diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 327025eb3..c38300881 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -78,7 +78,6 @@ test:unit:mysql:
- rake db:migrate
- rake db:seed
- rake test:units
- - rake test:controllers
- ruby -I test/ test/integration/object_manager_test.rb
- ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
- ruby -I test/ test/integration/package_test.rb
@@ -96,7 +95,6 @@ test:unit:postgresql:
- rake db:migrate
- rake db:seed
- rake test:units
- - rake test:controllers
- ruby -I test/ test/integration/object_manager_test.rb
- ruby -I test/ test/integration/object_manager_attributes_controller_test.rb
- ruby -I test/ test/integration/package_test.rb
@@ -242,11 +240,8 @@ test:integration:es_mysql:
- rake db:migrate
- ruby -I test/ test/integration/elasticsearch_active_test.rb
- ruby -I test/ test/integration/elasticsearch_test.rb
- - ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb
- - ruby -I test/ test/controllers/form_controller_test.rb
- - ruby -I test/ test/controllers/users_controller_test.rb
- - ruby -I test/ test/controllers/organizations_controller_test.rb
+ - bundle exec rspec --tag searchindex
- rake db:drop
test:integration:es_postgresql:
@@ -262,11 +257,8 @@ test:integration:es_postgresql:
- rake db:migrate
- ruby -I test/ test/integration/elasticsearch_active_test.rb
- ruby -I test/ test/integration/elasticsearch_test.rb
- - ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb
- - ruby -I test/ test/controllers/form_controller_test.rb
- - ruby -I test/ test/controllers/users_controller_test.rb
- - ruby -I test/ test/controllers/organizations_controller_test.rb
+ - bundle exec rspec --tag searchindex
- rake db:drop
test:integration:zendesk_mysql:
diff --git a/spec/factories/email_address.rb b/spec/factories/email_address.rb
index 951917a68..6173d8350 100644
--- a/spec/factories/email_address.rb
+++ b/spec/factories/email_address.rb
@@ -1,7 +1,7 @@
FactoryBot.define do
factory :email_address do
- email 'zammad@localhost'
- realname 'zammad'
+ sequence(:email) { |n| "zammad#{n}@localhost.com" }
+ sequence(:realname) { |n| "zammad#{n}" }
channel_id 1
created_by_id 1
updated_by_id 1
diff --git a/spec/factories/ticket/time_accounting.rb b/spec/factories/ticket/time_accounting.rb
new file mode 100644
index 000000000..11a56ecb3
--- /dev/null
+++ b/spec/factories/ticket/time_accounting.rb
@@ -0,0 +1,10 @@
+FactoryBot.define do
+ factory :ticket_time_accounting, class: Ticket::TimeAccounting do
+ ticket_id { FactoryBot.create(:ticket).id }
+ ticket_article_id { FactoryBot.create(:ticket_article).id }
+ time_unit 200
+ created_by_id 1
+ created_at Time.zone.now
+ updated_at Time.zone.now
+ end
+end
diff --git a/spec/requests/api_auth_on_behalf_of_spec.rb b/spec/requests/api_auth_on_behalf_of_spec.rb
new file mode 100644
index 000000000..97227678e
--- /dev/null
+++ b/spec/requests/api_auth_on_behalf_of_spec.rb
@@ -0,0 +1,164 @@
+require 'rails_helper'
+
+RSpec.describe 'Api Auth On Behalf Of', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user, groups: Group.all)
+ end
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does X-On-Behalf-Of auth - ticket create admin for customer by id' do
+ params = {
+ title: 'a new ticket #3',
+ group: 'Users',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(admin_user, on_behalf_of: customer_user.id)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(customer_user.id).to eq(json_response['created_by_id'])
+ end
+
+ it 'does X-On-Behalf-Of auth - ticket create admin for customer by login' do
+ ActivityStream.cleanup(1.year)
+
+ params = {
+ title: 'a new ticket #3',
+ group: 'Users',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(admin_user, on_behalf_of: customer_user.login)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ json_response_ticket = json_response
+ expect(json_response_ticket).to be_a_kind_of(Hash)
+ expect(customer_user.id).to eq(json_response_ticket['created_by_id'])
+
+ authenticated_as(admin_user)
+ get '/api/v1/activity_stream?full=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ json_response_activity = json_response
+ expect(json_response_activity).to be_a_kind_of(Hash)
+
+ ticket_created = nil
+ json_response_activity['record_ids'].each do |record_id|
+ activity_stream = ActivityStream.find(record_id)
+ next if activity_stream.object.name != 'Ticket'
+ next if activity_stream.o_id != json_response_ticket['id'].to_i
+ ticket_created = activity_stream
+ end
+
+ expect(ticket_created).to be_truthy
+ expect(customer_user.id).to eq(ticket_created.created_by_id)
+
+ get '/api/v1/activity_stream', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ json_response_activity = json_response
+ expect(json_response_activity).to be_a_kind_of(Array)
+
