {
+                    block_caller_ids: [
+                      {
+                        caller_id: '491715000000',
+                        note: 'some note',
+                      }
+                    ],
+                    notify_user_ids: {
+                      2 => true,
+                      4 => false,
+                    },
+                  }
+                })
+
+    Cti::CallerId.rebuild
+  end
+
+  describe 'request handling' do
+
+    it 'does token check' do
+      params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+      post '/api/v1/cti/not_existing_token', params: params
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Invalid token, please contact your admin!')
+    end
+
+    it 'does basic call' do
+      token = Setting.get('cti_token')
+
+      # inbound - I
+      params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_blank
+
+      # inbound - II - block caller
+      params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['action']).to eq('reject')
+      expect(json_response['reason']).to eq('busy')
+
+      # outbound - I - set default_caller_id
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['action']).to eq('dial')
+      expect(json_response['number']).to eq('4912347114711')
+      expect(json_response['caller_id']).to eq('4930777000000')
+
+      # outbound - II - set caller_id based on routing_table by explicite number
+      params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['action']).to eq('dial')
+      expect(json_response['number']).to eq('491714000000')
+      expect(json_response['caller_id']).to eq('41715880339000')
+
+      # outbound - III - set caller_id based on routing_table by 41*
+      params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['action']).to eq('dial')
+      expect(json_response['number']).to eq('4147110000000')
+      expect(json_response['caller_id']).to eq('41715880339000')
+
+      # no config
+      Setting.set('cti_config', {})
+      params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Feature not configured, please contact your admin!')
+
+    end
+
+    it 'does log call' do
+      token = Setting.get('cti_token')
+
+      # outbound - I - new call
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-1')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # outbound - I - hangup by agent
+      params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-1')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('cancel')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_truthy
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_nil
+
+      # outbound - II - new call
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # outbound - II - answer by customer
+      params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_nil
+
+      # outbound - II - hangup by customer
+      params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_truthy
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_truthy
+
+      # inbound - I - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - I - answer by customer
+      params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - I - hangup by customer
+      params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_truthy
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_truthy
+
+      # inbound - II - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - II - answer by voicemail
+      params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('voicemail')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - II - hangup by customer
+      params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('voicemail')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_truthy
+      expect(log.end_at).to be_truthy
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_truthy
+
+      # inbound - III - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-5')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - III - hangup by customer
+      params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-5')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_truthy
+      expect(log.duration_waiting_time).to be_truthy
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - IV - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-6')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('49999992222222')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
+      expect(log.preferences['to']).to be_falsey
+      expect(log.preferences['from']).to be_truthy
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # inbound - IV - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
+      post "/api/v1/cti/#{token}", params: params
+      expect(response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-7')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('anonymous')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to be_nil
+      expect(log.preferences['to']).to be_falsey
+      expect(log.preferences['from']).to be_falsey
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+      expect(log.initialized_at).to be_truthy
+      expect(log.start_at).to be_nil
+      expect(log.end_at).to be_nil
+      expect(log.duration_waiting_time).to be_nil
+      expect(log.duration_talking_time).to be_nil
+
+      # get caller list
+      get '/api/v1/cti/log'
+      expect(response).to have_http_status(401)
+
+      authenticated_as(agent_user)
+      get '/api/v1/cti/log', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['list']).to be_a_kind_of(Array)
+      expect(json_response['list'].count).to eq(7)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['User']).to be_truthy
+      expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
+      expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
+      expect(json_response['list'][0]['call_id']).to eq('1234567890-7')
+      expect(json_response['list'][1]['call_id']).to eq('1234567890-6')
+      expect(json_response['list'][2]['call_id']).to eq('1234567890-5')
+      expect(json_response['list'][3]['call_id']).to eq('1234567890-4')
+      expect(json_response['list'][4]['call_id']).to eq('1234567890-3')
+      expect(json_response['list'][5]['call_id']).to eq('1234567890-2')
+      expect(json_response['list'][5]['state']).to eq('hangup')
+      expect(json_response['list'][5]['from']).to eq('4930777000000')
+      expect(json_response['list'][5]['from_comment']).to eq('user 1')
+      expect(json_response['list'][5]['to']).to eq('4912347114711')
+      expect(json_response['list'][5]['to_comment']).to eq('CallerId Customer1')
+      expect(json_response['list'][5]['comment']).to eq('normalClearing')
+      expect(json_response['list'][5]['state']).to eq('hangup')
+      expect(json_response['list'][6]['call_id']).to eq('1234567890-1')
+    end
+  end
+end

spec/requests/integration/sipgate_spec.rb

@@ -0,0 +1,445 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration Sipgate', type: :request do
+
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let!(:customer_user1) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer1@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer1',
+      phone: '+49 99999 222222',
+      fax: '+49 99999 222223',
+      mobile: '+4912347114711',
+      note: 'Phone at home: +49 99999 222224',
+    )
+  end
+  let!(:customer_user2) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer2@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer2',
+      phone: '+49 99999 222222 2',
+    )
+  end
+  let!(:customer_user3) do
+    create(
+      :customer_user,
+      login: 'ticket-caller_id_cti-customer3@example.com',
+      firstname: 'CallerId',
+      lastname: 'Customer3',
+      phone: '+49 99999 222222 2',
+    )
+  end
+
+  before(:each) do
+    Cti::Log.destroy_all
+
+    Setting.set('sipgate_integration', true)
+    Setting.set('sipgate_config', {
+                  outbound: {
+                    routing_table: [
+                      {
+                        dest: '41*',
+                        caller_id: '41715880339000',
+                      },
+                      {
+                        dest: '491714000000',
+                        caller_id: '41715880339000',
+                      },
+                    ],
+                    default_caller_id: '4930777000000',
+                  },
+                  inbound: {
+                    block_caller_ids: [
+                      {
+                        caller_id: '491715000000',
+                        note: 'some note',
+                      }
+                    ],
+                    notify_user_ids: {
+                      2 => true,
+                      4 => false,
+                    },
+                  }
+                },)
+
+    Cti::CallerId.rebuild
+  end
+
+  describe 'request handling' do
+
+    it 'does basic call' do
+
+      # inbound - I
+      params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      on_hangup = nil
+      on_answer = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response') do |element|
+        on_hangup = element.attributes['onHangup']
+        on_answer = element.attributes['onAnswer']
+      end
+      expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
+      expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
+
+      # inbound - II - block caller
+      params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      on_hangup = nil
+      on_answer = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response') do |element|
+        on_hangup = element.attributes['onHangup']
+        on_answer = element.attributes['onAnswer']
+      end
+      expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
+      expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
+      reason = nil
+      response.elements.each('Response/Reject') do |element|
+        reason = element.attributes['reason']
+      end
+      expect(reason).to eq('busy')
+
+      # outbound - I - set default_caller_id
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      on_hangup = nil
+      on_answer = nil
+      caller_id = nil
+      number_to_dail = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response') do |element|
+        on_hangup = element.attributes['onHangup']
+        on_answer = element.attributes['onAnswer']
+      end
+      response.elements.each('Response/Dial') do |element|
+        caller_id = element.attributes['callerId']
+      end
+      response.elements.each('Response/Dial/Number') do |element|
+        number_to_dail = element.text
+      end
+      expect(caller_id).to eq('4930777000000')
+      expect(number_to_dail).to eq('4912347114711')
+      expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+      expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+      # outbound - II - set caller_id based on routing_table by explicite number
+      params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      on_hangup = nil
+      on_answer = nil
+      caller_id = nil
+      number_to_dail = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response') do |element|
+        on_hangup = element.attributes['onHangup']
+        on_answer = element.attributes['onAnswer']
+      end
+      response.elements.each('Response/Dial') do |element|
+        caller_id = element.attributes['callerId']
+      end
+      response.elements.each('Response/Dial/Number') do |element|
+        number_to_dail = element.text
+      end
+      expect(caller_id).to eq('41715880339000')
+      expect(number_to_dail).to eq('491714000000')
+      expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+      expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+      # outbound - III - set caller_id based on routing_table by 41*
+      params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      on_hangup = nil
+      on_answer = nil
+      caller_id = nil
+      number_to_dail = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response') do |element|
+        on_hangup = element.attributes['onHangup']
+        on_answer = element.attributes['onAnswer']
+      end
+      response.elements.each('Response/Dial') do |element|
+        caller_id = element.attributes['callerId']
+      end
+      response.elements.each('Response/Dial/Number') do |element|
+        number_to_dail = element.text
+      end
+      expect(caller_id).to eq('41715880339000')
+      expect(number_to_dail).to eq('4147110000000')
+      expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+      expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+      # no config
+      Setting.set('sipgate_config', {})
+      params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(422)
+      error = nil
+      content = @response.body
+      response = REXML::Document.new(content)
+      response.elements.each('Response/Error') do |element|
+        error = element.text
+      end
+      expect(error).to eq('Feature not configured, please contact your admin!')
+
+    end
+
+    it 'does log call' do
+
+      # outbound - I - new call
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-1')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(true)
+
+      # outbound - I - hangup by agent
+      params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-1')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('cancel')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+
+      # outbound - II - new call
+      params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(true)
+
+      # outbound - II - answer by customer
+      params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+
+      # outbound - II - hangup by customer
+      params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
+      post '/api/v1/sipgate/out', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-2')
+      expect(log).to be_truthy
+      expect(log.from).to eq('4930777000000')
+      expect(log.to).to eq('4912347114711')
+      expect(log.direction).to eq('out')
+      expect(log.from_comment).to eq('user 1')
+      expect(log.to_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+
+      # inbound - I - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+
+      # inbound - I - answer by customer
+      params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+
+      # inbound - I - hangup by customer
+      params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-3')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(true)
+
+      # inbound - II - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+
+      # inbound - II - answer by voicemail
+      params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('voicemail')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('answer')
+      expect(log.done).to eq(true)
+
+      # inbound - II - hangup by customer
+      params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-4')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('voicemail')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(false)
+
+      # inbound - III - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-5')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+
+      # inbound - III - hangup by customer
+      params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-5')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('4912347114711')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer1')
+      expect(log.comment).to eq('normalClearing')
+      expect(log.state).to eq('hangup')
+      expect(log.done).to eq(false)
+
+      # inbound - IV - new call
+      params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
+      post '/api/v1/sipgate/in', params: params
+      expect(@response).to have_http_status(200)
+      log = Cti::Log.find_by(call_id: '1234567890-6')
+      expect(log).to be_truthy
+      expect(log.to).to eq('4930600000000')
+      expect(log.from).to eq('49999992222222')
+      expect(log.direction).to eq('in')
+      expect(log.to_comment).to eq('user 1,user 2')
+      expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
+      expect(log.preferences['to']).to be_falsey
+      expect(log.preferences['from']).to be_truthy
+      expect(log.comment).to be_nil
+      expect(log.state).to eq('newCall')
+      expect(log.done).to eq(false)
+
+      # get caller list
+      get '/api/v1/cti/log'
+      expect(@response).to have_http_status(401)
+
+      authenticated_as(agent_user)
+      get '/api/v1/cti/log', as: :json
+      expect(@response).to have_http_status(200)
+      expect(json_response['list']).to be_a_kind_of(Array)
+      expect(json_response['list'].count).to eq(6)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['User']).to be_truthy
+      expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
+      expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
+      expect(json_response['list'][0]['call_id']).to eq('1234567890-6')
+      expect(json_response['list'][1]['call_id']).to eq('1234567890-5')
+      expect(json_response['list'][2]['call_id']).to eq('1234567890-4')
+      expect(json_response['list'][3]['call_id']).to eq('1234567890-3')
+      expect(json_response['list'][4]['call_id']).to eq('1234567890-2')
+      expect(json_response['list'][4]['state']).to eq('hangup')
+      expect(json_response['list'][4]['from']).to eq('4930777000000')
+      expect(json_response['list'][4]['from_comment']).to eq('user 1')
+      expect(json_response['list'][4]['to']).to eq('4912347114711')
+      expect(json_response['list'][4]['to_comment']).to eq('CallerId Customer1')
+      expect(json_response['list'][4]['comment']).to eq('normalClearing')
+      expect(json_response['list'][4]['state']).to eq('hangup')
+      expect(json_response['list'][5]['call_id']).to eq('1234567890-1')
+    end
+  end
+end

spec/requests/o_auth_spec.rb

@@ -0,0 +1,31 @@
+require 'rails_helper'
+
+RSpec.describe 'OAuth', type: :request do
+
+  describe 'request handling' do
+
+    it 'does o365 - start' do
+      get '/auth/microsoft_office365'
+      expect(response).to have_http_status(302)
+      expect(response.body).to include('https://login.microsoftonline.com/common/oauth2/v2.0/authorize')
+      expect(response.body).to include('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback')
+      expect(response.body).to include('scope=openid+email+profile')
+      expect(response.body).to include('response_type=code')
+    end
+
+    it 'does o365 - callback' do
+      get '/auth/microsoft_office365/callback?code=1234&state=1234'
+      expect(response).to have_http_status(302)
+      expect(response.body).to include('302 Moved')
+    end
+
+    it 'does auth failure' do
+      get '/auth/failure?message=123&strategy=some_provider'
+      expect(response).to have_http_status(422)
+      expect(response.body).to include('<title>422: Unprocessable Entity</title>')
+      expect(response.body).to include('<h1>422: The change you wanted was rejected.</h1>')
+      expect(response.body).to include('<div>Message from some_provider: 123</div>')
+    end
+  end
+
+end

spec/requests/organization_spec.rb

@@ -0,0 +1,557 @@
+require 'rails_helper'
+
+RSpec.describe 'Organization', type: :request, searchindex: true do
+
+  let!(:admin_user) do
+    create(:admin_user, groups: Group.all)
+  end
+  let!(:agent_user) do
+    create(:agent_user, firstname: 'Search 1234', groups: Group.all)
+  end
+  let!(:customer_user) do
+    create(:customer_user)
+  end
+  let!(:organization) do
+    create(
+      :organization,
+      name: 'Rest Org #1',
+      note: 'Rest Org #1',
+      created_at: '2017-09-05 10:00:00',
+    )
+  end
+  let!(:organization2) do
+    create(
+      :organization,
+      name: 'Rest Org #2',
+      note: 'Rest Org #2',
+      created_at: '2017-09-05 11:00:00',
+    )
+  end
+  let!(:organization3) do
+    create(
+      :organization,
+      name: 'Rest Org #3',
+      note: 'Rest Org #3',
+      created_at: '2017-09-05 12:00:00',
+    )
+  end
+  let!(:customer_user2) do
+    create(:customer_user, organization: organization)
+  end
+
+  before(:each) do
+    configure_elasticsearch do
+
+      travel 1.minute
+
+      rebuild_searchindex
+
+      # execute background jobs
+      Scheduler.worker(true)
+
+      sleep 6
+    end
+  end
+
+  describe 'request handling' do
+
+    it 'does index with agent' do
+
+      # index
+      authenticated_as(agent_user)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
+      expect(json_response.length >= 3).to be_truthy
+
+      get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      organizations = Organization.order(:id).limit(2)
+      expect(json_response[0]['id']).to eq(organizations[0].id)
+      expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
+      expect(json_response[1]['id']).to eq(organizations[1].id)
+      expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
+      expect(json_response.count).to eq(2)
+
+      get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      organizations = Organization.order(:id).limit(4)
+      expect(json_response[0]['id']).to eq(organizations[2].id)
+      expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
+      expect(json_response[1]['id']).to eq(organizations[3].id)
+      expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
+
+      expect(json_response.count).to eq(2)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['member_ids']).to be_a_kind_of(Array)
+      expect(json_response['members']).to be_falsey
+      expect('Rest Org #1').to eq(json_response['name'])
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['member_ids']).to be_a_kind_of(Array)
+      expect(json_response['members']).to be_falsey
+      expect('Rest Org #2').to eq(json_response['name'])
+
+      # search as agent
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0]['name']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_truthy
+      expect(json_response[0]['members']).to be_falsey
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0]['name']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_truthy
+      expect(json_response[0]['members']).to be_truthy
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0]['label']).to eq('Zammad Foundation')
+      expect(json_response[0]['value']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_falsey
+      expect(json_response[0]['members']).to be_falsey
+    end
+
+    it 'does index with customer1' do
+
+      # index
+      authenticated_as(customer_user)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response.length).to eq(0)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      # search
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+    end
+
+    it 'does index with customer2' do
+
+      # index
+      authenticated_as(customer_user2)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response.length).to eq(1)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect('Rest Org #1').to eq(json_response['name'])
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      # search
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+    end
+
+    it 'does organization search sortable' do
+      authenticated_as(admin_user)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      result = json_response
+      result.collect! { |v| v['id'] }
+      expect(result).to be_a_kind_of(Array)
+      expect(result).to eq([ organization.id, organization3.id, organization2.id ])
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
+      expect(response).to have_http_status(200)
+      result = json_response
+      result.collect! { |v| v['id'] }
+      expect(result).to be_a_kind_of(Array)
+      expect(result).to eq([ organization.id, organization2.id, organization3.id ])
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, as: :json
+      expect(response).to have_http_status(200)
+      result = json_response
+      result.collect! { |v| v['id'] }
+      expect(result).to be_a_kind_of(Array)
+      expect(result).to eq([ organization.id, organization2.id, organization3.id ])
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, as: :json
+      expect(response).to have_http_status(200)
+      result = json_response
+      result.collect! { |v| v['id'] }
+      expect(result).to be_a_kind_of(Array)
+      expect(result).to eq([ organization3.id, organization2.id, organization.id ])
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, as: :json
+      expect(response).to have_http_status(200)
+      result = json_response
+      result.collect! { |v| v['id'] }
+      expect(result).to be_a_kind_of(Array)
+      expect(result).to eq([ organization3.id, organization2.id, organization.id ])
+    end
+
+    it 'does organization show and response format' do
+      organization = create(
+        :organization,
+        name: 'Rest Org NEW',
+        members: [customer_user],
+        updated_by_id: admin_user.id,
+        created_by_id: admin_user.id,
+      )
+
+      authenticated_as(admin_user)
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['id']).to eq(organization.id)
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['members']).to be_falsey
+      expect(json_response['member_ids']).to eq([customer_user.id])
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['id']).to eq(organization.id)
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['members']).to be_truthy
+      expect(json_response['member_ids']).to eq([customer_user.id])
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['id']).to eq(organization.id)
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['members']).to be_falsey
+      expect(json_response['member_ids']).to eq([customer_user.id])
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      get "/api/v1/organizations/#{organization.id}?full=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['id']).to eq(organization.id)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['Organization']).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+      get "/api/v1/organizations/#{organization.id}?full=false", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['id']).to eq(organization.id)
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['members']).to be_falsey
+      expect(json_response['member_ids']).to eq([customer_user.id])
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+    end
+
+    it 'does organization index and response format' do
+      organization = create(
+        :organization,
+        name: 'Rest Org NEW',
+        members: [customer_user],
+        updated_by_id: admin_user.id,
+        created_by_id: admin_user.id,
+      )
+
+      authenticated_as(admin_user)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0].class).to eq(Hash)
+      expect(json_response.last['id']).to eq(organization.id)
+      expect(json_response.last['name']).to eq(organization.name)
+      expect(json_response.last['members']).to be_falsey
+      expect(json_response.last['member_ids']).to eq(organization.member_ids)
+      expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+      expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+      get '/api/v1/organizations?expand=true', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0].class).to eq(Hash)
+      expect(json_response.last['id']).to eq(organization.id)
+      expect(json_response.last['name']).to eq(organization.name)
+      expect(json_response.last['member_ids']).to eq(organization.member_ids)
+      expect([customer_user.login]).to eq(organization.members.pluck(:login))
+      expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+      expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+      get '/api/v1/organizations?expand=false', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0].class).to eq(Hash)
+      expect(json_response.last['id']).to eq(organization.id)
+      expect(json_response.last['name']).to eq(organization.name)
+      expect(json_response.last['members']).to be_falsey
+      expect(json_response.last['member_ids']).to eq(organization.member_ids)
+      expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+      expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+      get '/api/v1/organizations?full=true', params: {}, as: :json
+      expect(response).to have_http_status(200)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['record_ids'].class).to eq(Array)
+      expect(json_response['record_ids'][0]).to eq(1)
+      expect(json_response['record_ids'].last).to eq(organization.id)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['Organization']).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+      get '/api/v1/organizations?full=false', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0].class).to eq(Hash)
+      expect(json_response.last['id']).to eq(organization.id)
+      expect(json_response.last['name']).to eq(organization.name)
+      expect(json_response.last['members']).to be_falsey
+      expect(json_response.last['member_ids']).to eq(organization.member_ids)
+      expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+      expect(json_response.last['created_by_id']).to eq(admin_user.id)
+    end
+
+    it 'does ticket create and response format' do
+      params = {
+        name: 'Rest Org NEW',
+        members: [customer_user.login],
+      }
+
+      authenticated_as(admin_user)
+      post '/api/v1/organizations', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['member_ids']).to eq(organization.member_ids)
+      expect(json_response['members']).to be_falsey
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      params[:name] = 'Rest Org NEW #2'
+      post '/api/v1/organizations?expand=true', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['name']).to eq(organization.name)
+      expect(json_response['member_ids']).to eq(organization.member_ids)
+      expect(json_response['members']).to eq(organization.members.pluck(:login))
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      params[:name] = 'Rest Org NEW #3'
+      post '/api/v1/organizations?full=true', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['Organization']).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+    end
+
+    it 'does ticket update and response formats' do
+      organization = create(
+        :organization,
+        name: 'Rest Org NEW',
+        members: [customer_user],
+        updated_by_id: admin_user.id,
+        created_by_id: admin_user.id,
+      )
+
+      params = {
+        name: 'a update name #1',
+      }
+      authenticated_as(admin_user)
+      put "/api/v1/organizations/#{organization.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['name']).to eq(params[:name])
+      expect(json_response['member_ids']).to eq(organization.member_ids)
+      expect(json_response['members']).to be_falsey
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      params = {
+        name: 'a update name #2',
+      }
+      put "/api/v1/organizations/#{organization.id}?expand=true", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['name']).to eq(params[:name])
+      expect(json_response['member_ids']).to eq(organization.member_ids)
+      expect([customer_user.login]).to eq(organization.members.pluck(:login))
+      expect(json_response['updated_by_id']).to eq(admin_user.id)
+      expect(json_response['created_by_id']).to eq(admin_user.id)
+
+      params = {
+        name: 'a update name #3',
+      }
+      put "/api/v1/organizations/#{organization.id}?full=true", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      organization = Organization.find(json_response['id'])
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['Organization']).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+      expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(params[:name])
+      expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+      expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+    end
+
+    it 'does csv example - customer no access' do
+      authenticated_as(customer_user)
+      get '/api/v1/organizations/import_example', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+
+    it 'does csv example - admin access' do
+      authenticated_as(admin_user)
+      get '/api/v1/organizations/import_example', params: {}, as: :json
+      expect(response).to have_http_status(200)
+
+      rows = CSV.parse(@response.body)
+      header = rows.shift
+
+      expect(header[0]).to eq('id')
+      expect(header[1]).to eq('name')
+      expect(header[2]).to eq('shared')
+      expect(header[3]).to eq('domain')
+      expect(header[4]).to eq('domain_assignment')
+      expect(header[5]).to eq('active')
+      expect(header[6]).to eq('note')
+      expect(header.include?('members')).to be_truthy
+    end
+
+    it 'does csv import - admin access' do
+
+      UserInfo.current_user_id = 1
+      customer1 = create(
+        :customer_user,
+        login: 'customer1-members@example.com',
+        firstname: 'Member',
+        lastname: 'Customer',
+        email: 'customer1-members@example.com',
+        password: 'customerpw',
+        active: true,
+      )
+      customer2 = create(
+        :customer_user,
+        login: 'customer2-members@example.com',
+        firstname: 'Member',
+        lastname: 'Customer',
+        email: 'customer2-members@example.com',
+        password: 'customerpw',
+        active: true,
+      )
+      UserInfo.current_user_id = nil
+
+      # invalid file
+      authenticated_as(admin_user)
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+      post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to eq(true)
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('failed')
+      expect(json_response['errors'].count).to eq(2)
+      expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'name2' for Organization.")
+      expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'name2' for Organization.")
+
+      # valid file try
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+      post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to eq(true)
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('success')
+
+      expect(Organization.find_by(name: 'organization-member-import1')).to be_nil
+      expect(Organization.find_by(name: 'organization-member-import2')).to be_nil
+
+      # valid file
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+      post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to eq(false)
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('success')
+
+      organization1 = Organization.find_by(name: 'organization-member-import1')
+      expect(organization1).to be_truthy
+      expect(organization1.name).to eq('organization-member-import1')
+      expect(organization1.members.count).to eq(1)
+      expect(organization1.members.first.login).to eq(customer1.login)
+      expect(organization1.active).to eq(true)
+      organization2 = Organization.find_by(name: 'organization-member-import2')
+      expect(organization2).to be_truthy
+      expect(organization2.name).to eq('organization-member-import2')
+      expect(organization2.members.count).to eq(1)
+      expect(organization2.members.first.login).to eq(customer2.login)
+      expect(organization2.active).to eq(false)
+    end
+  end
+end

spec/requests/overview_spec.rb

@@ -0,0 +1,186 @@
+require 'rails_helper'
+
+RSpec.describe 'Overviews', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does return no permissions' do
+      params = {
+        name: 'Overview2',
+        link: 'my_overview',
+        roles: Role.where(name: 'Agent').pluck(:name),
+        condition: {
+          'ticket.state_id' => {
+            operator: 'is',
+            value: [1, 2, 3],
+          },
+        },
+        order: {
+          by: 'created_at',
+          direction: 'DESC',
+        },
+        view: {
+          d: %w[title customer state created_at],
+          s: %w[number title customer state created_at],
+          m: %w[number title customer state created_at],
+          view_mode_default: 's',
+        },
+      }
+
+      agent_user = create(:agent_user, password: 'we need a password here')
+
+      authenticated_as(agent_user)
+      post '/api/v1/overviews', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does create overviews' do
+      params = {
+        name: 'Overview2',
+        link: 'my_overview',
+        roles: Role.where(name: 'Agent').pluck(:name),
+        condition: {
+          'ticket.state_id' => {
+            operator: 'is',
+            value: [1, 2, 3],
+          },
+        },
+        order: {
+          by: 'created_at',
+          direction: 'DESC',
+        },
+        view: {
+          d: %w[title customer state created_at],
+          s: %w[number title customer state created_at],
+          m: %w[number title customer state created_at],
+          view_mode_default: 's',
+        },
+      }
+
+      authenticated_as(admin_user)
+      post '/api/v1/overviews', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('Overview2')
+      expect(json_response['link']).to eq('my_overview')
+
+      post '/api/v1/overviews', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('Overview2')
+      expect(json_response['link']).to eq('my_overview_1')
+    end
+
+    it 'does set mass prio' do
+      roles = Role.where(name: 'Agent')
+      overview1 = Overview.create!(
+        name: 'Overview1',
+        link: 'my_overview',
+        roles: roles,
+        condition: {
+          'ticket.state_id' => {
+            operator: 'is',
+            value: [1, 2, 3],
+          },
+        },
+        order: {
+          by: 'created_at',
+          direction: 'DESC',
+        },
+        view: {
+          d: %w[title customer state created_at],
+          s: %w[number title customer state created_at],
+          m: %w[number title customer state created_at],
+          view_mode_default: 's',
+        },
+        prio: 1,
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+      overview2 = Overview.create!(
+        name: 'Overview2',
+        link: 'my_overview',
+        roles: roles,
+        condition: {
+          'ticket.state_id' => {
+            operator: 'is',
+            value: [1, 2, 3],
+          },
+        },
+        order: {
+          by: 'created_at',
+          direction: 'DESC',
+        },
+        view: {
+          d: %w[title customer state created_at],
+          s: %w[number title customer state created_at],
+          m: %w[number title customer state created_at],
+          view_mode_default: 's',
+        },
+        prio: 2,
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+
+      params = {
+        prios: [
+          [overview2.id, 1],
+          [overview1.id, 2],
+        ]
+      }
+      authenticated_as(admin_user)
+      post '/api/v1/overviews_prio', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['success']).to eq(true)
+
+      overview1.reload
+      overview2.reload
+
+      expect(overview1.prio).to eq(2)
+      expect(overview2.prio).to eq(1)
+    end
+
+    it 'does create an overview with group_by direction' do
+
+      params = {
+        name: 'Overview2',
+        link: 'my_overview',
+        roles: Role.where(name: 'Agent').pluck(:name),
+        condition: {
+          'ticket.state_id' => {
+            operator: 'is',
+            value: [1, 2, 3],
+          },
+        },
+        order: {
+          by: 'created_at',
+          direction: 'DESC',
+        },
+        group_by: 'priority',
+        group_direction: 'ASC',
+        view: {
+          d: %w[title customer state created_at],
+          s: %w[number title customer state created_at],
+          m: %w[number title customer state created_at],
+          view_mode_default: 's',
+        },
+      }
+
+      authenticated_as(admin_user)
+      post '/api/v1/overviews', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('Overview2')
+      expect(json_response['link']).to eq('my_overview')
+      expect(json_response['group_by']).to eq('priority')
+      expect(json_response['group_direction']).to eq('ASC')
+    end
+  end
+end

spec/requests/package_spec.rb

@@ -0,0 +1,75 @@
+require 'rails_helper'
+
+RSpec.describe 'Packages', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does packages index with nobody' do
+      get '/api/v1/packages', as: :json
+      expect(response).to have_http_status(401)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['packages']).to be_falsey
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does packages index with admin' do
+      authenticated_as(admin_user)
+      get '/api/v1/packages', as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['packages']).to be_truthy
+    end
+
+    it 'does packages index with admin and wrong pw' do
+      authenticated_as(admin_user, password: 'wrongadminpw')
+      get '/api/v1/packages', as: :json
+
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does packages index with inactive admin' do
+      admin_user = create(:admin_user, active: false, password: 'we need a password here')
+
+      authenticated_as(admin_user)
+      get '/api/v1/packages', as: :json
+
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does packages index with agent' do
+      authenticated_as(agent_user)
+      get '/api/v1/packages', as: :json
+
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['packages']).to be_falsey
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+
+    it 'does packages index with customer' do
+      authenticated_as(customer_user)
+      get '/api/v1/packages', as: :json
+
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['packages']).to be_falsey
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+  end
+end

spec/requests/report_spec.rb

@@ -0,0 +1,59 @@
+require 'rails_helper'
+
+RSpec.describe 'Report', type: :request, searchindex: true do
+
+  let!(:admin_user) do
+    create(:admin_user)
+  end
+  let!(:agent_user) do
+    create(:agent_user)
+  end
+  let!(:customer_user) do
+    create(:customer_user)
+  end
+  let!(:year) do
+    DateTime.now.utc.year
+  end
+  let!(:month) do
+    DateTime.now.utc.month
+  end
+  let!(:week) do
+    DateTime.now.utc.strftime('%U').to_i
+  end
+  let!(:day) do
+    DateTime.now.utc.day
+  end
+  let!(:ticket) do
+    create(:ticket, title: 'ticket for report', customer: customer_user)
+  end
+  let!(:article) do
+    create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
+  end
+
+  before(:each) do
+    configure_elasticsearch do
+
+      travel 1.minute
+
+      rebuild_searchindex
+
+      # execute background jobs
+      Scheduler.worker(true)
+
+      sleep 6
+    end
+  end
+
+  describe 'request handling' do
+
+    it 'does report example - admin access' do
+      authenticated_as(admin_user)
+      get "/api/v1/reports/sets?sheet=true;metric=count;year=#{year};month=#{month};week=#{week};day=#{day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, as: :json
+
+      expect(response).to have_http_status(200)
+      assert(@response['Content-Disposition'])
+      expect(@response['Content-Disposition']).to eq('attachment; filename="tickets--all--Created.xls"')
+      expect(@response['Content-Type']).to eq('application/vnd.ms-excel')
+    end
+  end
+end

spec/requests/search_spec.rb

@@ -0,0 +1,330 @@
+require 'rails_helper'
+
+RSpec.describe 'Search', type: :request, searchindex: true do
+
+  let!(:admin_user) do
+    create(:admin_user, groups: Group.all)
+  end
+  let!(:agent_user) do
+    create(:agent_user, firstname: 'Search 1234', groups: Group.all)
+  end
+  let!(:customer_user) do
+    create(:customer_user)
+  end
+  let!(:organization1) do
+    create(:organization, name: 'Rest Org')
+  end
+  let!(:organization2) do
+    create(:organization, name: 'Rest Org #2')
+  end
+  let!(:organization3) do
+    create(:organization, name: 'Rest Org #3')
+  end
+  let!(:organization4) do
+    create(:organization, name: 'Tes.t. Org')
+  end
+  let!(:organization5) do
+    create(:organization, name: 'ABC_D Org')
+  end
+  let!(:customer_user2) do
+    create(:customer_user, organization: organization1)
+  end
+  let!(:customer_user3) do
+    create(:customer_user, organization: organization1)
+  end
+  let!(:ticket1) do
+    create(:ticket, title: 'test 1234-1', customer: customer_user)
+  end
+  let!(:ticket2) do
+    create(:ticket, title: 'test 1234-2', customer: customer_user2)
+  end
+  let!(:ticket3) do
+    create(:ticket, title: 'test 1234-2', customer: customer_user3)
+  end
+  let!(:article1) do
+    create(:ticket_article, ticket_id: ticket1.id)
+  end
+  let!(:article2) do
+    create(:ticket_article, ticket_id: ticket2.id)
+  end
+  let!(:article3) do
+    create(:ticket_article, ticket_id: ticket3.id)
+  end
+
+  before(:each) do
+    configure_elasticsearch do
+
+      travel 1.minute
+
+      rebuild_searchindex
+
+      # execute background jobs
+      Scheduler.worker(true)
+
+      sleep 6
+    end
+  end
+
+  describe 'request handling' do
+
+    it 'does settings index with nobody' do
+      params = {
+        query: 'test 1234',
+        limit: 2,
+      }
+
+      post '/api/v1/search/ticket', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to_not be_blank
+      expect(json_response['error']).to eq('authentication failed')
+
+      post '/api/v1/search/user', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to_not be_blank
+      expect(json_response['error']).to eq('authentication failed')
+
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to_not be_blank
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does settings index with admin' do
+      params = {
+        query: '1234*',
+        limit: 1,
+      }
+      authenticated_as(admin_user)
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('User')
+      expect(json_response['result'][1]['id']).to eq(agent_user.id)
+      expect(json_response['result'][2]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]['type']).to eq('Ticket')
+      expect(json_response['result'][2]['id']).to eq(ticket1.id)
+      expect(json_response['result'][3]['type']).to eq('User')
+      expect(json_response['result'][3]['id']).to eq(agent_user.id)
+      expect(json_response['result'][4]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/ticket', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]['type']).to eq('Ticket')
+      expect(json_response['result'][2]['id']).to eq(ticket1.id)
+      expect(json_response['result'][3]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/user', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result'][0]['type']).to eq('User')
+      expect(json_response['result'][0]['id']).to eq(agent_user.id)
+      expect(json_response['result'][1]).to be_falsey
+    end
+
+    it 'does settings index with agent' do
+      params = {
+        query: '1234*',
+        limit: 1,
+      }
+
+      authenticated_as(agent_user)
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('User')
+      expect(json_response['result'][1]['id']).to eq(agent_user.id)
+      expect(json_response['result'][2]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]['type']).to eq('Ticket')
+      expect(json_response['result'][2]['id']).to eq(ticket1.id)
+      expect(json_response['result'][3]['type']).to eq('User')
+      expect(json_response['result'][3]['id']).to eq(agent_user.id)
+      expect(json_response['result'][4]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/ticket', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]['type']).to eq('Ticket')
+      expect(json_response['result'][2]['id']).to eq(ticket1.id)
+      expect(json_response['result'][3]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/user', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result'][0]['type']).to eq('User')
+      expect(json_response['result'][0]['id']).to eq(agent_user.id)
+      expect(json_response['result'][1]).to be_falsey
+    end
+
+    it 'does settings index with customer 1' do
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      authenticated_as(customer_user)
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket1.id)
+      expect(json_response['result'][1]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/ticket', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket1.id)
+      expect(json_response['result'][1]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/user', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result'][0]).to be_falsey
+    end
+
+    it 'does settings index with customer 2' do
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      authenticated_as(customer_user2)
+      post '/api/v1/search', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/ticket', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['result'][0]['type']).to eq('Ticket')
+      expect(json_response['result'][0]['id']).to eq(ticket3.id)
+      expect(json_response['result'][1]['type']).to eq('Ticket')
+      expect(json_response['result'][1]['id']).to eq(ticket2.id)
+      expect(json_response['result'][2]).to be_falsey
+
+      params = {
+        query: '1234*',
+        limit: 10,
+      }
+
+      post '/api/v1/search/user', params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['result'][0]).to be_falsey
+    end
+
+    # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
+    it 'does searching for organization with a dot in its name' do
+      authenticated_as(agent_user)
+      get '/api/v1/search/organization?query=tes.', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['result'].size).to eq(1)
+      expect(json_response['result'][0]['type']).to eq('Organization')
+      target_id = json_response['result'][0]['id']
+      expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org')
+    end
+
+    # Search query H& should correctly match H&M
+    it 'does searching for organization with _ in its name' do
+      authenticated_as(agent_user)
+      get '/api/v1/search/organization?query=abc_', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['result'].size).to eq(1)
+      expect(json_response['result'][0]['type']).to eq('Organization')
+      target_id = json_response['result'][0]['id']
+      expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org')
+    end
+  end
+end

spec/requests/settings_spec.rb

@@ -0,0 +1,227 @@
+require 'rails_helper'
+
+RSpec.describe 'Settings', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:admin_api_user) do
+    role_api = create(:role)
+    role_api.permission_grant('admin.api')
+
+    create(:admin_user, roles: [role_api])
+  end
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does settings index with nobody' do
+
+      # index
+      get '/api/v1/settings', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['settings']).to be_falsey
+
+      # show
+      setting = Setting.find_by(name: 'product_name')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does settings index with admin' do
+
+      # index
+      authenticated_as(admin_user)
+      get '/api/v1/settings', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      hit_api = false
+      hit_product_name = false
+      json_response.each do |setting|
+        if setting['name'] == 'api_token_access'
+          hit_api = true
+        end
+        if setting['name'] == 'product_name'
+          hit_product_name = true
+        end
+      end
+      expect(hit_api).to eq(true)
+      expect(hit_product_name).to eq(true)
+
+      # show
+      setting = Setting.find_by(name: 'product_name')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('product_name')
+
+      setting = Setting.find_by(name: 'api_token_access')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('api_token_access')
+
+      # update
+      setting = Setting.find_by(name: 'product_name')
+      params = {
+        id: setting.id,
+        name: 'some_new_name',
+        preferences: {
+          permission: ['admin.branding', 'admin.some_new_permission'],
+          some_new_key: true,
+        }
+      }
+      put "/api/v1/settings/#{setting.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('product_name')
+      expect(json_response['preferences']['permission'].length).to eq(1)
+      expect(json_response['preferences']['permission'][0]).to eq('admin.branding')
+      expect(json_response['preferences']['some_new_key']).to eq(true)
+
+      # update
+      setting = Setting.find_by(name: 'api_token_access')
+      params = {
+        id: setting.id,
+        name: 'some_new_name',
+        preferences: {
+          permission: ['admin.branding', 'admin.some_new_permission'],
+          some_new_key: true,
+        }
+      }
+      put "/api/v1/settings/#{setting.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('api_token_access')
+      expect(json_response['preferences']['permission'].length).to eq(1)
+      expect(json_response['preferences']['permission'][0]).to eq('admin.api')
+      expect(json_response['preferences']['some_new_key']).to eq(true)
+
+      # delete
+      setting = Setting.find_by(name: 'product_name')
+      delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (feature not possible)')
+    end
+
+    it 'does settings index with admin-api' do
+
+      # index
+      authenticated_as(admin_api_user)
+      get '/api/v1/settings', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      hit_api = false
+      hit_product_name = false
+      json_response.each do |setting|
+        if setting['name'] == 'api_token_access'
+          hit_api = true
+        end
+        if setting['name'] == 'product_name'
+          hit_product_name = true
+        end
+      end
+      expect(hit_api).to eq(true)
+      expect(hit_product_name).to eq(false)
+
+      # show
+      setting = Setting.find_by(name: 'product_name')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
+
+      setting = Setting.find_by(name: 'api_token_access')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('api_token_access')
+
+      # update
+      setting = Setting.find_by(name: 'product_name')
+      params = {
+        id: setting.id,
+        name: 'some_new_name',
+        preferences: {
+          permission: ['admin.branding', 'admin.some_new_permission'],
+          some_new_key: true,
+        }
+      }
+      put "/api/v1/settings/#{setting.id}", params: params, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
+
+      # update
+      setting = Setting.find_by(name: 'api_token_access')
+      params = {
+        id: setting.id,
+        name: 'some_new_name',
+        preferences: {
+          permission: ['admin.branding', 'admin.some_new_permission'],
+          some_new_key: true,
+        }
+      }
+      put "/api/v1/settings/#{setting.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to eq('api_token_access')
+      expect(json_response['preferences']['permission'].length).to eq(1)
+      expect(json_response['preferences']['permission'][0]).to eq('admin.api')
+      expect(json_response['preferences']['some_new_key']).to eq(true)
+
+      # delete
+      setting = Setting.find_by(name: 'product_name')
+      delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (feature not possible)')
+    end
+
+    it 'does settings index with agent' do
+
+      # index
+      authenticated_as(agent_user)
+      get '/api/v1/settings', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['settings']).to be_falsey
+      expect(json_response['error']).to eq('Not authorized (user)!')
+
+      # show
+      setting = Setting.find_by(name: 'product_name')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+
+    it 'does settings index with customer' do
+
+      # index
+      authenticated_as(customer_user)
+      get '/api/v1/settings', params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['settings']).to be_falsey
+      expect(json_response['error']).to eq('Not authorized (user)!')
+
+      # show
+      setting = Setting.find_by(name: 'product_name')
+      get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (user)!')
+
+      # delete
+      setting = Setting.find_by(name: 'product_name')
+      delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+  end
+end

spec/requests/sla_spec.rb

@@ -0,0 +1,45 @@
+require 'rails_helper'
+
+RSpec.describe 'SLAs', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does index sla with nobody' do
+      get '/api/v1/slas', as: :json
+      expect(response).to have_http_status(401)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('authentication failed')
+    end
+
+    it 'does index sla with admin' do
+      authenticated_as(admin_user)
+      get '/api/v1/slas', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      expect(json_response.count).to eq(0)
+
+      get '/api/v1/slas?expand=true', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response).to be_truthy
+      expect(json_response.count).to eq(0)
+
+      get '/api/v1/slas?full=true', as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_truthy
+      expect(json_response['record_ids']).to be_truthy
+      expect(json_response['record_ids']).to be_blank
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['assets']['Calendar']).to be_present
+      expect(json_response['assets']).to be_present
+    end
+  end
+
+end

spec/requests/taskbar_spec.rb

@@ -0,0 +1,82 @@
+require 'rails_helper'
+
+RSpec.describe 'Taskbars', type: :request do
+
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does task ownership' do
+      params = {
+        user_id: customer_user.id,
+        client_id: '123',
+        key: 'Ticket-5',
+        callback: 'TicketZoom',
+        state: {
+          ticket: {
+            owner_id: agent_user.id,
+          },
+          article: {},
+        },
+        params: {
+          ticket_id: 5,
+          shown: true,
+        },
+        prio: 3,
+        notify: false,
+        active: false,
+      }
+
+      authenticated_as(agent_user)
+      post '/api/v1/taskbar', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['client_id']).to eq('123')
+      expect(json_response['user_id']).to eq(agent_user.id)
+      expect(json_response['params']['ticket_id']).to eq(5)
+      expect(json_response['params']['shown']).to eq(true)
+
+      taskbar_id = json_response['id']
+      params[:user_id] = customer_user.id
+      params[:params] = {
+        ticket_id: 5,
+        shown: false,
+      }
+      put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['client_id']).to eq('123')
+      expect(json_response['user_id']).to eq(agent_user.id)
+      expect(json_response['params']['ticket_id']).to eq(5)
+      expect(json_response['params']['shown']).to eq(false)
+
+      # try to access with other user
+      params = {
+        active: true,
+      }
+
+      authenticated_as(customer_user)
+      put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not allowed to access this task.')
+
+      delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not allowed to access this task.')
+
+      # delete with correct user
+      authenticated_as(agent_user)
+      delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response).to be_blank
+    end
+  end
+end

spec/requests/text_module_spec.rb

@@ -0,0 +1,104 @@
+require 'rails_helper'
+require 'byebug'
+
+RSpec.describe 'Text Module', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:agent_user) do
+    create(:agent_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does csv example - customer no access' do
+      authenticated_as(customer_user)
+      get '/api/v1/text_modules/import_example', as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response['error']).to eq('Not authorized (user)!')
+    end
+
+    it 'does csv example - admin access' do
+      TextModule.load('en-en')
+
+      authenticated_as(admin_user)
+      get '/api/v1/text_modules/import_example', as: :json
+      expect(response).to have_http_status(200)
+      rows = CSV.parse(@response.body)
+      header = rows.shift
+
+      expect(header[0]).to eq('id')
+      expect(header[1]).to eq('name')
+      expect(header[2]).to eq('keywords')
+      expect(header[3]).to eq('content')
+      expect(header[4]).to eq('note')
+      expect(header[5]).to eq('active')
+      expect(header).to_not include('organization')
+      expect(header).to_not include('priority')
+      expect(header).to_not include('state')
+      expect(header).to_not include('owner')
+      expect(header).to_not include('customer')
+    end
+
+    it 'does csv import - admin access' do
+
+      # invalid file
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+
+      authenticated_as(admin_user)
+      post '/api/v1/text_modules/import', params: { try: true, file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to be_truthy
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('failed')
+      expect(json_response['errors'].count).to eq(2)
+      expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'keywords2' for TextModule.")
+      expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'keywords2' for TextModule.")
+
+      # valid file try
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+      post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to be_truthy
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('success')
+
+      expect(TextModule.find_by(name: 'some name1')).to be_nil
+      expect(TextModule.find_by(name: 'some name2')).to be_nil
+
+      # valid file
+      csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+      csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+      post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      expect(json_response['try']).to eq(false)
+      expect(json_response['records'].count).to eq(2)
+      expect(json_response['result']).to eq('success')
+
+      text_module1 = TextModule.find_by(name: 'some name1')
+      expect(text_module1).to be_truthy
+      expect(text_module1.name).to eq('some name1')
+      expect(text_module1.keywords).to eq('keyword1')
+      expect(text_module1.content).to eq('some<br>content1')
+      expect(text_module1.active).to be_truthy
+      text_module2 = TextModule.find_by(name: 'some name2')
+      expect(text_module2).to be_truthy
+      expect(text_module2.name).to eq('some name2')
+      expect(text_module2.keywords).to eq('keyword2')
+      expect(text_module2.content).to eq('some content<br>test123')
+      expect(text_module2.active).to be_truthy
+    end
+  end
+end