+ ticket_created = nil
+ json_response_activity.each do |record|
+ activity_stream = ActivityStream.find(record['id'])
+ next if activity_stream.object.name != 'Ticket'
+ next if activity_stream.o_id != json_response_ticket['id']
+ ticket_created = activity_stream
+ end
+
+ expect(ticket_created).to be_truthy
+ expect(customer_user.id).to eq(ticket_created.created_by_id)
+ end
+
+ it 'does X-On-Behalf-Of auth - ticket create admin for customer by email' do
+ params = {
+ title: 'a new ticket #3',
+ group: 'Users',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(admin_user, on_behalf_of: customer_user.email)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(customer_user.id).to eq(json_response['created_by_id'])
+ end
+
+ it 'does X-On-Behalf-Of auth - ticket create admin for unknown' do
+ params = {
+ title: 'a new ticket #3',
+ group: 'Users',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(admin_user, on_behalf_of: 99_449_494_949)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq("No such user '99449494949'")
+ end
+
+ it 'does X-On-Behalf-Of auth - ticket create customer for admin' do
+ params = {
+ title: 'a new ticket #3',
+ group: 'Users',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(customer_user, on_behalf_of: admin_user.email)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq("Current user has no permission to use 'X-On-Behalf-Of'!")
+ end
+
+ it 'does X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
+ params = {
+ title: 'a new ticket #3',
+ group: 'secret1234',
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(admin_user, on_behalf_of: customer_user.email)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(@response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('No lookup value found for \'group\': "secret1234"')
+ end
+ end
+end
diff --git a/spec/requests/api_auth_spec.rb b/spec/requests/api_auth_spec.rb
new file mode 100644
index 000000000..61a495108
--- /dev/null
+++ b/spec/requests/api_auth_spec.rb
@@ -0,0 +1,383 @@
+require 'rails_helper'
+
+RSpec.describe 'Api Auth', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does basic auth - admin' do
+
+ Setting.set('api_password_access', false)
+ authenticated_as(admin_user)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API password access disabled!')
+
+ Setting.set('api_password_access', true)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ end
+
+ it 'does basic auth - agent' do
+
+ Setting.set('api_password_access', false)
+ authenticated_as(agent_user)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API password access disabled!')
+
+ Setting.set('api_password_access', true)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ end
+
+ it 'does basic auth - customer' do
+
+ Setting.set('api_password_access', false)
+ authenticated_as(customer_user)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API password access disabled!')
+
+ Setting.set('api_password_access', true)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ end
+
+ it 'does token auth - admin' do
+
+ admin_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: admin_user.id,
+ preferences: {
+ permission: ['admin.session'],
+ },
+ )
+
+ authenticated_as(admin_user, token: admin_token)
+
+ Setting.set('api_token_access', false)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API token access disabled!')
+
+ Setting.set('api_token_access', true)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+
+ admin_token.preferences[:permission] = ['admin.session_not_existing']
+ admin_token.save!
+
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (token)!')
+
+ admin_token.preferences[:permission] = []
+ admin_token.save!
+
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (token)!')
+
+ admin_user.active = false
+ admin_user.save!
+
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('User is inactive!')
+
+ admin_token.preferences[:permission] = ['admin.session']
+ admin_token.save!
+
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('User is inactive!')
+
+ admin_user.active = true
+ admin_user.save!
+
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+
+ get '/api/v1/roles', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (token)!')
+
+ admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
+ admin_token.save!
+
+ get '/api/v1/roles', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ admin_token.preferences[:permission] = ['ticket.agent']
+ admin_token.save!
+
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)}"
+ post '/api/v1/organizations', params: { name: name }, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)} - 2"
+ put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ admin_token.preferences[:permission] = ['admin.organization']
+ admin_token.save!