spec/requests/ticket/article_attachments_spec.rb

@@ -0,0 +1,113 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Article Attachments', type: :request do
+
+  let(:agent_user) do
+    create(:agent_user, groups: Group.all)
+  end
+
+  describe 'request handling' do
+
+    it 'does test attachment urls' do
+      ticket1  = create(:ticket)
+      article1 = create(:ticket_article, ticket_id: ticket1.id)
+
+      store1 = Store.add(
+        object: 'Ticket::Article',
+        o_id: article1.id,
+        data: 'some content',
+        filename: 'some_file.txt',
+        preferences: {
+          'Content-Type' => 'text/plain',
+        },
+        created_by_id: 1,
+      )
+      article2 = create(:ticket_article, ticket_id: ticket1.id)
+
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(200)
+      expect('some content').to eq(@response.body)
+
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(401)
+      expect(@response.body).to match(/401: Unauthorized/)
+
+      ticket2 = create(:ticket)
+      ticket1.merge_to(
+        ticket_id: ticket2.id,
+        user_id:   1,
+      )
+
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(200)
+      expect('some content').to eq(@response.body)
+
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(401)
+      expect(@response.body).to match(/401: Unauthorized/)
+
+      # allow access via merged ticket id also
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(200)
+      expect('some content').to eq(@response.body)
+
+      authenticated_as(agent_user)
+      get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
+      expect(response).to have_http_status(401)
+      expect(@response.body).to match(/401: Unauthorized/)
+
+    end
+
+    it 'does test attachments for split' do
+      email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail024.box')
+      email_raw_string = File.read(email_file_path)
+      ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+      authenticated_as(agent_user)
+      get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['assets']).to be_truthy
+      expect(json_response['attachments']).to be_a_kind_of(Array)
+      expect(json_response['attachments'].count).to eq(1)
+      expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+
+    end
+
+    it 'does test attachments for forward' do
+      email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail008.box')
+      email_raw_string = File.read(email_file_path)
+      ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+      authenticated_as(agent_user)
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
+      expect(response).to have_http_status(422)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Need form_id to attach attachments to new form.')
+
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['attachments']).to be_a_kind_of(Array)
+      expect(json_response['attachments']).to be_blank
+
+      email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail024.box')
+      email_raw_string = File.read(email_file_path)
+      ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['attachments']).to be_a_kind_of(Array)
+      expect(json_response['attachments'].count).to eq(1)
+      expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response['attachments']).to be_a_kind_of(Array)
+      expect(json_response['attachments']).to be_blank
+    end
+  end
+end

spec/requests/ticket/article_spec.rb

@@ -0,0 +1,475 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Article', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:agent_user) do
+    create(:agent_user, groups: Group.all)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+
+  describe 'request handling' do
+
+    it 'does ticket create with agent and articles' do
+      params = {
+        title: 'a new ticket #1',
+        group: 'Users',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some body',
+        }
+      }
+      authenticated_as(agent_user)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+
+      params = {
+        ticket_id: json_response['id'],
+        content_type: 'text/plain', # or text/html
+        body: 'some body',
+        type: 'note',
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(agent_user.id)
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.articles.count).to eq(2)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+
+      params = {
+        ticket_id: json_response['ticket_id'],
+        content_type: 'text/html', # or text/html
+        body: 'some body <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
+AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
+9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />',
+        type: 'note',
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to_not match(/some body <img src="cid:.+?/)
+      expect(json_response['body']).to match(%r{some body <img src="/api/v1/ticket_attachment/.+?" alt="Red dot"})
+      expect(json_response['content_type']).to eq('text/html')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(agent_user.id)
+
+      expect(ticket.articles.count).to eq(3)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+      expect(ticket.articles[2].attachments.count).to eq(1)
+      expect(ticket.articles[2].attachments[0]['id']).to be_truthy
+      expect(ticket.articles[2].attachments[0]['filename']).to eq('image1.png')
+      expect(ticket.articles[2].attachments[0]['size']).to eq('21')
+      expect(ticket.articles[2].attachments[0]['preferences']['Mime-Type']).to eq('image/png')
+      expect(ticket.articles[2].attachments[0]['preferences']['Content-Disposition']).to eq('inline')
+      expect(ticket.articles[2].attachments[0]['preferences']['Content-ID']).to match(/@zammad.example.com/)
+
+      params = {
+        ticket_id: json_response['ticket_id'],
+        content_type: 'text/html', # or text/html
+        body: 'some body',
+        type: 'note',
+        attachments: [
+          'filename' => 'some_file.txt',
+          'data' => 'dGVzdCAxMjM=',
+          'mime-type' => 'text/plain',
+        ],
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body')
+      expect(json_response['content_type']).to eq('text/html')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(agent_user.id)
+
+      expect(ticket.articles.count).to eq(4)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+      expect(ticket.articles[2].attachments.count).to eq(1)
+      expect(ticket.articles[3].attachments.count).to eq(1)
+
+      get "/api/v1/ticket_articles/#{json_response['id']}?expand=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['attachments'].count).to eq(1)
+      expect(json_response['attachments'][0]['id']).to be_truthy
+      expect(json_response['attachments'][0]['filename']).to eq('some_file.txt')
+      expect(json_response['attachments'][0]['size']).to eq('8')
+      expect(json_response['attachments'][0]['preferences']['Mime-Type']).to eq('text/plain')
+
+      params = {
+        ticket_id: json_response['ticket_id'],
+        content_type: 'text/plain',
+        body: 'some body',
+        type: 'note',
+        preferences: {
+          some_key1: 123,
+        },
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(agent_user.id)
+      expect(json_response['preferences']['some_key1']).to eq(123)
+      expect(ticket.articles.count).to eq(5)
+
+      params = {
+        body: 'some body 2',
+        preferences: {
+          some_key2: 'abc',
+        },
+      }
+      put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body 2')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(agent_user.id)
+      expect(json_response['preferences']['some_key1']).to eq(123)
+      expect(json_response['preferences']['some_key2']).to eq('abc')
+
+    end
+
+    it 'does ticket create with customer and articles' do
+      params = {
+        title: 'a new ticket #2',
+        group: 'Users',
+        article: {
+          body: 'some body',
+        }
+      }
+      authenticated_as(customer_user)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+
+      params = {
+        ticket_id: json_response['id'],
+        content_type: 'text/plain', # or text/html
+        body: 'some body',
+        type: 'note',
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(customer_user.id)
+      expect(json_response['created_by_id']).to eq(customer_user.id)
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.articles.count).to eq(2)
+      expect(ticket.articles[1].sender.name).to eq('Customer')
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+
+      params = {
+        ticket_id: json_response['ticket_id'],
+        content_type: 'text/plain', # or text/html
+        body: 'some body',
+        sender: 'Agent',
+        type: 'note',
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(customer_user.id)
+      expect(json_response['created_by_id']).to eq(customer_user.id)
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.articles.count).to eq(3)
+      expect(ticket.articles[2].sender.name).to eq('Customer')
+      expect(ticket.articles[2].internal).to eq(false)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+      expect(ticket.articles[2].attachments.count).to eq(0)
+
+      params = {
+        ticket_id: json_response['ticket_id'],
+        content_type: 'text/plain', # or text/html
+        body: 'some body 2',
+        sender: 'Agent',
+        type: 'note',
+        internal: true,
+      }
+      post '/api/v1/ticket_articles', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['subject']).to be_nil
+      expect(json_response['body']).to eq('some body 2')
+      expect(json_response['content_type']).to eq('text/plain')
+      expect(json_response['updated_by_id']).to eq(customer_user.id)
+      expect(json_response['created_by_id']).to eq(customer_user.id)
+
+      ticket = Ticket.find(json_response['ticket_id'])
+      expect(ticket.articles.count).to eq(4)
+      expect(ticket.articles[3].sender.name).to eq('Customer')
+      expect(ticket.articles[3].internal).to eq(false)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+      expect(ticket.articles[2].attachments.count).to eq(0)
+      expect(ticket.articles[3].attachments.count).to eq(0)
+
+      # add internal article
+      article = create(
+        :ticket_article,
+        ticket_id: ticket.id,
+        internal: true,
+        sender: Ticket::Article::Sender.find_by(name: 'Agent'),
+        type: Ticket::Article::Type.find_by(name: 'note'),
+      )
+      expect(ticket.articles.count).to eq(5)
+      expect(ticket.articles[4].sender.name).to eq('Agent')
+      expect(ticket.articles[4].updated_by_id).to eq(1)
+      expect(ticket.articles[4].created_by_id).to eq(1)
+      expect(ticket.articles[0].attachments.count).to eq(0)
+      expect(ticket.articles[1].attachments.count).to eq(0)
+      expect(ticket.articles[2].attachments.count).to eq(0)
+      expect(ticket.articles[3].attachments.count).to eq(0)
+      expect(ticket.articles[4].attachments.count).to eq(0)
+
+      get "/api/v1/ticket_articles/#{article.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+
+      put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['error']).to eq('Not authorized')
+
+    end
+
+    it 'does create phone ticket for customer and expected origin_by_id' do
+      params = {
+        title: 'a new ticket #1',
+        group: 'Users',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some body',
+          sender: 'Customer',
+          type: 'phone',
+        }
+      }
+      authenticated_as(agent_user)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['title']).to eq('a new ticket #1')
+
+      article = Ticket::Article.find_by(ticket_id: json_response['id'])
+      expect(article.origin_by_id).to eq(customer_user.id)
+      expect(article.from).to eq("#{customer_user.firstname} #{customer_user.lastname} <#{customer_user.email}>")
+    end
+
+    it 'does create phone ticket by customer and manipulate origin_by_id' do
+      params = {
+        title: 'a new ticket #1',
+        group: 'Users',
+        customer_id: customer_user.id,
+        article: {
+          body: 'some body',
+          sender: 'Customer',
+          type: 'phone',
+          origin_by_id: 1,
+        }
+      }
+      authenticated_as(customer_user)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+      expect(json_response).to be_a_kind_of(Hash)
+
+      article = Ticket::Article.find_by(ticket_id: json_response['id'])
+      expect(article.origin_by_id).to eq(customer_user.id)
+    end
+
+    it 'does ticket split with html - check attachments' do
+      ticket = create(:ticket)
+      article = create(
+        :ticket_article,
+        ticket_id: ticket.id,
+        type: Ticket::Article::Type.lookup(name: 'note'),
+        sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+        body: '<b>test</b> <img src="cid:15.274327094.140938@ZAMMAD.example.com"/> test <img src="cid:15.274327094.140938.3@ZAMMAD.example.com"/>',
+        content_type: 'text/html',
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file1_normally_should_be_an_image',
+        filename: 'some_file1.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938@zammad.example.com',
+          'Content-Disposition' => 'inline',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file2_normally_should_be_an_image',
+        filename: 'some_file2.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938.2@zammad.example.com',
+          'Content-Disposition' => 'inline',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file3_normally_should_be_an_image',
+        filename: 'some_file3.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938.3@zammad.example.com',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file4_normally_should_be_an_image',
+        filename: 'some_file4.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938.4@zammad.example.com',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file1_normally_should_be_an_pdf',
+        filename: 'Rechnung_RE-2018-200.pdf',
+        preferences: {
+          'Content-Type'        => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+          'Mime-Type'           => 'application/octet-stream',
+          'Content-ID'          => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+          'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+          'Content-Disposition' => 'attachment',
+        },
+        created_by_id: 1,
+      )
+
+      params = {
+        form_id: 'new_form_id123',
+      }
+      authenticated_as(agent_user)
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['attachments']).to be_truthy
+      expect(json_response['attachments'].count).to eq(3)
+
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['attachments']).to be_truthy
+      expect(json_response['attachments'].count).to eq(0)
+    end
+
+    it 'does ticket split with plain - check attachments' do
+      ticket = create(
+        :ticket,
+        updated_by_id: agent_user.id,
+        created_by_id: agent_user.id,
+      )
+      article = create(
+        :ticket_article,
+        ticket_id: ticket.id,
+        type: Ticket::Article::Type.lookup(name: 'note'),
+        sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+        body: '<b>test</b> <img src="cid:15.274327094.140938@zammad.example.com"/>',
+        content_type: 'text/plain',
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file1_normally_should_be_an_image',
+        filename: 'some_file1.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938@zammad.example.com',
+          'Content-Disposition' => 'inline',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file1_normally_should_be_an_image',
+        filename: 'some_file2.jpg',
+        preferences: {
+          'Content-Type'        => 'image/jpeg',
+          'Mime-Type'           => 'image/jpeg',
+          'Content-ID'          => '15.274327094.140938.2@zammad.example.com',
+          'Content-Disposition' => 'inline',
+        },
+        created_by_id: 1,
+      )
+      Store.add(
+        object: 'Ticket::Article',
+        o_id: article.id,
+        data: 'content_file1_normally_should_be_an_pdf',
+        filename: 'Rechnung_RE-2018-200.pdf',
+        preferences: {
+          'Content-Type'        => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+          'Mime-Type'           => 'application/octet-stream',
+          'Content-ID'          => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+          'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+          'Content-Disposition' => 'attachment',
+        },
+        created_by_id: 1,
+      )
+
+      params = {
+        form_id: 'new_form_id123',
+      }
+      authenticated_as(agent_user)
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['attachments']).to be_truthy
+      expect(json_response['attachments'].count).to eq(3)
+
+      post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['attachments']).to be_truthy
+      expect(json_response['attachments'].count).to eq(0)
+    end
+  end
+end

spec/requests/ticket/escalation_spec.rb

@@ -0,0 +1,153 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Escalation', type: :request do
+
+  let!(:agent_user) do
+    create(:agent_user, groups: Group.all)
+  end
+  let!(:customer_user) do
+    create(:customer_user)
+  end
+  let!(:calendar) do
+    create(
+      :calendar,
+      name: 'Escalation Test',
+      timezone: 'Europe/Berlin',
+      business_hours: {
+        mon: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        tue: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        wed: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        thu: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        fri: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        sat: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+        sun: {
+          active: true,
+          timeframes: [ ['00:00', '23:59'] ]
+        },
+      },
+      default: true,
+      ical_url: nil,
+    )
+  end
+  let!(:sla) do
+    create(
+      :sla,
+      name: 'test sla 1',
+      condition: {
+        'ticket.title' => {
+          operator: 'contains',
+          value: 'some value 123',
+        },
+      },
+      first_response_time: 60,
+      update_time: 180,
+      solution_time: 240,
+      calendar: calendar,
+    )
+  end
+  let!(:mail_group) do
+    create(:group, email_address: create(:email_address) )
+  end
+
+  describe 'request handling' do
+
+    it 'does escalate by ticket created via web' do
+      params = {
+        title: 'some value 123',
+        group: mail_group.name,
+        article: {
+          body: 'some test 123',
+        },
+      }
+
+      authenticated_as(customer_user)
+      post '/api/v1/tickets', params: params, as: :json
+      expect(response).to have_http_status(201)
+
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+      expect(json_response['title']).to eq('some value 123')
+      expect(json_response['updated_by_id']).to eq(customer_user.id)
+      expect(json_response['created_by_id']).to eq(customer_user.id)
+
+      ticket_p = Ticket.find(json_response['id'])
+
+      expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
+      expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
+      expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
+      expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
+
+      expect(ticket_p.escalation_at).to be_truthy
+      expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+      expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
+      expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+      expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+    end
+
+    it 'does escalate by ticket got created via email - reply by agent via web' do
+
+      email = "From: Bob Smith <customer@example.com>
+To: #{mail_group.email_address.email}
+Subject: some value 123
+
+Some Text"
+
+      ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
+      ticket_p.reload
+      expect(ticket_p.escalation_at).to be_truthy
+      expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+      expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
+      expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+      expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+
+      travel 3.hours
+
+      params = {
+        title: 'some value 123 - update',
+        article: {
+          body: 'some test 123',
+          type: 'email',
+          to: 'customer@example.com',
+        },
+      }
+      authenticated_as(agent_user)
+      put "/api/v1/tickets/#{ticket_p.id}", params: params, as: :json
+
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'open').id)
+      expect(json_response['title']).to eq('some value 123 - update')
+      expect(json_response['updated_by_id']).to eq(agent_user.id)
+      expect(json_response['created_by_id']).to eq(user_p.id)
+
+      ticket_p.reload
+      expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
+      expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
+      expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
+      expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
+
+      expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+      expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.last_contact_agent_at + 3.hours).to_i)
+      expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+      expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+    end
+  end
+end

spec/requests/time_accounting_spec.rb

@@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe 'Time Accounting', type: :request do
+
+  let(:admin_user) do
+    create(:admin_user)
+  end
+  let(:customer_user) do
+    create(:customer_user)
+  end
+  let(:year) do
+    DateTime.now.utc.year
+  end
+  let(:month) do
+    DateTime.now.utc.month
+  end
+
+  describe 'request handling' do
+
+    it 'does time account report' do
+      group   = create(:group)
+      ticket  = create(:ticket, state: Ticket::State.lookup(name: 'open'), customer: customer_user )
+      article = create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
+
+      create(:ticket_time_accounting, ticket_id: ticket.id, ticket_article_id: article.id)
+
+      authenticated_as(admin_user)
+      get "/api/v1/time_accounting/log/by_ticket/#{year}/#{month}?download=true", params: {}
+
+      expect(response).to have_http_status(200)
+      expect(response['Content-Disposition']).to be_truthy
+      expect(response['Content-Disposition']).to eq("attachment; filename=\"by_ticket-#{year}-#{month}.xls\"")
+      expect(response['Content-Type']).to eq('application/vnd.ms-excel')
+    end
+  end
+end

spec/requests/user/organization_spec.rb

@@ -0,0 +1,160 @@
+require 'rails_helper'
+
+RSpec.describe 'User Organization', type: :request, searchindex: true do
+
+  let!(:admin_user) do
+    create(:admin_user, groups: Group.all)
+  end
+  let!(:agent_user) do
+    create(:agent_user, groups: Group.all)
+  end
+  let!(:customer_user) do
+    create(:customer_user)
+  end
+  let!(:organization) do
+    create(:organization, name: 'Rest Org', note: 'Rest Org A')
+  end
+  let!(:organization2) do
+    create(:organization, name: 'Rest Org #2', note: 'Rest Org B')
+  end
+  let!(:organization3) do
+    create(:organization, name: 'Rest Org #3', note: 'Rest Org C')
+  end
+  let!(:customer_user2) do
+    create(:customer_user, organization: organization)
+  end
+
+  before(:each) do
+    configure_elasticsearch do
+
+      travel 1.minute
+
+      rebuild_searchindex
+
+      # execute background jobs
+      Scheduler.worker(true)
+
+      sleep 6
+    end
+  end
+
+  describe 'request handling' do
+
+    it 'does organization index with agent' do
+      authenticated_as(agent_user)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
+      expect(json_response.length >= 3).to be_truthy
+
+      get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response.class).to eq(Array)
+      organizations = Organization.order(:id).limit(2)
+      expect(json_response[0]['id']).to eq(organizations[0].id)
+      expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
+      expect(json_response[1]['id']).to eq(organizations[1].id)
+      expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
+      expect(json_response.count).to eq(2)
+
+      get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response.class).to eq(Array)
+      organizations = Organization.order(:id).limit(4)
+      expect(json_response[0]['id']).to eq(organizations[2].id)
+      expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
+      expect(json_response[1]['id']).to eq(organizations[3].id)
+      expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
+
+      expect(json_response.count).to eq(2)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['member_ids']).to be_a_kind_of(Array)
+      expect(json_response['members']).to be_falsey
+      expect('Rest Org').to eq(json_response['name'])
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['member_ids']).to be_a_kind_of(Array)
+      expect(json_response['members']).to be_falsey
+      expect('Rest Org #2').to eq(json_response['name'])
+
+      # search as agent
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response.class).to eq(Array)
+      expect(json_response[0]['name']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_truthy
+      expect(json_response[0]['members']).to be_falsey
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response.class).to eq(Array)
+      expect(json_response[0]['name']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_truthy
+      expect(json_response[0]['members']).to be_truthy
+
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response.class).to eq(Array)
+      expect(json_response[0]['label']).to eq('Zammad Foundation')
+      expect(json_response[0]['value']).to eq('Zammad Foundation')
+      expect(json_response[0]['member_ids']).to be_falsey
+      expect(json_response[0]['members']).to be_falsey
+    end
+
+    it 'does organization index with customer1' do
+      authenticated_as(customer_user)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response.length).to eq(0)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      # search
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+    end
+
+    it 'does organization index with customer2' do
+      authenticated_as(customer_user2)
+      get '/api/v1/organizations', params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Array)
+      expect(json_response.length).to eq(1)
+
+      # show/:id
+      get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+      expect(response).to have_http_status(200)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect('Rest Org').to eq(json_response['name'])
+
+      get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+      expect(json_response).to be_a_kind_of(Hash)
+      expect(json_response['name']).to be_nil
+
+      # search
+      Scheduler.worker(true)
+      get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+      expect(response).to have_http_status(401)
+    end
+  end
+end

spec/requests/user/permission_spec.rb

@@ -0,0 +1,676 @@
+require 'rails_helper'
+
+RSpec.describe 'User endpoint', type: :request do
+
+  let(:role_with_admin_user_permissions) do
+    create(:role).tap do |role|
+      role.permission_grant('admin.user')
+    end
+  end
+  let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) }
+
+  let(:role_without_admin_user_permissions) do
+    create(:role).tap do |role|
+      role.permission_grant('admin.tag')
+    end
+  end
+  let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) }
+
+  describe 'User creation' do
+
+    let(:attributes) { attributes_params_for(:user) }
+
+    it 'responds unauthorized for customer' do
+      requester = create(:customer_user)
+      authenticated_as(requester)
+
+      expect do
+        post api_v1_users_path, params: attributes
+      end.to not_change {
+        User.count
+      }
+
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    context 'privileged attributes' do
+
+      context 'group assignment' do
+
+        # group access assignment is in general only valid for agents
+        # see HasGroups.groups_access_permission?
+        let(:agent_attributes) do
+          attributes.merge(
+            roles: Role.where(name: 'Agent').map(&:name),
+          )
+        end
+
+        shared_examples 'group assignment' do |map_method_id|
+
+          it 'responds success for admin.user' do
+            authenticated_as(admin_with_admin_user_permissions)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to change {
+              User.count
+            }.by(1)
+
+            expect(response).to have_http_status(:success)
+            expect(User.last.send(map_method_id)).to eq(send(map_method_id))
+          end
+
+          it 'responds unauthorized for sub admin without admin.user' do
+            authenticated_as(admin_without_admin_user_permissions)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to not_change {
+              User.count
+            }
+
+            expect(response).to have_http_status(:unauthorized)
+          end
+
+          it 'responds successful for agent but removes assignment' do
+            requester = create(:agent_user)
+            authenticated_as(requester)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to change {
+              User.count
+            }.by(1)
+
+            expect(response).to have_http_status(:success)
+            expect(User.last.send(map_method_id)).to be_blank
+          end
+        end
+
+        context 'parameter groups' do
+
+          let(:group_names_access_map) do
+            Group.all.map { |g| [g.name, ['full']] }.to_h
+          end
+
+          let(:payload) do
+            agent_attributes.merge(
+              groups: group_names_access_map,
+            )
+          end
+
+          it_behaves_like 'group assignment', :group_names_access_map
+        end
+
+        context 'parameter group_ids' do
+
+          let(:group_ids_access_map) do
+            Group.all.map { |g| [g.id, ['full']] }.to_h
+          end
+
+          let(:payload) do
+            agent_attributes.merge(
+              group_ids: group_ids_access_map,
+            )
+          end
+
+          it_behaves_like 'group assignment', :group_ids_access_map
+        end
+      end
+
+      context 'role assignment' do
+
+        shared_examples 'role assignment' do
+
+          let(:privileged) { Role.where(name: 'Admin') }
+
+          it 'responds success for admin.user' do
+            authenticated_as(admin_with_admin_user_permissions)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to change {
+              User.count
+            }.by(1)
+
+            expect(response).to have_http_status(:success)
+            expect(User.last.roles).to eq(privileged)
+          end
+
+          it 'responds unauthorized for sub admin without admin.user' do
+            authenticated_as(admin_without_admin_user_permissions)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to not_change {
+              User.count
+            }
+
+            expect(response).to have_http_status(:unauthorized)
+          end
+
+          it 'responds successful for agent but removes assignment' do
+            requester = create(:agent_user)
+            authenticated_as(requester)
+
+            expect do
+              post api_v1_users_path, params: payload
+            end.to change {
+              User.count
+            }.by(1)
+
+            expect(response).to have_http_status(:success)
+            expect(User.last.roles).to eq(Role.signup_roles)
+          end
+        end
+
+        context 'parameter roles' do
+          let(:payload) do
+            attributes.merge(
+              roles: privileged.map(&:name),
+            )
+          end
+
+          it_behaves_like 'role assignment'
+        end
+
+        context 'parameter role_ids' do
+          let(:payload) do
+            attributes.merge(
+              role_ids: privileged.map(&:id),
+            )
+          end
+
+          it_behaves_like 'role assignment'
+        end
+      end
+    end
+  end
+
+  describe 'User update' do
+
+    def authorized_update_request(requester:, requested:)
+      authenticated_as(requester)
+
+      expect do
+        put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
+      end.to change {
+        requested.reload.firstname
+      }
+
+      expect(response).to have_http_status(:success)
+    end
+
+    def unauthorized_update_request(requester:, requested:)
+      authenticated_as(requester)
+
+      expect do
+        put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
+      end.to not_change {
+        requested.reload.attributes
+      }
+
+      expect(response).to have_http_status(:unauthorized)
+    end
+
+    context 'request by admin.user' do
+
+      let(:requester) { admin_with_admin_user_permissions }
+
+      it 'is successful for same admin' do
+        authorized_update_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is successful for other admin' do
+        authorized_update_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is successful for agent' do
+        authorized_update_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is successful for customer' do
+        authorized_update_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by sub admin without admin.user' do
+
+      let(:requester) { admin_without_admin_user_permissions }
+
+      it 'is unauthorized for same admin' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other admin' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized for agent' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is unauthorized for customer' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by agent' do
+
+      let(:requester) { create(:agent_user) }
+
+      it 'is unauthorized for admin' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized same agent' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other agent' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is successful for customer' do
+        authorized_update_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by customer' do
+
+      let(:requester) { create(:customer_user) }
+
+      it 'is unauthorized for admin' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized for agent' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is unauthorized for same customer' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other customer' do
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+
+      it 'is unauthorized for same organization' do
+        same_organization = create(:organization)
+
+        requester.update!(organization: same_organization)
+
+        unauthorized_update_request(
+          requester: requester,
+          requested: create(:customer_user, organization: same_organization),
+        )
+      end
+    end
+
+    context 'privileged attributes' do
+
+      let(:requested) { create(:user) }
+      let(:attribute) { privileged.keys.first }
+      let(:payload) { cleaned_params_for(requested).merge(privileged) }
+
+      def value_of_attribute
+        # we need to call .to_a otherwise Rails will load the
+        # ActiveRecord::Associations::CollectionProxy
+        # on comparsion which is to late
+        requested.reload.public_send(attribute).to_a
+      end
+
+      shared_examples 'admin types requests' do
+
+        it 'responds success for admin.user' do
+          authenticated_as(admin_with_admin_user_permissions)
+
+          expect do
+            put api_v1_update_user_path(requested), params: payload
+          end.to change {
+            value_of_attribute
+          }
+          expect(response).to have_http_status(:success)
+        end
+
+        it 'responds unauthorized for sub admin without admin.user' do
+          authenticated_as(admin_without_admin_user_permissions)
+
+          expect do
+            put api_v1_update_user_path(requested), params: payload
+          end.to not_change {
+            value_of_attribute
+          }
+
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+
+      shared_examples 'permitted agent update' do
+
+        it 'responds successful for agent but removes assignment' do
+          requester = create(:agent_user)
+          authenticated_as(requester)
+
+          expect do
+            put api_v1_update_user_path(requested), params: payload
+          end.to change {
+            value_of_attribute
+          }
+
+          expect(response).to have_http_status(:success)
+        end
+      end
+
+      shared_examples 'forbidden agent update' do
+
+        it 'responds successful for agent but removes assignment' do
+          requester = create(:agent_user)
+          authenticated_as(requester)
+
+          expect do
+            put api_v1_update_user_path(requested), params: payload
+          end.to not_change {
+            value_of_attribute
+          }
+
+          expect(response).to have_http_status(:success)
+        end
+      end
+
+      context 'group assignment' do
+
+        context 'parameter groups' do
+
+          let(:privileged) do
+            {
+              groups: Group.all.map { |g| [g.name, ['full']] }.to_h
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'forbidden agent update'
+        end
+
+        context 'parameter group_ids' do
+
+          let(:privileged) do
+            {
+              group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'forbidden agent update'
+        end
+      end
+
+      context 'role assignment' do
+
+        let(:admin_role) { Role.where(name: 'Admin') }
+
+        context 'parameter roles' do
+          let(:privileged) do
+            {
+              roles: admin_role.map(&:name),
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'forbidden agent update'
+        end
+
+        context 'parameter role_ids' do
+          let(:privileged) do
+            {
+              role_ids: admin_role.map(&:id),
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'forbidden agent update'
+        end
+      end
+
+      context 'organization assignment' do
+
+        let(:new_organizations) { create_list(:organization, 2) }
+
+        context 'parameter organizations' do
+          let(:privileged) do
+            {
+              organizations: new_organizations.map(&:name),
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'permitted agent update'
+        end
+
+        context 'parameter organization_ids' do
+          let(:privileged) do
+            {
+              organization_ids: new_organizations.map(&:id),
+            }
+          end
+
+          it_behaves_like 'admin types requests'
+          it_behaves_like 'permitted agent update'
+        end
+      end
+    end
+  end
+
+  describe 'User deletion' do
+
+    def authorized_destroy_request(requester:, requested:)
+      authenticated_as(requester)
+
+      delete api_v1_delete_user_path(requested)
+
+      expect(response).to have_http_status(:success)
+      expect(requested).not_to exist_in_database
+    end
+
+    def unauthorized_destroy_request(requester:, requested:)
+      authenticated_as(requester)
+
+      delete api_v1_delete_user_path(requested)
+
+      expect(response).to have_http_status(:unauthorized)
+      expect(requested).to exist_in_database
+    end
+
+    context 'request by admin.user' do
+
+      let(:requester) { admin_with_admin_user_permissions }
+
+      it 'is successful for same admin' do
+        authorized_destroy_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is successful for other admin' do
+        authorized_destroy_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is successful for agent' do
+        authorized_destroy_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is successful for customer' do
+        authorized_destroy_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by sub admin without admin.user' do
+
+      let(:requester) { admin_without_admin_user_permissions }
+
+      it 'is unauthorized for same admin' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other admin' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized for agent' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is unauthorized for customer' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by agent' do
+
+      let(:requester) { create(:agent_user) }
+
+      it 'is unauthorized for admin' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized same agent' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other agent' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is unauthorized for customer' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+    end
+
+    context 'request by customer' do
+
+      let(:requester) { create(:customer_user) }
+
+      it 'is unauthorized for admin' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:admin_user),
+        )
+      end
+
+      it 'is unauthorized for agent' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:agent_user),
+        )
+      end
+
+      it 'is unauthorized for same customer' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: requester,
+        )
+      end
+
+      it 'is unauthorized for other customer' do
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:customer_user),
+        )
+      end
+
+      it 'is unauthorized for same organization' do
+        same_organization = create(:organization)
+
+        requester.update!(organization: same_organization)
+
+        unauthorized_destroy_request(
+          requester: requester,
+          requested: create(:customer_user, organization: same_organization),
+        )
+      end
+    end
+  end
+end

spec/support/request.rb

@@ -51,16 +51,38 @@ module ZammadSpecSupportRequest
   # @example
   #  authenticated_as(some_admin_user)
   #
+  # @example
+  #  authenticated_as(some_admin_user, on_behalf_of: customer_user)
+  #
+  # @example
+  #  authenticated_as(some_admin_user, password: 'wrongpw')
+  #
+  # @example
+  #  authenticated_as(some_admin_user, password: 'wrongpw', token: create(:token, action: 'api', user_id: some_admin_user.id) )
+  #
+  # @example
+  #  authenticated_as(nil, login: 'not_existing', password: 'wrongpw' )
+  #
   # @return nil
-  def authenticated_as(user)
+  def authenticated_as(user, login: nil, password: nil, token: nil, on_behalf_of: nil)
+    password ||= user.password
+    login    ||= user.login
+
     # mock authentication otherwise login won't
     # if user has no password (which is expensive to create)
-    if user.password.nil?
-      allow(User).to receive(:authenticate).with(user.login, '').and_return(user)
+    if password.nil?
+      allow(User).to receive(:authenticate).with(login, '').and_return(user)
     end
 
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials(user.login, user.password)
-    add_headers('Authorization' => credentials)
+    # if we want to authenticate by token
+    if token.present?
+      credentials = "Token token=#{token.name}"
+
+      return add_headers('Authorization' => credentials)
+    end
+
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
+    add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => on_behalf_of)
   end
 
   # Provides a Hash of attributes for the given FactoryBot
@@ -106,4 +128,8 @@ end
 
 RSpec.configure do |config|
   config.include ZammadSpecSupportRequest, type: :request
+
+  config.before(:each, type: :request) do
+    Setting.set('system_init_done', true)
+  end
 end

spec/support/searchindex_backend.rb

@@ -0,0 +1,56 @@
+require 'rake'
+
+module SearchindexBackendHelper
+
+  def configure_elasticsearch(required: false)
+    if ENV['ES_URL'].blank?
+      return if !required
+      raise "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'"
+    end
+
+    Setting.set('es_url', ENV['ES_URL'])
+
+    # Setting.set('es_url', 'http://127.0.0.1:9200')
+    # Setting.set('es_index', 'estest.local_zammad')
+    # Setting.set('es_user', 'elasticsearch')
+    # Setting.set('es_password', 'zammad')
+
+    if ENV['ES_INDEX_RAND'].present?
+      rand_id          = ENV.fetch('CI_JOB_ID', "r#{rand(999)}")
+      test_method_name = subject.gsub(/[^\w]/, '_')
+      ENV['ES_INDEX']  = "es_index_#{test_method_name}_#{rand_id}_#{rand(999_999_999)}"
+    end
+    if ENV['ES_INDEX'].blank?
+      raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'"
+    end
+    Setting.set('es_index', ENV['ES_INDEX'])
+
+    # set max attachment size in mb
+    Setting.set('es_attachment_max_size_in_mb', 1)
+
+    yield if block_given?
+  end
+
+  def rebuild_searchindex
+    Rake::Task.clear
+    Zammad::Application.load_tasks
+    Rake::Task['searchindex:rebuild'].execute
+  end
+
+  def self.included(base)
+
+    # Execute in RSpec class context
+    base.class_exec do
+
+      after(:each) do
+        next if ENV['ES_URL'].blank?
+
+        Rake::Task['searchindex:drop'].execute
+      end
+    end
+  end
+end
+
+RSpec.configure do |config|
+  config.include SearchindexBackendHelper, searchindex: true
+end

test/controllers/api_auth_controller_test.rb

@@ -1,443 +0,0 @@
-
-require 'test_helper'
-
-class ApiAuthControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'api-admin',
-      firstname: 'API',
-      lastname: 'Admin',
-      email: 'api-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'api-agent@example.com',
-      firstname: 'API',
-      lastname: 'Agent',
-      email: 'api-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer = User.create!(
-      login: 'api-customer1@example.com',
-      firstname: 'API',
-      lastname: 'Customer1',
-      email: 'api-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test 'basic auth - admin' do
-
-    admin_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin@example.com', 'adminpw')
-
-    Setting.set('api_password_access', false)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API password access disabled!', result['error'])
-
-    Setting.set('api_password_access', true)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-  end
-
-  test 'basic auth - agent' do
-
-    agent_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-agent@example.com', 'agentpw')
-
-    Setting.set('api_password_access', false)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API password access disabled!', result['error'])
-
-    Setting.set('api_password_access', true)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-  end
-
-  test 'basic auth - customer' do
-
-    customer_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1@example.com', 'customer1pw')
-
-    Setting.set('api_password_access', false)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API password access disabled!', result['error'])
-
-    Setting.set('api_password_access', true)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-  end
-
-  test 'token auth - admin' do
-
-    admin_token = Token.create(
-      action:      'api',
-      persistent:  true,
-      user_id:     @admin.id,
-      preferences: {
-        permission: ['admin.session'],
-      },
-    )
-    admin_credentials = "Token token=#{admin_token.name}"
-
-    Setting.set('api_token_access', false)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API token access disabled!', result['error'])
-
-    Setting.set('api_token_access', true)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-
-    admin_token.preferences[:permission] = ['admin.session_not_existing']
-    admin_token.save!
-
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized (token)!', result['error'])
-
-    admin_token.preferences[:permission] = []
-    admin_token.save!
-
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized (token)!', result['error'])
-
-    @admin.active = false
-    @admin.save!
-
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('User is inactive!', result['error'])
-
-    admin_token.preferences[:permission] = ['admin.session']
-    admin_token.save!
-
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('User is inactive!', result['error'])
-
-    @admin.active = true
-    @admin.save!
-
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-
-    get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized (token)!', result['error'])
-
-    admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
-    admin_token.save!
-
-    get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    admin_token.preferences[:permission] = ['ticket.agent']
-    admin_token.save!
-
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)}"
-    post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)} - 2"
-    put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-    admin_token.preferences[:permission] = ['admin.organization']
-    admin_token.save!
-
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)}"
-    post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)} - 2"
-    put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-    admin_token.preferences[:permission] = ['admin']
-    admin_token.save!
-
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)}"
-    post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)} - 2"
-    put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(name, result['name'])
-    assert(result)
-
-  end
-
-  test 'token auth - agent' do
-
-    agent_token = Token.create(
-      action:     'api',
-      persistent: true,
-      user_id:    @agent.id,
-    )
-    agent_credentials = "Token token=#{agent_token.name}"
-
-    Setting.set('api_token_access', false)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API token access disabled!', result['error'])
-
-    Setting.set('api_token_access', true)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)}"
-    post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => agent_credentials)
-    assert_response(401)
-
-  end
-
-  test 'token auth - customer' do
-
-    customer_token = Token.create(
-      action:     'api',
-      persistent: true,
-      user_id:    @customer.id,
-    )
-    customer_credentials = "Token token=#{customer_token.name}"
-
-    Setting.set('api_token_access', false)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API token access disabled!', result['error'])
-
-    Setting.set('api_token_access', true)
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    name = "some org name #{rand(999_999_999)}"
-    post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => customer_credentials)
-    assert_response(401)
-  end
-
-  test 'token auth - invalid user - admin' do
-
-    admin_token = Token.create(
-      action:     'api',
-      persistent: true,
-      user_id:    @admin.id,
-    )
-    admin_credentials = "Token token=#{admin_token.name}"
-
-    @admin.active = false
-    @admin.save!
-
-    Setting.set('api_token_access', false)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('API token access disabled!', result['error'])
-
-    Setting.set('api_token_access', true)
-    get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('User is inactive!', result['error'])
-  end
-
-  test 'token auth - expired' do
-
-    Setting.set('api_token_access', true)
-
-    admin_token = Token.create(
-      action:     'api',
-      persistent: true,
-      user_id:    @admin.id,
-      expires_at: Time.zone.today
-    )
-    admin_credentials = "Token token=#{admin_token.name}"
-
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized (token expired)!', result['error'])
-
-    admin_token.reload
-    assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
-  end
-
-  test 'token auth - not expired' do
-
-    Setting.set('api_token_access', true)
-
-    admin_token = Token.create(
-      action:     'api',
-      persistent: true,
-      user_id:    @admin.id,
-      expires_at: Time.zone.tomorrow
-    )
-    admin_credentials = "Token token=#{admin_token.name}"
-
-    get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
-    assert_response(200)
-    assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-
-    admin_token.reload
-    assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
-  end
-
-  test 'session auth - admin' do
-
-    post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    assert_response(201)
-
-    get '/api/v1/sessions', params: {}
-    assert_response(200)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-  end
-end

test/controllers/api_auth_on_behalf_of_controller_test.rb

@@ -1,231 +0,0 @@
-
-require 'test_helper'
-
-class ApiAuthControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'api-admin-auth-behalf',
-      firstname: 'API',
-      lastname: 'Admin',
-      email: 'api-admin-auth-behalf@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer = User.create!(
-      login: 'api-customer1-auth-behalf@example.com',
-      firstname: 'API',
-      lastname: 'Customer1',
-      email: 'api-customer1-auth-behalf@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create admin for customer by id' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => @customer.id,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: 'Users',
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(result['created_by_id'], @customer.id)
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create admin for customer by login' do
-    ActivityStream.cleanup(1.year)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => @customer.login,
-    )
-    admin_headers = @headers.merge(
-      'Authorization' => credentials,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: 'Users',
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(201)
-    result_ticket_create = JSON.parse(@response.body)
-    assert_equal(Hash, result_ticket_create.class)
-    assert_equal(result_ticket_create['created_by_id'], @customer.id)
-
-    get '/api/v1/activity_stream?full=true', params: {}, headers: admin_headers
-    assert_response(200)
-    result_activity_stream = JSON.parse(@response.body)
-    assert_equal(Hash, result_activity_stream.class)
-
-    ticket_created = nil
-    result_activity_stream['record_ids'].each do |record_id|
-      activity_stream = ActivityStream.find(record_id)
-      next if activity_stream.object.name != 'Ticket'
-      next if activity_stream.o_id != result_ticket_create['id']
-      ticket_created = activity_stream
-    end
-
-    assert(ticket_created)
-    assert_equal(ticket_created.created_by_id, @customer.id)
-
-    get '/api/v1/activity_stream', params: {}, headers: admin_headers
-    assert_response(200)
-    result_activity_stream = JSON.parse(@response.body)
-    assert_equal(Array, result_activity_stream.class)
-
-    ticket_created = nil
-    result_activity_stream.each do |record|
-      activity_stream = ActivityStream.find(record['id'])
-      next if activity_stream.object.name != 'Ticket'
-      next if activity_stream.o_id != result_ticket_create['id']
-      ticket_created = activity_stream
-    end
-
-    assert(ticket_created)
-    assert_equal(ticket_created.created_by_id, @customer.id)
-
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create admin for customer by email' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => @customer.email,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: 'Users',
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(result['created_by_id'], @customer.id)
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create admin for unknown' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => 99_449_494_949,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: 'Users',
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal("No such user '99449494949'", result['error'])
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create customer for admin' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1-auth-behalf@example.com', 'customer1pw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => @admin.email,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: 'Users',
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(401)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal("Current user has no permission to use 'X-On-Behalf-Of'!", result['error'])
-  end
-
-  test 'X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
-    group_secret = Group.new(name: 'secret1234')
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
-    ticket_create_headers = @headers.merge(
-      'Authorization' => credentials,
-      'X-On-Behalf-Of' => @customer.email,
-    )
-
-    params = {
-      title: 'a new ticket #3',
-      group: group_secret.name,
-      priority: '2 normal',
-      state: 'new',
-      customer_id: @customer.id,
-      article: {
-        body: 'some test 123',
-      },
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
-    assert_response(422)
-    assert_not(@response.header.key?('Access-Control-Allow-Origin'))
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('No lookup value found for \'group\': "secret1234"', result['error'])
-  end
-end

test/controllers/basic_controller_test.rb

@@ -1,121 +0,0 @@
-
-require 'test_helper'
-
-class BasicControllerTest < ActionDispatch::IntegrationTest
-
-  test 'json requests' do
-
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # 404
-    get '/not_existing_url', params: {}, headers: @headers
-    assert_response(404)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'No route matches [GET] /not_existing_url')
-
-    # 401
-    get '/api/v1/organizations', params: {}, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'authentication failed')
-
-    # 422
-    get '/tests/unprocessable_entity', params: {}, headers: @headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'some error message')
-
-    # 401
-    get '/tests/not_authorized', params: {}, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'some error message')
-
-    # 401
-    get '/tests/ar_not_found', params: {}, headers: @headers
-    assert_response(404)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'some error message')
-
-    # 500
-    get '/tests/standard_error', params: {}, headers: @headers
-    assert_response(500)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'some error message')
-
-    # 422
-    get '/tests/argument_error', params: {}, headers: @headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'some error message')
-
-  end
-
-  test 'html requests' do
-
-    # 404
-    get '/not_existing_url', params: {}, headers: @headers
-    assert_response(404)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>404: Not Found</title>}, @response.body)
-    assert_match(%r{<h1>404: Requested Ressource was not found.</h1>}, @response.body)
-    assert_match(%r{No route matches \[GET\] /not_existing_url}, @response.body)
-
-    # 401
-    get '/api/v1/organizations', params: {}, headers: @headers
-    assert_response(401)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>401: Unauthorized</title>}, @response.body)
-    assert_match(%r{<h1>401: Unauthorized</h1>}, @response.body)
-    assert_match(/authentication failed/, @response.body)
-
-    # 422
-    get '/tests/unprocessable_entity', params: {}, headers: @headers
-    assert_response(422)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>422: Unprocessable Entity</title>}, @response.body)
-    assert_match(%r{<h1>422: The change you wanted was rejected.</h1>}, @response.body)
-    assert_match(/some error message/, @response.body)
-
-    # 401
-    get '/tests/not_authorized', params: {}, headers: @headers
-    assert_response(401)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>401: Unauthorized</title>}, @response.body)
-    assert_match(%r{<h1>401: Unauthorized</h1>}, @response.body)
-    assert_match(/some error message/, @response.body)
-
-    # 401
-    get '/tests/ar_not_found', params: {}, headers: @headers
-    assert_response(404)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>404: Not Found</title>}, @response.body)
-    assert_match(%r{<h1>404: Requested Ressource was not found.</h1>}, @response.body)
-    assert_match(/some error message/, @response.body)
-
-    # 500
-    get '/tests/standard_error', params: {}, headers: @headers
-    assert_response(500)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>500: Something went wrong</title>}, @response.body)
-    assert_match(%r{<h1>500: We're sorry, but something went wrong.</h1>}, @response.body)
-    assert_match(/some error message/, @response.body)
-
-    # 422
-    get '/tests/argument_error', params: {}, headers: @headers
-    assert_response(422)
-    assert_match(/<html/, @response.body)
-    assert_match(%r{<title>422: Unprocessable Entity</title>}, @response.body)
-    assert_match(%r{<h1>422: The change you wanted was rejected.</h1>}, @response.body)
-    assert_match(/some error message/, @response.body)
-
-  end
-
-end