+
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)}"
+ post '/api/v1/organizations', params: { name: name }, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)} - 2"
+ put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ admin_token.preferences[:permission] = ['admin']
+ admin_token.save!
+
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)}"
+ post '/api/v1/organizations', params: { name: name }, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)} - 2"
+ put "/api/v1/organizations/#{json_response['id']}", params: { name: name }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq(name)
+ expect(json_response).to be_truthy
+
+ end
+
+ it 'does token auth - agent' do
+
+ agent_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: agent_user.id,
+ )
+
+ authenticated_as(agent_user, token: agent_token)
+
+ Setting.set('api_token_access', false)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API token access disabled!')
+
+ Setting.set('api_token_access', true)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)}"
+ post '/api/v1/organizations', params: { name: name }, as: :json
+ expect(response).to have_http_status(401)
+
+ end
+
+ it 'does token auth - customer' do
+
+ customer_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: customer_user.id,
+ )
+
+ authenticated_as(customer_user, token: customer_token)
+
+ Setting.set('api_token_access', false)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API token access disabled!')
+
+ Setting.set('api_token_access', true)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ name = "some org name #{rand(999_999_999)}"
+ post '/api/v1/organizations', params: { name: name }, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does token auth - invalid user - admin' do
+
+ admin_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: admin_user.id,
+ )
+
+ authenticated_as(admin_user, token: admin_token)
+
+ admin_user.active = false
+ admin_user.save!
+
+ Setting.set('api_token_access', false)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('API token access disabled!')
+
+ Setting.set('api_token_access', true)
+ get '/api/v1/sessions', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('User is inactive!')
+ end
+
+ it 'does token auth - expired' do
+
+ Setting.set('api_token_access', true)
+
+ admin_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: admin_user.id,
+ expires_at: Time.zone.today
+ )
+
+ authenticated_as(admin_user, token: admin_token)
+
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (token expired)!')
+
+ admin_token.reload
+ expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
+ end
+
+ it 'does token auth - not expired' do
+
+ Setting.set('api_token_access', true)
+
+ admin_token = create(
+ :token,
+ action: 'api',
+ persistent: true,
+ user_id: admin_user.id,
+ expires_at: Time.zone.tomorrow
+ )
+
+ authenticated_as(admin_user, token: admin_token)
+
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(response.header['Access-Control-Allow-Origin']).to eq('*')
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+
+ admin_token.reload
+ expect(admin_token.last_used_at).to be_within(1.second).of(Time.zone.now)
+ end
+
+ it 'does session auth - admin' do
+ create(:admin_user, login: 'api-admin@example.com', password: 'adminpw')
+
+ post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(response).to have_http_status(201)
+
+ get '/api/v1/sessions', params: {}
+ expect(response).to have_http_status(200)
+ expect(response.header.key?('Access-Control-Allow-Origin')).to be_falsey
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ end
+ end
+end
diff --git a/spec/requests/basic_spec.rb b/spec/requests/basic_spec.rb
new file mode 100644
index 000000000..292ecee01
--- /dev/null
+++ b/spec/requests/basic_spec.rb
@@ -0,0 +1,112 @@
+require 'rails_helper'
+
+RSpec.describe 'Basics', type: :request do
+
+ describe 'request handling' do
+
+ it 'does json requests' do
+
+ # 404
+ get '/not_existing_url', as: :json
+ expect(response).to have_http_status(404)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('No route matches [GET] /not_existing_url')
+
+ # 401
+ get '/api/v1/organizations', as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+
+ # 422
+ get '/tests/unprocessable_entity', as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('some error message')
+
+ # 401
+ get '/tests/not_authorized', as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('some error message')
+
+ # 401
+ get '/tests/ar_not_found', as: :json
+ expect(response).to have_http_status(404)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('some error message')
+
+ # 500
+ get '/tests/standard_error', as: :json
+ expect(response).to have_http_status(500)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('some error message')
+
+ # 422
+ get '/tests/argument_error', as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('some error message')
+ end
+
+ it 'does html requests' do
+
+ # 404
+ get '/not_existing_url'
+ expect(response).to have_http_status(404)
+ expect(response.body).to match(/404: Not Found})
+ expect(response.body).to match(%r{404: Requested Ressource was not found.