test/controllers/calendar_controller_test.rb

@@ -1,90 +0,0 @@
-
-require 'test_helper'
-
-class CalendarControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'calendar-admin',
-      firstname: 'Packages',
-      lastname: 'Admin',
-      email: 'calendar-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-  end
-
-  test '01 calendar index with nobody' do
-
-    get '/api/v1/calendars', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-
-    get '/api/v1/calendars_init', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test '02 calendar index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(1, result.count)
-
-    get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(1, result.count)
-
-    get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert(result['record_ids'])
-    assert_equal(1, result['record_ids'].count)
-    assert(result['assets'])
-    assert(result['assets'].present?)
-
-    # index
-    get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['record_ids'])
-    assert(result['ical_feeds'])
-    assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
-    assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
-    assert(result['timezones'])
-    assert_equal(2, result['timezones']['Africa/Johannesburg'])
-    assert_equal(-8, result['timezones']['America/Sitka'])
-    assert(result['assets'])
-
-  end
-
-end

test/controllers/calendars_controller_test.rb

@@ -1,90 +0,0 @@
-
-require 'test_helper'
-
-class CalendarsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'calendar-admin',
-      firstname: 'Packages',
-      lastname: 'Admin',
-      email: 'calendar-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-  end
-
-  test '01 calendar index with nobody' do
-
-    get '/api/v1/calendars', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-
-    get '/api/v1/calendars_init', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test '02 calendar index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(1, result.count)
-
-    get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(1, result.count)
-
-    get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert(result['record_ids'])
-    assert_equal(1, result['record_ids'].count)
-    assert(result['assets'])
-    assert(result['assets'].present?)
-
-    # index
-    get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['record_ids'])
-    assert(result['ical_feeds'])
-    assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
-    assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
-    assert(result['timezones'])
-    assert_equal(2, result['timezones']['Africa/Johannesburg'])
-    assert_equal(-8, result['timezones']['America/Sitka'])
-    assert(result['assets'])
-
-  end
-
-end

test/controllers/form_controller_test.rb

@@ -1,244 +0,0 @@
-require 'test_helper'
-
-class FormControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.4' }
-
-    configure_elasticsearch
-
-    Ticket.destroy_all
-
-    rebuild_searchindex
-  end
-
-  test '01 - get config call' do
-    post '/api/v1/form_config', params: {}.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['error'], 'Not authorized')
-  end
-
-  test '02 - get config call' do
-    Setting.set('form_ticket_create', true)
-    post '/api/v1/form_config', params: {}.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['error'], 'Not authorized')
-
-  end
-
-  test '03 - get config call & do submit' do
-    Setting.set('form_ticket_create', true)
-    fingerprint = SecureRandom.hex(40)
-    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['enabled'], true)
-    assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
-    assert(result['token'])
-    token = result['token']
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['error'], 'Not authorized')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert(result['errors'])
-    assert_equal(result['errors']['name'], 'required')
-    assert_equal(result['errors']['email'], 'required')
-    assert_equal(result['errors']['title'], 'required')
-    assert_equal(result['errors']['body'], 'required')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert(result['errors'])
-    assert_equal(result['errors']['name'], 'required')
-    assert_equal(result['errors']['email'], 'invalid')
-    assert_equal(result['errors']['title'], 'required')
-    assert_equal(result['errors']['body'], 'required')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert_not(result['errors'])
-    assert(result['ticket'])
-    assert(result['ticket']['id'])
-    assert(result['ticket']['number'])
-
-    travel 5.hours
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
-
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert_not(result['errors'])
-    assert(result['ticket'])
-    assert(result['ticket']['id'])
-    assert(result['ticket']['number'])
-
-    travel 20.hours
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
-    assert_response(401)
-
-  end
-
-  test '04 - get config call & do submit' do
-    Setting.set('form_ticket_create', true)
-    fingerprint = SecureRandom.hex(40)
-    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['enabled'], true)
-    assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
-    assert(result['token'])
-    token = result['token']
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['error'], 'Not authorized')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert(result['errors'])
-    assert_equal(result['errors']['name'], 'required')
-    assert_equal(result['errors']['email'], 'required')
-    assert_equal(result['errors']['title'], 'required')
-    assert_equal(result['errors']['body'], 'required')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert(result['errors'])
-    assert_equal(result['errors']['name'], 'required')
-    assert_equal(result['errors']['email'], 'invalid')
-    assert_equal(result['errors']['title'], 'required')
-    assert_equal(result['errors']['body'], 'required')
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }.to_json, headers: @headers
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-
-    assert(result['errors'])
-    assert_equal(result['errors']['email'], 'invalid')
-
-  end
-
-  test '05 - limits' do
-    return if !SearchIndexBackend.enabled?
-
-    Setting.set('form_ticket_create', true)
-    fingerprint = SecureRandom.hex(40)
-    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['enabled'], true)
-    assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
-    assert(result['token'])
-    token = result['token']
-
-    (1..20).each do |count|
-      travel 10.seconds
-      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }.to_json, headers: @headers
-      assert_response(200)
-      result = JSON.parse(@response.body)
-      assert_equal(result.class, Hash)
-
-      assert_not(result['errors'])
-      assert(result['ticket'])
-      assert(result['ticket']['id'])
-      assert(result['ticket']['number'])
-      Scheduler.worker(true)
-      sleep 1 # wait until elasticsearch is index
-    end
-
-    sleep 10 # wait until elasticsearch is index
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
-
-    (1..20).each do |count|
-      travel 10.seconds
-      post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }.to_json, headers: @headers
-      assert_response(200)
-      result = JSON.parse(@response.body)
-      assert_equal(result.class, Hash)
-
-      assert_not(result['errors'])
-      assert(result['ticket'])
-      assert(result['ticket']['id'])
-      assert(result['ticket']['number'])
-      Scheduler.worker(true)
-      sleep 1 # wait until elasticsearch is index
-    end
-
-    sleep 10 # wait until elasticsearch is index
-
-    post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-  end
-
-  test '06 - customer_ticket_create false disables form' do
-    Setting.set('form_ticket_create', false)
-    Setting.set('customer_ticket_create', true)
-
-    fingerprint = SecureRandom.hex(40)
-
-    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
-    result = JSON.parse(@response.body)
-    token = result['token']
-    params = {
-      fingerprint: fingerprint,
-      token: token,
-      name: 'Bob Smith',
-      email: 'discard@znuny.com',
-      title: 'test',
-      body: 'hello'
-    }
-
-    post '/api/v1/form_submit', params: params.to_json, headers: @headers
-
-    assert_response(401)
-  end
-
-end

test/controllers/integration_check_mk_controller_test.rb

@@ -1,270 +0,0 @@
-
-require 'test_helper'
-
-class IntegationCheckMkControllerTest < ActionDispatch::IntegrationTest
-  setup do
-    token = SecureRandom.urlsafe_base64(16)
-    Setting.set('check_mk_token', token)
-    Setting.set('check_mk_integration', true)
-  end
-
-  test '01 without token' do
-    post '/api/v1/integration/check_mk/', params: {}
-    assert_response(404)
-  end
-
-  test '01 invalid token & enabled feature' do
-    post '/api/v1/integration/check_mk/invalid_token', params: {}
-    assert_response(422)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Invalid token!', result['error'])
-  end
-
-  test '01 invalid token & disabled feature' do
-    Setting.set('check_mk_integration', false)
-
-    post '/api/v1/integration/check_mk/invalid_token', params: {}
-    assert_response(422)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Feature is disable, please contact your admin to enable it!', result['error'])
-  end
-
-  test '02 ticket create & close' do
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_id'])
-    assert(result['ticket_number'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal('new', ticket.state.name)
-    assert_equal(1, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'up',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('closed', ticket.state.name)
-    assert_equal(2, ticket.articles.count)
-  end
-
-  test '02 ticket create & create & auto close' do
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_id'])
-    assert(result['ticket_number'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal('new', ticket.state.name)
-    assert_equal(1, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal('ticket already open, added note', result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('new', ticket.state.name)
-    assert_equal(2, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'up',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('closed', ticket.state.name)
-    assert_equal(3, ticket.articles.count)
-  end
-
-  test '02 ticket close' do
-    params = {
-      event_id: '123',
-      state: 'up',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal('no open tickets found, ignore action', result['result'])
-  end
-
-  test '02 ticket create & create & no auto close' do
-    Setting.set('check_mk_auto_close', false)
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_id'])
-    assert(result['ticket_number'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal('new', ticket.state.name)
-    assert_equal(1, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal('ticket already open, added note', result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('new', ticket.state.name)
-    assert_equal(2, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'up',
-      host: 'some host',
-      service: 'some service',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal('ticket already open, added note', result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('new', ticket.state.name)
-    assert_equal(3, ticket.articles.count)
-  end
-
-  test '02 ticket create & create & auto close - host only' do
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_id'])
-    assert(result['ticket_number'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal('new', ticket.state.name)
-    assert_equal(1, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'down',
-      host: 'some host',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal('ticket already open, added note', result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('new', ticket.state.name)
-    assert_equal(2, ticket.articles.count)
-
-    params = {
-      event_id: '123',
-      state: 'up',
-      host: 'some host',
-    }
-    post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert(result['result'])
-    assert(result['ticket_ids'].include?(ticket.id))
-
-    ticket.reload
-    assert_equal('closed', ticket.state.name)
-    assert_equal(3, ticket.articles.count)
-  end
-end

test/controllers/integration_cti_controller_test.rb

@@ -1,508 +0,0 @@
-
-require 'test_helper'
-require 'rexml/document'
-
-class IntegrationCtiControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    Cti::Log.destroy_all
-
-    Setting.set('cti_integration', true)
-    Setting.set('cti_config', {
-                  outbound: {
-                    routing_table: [
-                      {
-                        dest: '41*',
-                        caller_id: '41715880339000',
-                      },
-                      {
-                        dest: '491714000000',
-                        caller_id: '41715880339000',
-                      },
-                    ],
-                    default_caller_id: '4930777000000',
-                  },
-                  inbound: {
-                    block_caller_ids: [
-                      {
-                        caller_id: '491715000000',
-                        note: 'some note',
-                      }
-                    ],
-                    notify_user_ids: {
-                      2 => true,
-                      4 => false,
-                    },
-                  }
-                },)
-
-    groups = Group.where(name: 'Users')
-    roles  = Role.where(name: %w[Agent])
-    agent  = User.create_or_update(
-      login: 'cti-agent@example.com',
-      firstname: 'E',
-      lastname: 'S',
-      email: 'cti-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    customer1 = User.create_or_update(
-      login: 'ticket-caller_id_cti-customer1@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer1',
-      email: 'ticket-caller_id_cti-customer1@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222',
-      fax: '+49 99999 222223',
-      mobile: '+4912347114711',
-      note: 'Phone at home: +49 99999 222224',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    customer2 = User.create_or_update(
-      login: 'ticket-caller_id_cti-customer2@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer2',
-      email: 'ticket-caller_id_cti-customer2@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222 2',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    customer3 = User.create_or_update(
-      login: 'ticket-caller_id_cti-customer3@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer3',
-      email: 'ticket-caller_id_cti-customer3@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222 2',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    Cti::CallerId.rebuild
-
-  end
-
-  test 'token check' do
-    params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
-    post '/api/v1/cti/not_existing_token', params: params
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Invalid token, please contact your admin!', result['error'])
-  end
-
-  test 'basic call' do
-    token = Setting.get('cti_token')
-
-    # inbound - I
-    params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result.blank?)
-
-    # inbound - II - block caller
-    params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('reject', result['action'])
-    assert_equal('busy', result['reason'])
-
-    # outbound - I - set default_caller_id
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('dial', result['action'])
-    assert_equal('4912347114711', result['number'])
-    assert_equal('4930777000000', result['caller_id'])
-
-    # outbound - II - set caller_id based on routing_table by explicite number
-    params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('dial', result['action'])
-    assert_equal('491714000000', result['number'])
-    assert_equal('41715880339000', result['caller_id'])
-
-    # outbound - III - set caller_id based on routing_table by 41*
-    params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('dial', result['action'])
-    assert_equal('4147110000000', result['number'])
-    assert_equal('41715880339000', result['caller_id'])
-
-    # no config
-    Setting.set('cti_config', {})
-    params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Feature not configured, please contact your admin!', result['error'])
-
-  end
-
-  test 'log call' do
-    token = Setting.get('cti_token')
-
-    # outbound - I - new call
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-1')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # outbound - I - hangup by agent
-    params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-1')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_equal('cancel', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert(log.end_at)
-    assert(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # outbound - II - new call
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # outbound - II - answer by customer
-    params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert_nil(log.end_at)
-    assert(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # outbound - II - hangup by customer
-    params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert(log.end_at)
-    assert(log.duration_waiting_time)
-    assert(log.duration_talking_time)
-
-    # inbound - I - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - I - answer by customer
-    params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert_nil(log.end_at)
-    assert(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - I - hangup by customer
-    params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert(log.end_at)
-    assert(log.duration_waiting_time)
-    assert(log.duration_talking_time)
-
-    # inbound - II - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - II - answer by voicemail
-    params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('voicemail', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert_nil(log.end_at)
-    assert(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - II - hangup by customer
-    params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('voicemail', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert(log.start_at)
-    assert(log.end_at)
-    assert(log.duration_waiting_time)
-    assert(log.duration_talking_time)
-
-    # inbound - III - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-5')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - III - hangup by customer
-    params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-5')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert(log.end_at)
-    assert(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - IV - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-6')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('49999992222222', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
-    assert_not(log.preferences['to'])
-    assert(log.preferences['from'])
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # inbound - IV - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
-    post "/api/v1/cti/#{token}", params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-7')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('anonymous', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_nil(log.from_comment)
-    assert_not(log.preferences['to'])
-    assert_not(log.preferences['from'])
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-    assert(log.initialized_at)
-    assert_nil(log.start_at)
-    assert_nil(log.end_at)
-    assert_nil(log.duration_waiting_time)
-    assert_nil(log.duration_talking_time)
-
-    # get caller list
-    get '/api/v1/cti/log'
-    assert_response(401)
-
-    customer2 = User.lookup(login: 'ticket-caller_id_cti-customer2@example.com')
-    customer3 = User.lookup(login: 'ticket-caller_id_cti-customer3@example.com')
-
-    headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
-    get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result['list'].class, Array)
-    assert_equal(7, result['list'].count)
-    assert(result['assets'])
-    assert(result['assets']['User'])
-    assert(result['assets']['User'][customer2.id.to_s])
-    assert(result['assets']['User'][customer3.id.to_s])
-    assert_equal('1234567890-7', result['list'][0]['call_id'])
-    assert_equal('1234567890-6', result['list'][1]['call_id'])
-    assert_equal('1234567890-5', result['list'][2]['call_id'])
-    assert_equal('1234567890-4', result['list'][3]['call_id'])
-    assert_equal('1234567890-3', result['list'][4]['call_id'])
-    assert_equal('1234567890-2', result['list'][5]['call_id'])
-    assert_equal('hangup', result['list'][5]['state'])
-    assert_equal('4930777000000', result['list'][5]['from'])
-    assert_equal('user 1', result['list'][5]['from_comment'])
-    assert_equal('4912347114711', result['list'][5]['to'])
-    assert_equal('CallerId Customer1', result['list'][5]['to_comment'])
-    assert_equal('normalClearing', result['list'][5]['comment'])
-    assert_equal('hangup', result['list'][5]['state'])
-    assert_equal('1234567890-1', result['list'][6]['call_id'])
-
-  end
-
-end

test/controllers/integration_sipgate_controller_test.rb

@@ -1,469 +0,0 @@
-
-require 'test_helper'
-require 'rexml/document'
-
-class IntegrationSipgateControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    Cti::Log.destroy_all
-
-    Setting.set('sipgate_integration', true)
-    Setting.set('sipgate_config', {
-                  outbound: {
-                    routing_table: [
-                      {
-                        dest: '41*',
-                        caller_id: '41715880339000',
-                      },
-                      {
-                        dest: '491714000000',
-                        caller_id: '41715880339000',
-                      },
-                    ],
-                    default_caller_id: '4930777000000',
-                  },
-                  inbound: {
-                    block_caller_ids: [
-                      {
-                        caller_id: '491715000000',
-                        note: 'some note',
-                      }
-                    ],
-                    notify_user_ids: {
-                      2 => true,
-                      4 => false,
-                    },
-                  }
-                },)
-
-    groups = Group.where(name: 'Users')
-    roles  = Role.where(name: %w[Agent])
-    agent  = User.create_or_update(
-      login: 'cti-agent@example.com',
-      firstname: 'E',
-      lastname: 'S',
-      email: 'cti-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    customer1 = User.create_or_update(
-      login: 'ticket-caller_id_sipgate-customer1@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer1',
-      email: 'ticket-caller_id_sipgate-customer1@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222',
-      fax: '+49 99999 222223',
-      mobile: '+4912347114711',
-      note: 'Phone at home: +49 99999 222224',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    customer2 = User.create_or_update(
-      login: 'ticket-caller_id_sipgate-customer2@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer2',
-      email: 'ticket-caller_id_sipgate-customer2@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222 2',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    customer3 = User.create_or_update(
-      login: 'ticket-caller_id_sipgate-customer3@example.com',
-      firstname: 'CallerId',
-      lastname: 'Customer3',
-      email: 'ticket-caller_id_sipgate-customer3@example.com',
-      password: 'customerpw',
-      active: true,
-      phone: '+49 99999 222222 2',
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    Cti::CallerId.rebuild
-
-  end
-
-  test 'basic call' do
-
-    # inbound - I
-    params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    on_hangup = nil
-    on_answer = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response') do |element|
-      on_hangup = element.attributes['onHangup']
-      on_answer = element.attributes['onAnswer']
-    end
-    assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
-
-    # inbound - II - block caller
-    params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    on_hangup = nil
-    on_answer = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response') do |element|
-      on_hangup = element.attributes['onHangup']
-      on_answer = element.attributes['onAnswer']
-    end
-    assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
-    reason = nil
-    response.elements.each('Response/Reject') do |element|
-      reason = element.attributes['reason']
-    end
-    assert_equal('busy', reason)
-
-    # outbound - I - set default_caller_id
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    on_hangup = nil
-    on_answer = nil
-    caller_id = nil
-    number_to_dail = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response') do |element|
-      on_hangup = element.attributes['onHangup']
-      on_answer = element.attributes['onAnswer']
-    end
-    response.elements.each('Response/Dial') do |element|
-      caller_id = element.attributes['callerId']
-    end
-    response.elements.each('Response/Dial/Number') do |element|
-      number_to_dail = element.text
-    end
-    assert_equal('4930777000000', caller_id)
-    assert_equal('4912347114711', number_to_dail)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
-    # outbound - II - set caller_id based on routing_table by explicite number
-    params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    on_hangup = nil
-    on_answer = nil
-    caller_id = nil
-    number_to_dail = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response') do |element|
-      on_hangup = element.attributes['onHangup']
-      on_answer = element.attributes['onAnswer']
-    end
-    response.elements.each('Response/Dial') do |element|
-      caller_id = element.attributes['callerId']
-    end
-    response.elements.each('Response/Dial/Number') do |element|
-      number_to_dail = element.text
-    end
-    assert_equal('41715880339000', caller_id)
-    assert_equal('491714000000', number_to_dail)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
-    # outbound - III - set caller_id based on routing_table by 41*
-    params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    on_hangup = nil
-    on_answer = nil
-    caller_id = nil
-    number_to_dail = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response') do |element|
-      on_hangup = element.attributes['onHangup']
-      on_answer = element.attributes['onAnswer']
-    end
-    response.elements.each('Response/Dial') do |element|
-      caller_id = element.attributes['callerId']
-    end
-    response.elements.each('Response/Dial/Number') do |element|
-      number_to_dail = element.text
-    end
-    assert_equal('41715880339000', caller_id)
-    assert_equal('4147110000000', number_to_dail)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
-    assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
-    # no config
-    Setting.set('sipgate_config', {})
-    params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(422)
-    error = nil
-    content = @response.body
-    response = REXML::Document.new(content)
-    response.elements.each('Response/Error') do |element|
-      error = element.text
-    end
-    assert_equal('Feature not configured, please contact your admin!', error)
-
-  end
-
-  test 'log call' do
-
-    # outbound - I - new call
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-1')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(true, log.done)
-
-    # outbound - I - hangup by agent
-    params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-1')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_equal('cancel', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-
-    # outbound - II - new call
-    params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(true, log.done)
-
-    # outbound - II - answer by customer
-    params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-
-    # outbound - II - hangup by customer
-    params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
-    post '/api/v1/sipgate/out', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-2')
-    assert(log)
-    assert_equal('4930777000000', log.from)
-    assert_equal('4912347114711', log.to)
-    assert_equal('out', log.direction)
-    assert_equal('user 1', log.from_comment)
-    assert_equal('CallerId Customer1', log.to_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-
-    # inbound - I - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-
-    # inbound - I - answer by customer
-    params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-
-    # inbound - I - hangup by customer
-    params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-3')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(true, log.done)
-
-    # inbound - II - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-
-    # inbound - II - answer by voicemail
-    params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('voicemail', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('answer', log.state)
-    assert_equal(true, log.done)
-
-    # inbound - II - hangup by customer
-    params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-4')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('voicemail', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(false, log.done)
-
-    # inbound - III - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-5')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-
-    # inbound - III - hangup by customer
-    params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-5')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('4912347114711', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer1', log.from_comment)
-    assert_equal('normalClearing', log.comment)
-    assert_equal('hangup', log.state)
-    assert_equal(false, log.done)
-
-    # inbound - IV - new call
-    params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
-    post '/api/v1/sipgate/in', params: params
-    assert_response(200)
-    log = Cti::Log.find_by(call_id: '1234567890-6')
-    assert(log)
-    assert_equal('4930600000000', log.to)
-    assert_equal('49999992222222', log.from)
-    assert_equal('in', log.direction)
-    assert_equal('user 1,user 2', log.to_comment)
-    assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
-    assert_not(log.preferences['to'])
-    assert(log.preferences['from'])
-    assert_nil(log.comment)
-    assert_equal('newCall', log.state)
-    assert_equal(false, log.done)
-
-    # get caller list
-    get '/api/v1/cti/log'
-    assert_response(401)
-
-    customer2 = User.lookup(login: 'ticket-caller_id_sipgate-customer2@example.com')
-    customer3 = User.lookup(login: 'ticket-caller_id_sipgate-customer3@example.com')
-
-    headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
-    get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result['list'].class, Array)
-    assert_equal(6, result['list'].count)
-    assert(result['assets'])
-    assert(result['assets']['User'])
-    assert(result['assets']['User'][customer2.id.to_s])
-    assert(result['assets']['User'][customer3.id.to_s])
-    assert_equal('1234567890-6', result['list'][0]['call_id'])
-    assert_equal('1234567890-5', result['list'][1]['call_id'])
-    assert_equal('1234567890-4', result['list'][2]['call_id'])
-    assert_equal('1234567890-3', result['list'][3]['call_id'])
-    assert_equal('1234567890-2', result['list'][4]['call_id'])
-    assert_equal('hangup', result['list'][4]['state'])
-    assert_equal('4930777000000', result['list'][4]['from'])
-    assert_equal('user 1', result['list'][4]['from_comment'])
-    assert_equal('4912347114711', result['list'][4]['to'])
-    assert_equal('CallerId Customer1', result['list'][4]['to_comment'])
-    assert_equal('normalClearing', result['list'][4]['comment'])
-    assert_equal('hangup', result['list'][4]['state'])
-    assert_equal('1234567890-1', result['list'][5]['call_id'])
-
-  end
-
-end