})
+ expect(response.body).to match(%r{No route matches \[GET\] /not_existing_url})
+
+ # 401
+ get '/api/v1/organizations'
+ expect(response).to have_http_status(401)
+ expect(response.body).to match(/401: Unauthorized})
+ expect(response.body).to match(%r{401: Unauthorized
})
+ expect(response.body).to match(/authentication failed/)
+
+ # 422
+ get '/tests/unprocessable_entity'
+ expect(response).to have_http_status(422)
+ expect(response.body).to match(/422: Unprocessable Entity})
+ expect(response.body).to match(%r{422: The change you wanted was rejected.
})
+ expect(response.body).to match(/some error message/)
+
+ # 401
+ get '/tests/not_authorized'
+ expect(response).to have_http_status(401)
+ expect(response.body).to match(/401: Unauthorized})
+ expect(response.body).to match(%r{401: Unauthorized
})
+ expect(response.body).to match(/some error message/)
+
+ # 401
+ get '/tests/ar_not_found'
+ expect(response).to have_http_status(404)
+ expect(response.body).to match(/404: Not Found})
+ expect(response.body).to match(%r{404: Requested Ressource was not found.
})
+ expect(response.body).to match(/some error message/)
+
+ # 500
+ get '/tests/standard_error'
+ expect(response).to have_http_status(500)
+ expect(response.body).to match(/500: Something went wrong})
+ expect(response.body).to match(%r{500: We're sorry, but something went wrong.
})
+ expect(response.body).to match(/some error message/)
+
+ # 422
+ get '/tests/argument_error'
+ expect(response).to have_http_status(422)
+ expect(response.body).to match(/422: Unprocessable Entity})
+ expect(response.body).to match(%r{422: The change you wanted was rejected.
})
+ expect(response.body).to match(/some error message/)
+ end
+ end
+
+end
diff --git a/spec/requests/calendar_spec.rb b/spec/requests/calendar_spec.rb
new file mode 100644
index 000000000..b718866e3
--- /dev/null
+++ b/spec/requests/calendar_spec.rb
@@ -0,0 +1,63 @@
+require 'rails_helper'
+
+RSpec.describe 'Calendars', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does calendar index with nobody' do
+ get '/api/v1/calendars', as: :json
+ expect(response).to have_http_status(401)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+
+ get '/api/v1/calendars_init', as: :json
+ expect(response).to have_http_status(401)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does calendar index with admin' do
+ authenticated_as(admin_user)
+ get '/api/v1/calendars', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ expect(json_response.count).to eq(1)
+
+ get '/api/v1/calendars?expand=true', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ expect(json_response.count).to eq(1)
+
+ get '/api/v1/calendars?full=true', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['record_ids']).to be_truthy
+ expect(json_response['record_ids'].count).to eq(1)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']).to be_present
+
+ # index
+ get '/api/v1/calendars_init', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['record_ids']).to be_truthy
+ expect(json_response['ical_feeds']).to be_truthy
+ expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Denmark')
+ expect(json_response['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics']).to eq('Austria')
+ expect(json_response['timezones']).to be_truthy
+ expect(json_response['timezones']['Africa/Johannesburg']).to eq(2)
+ expect(json_response['timezones']['America/Sitka']).to eq(-8)
+ expect(json_response['assets']).to be_truthy
+ end
+ end
+
+end
diff --git a/spec/requests/form_spec.rb b/spec/requests/form_spec.rb
new file mode 100644
index 000000000..b5feebc2a
--- /dev/null
+++ b/spec/requests/form_spec.rb
@@ -0,0 +1,221 @@
+require 'rails_helper'
+
+RSpec.describe 'Form', type: :request, searchindex: true do
+
+ before(:each) do
+ rebuild_searchindex
+ end
+
+ describe 'request handling' do
+
+ it 'does get config call' do
+ post '/api/v1/form_config', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+ end
+
+ it 'does get config call' do
+ Setting.set('form_ticket_create', true)
+ post '/api/v1/form_config', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ end
+
+ it 'does get config call & do submit' do
+ Setting.set('form_ticket_create', true)
+ fingerprint = SecureRandom.hex(40)
+ post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['enabled']).to eq(true)
+ expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+ expect(json_response['token']).to be_truthy
+ token = json_response['token']
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_truthy
+ expect(json_response['errors']['name']).to eq('required')
+ expect(json_response['errors']['email']).to eq('required')
+ expect(json_response['errors']['title']).to eq('required')
+ expect(json_response['errors']['body']).to eq('required')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_truthy