test/controllers/o_auth_controller_test.rb

@@ -1,29 +0,0 @@
-
-require 'test_helper'
-
-class OAuthControllerTest < ActionDispatch::IntegrationTest
-
-  test 'o365 - start' do
-    get '/auth/microsoft_office365', params: {}
-    assert_response(302)
-    assert_match('https://login.microsoftonline.com/common/oauth2/v2.0/authorize', @response.body)
-    assert_match('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback', @response.body)
-    assert_match('scope=openid+email+profile', @response.body)
-    assert_match('response_type=code', @response.body)
-  end
-
-  test 'o365 - callback' do
-    get '/auth/microsoft_office365/callback?code=1234&state=1234', params: {}
-    assert_response(302)
-    assert_match('302 Moved', @response.body)
-  end
-
-  test 'auth failure' do
-    get '/auth/failure?message=123&strategy=some_provider', params: {}
-    assert_response(422)
-    assert_match('<title>422: Unprocessable Entity</title>', @response.body)
-    assert_match('<h1>422: The change you wanted was rejected.</h1>', @response.body)
-    assert_match('<div>Message from some_provider: 123</div>', @response.body)
-  end
-
-end

test/controllers/organization_controller_test.rb

@@ -1,590 +0,0 @@
-require 'test_helper'
-
-class OrganizationControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create orgs
-    @organization = Organization.create!(
-      name: 'Rest Org',
-    )
-    @organization2 = Organization.create!(
-      name: 'Rest Org #2',
-    )
-    @organization3 = Organization.create!(
-      name: 'Rest Org #3',
-    )
-
-    # create customer with org
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-
-    UserInfo.current_user_id = nil
-  end
-
-  test 'organization index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result[0]['member_ids'].class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(2)
-    assert_equal(organizations[0].id, result[0]['id'])
-    assert_equal(organizations[0].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[1].id, result[1]['id'])
-    assert_equal(organizations[1].member_ids, result[1]['member_ids'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(4)
-    assert_equal(organizations[2].id, result[0]['id'])
-    assert_equal(organizations[2].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[3].id, result[1]['id'])
-    assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
-    assert_equal(2, result.count)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org #2')
-
-    # search as agent
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['label'])
-    assert_equal('Zammad Foundation', result[0]['value'])
-    assert_not(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-  end
-
-  test 'organization index with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 0)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test '04.01 organization show and response format' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-    get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-    get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-  end
-
-  test '04.02 organization index and response format' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-
-    assert_equal(Hash, result.class)
-    assert_equal(Array, result['record_ids'].class)
-    assert_equal(1, result['record_ids'][0])
-    assert_equal(organization.id, result['record_ids'].last)
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-    get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-  end
-
-  test '04.03 ticket create and response format' do
-    params = {
-      name: 'Rest Org NEW',
-      members: [@customer_without_org.login],
-    }
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_not(result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params[:name] = 'Rest Org NEW #2'
-    post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_equal(organization.members.pluck(:login), result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params[:name] = 'Rest Org NEW #3'
-    post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-  end
-
-  test '04.04 ticket update and response formats' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    params = {
-      name: 'a update name #1',
-    }
-    put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(params[:name], result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_not(result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params = {
-      name: 'a update name #2',
-    }
-    put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(params[:name], result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params = {
-      name: 'a update name #3',
-    }
-    put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-  end
-
-  test '05.01 csv example - customer no access' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test '05.02 csv example - admin access' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-
-    rows = CSV.parse(@response.body)
-    header = rows.shift
-
-    assert_equal('id', header[0])
-    assert_equal('name', header[1])
-    assert_equal('shared', header[2])
-    assert_equal('domain', header[3])
-    assert_equal('domain_assignment', header[4])
-    assert_equal('active', header[5])
-    assert_equal('note', header[6])
-    assert(header.include?('members'))
-  end
-
-  test '05.03 csv import - admin access' do
-
-    UserInfo.current_user_id = 1
-    customer1 = User.create!(
-      login: 'customer1-members@example.com',
-      firstname: 'Member',
-      lastname: 'Customer',
-      email: 'customer1-members@example.com',
-      password: 'customerpw',
-      active: true,
-    )
-    customer2 = User.create!(
-      login: 'customer2-members@example.com',
-      firstname: 'Member',
-      lastname: 'Customer',
-      email: 'customer2-members@example.com',
-      password: 'customerpw',
-      active: true,
-    )
-    UserInfo.current_user_id = nil
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # invalid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('failed', result['result'])
-    assert_equal(2, result['errors'].count)
-    assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
-    assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
-
-    # valid file try
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    assert_nil(Organization.find_by(name: 'organization-member-import1'))
-    assert_nil(Organization.find_by(name: 'organization-member-import2'))
-
-    # valid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(false, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    organization1 = Organization.find_by(name: 'organization-member-import1')
-    assert(organization1)
-    assert_equal(organization1.name, 'organization-member-import1')
-    assert_equal(organization1.members.count, 1)
-    assert_equal(organization1.members.first.login, customer1.login)
-    assert_equal(organization1.active, true)
-    organization2 = Organization.find_by(name: 'organization-member-import2')
-    assert(organization2)
-    assert_equal(organization2.name, 'organization-member-import2')
-    assert_equal(organization2.members.count, 1)
-    assert_equal(organization2.members.first.login, customer2.login)
-    assert_equal(organization2.active, false)
-
-  end
-
-end

test/controllers/organizations_controller_test.rb

@@ -1,638 +0,0 @@
-require 'test_helper'
-
-class OrganizationsControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create orgs
-    @organization = Organization.create!(
-      name: 'Rest Org #1',
-      note: 'Rest Org A',
-      created_at: '2018-02-05 17:42:00',
-      updated_at: '2018-02-05 20:42:00',
-    )
-    @organization2 = Organization.create!(
-      name: 'Rest Org #2',
-      note: 'Rest Org B',
-      created_at: '2018-02-05 18:42:00',
-      updated_at: '2018-02-05 18:42:00',
-    )
-    @organization3 = Organization.create!(
-      name: 'Rest Org #3',
-      note: 'Rest Org C',
-      created_at: '2018-02-05 19:42:00',
-      updated_at: '2018-02-05 19:42:00',
-    )
-
-    # create customer with org
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-
-    UserInfo.current_user_id = nil
-  end
-
-  test 'organization index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result[0]['member_ids'].class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(2)
-    assert_equal(organizations[0].id, result[0]['id'])
-    assert_equal(organizations[0].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[1].id, result[1]['id'])
-    assert_equal(organizations[1].member_ids, result[1]['member_ids'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(4)
-    assert_equal(organizations[2].id, result[0]['id'])
-    assert_equal(organizations[2].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[3].id, result[1]['id'])
-    assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
-    assert_equal(2, result.count)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org #1')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org #2')
-
-    # search as agent
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['label'])
-    assert_equal('Zammad Foundation', result[0]['value'])
-    assert_not(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-  end
-
-  test 'organization index with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 0)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['name'], 'Rest Org #1')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization search sortable' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    result.collect! { |v| v['id'] }
-    assert_equal(Array, result.class)
-    assert_equal([ @organization.id, @organization3.id, @organization2.id ], result)
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    result.collect! { |v| v['id'] }
-    assert_equal(Array, result.class)
-    assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    result.collect! { |v| v['id'] }
-    assert_equal(Array, result.class)
-    assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    result.collect! { |v| v['id'] }
-    assert_equal(Array, result.class)
-    assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    result.collect! { |v| v['id'] }
-    assert_equal(Array, result.class)
-    assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
-  end
-
-  test '04.01 organization show and response format' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-    get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-    get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(organization.id, result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_not(result['members'])
-    assert_equal([@customer_without_org.id], result['member_ids'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-  end
-
-  test '04.02 organization index and response format' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-
-    get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-
-    assert_equal(Hash, result.class)
-    assert_equal(Array, result['record_ids'].class)
-    assert_equal(1, result['record_ids'][0])
-    assert_equal(organization.id, result['record_ids'].last)
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-    get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(Hash, result[0].class)
-    assert_equal(organization.id, result.last['id'])
-    assert_equal(organization.name, result.last['name'])
-    assert_not(result.last['members'])
-    assert_equal(organization.member_ids, result.last['member_ids'])
-    assert_equal(@admin.id, result.last['updated_by_id'])
-    assert_equal(@admin.id, result.last['created_by_id'])
-  end
-
-  test '04.03 ticket create and response format' do
-    params = {
-      name: 'Rest Org NEW',
-      members: [@customer_without_org.login],
-    }
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_not(result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params[:name] = 'Rest Org NEW #2'
-    post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(organization.name, result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_equal(organization.members.pluck(:login), result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params[:name] = 'Rest Org NEW #3'
-    post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-  end
-
-  test '04.04 ticket update and response formats' do
-    organization = Organization.create!(
-      name: 'Rest Org NEW',
-      members: [@customer_without_org],
-      updated_by_id: @admin.id,
-      created_by_id: @admin.id,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    params = {
-      name: 'a update name #1',
-    }
-    put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(params[:name], result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_not(result['members'])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params = {
-      name: 'a update name #2',
-    }
-    put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert_equal(params[:name], result['name'])
-    assert_equal(organization.member_ids, result['member_ids'])
-    assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
-    assert_equal(@admin.id, result['updated_by_id'])
-    assert_equal(@admin.id, result['created_by_id'])
-
-    params = {
-      name: 'a update name #3',
-    }
-    put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    organization = Organization.find(result['id'])
-    assert(result['assets'])
-    assert(result['assets']['Organization'])
-    assert(result['assets']['Organization'][organization.id.to_s])
-    assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
-    assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
-    assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
-    assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
-  end
-
-  test '05.01 csv example - customer no access' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test '05.02 csv example - admin access' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-
-    rows = CSV.parse(@response.body)
-    header = rows.shift
-
-    assert_equal('id', header[0])
-    assert_equal('name', header[1])
-    assert_equal('shared', header[2])
-    assert_equal('domain', header[3])
-    assert_equal('domain_assignment', header[4])
-    assert_equal('active', header[5])
-    assert_equal('note', header[6])
-    assert(header.include?('members'))
-  end
-
-  test '05.03 csv import - admin access' do
-
-    UserInfo.current_user_id = 1
-    customer1 = User.create!(
-      login: 'customer1-members@example.com',
-      firstname: 'Member',
-      lastname: 'Customer',
-      email: 'customer1-members@example.com',
-      password: 'customerpw',
-      active: true,
-    )
-    customer2 = User.create!(
-      login: 'customer2-members@example.com',
-      firstname: 'Member',
-      lastname: 'Customer',
-      email: 'customer2-members@example.com',
-      password: 'customerpw',
-      active: true,
-    )
-    UserInfo.current_user_id = nil
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # invalid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('failed', result['result'])
-    assert_equal(2, result['errors'].count)
-    assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
-    assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
-
-    # valid file try
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    assert_nil(Organization.find_by(name: 'organization-member-import1'))
-    assert_nil(Organization.find_by(name: 'organization-member-import2'))
-
-    # valid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(false, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    organization1 = Organization.find_by(name: 'organization-member-import1')
-    assert(organization1)
-    assert_equal(organization1.name, 'organization-member-import1')
-    assert_equal(organization1.members.count, 1)
-    assert_equal(organization1.members.first.login, customer1.login)
-    assert_equal(organization1.active, true)
-    organization2 = Organization.find_by(name: 'organization-member-import2')
-    assert(organization2)
-    assert_equal(organization2.name, 'organization-member-import2')
-    assert_equal(organization2.members.count, 1)
-    assert_equal(organization2.members.first.login, customer2.login)
-    assert_equal(organization2.active, false)
-
-  end
-
-end

test/controllers/overviews_controller_test.rb

@@ -1,221 +0,0 @@
-
-require 'test_helper'
-
-class OverviewsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'tickets-admin',
-      firstname: 'Tickets',
-      lastname: 'Admin',
-      email: 'tickets-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'tickets-agent@example.com',
-      firstname: 'Tickets',
-      lastname: 'Agent',
-      email: 'tickets-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: Group.all,
-    )
-
-  end
-
-  test 'no permissions' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent', 'agentpw')
-
-    params = {
-      name: 'Overview2',
-      link: 'my_overview',
-      roles: Role.where(name: 'Agent').pluck(:name),
-      condition: {
-        'ticket.state_id' => {
-          operator: 'is',
-          value: [1, 2, 3],
-        },
-      },
-      order: {
-        by: 'created_at',
-        direction: 'DESC',
-      },
-      view: {
-        d: %w[title customer state created_at],
-        s: %w[number title customer state created_at],
-        m: %w[number title customer state created_at],
-        view_mode_default: 's',
-      },
-    }
-
-    post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'create overviews' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
-
-    params = {
-      name: 'Overview2',
-      link: 'my_overview',
-      roles: Role.where(name: 'Agent').pluck(:name),
-      condition: {
-        'ticket.state_id' => {
-          operator: 'is',
-          value: [1, 2, 3],
-        },
-      },
-      order: {
-        by: 'created_at',
-        direction: 'DESC',
-      },
-      view: {
-        d: %w[title customer state created_at],
-        s: %w[number title customer state created_at],
-        m: %w[number title customer state created_at],
-        view_mode_default: 's',
-      },
-    }
-
-    post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Overview2', result['name'])
-    assert_equal('my_overview', result['link'])
-
-    post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Overview2', result['name'])
-    assert_equal('my_overview_1', result['link'])
-  end
-
-  test 'set mass prio' do
-    roles = Role.where(name: 'Agent')
-    overview1 = Overview.create!(
-      name: 'Overview1',
-      link: 'my_overview',
-      roles: roles,
-      condition: {
-        'ticket.state_id' => {
-          operator: 'is',
-          value: [1, 2, 3],
-        },
-      },
-      order: {
-        by: 'created_at',
-        direction: 'DESC',
-      },
-      view: {
-        d: %w[title customer state created_at],
-        s: %w[number title customer state created_at],
-        m: %w[number title customer state created_at],
-        view_mode_default: 's',
-      },
-      prio: 1,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    overview2 = Overview.create!(
-      name: 'Overview2',
-      link: 'my_overview',
-      roles: roles,
-      condition: {
-        'ticket.state_id' => {
-          operator: 'is',
-          value: [1, 2, 3],
-        },
-      },
-      order: {
-        by: 'created_at',
-        direction: 'DESC',
-      },
-      view: {
-        d: %w[title customer state created_at],
-        s: %w[number title customer state created_at],
-        m: %w[number title customer state created_at],
-        view_mode_default: 's',
-      },
-      prio: 2,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
-    params = {
-      prios: [
-        [overview2.id, 1],
-        [overview1.id, 2],
-      ]
-    }
-    post '/api/v1/overviews_prio', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(true, result['success'])
-
-    overview1.reload
-    overview2.reload
-
-    assert_equal(2, overview1.prio)
-    assert_equal(1, overview2.prio)
-  end
-
-  test 'create an overview with group_by direction' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
-
-    params = {
-      name: 'Overview2',
-      link: 'my_overview',
-      roles: Role.where(name: 'Agent').pluck(:name),
-      condition: {
-        'ticket.state_id' => {
-          operator: 'is',
-          value: [1, 2, 3],
-        },
-      },
-      order: {
-        by: 'created_at',
-        direction: 'DESC',
-      },
-      group_by: 'priority',
-      group_direction: 'ASC',
-      view: {
-        d: %w[title customer state created_at],
-        s: %w[number title customer state created_at],
-        m: %w[number title customer state created_at],
-        view_mode_default: 's',
-      },
-    }
-
-    post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Overview2', result['name'])
-    assert_equal('my_overview', result['link'])
-    assert_equal('priority', result['group_by'])
-    assert_equal('ASC', result['group_direction'])
-  end
-
-end

test/controllers/packages_controller_test.rb

@@ -1,131 +0,0 @@
-
-require 'test_helper'
-
-class PackagesControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'packages-admin',
-      firstname: 'Packages',
-      lastname: 'Admin',
-      email: 'packages-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'packages-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'packages-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'packages-customer1@example.com',
-      firstname: 'Packages',
-      lastname: 'Customer1',
-      email: 'packages-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test '01 packages index with nobody' do
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['packages'])
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test '02 packages index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['packages'])
-  end
-
-  test '03 packages index with admin and wrong pw' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'wrongadminpw')
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test '04 packages index with inactive admin' do
-    @admin.active = false
-    @admin.save!
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test '05 packages index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['packages'])
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test '06 packages index with customer' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['packages'])
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-end

test/controllers/reports_controller_test.rb

@@ -1,98 +0,0 @@
-require 'test_helper'
-
-class ReportsControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    @year = DateTime.now.utc.year
-    @month = DateTime.now.utc.month
-    @week = DateTime.now.utc.strftime('%U').to_i
-    @day = DateTime.now.utc.day
-
-    roles  = Role.where(name: 'Admin')
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-      updated_by_id: 1,
-      created_by_id: 1
-    )
-
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-      updated_by_id: 1,
-      created_by_id: 1
-    )
-
-    @group1 = Group.create!(
-      name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
-      active: true,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    @ticket1 = Ticket.create!(
-      title: 'ticket for report',
-      group_id: @group1.id,
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'open'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    Ticket::Article.create!(
-      type: Ticket::Article::Type.lookup(name: 'note'),
-      sender: Ticket::Article::Sender.lookup(name: 'Customer'),
-      from: 'sender',
-      subject: 'subject',
-      body: 'some body',
-      ticket_id: @ticket1.id,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-  end
-
-  test '01.01 report example - admin access' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get "/api/v1/reports/sets?sheet=true;metric=count;year=#{@year};month=#{@month};week=#{@week};day=#{@day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, headers: @headers.merge('Authorization' => credentials)
-
-    assert_response(200)
-    assert(@response['Content-Disposition'])
-    assert_equal('attachment; filename="tickets--all--Created.xls"', @response['Content-Disposition'])
-    assert_equal('application/vnd.ms-excel', @response['Content-Type'])
-  end
-end

test/controllers/search_controller_test.rb

@@ -1,448 +0,0 @@
-require 'test_helper'
-
-class SearchControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set current user
-    UserInfo.current_user_id = 1
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    @admin = User.create!(
-      login: 'search-admin',
-      firstname: 'Search',
-      lastname: 'Admin',
-      email: 'search-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'search-agent@example.com',
-      firstname: 'Search 1234',
-      lastname: 'Agent',
-      email: 'search-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'search-customer1@example.com',
-      firstname: 'Search',
-      lastname: 'Customer1',
-      email: 'search-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create orgs
-    @organization = Organization.create!(
-      name: 'Rest Org',
-    )
-    @organization2 = Organization.create!(
-      name: 'Rest Org #2',
-    )
-    @organization3 = Organization.create!(
-      name: 'Rest Org #3',
-    )
-    @organization4 = Organization.create!(
-      name: 'Tes.t. Org',
-    )
-    @organization5 = Organization.create!(
-      name: 'ABC_D Org',
-    )
-
-    # create customer with org
-    @customer_with_org2 = User.create!(
-      login: 'search-customer2@example.com',
-      firstname: 'Search',
-      lastname: 'Customer2',
-      email: 'search-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    @customer_with_org3 = User.create!(
-      login: 'search-customer3@example.com',
-      firstname: 'Search',
-      lastname: 'Customer3',
-      email: 'search-customer3@example.com',
-      password: 'customer3pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    @ticket1 = Ticket.create!(
-      title: 'test 1234-1',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-    )
-    @article1 = Ticket::Article.create!(
-      ticket_id: @ticket1.id,
-      from: 'some_sender1@example.com',
-      to: 'some_recipient1@example.com',
-      subject: 'some subject1',
-      message_id: 'some@id',
-      body: 'some message1',
-      internal: false,
-      sender: Ticket::Article::Sender.where(name: 'Customer').first,
-      type: Ticket::Article::Type.where(name: 'email').first,
-    )
-    travel 1.second
-    @ticket2 = Ticket.create!(
-      title: 'test 1234-2',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_with_org2.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-    )
-    @article2 = Ticket::Article.create!(
-      ticket_id: @ticket2.id,
-      from: 'some_sender2@example.com',
-      to: 'some_recipient2@example.com',
-      subject: 'some subject2',
-      message_id: 'some@id',
-      body: 'some message2',
-      internal: false,
-      sender: Ticket::Article::Sender.where(name: 'Customer').first,
-      type: Ticket::Article::Type.where(name: 'email').first,
-    )
-    travel 1.second
-    @ticket3 = Ticket.create!(
-      title: 'test 1234-2',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_with_org3.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-    )
-    @article3 = Ticket::Article.create!(
-      ticket_id: @ticket3.id,
-      from: 'some_sender3@example.com',
-      to: 'some_recipient3@example.com',
-      subject: 'some subject3',
-      message_id: 'some@id',
-      body: 'some message3',
-      internal: false,
-      sender: Ticket::Article::Sender.where(name: 'Customer').first,
-      type: Ticket::Article::Type.where(name: 'email').first,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-  end
-
-  test 'settings index with nobody' do
-    params = {
-      query: 'test 1234',
-      limit: 2,
-    }
-
-    post '/api/v1/search/ticket', params: params.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result.blank?)
-    assert_equal('authentication failed', result['error'])
-
-    post '/api/v1/search/user', params: params.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result.blank?)
-    assert_equal('authentication failed', result['error'])
-
-    post '/api/v1/search', params: params.to_json, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result.blank?)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'settings index with admin' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw')
-
-    params = {
-      query: '1234*',
-      limit: 1,
-    }
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('User', result['result'][1]['type'])
-    assert_equal(@agent.id, result['result'][1]['id'])
-    assert_not(result['result'][2])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_equal('Ticket', result['result'][2]['type'])
-    assert_equal(@ticket1.id, result['result'][2]['id'])
-    assert_equal('User', result['result'][3]['type'])
-    assert_equal(@agent.id, result['result'][3]['id'])
-    assert_not(result['result'][4])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_equal('Ticket', result['result'][2]['type'])
-    assert_equal(@ticket1.id, result['result'][2]['id'])
-    assert_not(result['result'][3])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('User', result['result'][0]['type'])
-    assert_equal(@agent.id, result['result'][0]['id'])
-    assert_not(result['result'][1])
-  end
-
-  test 'settings index with agent' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
-    params = {
-      query: '1234*',
-      limit: 1,
-    }
-
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('User', result['result'][1]['type'])
-    assert_equal(@agent.id, result['result'][1]['id'])
-    assert_not(result['result'][2])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_equal('Ticket', result['result'][2]['type'])
-    assert_equal(@ticket1.id, result['result'][2]['id'])
-    assert_equal('User', result['result'][3]['type'])
-    assert_equal(@agent.id, result['result'][3]['id'])
-    assert_not(result['result'][4])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_equal('Ticket', result['result'][2]['type'])
-    assert_equal(@ticket1.id, result['result'][2]['id'])
-    assert_not(result['result'][3])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('User', result['result'][0]['type'])
-    assert_equal(@agent.id, result['result'][0]['id'])
-    assert_not(result['result'][1])
-  end
-
-  test 'settings index with customer 1' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw')
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket1.id, result['result'][0]['id'])
-    assert_not(result['result'][1])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket1.id, result['result'][0]['id'])
-    assert_not(result['result'][1])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['result'][0])
-  end
-
-  test 'settings index with customer 2' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw')
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_not(result['result'][2])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert_equal('Ticket', result['result'][0]['type'])
-    assert_equal(@ticket3.id, result['result'][0]['id'])
-    assert_equal('Ticket', result['result'][1]['type'])
-    assert_equal(@ticket2.id, result['result'][1]['id'])
-    assert_not(result['result'][2])
-
-    params = {
-      query: '1234*',
-      limit: 10,
-    }
-
-    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['result'][0])
-  end
-
-  # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
-  test 'searching for organization with a dot in its name' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
-    get '/api/v1/search/organization?query=tes.', headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(1, result['result'].size)
-    assert_equal('Organization', result['result'][0]['type'])
-    target_id = result['result'][0]['id']
-    assert_equal('Tes.t. Org', result['assets']['Organization'][target_id.to_s]['name'])
-  end
-
-  # Search query H& should correctly match H&M
-  test 'searching for organization with _ in its name' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
-    get '/api/v1/search/organization?query=abc_', headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(1, result['result'].size)
-    assert_equal('Organization', result['result'][0]['type'])
-    target_id = result['result'][0]['id']
-    assert_equal('ABC_D Org', result['assets']['Organization'][target_id.to_s]['name'])
-  end
-end

test/controllers/settings_controller_test.rb

@@ -1,302 +0,0 @@
-
-require 'test_helper'
-
-class SettingsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin_full = User.create!(
-      login: 'setting-admin',
-      firstname: 'Setting',
-      lastname: 'Admin',
-      email: 'setting-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    role_api = Role.create!(
-      name: 'AdminApi',
-      note: 'To configure your api.',
-      preferences: {
-        not: ['Customer'],
-      },
-      default_at_signup: false,
-      updated_by_id: 1,
-      created_by_id: 1
-    )
-    role_api.permission_grant('admin.api')
-    @admin_api = User.create!(
-      login: 'setting-admin-api',
-      firstname: 'Setting',
-      lastname: 'Admin Api',
-      email: 'setting-admin-api@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: [role_api],
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'setting-agent@example.com',
-      firstname: 'Setting',
-      lastname: 'Agent',
-      email: 'setting-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'setting-customer1@example.com',
-      firstname: 'Setting',
-      lastname: 'Customer1',
-      email: 'setting-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test 'settings index with nobody' do
-
-    # index
-    get '/api/v1/settings', params: {}, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['settings'])
-
-    # show
-    setting = Setting.find_by(name: 'product_name')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'settings index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    hit_api = false
-    hit_product_name = false
-    result.each do |setting|
-      if setting['name'] == 'api_token_access'
-        hit_api = true
-      end
-      if setting['name'] == 'product_name'
-        hit_product_name = true
-      end
-    end
-    assert_equal(true, hit_api)
-    assert_equal(true, hit_product_name)
-
-    # show
-    setting = Setting.find_by(name: 'product_name')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('product_name', result['name'])
-
-    setting = Setting.find_by(name: 'api_token_access')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('api_token_access', result['name'])
-
-    # update
-    setting = Setting.find_by(name: 'product_name')
-    params = {
-      id: setting.id,
-      name: 'some_new_name',
-      preferences: {
-        permission: ['admin.branding', 'admin.some_new_permission'],
-        some_new_key: true,
-      }
-    }
-    put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('product_name', result['name'])
-    assert_equal(1, result['preferences']['permission'].length)
-    assert_equal('admin.branding', result['preferences']['permission'][0])
-    assert_equal(true, result['preferences']['some_new_key'])
-
-    # update
-    setting = Setting.find_by(name: 'api_token_access')
-    params = {
-      id: setting.id,
-      name: 'some_new_name',
-      preferences: {
-        permission: ['admin.branding', 'admin.some_new_permission'],
-        some_new_key: true,
-      }
-    }
-    put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('api_token_access', result['name'])
-    assert_equal(1, result['preferences']['permission'].length)
-    assert_equal('admin.api', result['preferences']['permission'][0])
-    assert_equal(true, result['preferences']['some_new_key'])
-
-    # delete
-    setting = Setting.find_by(name: 'product_name')
-    delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (feature not possible)', result['error'])
-  end
-
-  test 'settings index with admin-api' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin-api@example.com', 'adminpw')
-
-    # index
-    get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    hit_api = false
-    hit_product_name = false
-    result.each do |setting|
-      if setting['name'] == 'api_token_access'
-        hit_api = true
-      end
-      if setting['name'] == 'product_name'
-        hit_product_name = true
-      end
-    end
-    assert_equal(true, hit_api)
-    assert_equal(false, hit_product_name)
-
-    # show
-    setting = Setting.find_by(name: 'product_name')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (required ["admin.branding"])', result['error'])
-
-    setting = Setting.find_by(name: 'api_token_access')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('api_token_access', result['name'])
-
-    # update
-    setting = Setting.find_by(name: 'product_name')
-    params = {
-      id: setting.id,
-      name: 'some_new_name',
-      preferences: {
-        permission: ['admin.branding', 'admin.some_new_permission'],
-        some_new_key: true,
-      }
-    }
-    put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (required ["admin.branding"])', result['error'])
-
-    # update
-    setting = Setting.find_by(name: 'api_token_access')
-    params = {
-      id: setting.id,
-      name: 'some_new_name',
-      preferences: {
-        permission: ['admin.branding', 'admin.some_new_permission'],
-        some_new_key: true,
-      }
-    }
-    put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('api_token_access', result['name'])
-    assert_equal(1, result['preferences']['permission'].length)
-    assert_equal('admin.api', result['preferences']['permission'][0])
-    assert_equal(true, result['preferences']['some_new_key'])
-
-    # delete
-    setting = Setting.find_by(name: 'product_name')
-    delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (feature not possible)', result['error'])
-  end
-
-  test 'settings index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['settings'])
-    assert_equal('Not authorized (user)!', result['error'])
-
-    # show
-    setting = Setting.find_by(name: 'product_name')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test 'settings index with customer' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_not(result['settings'])
-    assert_equal('Not authorized (user)!', result['error'])
-
-    # show
-    setting = Setting.find_by(name: 'product_name')
-    get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-
-    # delete
-    setting = Setting.find_by(name: 'product_name')
-    delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-end

test/controllers/sla_controller_test.rb

@@ -1,70 +0,0 @@
-
-require 'test_helper'
-
-class SlaControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'sla-admin',
-      firstname: 'Packages',
-      lastname: 'Admin',
-      email: 'sla-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-  end
-
-  test '01 sla index with nobody' do
-
-    get '/api/v1/slas', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-
-  end
-
-  test '02 sla index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
-
-    get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(0, result.count)
-
-    get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(0, result.count)
-
-    get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert(result['record_ids'])
-    assert(result['record_ids'].blank?)
-    assert(result['assets'])
-    assert(result['assets']['Calendar'].present?)
-    assert(result['assets'].present?)
-
-  end
-
-end

test/controllers/slas_controller_test.rb

@@ -1,70 +0,0 @@
-
-require 'test_helper'
-
-class SlasControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'sla-admin',
-      firstname: 'Packages',
-      lastname: 'Admin',
-      email: 'sla-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-  end
-
-  test '01 sla index with nobody' do
-
-    get '/api/v1/slas', params: {}, headers: @headers
-    assert_response(401)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('authentication failed', result['error'])
-
-  end
-
-  test '02 sla index with admin' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
-
-    get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(0, result.count)
-
-    get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert(result)
-    assert_equal(0, result.count)
-
-    get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result)
-    assert(result['record_ids'])
-    assert(result['record_ids'].blank?)
-    assert(result['assets'])
-    assert(result['assets']['Calendar'].present?)
-    assert(result['assets'].present?)
-
-  end
-
-end

test/controllers/taskbars_controller_test.rb

@@ -1,112 +0,0 @@
-
-require 'test_helper'
-
-class TaskbarsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-    UserInfo.current_user_id = 1
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    groups = Group.all
-
-    @agent = User.create!(
-      login: 'taskbar-agent@example.com',
-      firstname: 'Taskbar',
-      lastname: 'Agent',
-      email: 'taskbar-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'taskbar-customer1@example.com',
-      firstname: 'Taskbar',
-      lastname: 'Customer1',
-      email: 'taskbar-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test 'task ownership' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
-    params = {
-      user_id: @customer_without_org.id,
-      client_id: '123',
-      key: 'Ticket-5',
-      callback: 'TicketZoom',
-      state: {
-        ticket: {
-          owner_id: @agent.id,
-        },
-        article: {},
-      },
-      params: {
-        ticket_id: 5,
-        shown: true,
-      },
-      prio: 3,
-      notify: false,
-      active: false,
-    }
-
-    post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('123', result['client_id'])
-    assert_equal(@agent.id, result['user_id'])
-    assert_equal(5, result['params']['ticket_id'])
-    assert_equal(true, result['params']['shown'])
-
-    taskbar_id = result['id']
-    params[:user_id] = @customer_without_org.id
-    params[:params] = {
-      ticket_id: 5,
-      shown: false,
-    }
-    put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('123', result['client_id'])
-    assert_equal(@agent.id, result['user_id'])
-    assert_equal(5, result['params']['ticket_id'])
-    assert_equal(false, result['params']['shown'])
-
-    # try to access with other user
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
-    params = {
-      active: true,
-    }
-    put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not allowed to access this task.', result['error'])
-
-    delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not allowed to access this task.', result['error'])
-
-    # delete with correct user
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
-    delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result.blank?)
-  end
-
-end

test/controllers/text_module_controller_test.rb

@@ -1,160 +0,0 @@
-
-require 'test_helper'
-require 'rake'
-
-class TextModuleControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create customer
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-    )
-
-    UserInfo.current_user_id = nil
-  end
-
-  test '05.01 csv example - customer no access' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test '05.02 csv example - admin access' do
-    TextModule.load('en-en')
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    rows = CSV.parse(@response.body)
-    header = rows.shift
-
-    assert_equal('id', header[0])
-    assert_equal('name', header[1])
-    assert_equal('keywords', header[2])
-    assert_equal('content', header[3])
-    assert_equal('note', header[4])
-    assert_equal('active', header[5])
-    assert_not(header.include?('organization'))
-    assert_not(header.include?('priority'))
-    assert_not(header.include?('state'))
-    assert_not(header.include?('owner'))
-    assert_not(header.include?('customer'))
-  end
-
-  test '05.03 csv import - admin access' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # invalid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('failed', result['result'])
-    assert_equal(2, result['errors'].count)
-    assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
-    assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
-
-    # valid file try
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    assert_nil(TextModule.find_by(name: 'some name1'))
-    assert_nil(TextModule.find_by(name: 'some name2'))
-
-    # valid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(false, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    text_module1 = TextModule.find_by(name: 'some name1')
-    assert(text_module1)
-    assert_equal(text_module1.name, 'some name1')
-    assert_equal(text_module1.keywords, 'keyword1')
-    assert_equal(text_module1.content, 'some<br>content1')
-    assert_equal(text_module1.active, true)
-    text_module2 = TextModule.find_by(name: 'some name2')
-    assert(text_module2)
-    assert_equal(text_module2.name, 'some name2')
-    assert_equal(text_module2.keywords, 'keyword2')
-    assert_equal(text_module2.content, 'some content<br>test123')
-    assert_equal(text_module2.active, true)
-
-  end
-
-end

test/controllers/text_modules_controller_test.rb

@@ -1,160 +0,0 @@
-
-require 'test_helper'
-require 'rake'
-
-class TextModulesControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create customer
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-    )
-
-    UserInfo.current_user_id = nil
-  end
-
-  test '05.01 csv example - customer no access' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('Not authorized (user)!', result['error'])
-  end
-
-  test '05.02 csv example - admin access' do
-    TextModule.load('en-en')
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    rows = CSV.parse(@response.body)
-    header = rows.shift
-
-    assert_equal('id', header[0])
-    assert_equal('name', header[1])
-    assert_equal('keywords', header[2])
-    assert_equal('content', header[3])
-    assert_equal('note', header[4])
-    assert_equal('active', header[5])
-    assert_not(header.include?('organization'))
-    assert_not(header.include?('priority'))
-    assert_not(header.include?('state'))
-    assert_not(header.include?('owner'))
-    assert_not(header.include?('customer'))
-  end
-
-  test '05.03 csv import - admin access' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # invalid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('failed', result['result'])
-    assert_equal(2, result['errors'].count)
-    assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
-    assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
-
-    # valid file try
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(true, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    assert_nil(TextModule.find_by(name: 'some name1'))
-    assert_nil(TextModule.find_by(name: 'some name2'))
-
-    # valid file
-    csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
-    csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
-    post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    assert_equal(false, result['try'])
-    assert_equal(2, result['records'].count)
-    assert_equal('success', result['result'])
-
-    text_module1 = TextModule.find_by(name: 'some name1')
-    assert(text_module1)
-    assert_equal(text_module1.name, 'some name1')
-    assert_equal(text_module1.keywords, 'keyword1')
-    assert_equal(text_module1.content, 'some<br>content1')
-    assert_equal(text_module1.active, true)
-    text_module2 = TextModule.find_by(name: 'some name2')
-    assert(text_module2)
-    assert_equal(text_module2.name, 'some name2')
-    assert_equal(text_module2.keywords, 'keyword2')
-    assert_equal(text_module2.content, 'some content<br>test123')
-    assert_equal(text_module2.active, true)
-
-  end
-
-end

test/controllers/ticket_article_attachments_controller_test.rb

@@ -1,200 +0,0 @@
-
-require 'test_helper'
-
-class TicketArticleAttachmentsControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'tickets-admin',
-      firstname: 'Tickets',
-      lastname: 'Admin',
-      email: 'tickets-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'tickets-agent@example.com',
-      firstname: 'Tickets',
-      lastname: 'Agent',
-      email: 'tickets-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'tickets-customer1@example.com',
-      firstname: 'Tickets',
-      lastname: 'Customer1',
-      email: 'tickets-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test '01.01 test attachment urls' do
-    ticket1 = Ticket.create(
-      title: 'attachment test 1',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    article1 = Ticket::Article.create(
-      ticket_id: ticket1.id,
-      from: 'some_customer_com-1@example.com',
-      to: 'some_zammad_com-1@example.com',
-      subject: 'attachment test 1-1',
-      message_id: 'some@id_com_1',
-      body: 'some message 123',
-      internal: false,
-      sender: Ticket::Article::Sender.find_by(name: 'Customer'),
-      type: Ticket::Article::Type.find_by(name: 'email'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    store1 = Store.add(
-      object: 'Ticket::Article',
-      o_id: article1.id,
-      data: 'some content',
-      filename: 'some_file.txt',
-      preferences: {
-        'Content-Type' => 'text/plain',
-      },
-      created_by_id: 1,
-    )
-    article2 = Ticket::Article.create(
-      ticket_id: ticket1.id,
-      from: 'some_customer_com-1@example.com',
-      to: 'some_zammad_com-1@example.com',
-      subject: 'attachment test 1-2',
-      message_id: 'some@id_com_1',
-      body: 'some message 123',
-      internal: false,
-      sender: Ticket::Article::Sender.find_by(name: 'Customer'),
-      type: Ticket::Article::Type.find_by(name: 'email'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    assert_equal('some content', @response.body)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(401)
-    assert_match(/401: Unauthorized/, @response.body)
-
-    ticket2 = Ticket.create(
-      title: 'attachment test 2',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    ticket1.merge_to(
-      ticket_id: ticket2.id,
-      user_id:   1,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    assert_equal('some content', @response.body)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(401)
-    assert_match(/401: Unauthorized/, @response.body)
-
-    # allow access via merged ticket id also
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(200)
-    assert_equal('some content', @response.body)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
-    assert_response(401)
-    assert_match(/401: Unauthorized/, @response.body)
-
-  end
-
-  test '01.02 test attachments for split' do
-    headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail024.box')
-    email_raw_string = File.read(email_file_path)
-    ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result['assets'])
-    assert_equal(result['attachments'].class, Array)
-    assert_equal(result['attachments'].count, 1)
-    assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
-
-  end
-
-  test '01.03 test attachments for forward' do
-    headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail008.box')
-    email_raw_string = File.read(email_file_path)
-    ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, headers: headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'], 'Need form_id to attach attachments to new form')
-
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }.to_json, headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result['attachments'].class, Array)
-    assert(result['attachments'].blank?)
-
-    email_file_path  = Rails.root.join('test', 'data', 'mail', 'mail024.box')
-    email_raw_string = File.read(email_file_path)
-    ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result['attachments'].class, Array)
-    assert_equal(result['attachments'].count, 1)
-    assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
-
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result['attachments'].class, Array)
-    assert(result['attachments'].blank?)
-  end
-
-end

test/controllers/ticket_articles_controller_test.rb

@@ -1,559 +0,0 @@
-
-require 'test_helper'
-
-class TicketArticlesControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'tickets-admin',
-      firstname: 'Tickets',
-      lastname: 'Admin',
-      email: 'tickets-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'tickets-agent@example.com',
-      firstname: 'Tickets',
-      lastname: 'Agent',
-      email: 'tickets-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'tickets-customer1@example.com',
-      firstname: 'Tickets',
-      lastname: 'Customer1',
-      email: 'tickets-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-  end
-
-  test '01.01 ticket create with agent and articles' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
-    params = {
-      title: 'a new ticket #1',
-      group: 'Users',
-      customer_id: @customer_without_org.id,
-      article: {
-        body: 'some body',
-      }
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-
-    params = {
-      ticket_id: result['id'],
-      content_type: 'text/plain', # or text/html
-      body: 'some body',
-      type: 'note',
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(@agent.id, result['created_by_id'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal(2, ticket.articles.count)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-
-    params = {
-      ticket_id: result['ticket_id'],
-      content_type: 'text/html', # or text/html
-      body: 'some body <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
-AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
-9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" />',
-      type: 'note',
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_no_match(/some body <img src="cid:.+?/, result['body'])
-    assert_match(%r{some body <img src="/api/v1/ticket_attachment/.+?" alt="Red dot"}, result['body'])
-    assert_equal('text/html', result['content_type'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(@agent.id, result['created_by_id'])
-
-    assert_equal(3, ticket.articles.count)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-    assert_equal(1, ticket.articles[2].attachments.count)
-    assert(ticket.articles[2].attachments[0]['id'])
-    assert_equal('image1.png', ticket.articles[2].attachments[0]['filename'])
-    assert_equal('21', ticket.articles[2].attachments[0]['size'])
-    assert_equal('image/png', ticket.articles[2].attachments[0]['preferences']['Mime-Type'])
-    assert_equal('inline', ticket.articles[2].attachments[0]['preferences']['Content-Disposition'])
-    assert_match(/@zammad.example.com/, ticket.articles[2].attachments[0]['preferences']['Content-ID'])
-
-    params = {
-      ticket_id: result['ticket_id'],
-      content_type: 'text/html', # or text/html
-      body: 'some body',
-      type: 'note',
-      attachments: [
-        'filename' => 'some_file.txt',
-        'data' => 'dGVzdCAxMjM=',
-        'mime-type' => 'text/plain',
-      ],
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body', result['body'])
-    assert_equal('text/html', result['content_type'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(@agent.id, result['created_by_id'])
-
-    assert_equal(4, ticket.articles.count)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-    assert_equal(1, ticket.articles[2].attachments.count)
-    assert_equal(1, ticket.articles[3].attachments.count)
-
-    get "/api/v1/ticket_articles/#{result['id']}?expand=true", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(1, result['attachments'].count)
-    assert(result['attachments'][0]['id'])
-    assert_equal('some_file.txt', result['attachments'][0]['filename'])
-    assert_equal('8', result['attachments'][0]['size'])
-    assert_equal('text/plain', result['attachments'][0]['preferences']['Mime-Type'])
-
-    params = {
-      ticket_id: result['ticket_id'],
-      content_type: 'text/plain',
-      body: 'some body',
-      type: 'note',
-      preferences: {
-        some_key1: 123,
-      },
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(@agent.id, result['created_by_id'])
-    assert_equal(123, result['preferences']['some_key1'])
-    assert_equal(5, ticket.articles.count)
-
-    params = {
-      body: 'some body 2',
-      preferences: {
-        some_key2: 'abc',
-      },
-    }
-    put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body 2', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(@agent.id, result['created_by_id'])
-    assert_equal(123, result['preferences']['some_key1'])
-    assert_equal('abc', result['preferences']['some_key2'])
-
-  end
-
-  test '02.01 ticket create with customer and articles' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
-
-    params = {
-      title: 'a new ticket #2',
-      group: 'Users',
-      article: {
-        body: 'some body',
-      }
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-
-    params = {
-      ticket_id: result['id'],
-      content_type: 'text/plain', # or text/html
-      body: 'some body',
-      type: 'note',
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@customer_without_org.id, result['updated_by_id'])
-    assert_equal(@customer_without_org.id, result['created_by_id'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal(2, ticket.articles.count)
-    assert_equal('Customer', ticket.articles[1].sender.name)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-
-    params = {
-      ticket_id: result['ticket_id'],
-      content_type: 'text/plain', # or text/html
-      body: 'some body',
-      sender: 'Agent',
-      type: 'note',
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@customer_without_org.id, result['updated_by_id'])
-    assert_equal(@customer_without_org.id, result['created_by_id'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal(3, ticket.articles.count)
-    assert_equal('Customer', ticket.articles[2].sender.name)
-    assert_equal(false, ticket.articles[2].internal)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-    assert_equal(0, ticket.articles[2].attachments.count)
-
-    params = {
-      ticket_id: result['ticket_id'],
-      content_type: 'text/plain', # or text/html
-      body: 'some body 2',
-      sender: 'Agent',
-      type: 'note',
-      internal: true,
-    }
-    post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_nil(result['subject'])
-    assert_equal('some body 2', result['body'])
-    assert_equal('text/plain', result['content_type'])
-    assert_equal(@customer_without_org.id, result['updated_by_id'])
-    assert_equal(@customer_without_org.id, result['created_by_id'])
-
-    ticket = Ticket.find(result['ticket_id'])
-    assert_equal(4, ticket.articles.count)
-    assert_equal('Customer', ticket.articles[3].sender.name)
-    assert_equal(false, ticket.articles[3].internal)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-    assert_equal(0, ticket.articles[2].attachments.count)
-    assert_equal(0, ticket.articles[3].attachments.count)
-
-    # add internal article
-    article = Ticket::Article.create!(
-      ticket_id: ticket.id,
-      from: 'some_sender@example.com',
-      to: 'some_recipient@example.com',
-      subject: 'some subject',
-      message_id: 'some@id',
-      body: 'some message 123',
-      internal: true,
-      sender: Ticket::Article::Sender.find_by(name: 'Agent'),
-      type: Ticket::Article::Type.find_by(name: 'note'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    assert_equal(5, ticket.articles.count)
-    assert_equal('Agent', ticket.articles[4].sender.name)
-    assert_equal(1, ticket.articles[4].updated_by_id)
-    assert_equal(1, ticket.articles[4].created_by_id)
-    assert_equal(0, ticket.articles[0].attachments.count)
-    assert_equal(0, ticket.articles[1].attachments.count)
-    assert_equal(0, ticket.articles[2].attachments.count)
-    assert_equal(0, ticket.articles[3].attachments.count)
-    assert_equal(0, ticket.articles[4].attachments.count)
-
-    get "/api/v1/ticket_articles/#{article.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized', result['error'])
-
-    put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('Not authorized', result['error'])
-
-  end
-
-  test '03.01 create phone ticket for customer and expected origin_by_id' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
-    params = {
-      title: 'a new ticket #1',
-      group: 'Users',
-      customer_id: @customer_without_org.id,
-      article: {
-        body: 'some body',
-        sender: 'Customer',
-        type: 'phone',
-      }
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal('a new ticket #1', result['title'])
-
-    article = Ticket::Article.find_by(ticket_id: result['id'])
-    assert_equal(@customer_without_org.id, article.origin_by_id)
-    assert_equal('Tickets Customer1 <tickets-customer1@example.com>', article.from)
-  end
-
-  test '03.02 create phone ticket by customer and manipulate origin_by_id' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
-
-    params = {
-      title: 'a new ticket #1',
-      group: 'Users',
-      customer_id: @customer_without_org.id,
-      article: {
-        body: 'some body',
-        sender: 'Customer',
-        type: 'phone',
-        origin_by_id: 1,
-      }
-    }
-    post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-
-    article = Ticket::Article.find_by(ticket_id: result['id'])
-    assert_equal(@customer_without_org.id, article.origin_by_id)
-  end
-
-  test '04.01 ticket split with html - check attachments' do
-    ticket = Ticket.create!(
-      title: 'some title',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: @agent.id,
-      created_by_id: @agent.id,
-    )
-    article = Ticket::Article.create!(
-      type: Ticket::Article::Type.lookup(name: 'note'),
-      sender: Ticket::Article::Sender.lookup(name: 'Customer'),
-      from: 'sender',
-      subject: 'subject',
-      body: '<b>test</b> <img src="cid:15.274327094.140938@ZAMMAD.example.com"/> test <img src="cid:15.274327094.140938.3@ZAMMAD.example.com"/>',
-      content_type: 'text/html',
-      ticket_id: ticket.id,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file1_normally_should_be_an_image',
-      filename: 'some_file1.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938@zammad.example.com',
-        'Content-Disposition' => 'inline',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file2_normally_should_be_an_image',
-      filename: 'some_file2.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938.2@zammad.example.com',
-        'Content-Disposition' => 'inline',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file3_normally_should_be_an_image',
-      filename: 'some_file3.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938.3@zammad.example.com',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file4_normally_should_be_an_image',
-      filename: 'some_file4.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938.4@zammad.example.com',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file1_normally_should_be_an_pdf',
-      filename: 'Rechnung_RE-2018-200.pdf',
-      preferences: {
-        'Content-Type'        => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
-        'Mime-Type'           => 'application/octet-stream',
-        'Content-ID'          => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
-        'Content-Description' => 'Rechnung_RE-2018-200.pdf',
-        'Content-Disposition' => 'attachment',
-      },
-      created_by_id: 1,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
-    params = {
-      form_id: 'new_form_id123',
-    }
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['attachments'])
-    assert_equal(result['attachments'].count, 3)
-
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['attachments'])
-    assert_equal(result['attachments'].count, 0)
-  end
-
-  test '04.02 ticket split with plain - check attachments' do
-    ticket = Ticket.create!(
-      title: 'some title',
-      group: Group.lookup(name: 'Users'),
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'new'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: @agent.id,
-      created_by_id: @agent.id,
-    )
-    article = Ticket::Article.create!(
-      type: Ticket::Article::Type.lookup(name: 'note'),
-      sender: Ticket::Article::Sender.lookup(name: 'Customer'),
-      from: 'sender',
-      subject: 'subject',
-      body: '<b>test</b> <img src="cid:15.274327094.140938@zammad.example.com"/>',
-      content_type: 'text/plain',
-      ticket_id: ticket.id,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file1_normally_should_be_an_image',
-      filename: 'some_file1.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938@zammad.example.com',
-        'Content-Disposition' => 'inline',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file1_normally_should_be_an_image',
-      filename: 'some_file2.jpg',
-      preferences: {
-        'Content-Type'        => 'image/jpeg',
-        'Mime-Type'           => 'image/jpeg',
-        'Content-ID'          => '15.274327094.140938.2@zammad.example.com',
-        'Content-Disposition' => 'inline',
-      },
-      created_by_id: 1,
-    )
-    Store.add(
-      object: 'Ticket::Article',
-      o_id: article.id,
-      data: 'content_file1_normally_should_be_an_pdf',
-      filename: 'Rechnung_RE-2018-200.pdf',
-      preferences: {
-        'Content-Type'        => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
-        'Mime-Type'           => 'application/octet-stream',
-        'Content-ID'          => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
-        'Content-Description' => 'Rechnung_RE-2018-200.pdf',
-        'Content-Disposition' => 'attachment',
-      },
-      created_by_id: 1,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
-    params = {
-      form_id: 'new_form_id123',
-    }
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['attachments'])
-    assert_equal(result['attachments'].count, 3)
-
-    post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert(result['attachments'])
-    assert_equal(result['attachments'].count, 0)
-
-  end
-
-end