+ expect(json_response['errors']['name']).to eq('required')
+ expect(json_response['errors']['email']).to eq('invalid')
+ expect(json_response['errors']['title']).to eq('required')
+ expect(json_response['errors']['body']).to eq('required')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_falsey
+ expect(json_response['ticket']).to be_truthy
+ expect(json_response['ticket']['id']).to be_truthy
+ expect(json_response['ticket']['number']).to be_truthy
+
+ travel 5.hours
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_falsey
+ expect(json_response['ticket']).to be_truthy
+ expect(json_response['ticket']['id']).to be_truthy
+ expect(json_response['ticket']['number']).to be_truthy
+
+ travel 20.hours
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }, as: :json
+ expect(response).to have_http_status(401)
+
+ end
+
+ it 'does get config call & do submit' do
+ Setting.set('form_ticket_create', true)
+ fingerprint = SecureRandom.hex(40)
+ post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['enabled']).to eq(true)
+ expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+ expect(json_response['token']).to be_truthy
+ token = json_response['token']
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_truthy
+ expect(json_response['errors']['name']).to eq('required')
+ expect(json_response['errors']['email']).to eq('required')
+ expect(json_response['errors']['title']).to eq('required')
+ expect(json_response['errors']['body']).to eq('required')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_truthy
+ expect(json_response['errors']['name']).to eq('required')
+ expect(json_response['errors']['email']).to eq('invalid')
+ expect(json_response['errors']['title']).to eq('required')
+ expect(json_response['errors']['body']).to eq('required')
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_truthy
+ expect(json_response['errors']['email']).to eq('invalid')
+
+ end
+
+ it 'does limits' do
+ skip('No ES configured') if !SearchIndexBackend.enabled?
+
+ Setting.set('form_ticket_create', true)
+ fingerprint = SecureRandom.hex(40)
+ post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['enabled']).to eq(true)
+ expect(json_response['endpoint']).to eq('http://zammad.example.com/api/v1/form_submit')
+ expect(json_response['token']).to be_truthy
+ token = json_response['token']
+
+ (1..20).each do |count|
+ travel 10.seconds
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_falsey
+ expect(json_response['errors']).to be_falsey
+ expect(json_response['ticket']).to be_truthy
+ expect(json_response['ticket']['id']).to be_truthy
+ expect(json_response['ticket']['number']).to be_truthy
+ Scheduler.worker(true)
+ sleep 1 # wait until elasticsearch is index
+ end
+
+ sleep 10 # wait until elasticsearch is index
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to be_truthy
+
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
+
+ (1..20).each do |count|
+ travel 10.seconds
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['errors']).to be_falsey
+ expect(json_response['ticket']).to be_truthy
+ expect(json_response['ticket']['id']).to be_truthy
+ expect(json_response['ticket']['number']).to be_truthy
+ Scheduler.worker(true)
+ sleep 1 # wait until elasticsearch is index
+ end
+
+ sleep 10 # wait until elasticsearch is index
+
+ post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to be_truthy
+ end
+
+ it 'does customer_ticket_create false disables form' do
+ Setting.set('form_ticket_create', false)
+ Setting.set('customer_ticket_create', true)
+
+ fingerprint = SecureRandom.hex(40)
+
+ post '/api/v1/form_config', params: { fingerprint: fingerprint }, as: :json
+
+ token = json_response['token']
+ params = {
+ fingerprint: fingerprint,
+ token: token,
+ name: 'Bob Smith',
+ email: 'discard@znuny.com',
+ title: 'test',
+ body: 'hello'
+ }
+
+ post '/api/v1/form_submit', params: params, as: :json
+
+ expect(response).to have_http_status(401)
+ end
+ end
+end
diff --git a/spec/requests/integration/check_mk_spec.rb b/spec/requests/integration/check_mk_spec.rb
new file mode 100644
index 000000000..ae29e08bb
--- /dev/null
+++ b/spec/requests/integration/check_mk_spec.rb
@@ -0,0 +1,237 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration Check MK', type: :request do
+
+ before(:each) do
+ token = SecureRandom.urlsafe_base64(16)
+ Setting.set('check_mk_token', token)
+ Setting.set('check_mk_integration', true)
+ end
+
+ describe 'request handling' do
+ it 'does fail without a token' do
+ post '/api/v1/integration/check_mk/', params: {}
+ expect(response).to have_http_status(404)
+ end
+
+ it 'does fail with invalid token and feature enabled' do
+ post '/api/v1/integration/check_mk/invalid_token', params: {}
+ expect(response).to have_http_status(422)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid token!')