test/controllers/tickets_controller_escalation_test.rb

@@ -1,190 +0,0 @@
-
-require 'test_helper'
-
-class TicketsControllerEscalationTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-    @admin = User.create!(
-      login: 'tickets-admin',
-      firstname: 'Tickets',
-      lastname: 'Admin',
-      email: 'tickets-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'tickets-agent@example.com',
-      firstname: 'Tickets',
-      lastname: 'Agent',
-      email: 'tickets-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'tickets-customer1@example.com',
-      firstname: 'Tickets',
-      lastname: 'Customer1',
-      email: 'tickets-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    @calendar = Calendar.create!(
-      name: 'Escalation Test',
-      timezone: 'Europe/Berlin',
-      business_hours: {
-        mon: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        tue: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        wed: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        thu: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        fri: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        sat: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-        sun: {
-          active: true,
-          timeframes: [ ['00:00', '23:59'] ]
-        },
-      },
-      default: true,
-      ical_url: nil,
-    )
-
-    @sla = Sla.create!(
-      name: 'test sla 1',
-      condition: {
-        'ticket.title' => {
-          operator: 'contains',
-          value: 'some value 123',
-        },
-      },
-      first_response_time: 60,
-      update_time: 180,
-      solution_time: 240,
-      calendar_id: @calendar.id,
-    )
-
-    UserInfo.current_user_id = nil
-
-  end
-
-  test '01.01 ticket created via web' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
-    params = {
-      title: 'some value 123',
-      group: 'Users',
-      article: {
-        body: 'some test 123',
-      },
-    }
-
-    post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
-    assert_equal('some value 123', result['title'])
-    assert_equal(@customer_without_org.id, result['updated_by_id'])
-    assert_equal(@customer_without_org.id, result['created_by_id'])
-
-    ticket_p = Ticket.find(result['id'])
-
-    assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-
-    assert(ticket_p.escalation_at)
-    assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-    assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
-    assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
-    assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-  end
-
-  test '01.02 ticket got created via email - reply by agent via web' do
-
-    email = "From: Bob Smith <customer@example.com>
-To: zammad@example.com
-Subject: some value 123
-
-Some Text"
-
-    ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
-    ticket_p.reload
-    assert(ticket_p.escalation_at)
-    assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-    assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
-    assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
-    assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-
-    travel 3.hours
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-    params = {
-      title: 'some value 123 - update',
-      article: {
-        body: 'some test 123',
-        type: 'email',
-        to: 'customer@example.com',
-      },
-    }
-    put "/api/v1/tickets/#{ticket_p.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Hash, result.class)
-    assert_equal(Ticket::State.lookup(name: 'open').id, result['state_id'])
-    assert_equal('some value 123 - update', result['title'])
-    assert_equal(@agent.id, result['updated_by_id'])
-    assert_equal(user_p.id, result['created_by_id'])
-
-    ticket_p.reload
-    assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-    assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-
-    assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-    assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.last_contact_agent_at + 3.hours).to_i, 90)
-    assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
-    assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
-
-  end
-
-end

test/controllers/time_accounting_controller_test.rb

@@ -1,88 +0,0 @@
-require 'test_helper'
-require 'rake'
-
-class TimeAccountingControllerTest < ActionDispatch::IntegrationTest
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    roles  = Role.where(name: 'Admin')
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @year = DateTime.now.utc.year
-    @month = DateTime.now.utc.month
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-      updated_by_id: 1,
-      created_by_id: 1
-    )
-
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-      updated_by_id: 1,
-      created_by_id: 1
-    )
-  end
-
-  test '01.01 time account report' do
-    group = Group.create!(
-      name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
-      active: true,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-    ticket = Ticket.create!(
-      title: 'ticket for report',
-      group_id: group.id,
-      customer_id: @customer_without_org.id,
-      state: Ticket::State.lookup(name: 'open'),
-      priority: Ticket::Priority.lookup(name: '2 normal'),
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    article = Ticket::Article.create!(
-      type: Ticket::Article::Type.lookup(name: 'note'),
-      sender: Ticket::Article::Sender.lookup(name: 'Customer'),
-      from: 'sender',
-      subject: 'subject',
-      body: 'some body',
-      ticket_id: ticket.id,
-      updated_by_id: 1,
-      created_by_id: 1,
-    )
-
-    Ticket::TimeAccounting.create!(
-      ticket_id: ticket.id,
-      ticket_article_id: article.id,
-      time_unit: 200,
-    )
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get "/api/v1/time_accounting/log/by_ticket/#{@year}/#{@month}?download=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-
-    assert_response(200)
-    assert(@response['Content-Disposition'])
-    assert_equal("attachment; filename=\"by_ticket-#{@year}-#{@month}.xls\"", @response['Content-Disposition'])
-    assert_equal('application/vnd.ms-excel', @response['Content-Type'])
-  end
-end

test/controllers/user_organization_controller_test.rb

@@ -1,773 +0,0 @@
-require 'test_helper'
-
-class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @backup_admin = User.create!(
-      login: 'backup-admin',
-      firstname: 'Backup',
-      lastname: 'Agent',
-      email: 'backup-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create orgs
-    @organization = Organization.create!(
-      name: 'Rest Org',
-      note: 'Rest Org A',
-    )
-    @organization2 = Organization.create!(
-      name: 'Rest Org #2',
-      note: 'Rest Org B',
-    )
-    @organization3 = Organization.create!(
-      name: 'Rest Org #3',
-      note: 'Rest Org C',
-    )
-
-    # create customer with org
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-  end
-
-  test 'user create tests - no user' do
-
-    post '/api/v1/signshow', params: {}, headers: @headers
-
-    # create user with disabled feature
-    Setting.set('user_create_account', false)
-    token = @response.headers['CSRF-TOKEN']
-
-    # token based on form
-    params = { email: 'some_new_customer@example.com', authenticity_token: token }
-    post '/api/v1/users', params: params.to_json, headers: @headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Feature not enabled!', result['error'])
-
-    # token based on headers
-    headers = @headers.merge('X-CSRF-Token' => token)
-    params = { email: 'some_new_customer@example.com' }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Feature not enabled!', result['error'])
-
-    Setting.set('user_create_account', true)
-
-    # no signup param with enabled feature
-    params = { email: 'some_new_customer@example.com' }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Only signup with not authenticate user possible!', result['error'])
-
-    # already existing user with enabled feature
-    params = { email: 'rest-customer1@example.com', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Email address is already used for other user.', result['error'])
-
-    # email missing with enabled feature
-    params = { firstname: 'some firstname', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Attribute \'email\' required!', result['error'])
-
-    # email missing with enabled feature
-    params = { firstname: 'some firstname', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Attribute \'email\' required!', result['error'])
-
-    # create user with enabled feature (take customer role)
-    params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    assert_equal('Me First', result['firstname'])
-    assert_equal('Me Last', result['lastname'])
-    assert_equal('new_here@example.com', result['login'])
-    assert_equal('new_here@example.com', result['email'])
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # create user with admin role (not allowed for signup, take customer role)
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # create user with agent role (not allowed for signup, take customer role)
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # no user (because of no session)
-    get '/api/v1/users', params: {}, headers: headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - not existing user' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - username auth, wrong pw' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - email auth, wrong pw' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - username auth' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-  end
-
-  test 'auth tests - email auth' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-  end
-
-  test 'user index and create with admin' do
-
-    # email auth
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-admin@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Array)
-    assert(result.length >= 3)
-
-    # show/:id
-    get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-agent@example.com')
-
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    # create user with admin role
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_admin_by_admin@example.com', result['login'])
-    assert_equal('new_admin_by_admin@example.com', result['email'])
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_agent_by_admin1@example.com', result['login'])
-    assert_equal('new_agent_by_admin1@example.com', result['email'])
-
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_agent_by_admin2@example.com', result['login'])
-    assert_equal('new_agent_by_admin2@example.com', result['email'])
-    assert_equal('Agent', result['firstname'])
-    assert_equal('First', result['lastname'])
-
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Email address is already used for other user.', result['error'])
-
-    # missing required attributes
-    params = { note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
-    # invalid email
-    params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Invalid email', result['error'])
-
-    # with valid attributes
-    params = { firstname: 'newfirstname123', note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert(result['login'].start_with?('auto-'))
-    assert_equal('', result['email'])
-    assert_equal('newfirstname123', result['firstname'])
-    assert_equal('', result['lastname'])
-  end
-
-  test 'user index and create with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-agent@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    users = User.order(:id).limit(2)
-    assert_equal(users[0].id, result[0]['id'])
-    assert_equal(users[1].id, result[1]['id'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    users = User.order(:id).limit(4)
-    assert_equal(users[2].id, result[0]['id'])
-    assert_equal(users[3].id, result[1]['id'])
-    assert_equal(2, result.count)
-
-    # create user with admin role
-    firstname = "First test#{rand(999_999_999)}"
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_admin_by_agent@example.com', result_user1['login'])
-    assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_agent_by_agent@example.com', result_user1['login'])
-    assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
-    # create user with customer role
-    role = Role.lookup(name: 'Customer')
-    params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_customer_by_agent@example.com', result_user1['login'])
-    assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
-    # search as agent
-    Scheduler.worker(true)
-    sleep 2 # let es time to come ready
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname}", result[0]['firstname'])
-    assert_equal('Customer Last', result[0]['lastname'])
-    assert(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname}", result[0]['firstname'])
-    assert_equal('Customer Last', result[0]['lastname'])
-    assert(result[0]['role_ids'])
-    assert(result[0]['roles'])
-
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    role = Role.find_by(name: 'Agent')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(0, result.count)
-
-    role = Role.find_by(name: 'Customer')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    permission = Permission.find_by(name: 'ticket.agent')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(0, result.count)
-
-    permission = Permission.find_by(name: 'ticket.customer')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-  end
-
-  test 'user index and create with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-
-    # create user with admin role
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'user index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-customer2@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer2@example.com')
-
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result[0]['member_ids'].class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(2)
-    assert_equal(organizations[0].id, result[0]['id'])
-    assert_equal(organizations[0].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[1].id, result[1]['id'])
-    assert_equal(organizations[1].member_ids, result[1]['member_ids'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(4)
-    assert_equal(organizations[2].id, result[0]['id'])
-    assert_equal(organizations[2].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[3].id, result[1]['id'])
-    assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
-    assert_equal(2, result.count)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org #2')
-
-    # search as agent
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['label'])
-    assert_equal('Zammad Foundation', result[0]['value'])
-    assert_not(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-  end
-
-  test 'organization index with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 0)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-end

test/controllers/users_organization_controller_test.rb

@@ -1,773 +0,0 @@
-require 'test_helper'
-
-class UsersOrganizationControllerTest < ActionDispatch::IntegrationTest
-  include SearchindexHelper
-
-  setup do
-
-    # set accept header
-    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
-    # create agent
-    roles  = Role.where(name: %w[Admin Agent])
-    groups = Group.all
-
-    UserInfo.current_user_id = 1
-
-    @backup_admin = User.create!(
-      login: 'backup-admin',
-      firstname: 'Backup',
-      lastname: 'Agent',
-      email: 'backup-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    @admin = User.create!(
-      login: 'rest-admin',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-admin@example.com',
-      password: 'adminpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create agent
-    roles = Role.where(name: 'Agent')
-    @agent = User.create!(
-      login: 'rest-agent@example.com',
-      firstname: 'Rest',
-      lastname: 'Agent',
-      email: 'rest-agent@example.com',
-      password: 'agentpw',
-      active: true,
-      roles: roles,
-      groups: groups,
-    )
-
-    # create customer without org
-    roles = Role.where(name: 'Customer')
-    @customer_without_org = User.create!(
-      login: 'rest-customer1@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer1',
-      email: 'rest-customer1@example.com',
-      password: 'customer1pw',
-      active: true,
-      roles: roles,
-    )
-
-    # create orgs
-    @organization = Organization.create!(
-      name: 'Rest Org',
-      note: 'Rest Org A',
-    )
-    @organization2 = Organization.create!(
-      name: 'Rest Org #2',
-      note: 'Rest Org B',
-    )
-    @organization3 = Organization.create!(
-      name: 'Rest Org #3',
-      note: 'Rest Org C',
-    )
-
-    # create customer with org
-    @customer_with_org = User.create!(
-      login: 'rest-customer2@example.com',
-      firstname: 'Rest',
-      lastname: 'Customer2',
-      email: 'rest-customer2@example.com',
-      password: 'customer2pw',
-      active: true,
-      roles: roles,
-      organization_id: @organization.id,
-    )
-
-    configure_elasticsearch do
-
-      travel 1.minute
-
-      rebuild_searchindex
-
-      # execute background jobs
-      Scheduler.worker(true)
-
-      sleep 6
-    end
-  end
-
-  test 'user create tests - no user' do
-
-    post '/api/v1/signshow', params: {}, headers: @headers
-
-    # create user with disabled feature
-    Setting.set('user_create_account', false)
-    token = @response.headers['CSRF-TOKEN']
-
-    # token based on form
-    params = { email: 'some_new_customer@example.com', authenticity_token: token }
-    post '/api/v1/users', params: params.to_json, headers: @headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Feature not enabled!', result['error'])
-
-    # token based on headers
-    headers = @headers.merge('X-CSRF-Token' => token)
-    params = { email: 'some_new_customer@example.com' }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Feature not enabled!', result['error'])
-
-    Setting.set('user_create_account', true)
-
-    # no signup param with enabled feature
-    params = { email: 'some_new_customer@example.com' }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Only signup with not authenticate user possible!', result['error'])
-
-    # already existing user with enabled feature
-    params = { email: 'rest-customer1@example.com', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Email address is already used for other user.', result['error'])
-
-    # email missing with enabled feature
-    params = { firstname: 'some firstname', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Attribute \'email\' required!', result['error'])
-
-    # email missing with enabled feature
-    params = { firstname: 'some firstname', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result['error'])
-    assert_equal('Attribute \'email\' required!', result['error'])
-
-    # create user with enabled feature (take customer role)
-    params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    assert_equal('Me First', result['firstname'])
-    assert_equal('Me Last', result['lastname'])
-    assert_equal('new_here@example.com', result['login'])
-    assert_equal('new_here@example.com', result['email'])
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # create user with admin role (not allowed for signup, take customer role)
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # create user with agent role (not allowed for signup, take customer role)
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
-    post '/api/v1/users', params: params.to_json, headers: headers
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-
-    # no user (because of no session)
-    get '/api/v1/users', params: {}, headers: headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: headers
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - not existing user' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - username auth, wrong pw' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - email auth, wrong pw' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal('authentication failed', result['error'])
-  end
-
-  test 'auth tests - username auth' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-  end
-
-  test 'auth tests - email auth' do
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-  end
-
-  test 'user index and create with admin' do
-
-    # email auth
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-admin@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Array)
-    assert(result.length >= 3)
-
-    # show/:id
-    get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-agent@example.com')
-
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    # create user with admin role
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_admin_by_admin@example.com', result['login'])
-    assert_equal('new_admin_by_admin@example.com', result['email'])
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_agent_by_admin1@example.com', result['login'])
-    assert_equal('new_agent_by_admin1@example.com', result['email'])
-
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert(user.role?('Agent'))
-    assert_not(user.role?('Customer'))
-    assert_equal('new_agent_by_admin2@example.com', result['login'])
-    assert_equal('new_agent_by_admin2@example.com', result['email'])
-    assert_equal('Agent', result['firstname'])
-    assert_equal('First', result['lastname'])
-
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Email address is already used for other user.', result['error'])
-
-    # missing required attributes
-    params = { note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
-    # invalid email
-    params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(422)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal('Invalid email', result['error'])
-
-    # with valid attributes
-    params = { firstname: 'newfirstname123', note: 'some note' }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result = JSON.parse(@response.body)
-    assert(result)
-    user = User.find(result['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert(result['login'].start_with?('auto-'))
-    assert_equal('', result['email'])
-    assert_equal('newfirstname123', result['firstname'])
-    assert_equal('', result['lastname'])
-  end
-
-  test 'user index and create with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-agent@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result.class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    users = User.order(:id).limit(2)
-    assert_equal(users[0].id, result[0]['id'])
-    assert_equal(users[1].id, result[1]['id'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    users = User.order(:id).limit(4)
-    assert_equal(users[2].id, result[0]['id'])
-    assert_equal(users[3].id, result[1]['id'])
-    assert_equal(2, result.count)
-
-    # create user with admin role
-    firstname = "First test#{rand(999_999_999)}"
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_admin_by_agent@example.com', result_user1['login'])
-    assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_agent_by_agent@example.com', result_user1['login'])
-    assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
-    # create user with customer role
-    role = Role.lookup(name: 'Customer')
-    params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(201)
-    result_user1 = JSON.parse(@response.body)
-    assert(result_user1)
-    user = User.find(result_user1['id'])
-    assert_not(user.role?('Admin'))
-    assert_not(user.role?('Agent'))
-    assert(user.role?('Customer'))
-    assert_equal('new_customer_by_agent@example.com', result_user1['login'])
-    assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
-    # search as agent
-    Scheduler.worker(true)
-    sleep 2 # let es time to come ready
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname}", result[0]['firstname'])
-    assert_equal('Customer Last', result[0]['lastname'])
-    assert(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname}", result[0]['firstname'])
-    assert_equal('Customer Last', result[0]['lastname'])
-    assert(result[0]['role_ids'])
-    assert(result[0]['roles'])
-
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    role = Role.find_by(name: 'Agent')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(0, result.count)
-
-    role = Role.find_by(name: 'Customer')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-
-    permission = Permission.find_by(name: 'ticket.agent')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(0, result.count)
-
-    permission = Permission.find_by(name: 'ticket.customer')
-    get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal(result_user1['id'], result[0]['id'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
-    assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
-    assert_not(result[0]['role_ids'])
-    assert_not(result[0]['roles'])
-  end
-
-  test 'user index and create with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer1@example.com')
-
-    get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-
-    # create user with admin role
-    role = Role.lookup(name: 'Admin')
-    params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-
-    # create user with agent role
-    role = Role.lookup(name: 'Agent')
-    params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
-    post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'user index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # me
-    get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert(result)
-    assert_equal(result['email'], 'rest-customer2@example.com')
-
-    # index
-    get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['email'], 'rest-customer2@example.com')
-
-    get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert(result['error'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with agent' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result[0]['member_ids'].class, Array)
-    assert(result.length >= 3)
-
-    get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(2)
-    assert_equal(organizations[0].id, result[0]['id'])
-    assert_equal(organizations[0].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[1].id, result[1]['id'])
-    assert_equal(organizations[1].member_ids, result[1]['member_ids'])
-    assert_equal(2, result.count)
-
-    get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    organizations = Organization.order(:id).limit(4)
-    assert_equal(organizations[2].id, result[0]['id'])
-    assert_equal(organizations[2].member_ids, result[0]['member_ids'])
-    assert_equal(organizations[3].id, result[1]['id'])
-    assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
-    assert_equal(2, result.count)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['member_ids'].class, Array)
-    assert_not(result['members'])
-    assert_equal(result['name'], 'Rest Org #2')
-
-    # search as agent
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['name'])
-    assert(result[0]['member_ids'])
-    assert(result[0]['members'])
-
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(Array, result.class)
-    assert_equal('Zammad Foundation', result[0]['label'])
-    assert_equal('Zammad Foundation', result[0]['value'])
-    assert_not(result[0]['member_ids'])
-    assert_not(result[0]['members'])
-  end
-
-  test 'organization index with customer1' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 0)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-  test 'organization index with customer2' do
-
-    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
-    # index
-    get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Array)
-    assert_equal(result.length, 1)
-
-    # show/:id
-    get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(200)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_equal(result['name'], 'Rest Org')
-
-    get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-    result = JSON.parse(@response.body)
-    assert_equal(result.class, Hash)
-    assert_nil(result['name'])
-
-    # search
-    Scheduler.worker(true)
-    get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
-    assert_response(401)
-  end
-
-end