+ end
+
+ it 'does create and close a ticket' do
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_id']).to be_truthy
+ expect(json_response['ticket_number']).to be_truthy
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(1)
+
+ params = {
+ event_id: '123',
+ state: 'up',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).not_to be_empty
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('closed')
+ expect(ticket.articles.count).to eq(2)
+ end
+
+ it 'does double create and auto close' do
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_id']).to be_truthy
+ expect(json_response['ticket_number']).to be_truthy
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(1)
+
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('ticket already open, added note')
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(2)
+
+ params = {
+ event_id: '123',
+ state: 'up',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('closed')
+ expect(ticket.articles.count).to eq(3)
+ end
+
+ it 'does ticket close which get ignored' do
+ params = {
+ event_id: '123',
+ state: 'up',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('no open tickets found, ignore action')
+ end
+
+ it 'does double create and no auto close' do
+ Setting.set('check_mk_auto_close', false)
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_id']).to be_truthy
+ expect(json_response['ticket_number']).to be_truthy
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(1)
+
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('ticket already open, added note')
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(2)
+
+ params = {
+ event_id: '123',
+ state: 'up',
+ host: 'some host',
+ service: 'some service',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('ticket already open, added note')
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(3)
+ end
+
+ it 'does double create and auto close - host only' do
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_id']).to be_truthy
+ expect(json_response['ticket_number']).to be_truthy
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(1)
+
+ params = {
+ event_id: '123',
+ state: 'down',
+ host: 'some host',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('ticket already open, added note')
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('new')
+ expect(ticket.articles.count).to eq(2)
+
+ params = {
+ event_id: '123',
+ state: 'up',
+ host: 'some host',
+ }
+ post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to be_truthy
+ expect(json_response['ticket_ids']).to include(ticket.id)
+
+ ticket.reload
+ expect(ticket.state.name).to eq('closed')
+ expect(ticket.articles.count).to eq(3)
+ end
+ end
+
+end
diff --git a/spec/requests/integration/cti_spec.rb b/spec/requests/integration/cti_spec.rb
new file mode 100644
index 000000000..cd827f92e
--- /dev/null
+++ b/spec/requests/integration/cti_spec.rb
@@ -0,0 +1,477 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration CTI', type: :request do
+
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let!(:customer_user1) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer1@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer1',
+ phone: '+49 99999 222222',
+ fax: '+49 99999 222223',
+ mobile: '+4912347114711',
+ note: 'Phone at home: +49 99999 222224',
+ )
+ end
+ let!(:customer_user2) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer2@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer2',
+ phone: '+49 99999 222222 2',
+ )
+ end
+ let!(:customer_user3) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer3@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer3',
+ phone: '+49 99999 222222 2',
+ )
+ end
+
+ before(:each) do
+ Cti::Log.destroy_all
+
+ Setting.set('cti_integration', true)
+ Setting.set('cti_config', {
+ outbound: {
+ routing_table: [
+ {
+ dest: '41*',
+ caller_id: '41715880339000',
+ },
+ {
+ dest: '491714000000',
+ caller_id: '41715880339000',
+ },
+ ],
+ default_caller_id: '4930777000000',
+ },
+ inbound: {
+ block_caller_ids: [
+ {
+ caller_id: '491715000000',
+ note: 'some note',
+ }
+ ],
+ notify_user_ids: {
+ 2 => true,
+ 4 => false,
+ },
+ }
+ })
+
+ Cti::CallerId.rebuild
+ end
+
+ describe 'request handling' do
+
+ it 'does token check' do
+ params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+ post '/api/v1/cti/not_existing_token', params: params
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid token, please contact your admin!')
+ end
+
+ it 'does basic call' do
+ token = Setting.get('cti_token')
+
+ # inbound - I
+ params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_blank
+
+ # inbound - II - block caller
+ params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['action']).to eq('reject')
+ expect(json_response['reason']).to eq('busy')
+
+ # outbound - I - set default_caller_id
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['action']).to eq('dial')
+ expect(json_response['number']).to eq('4912347114711')
+ expect(json_response['caller_id']).to eq('4930777000000')
+
+ # outbound - II - set caller_id based on routing_table by explicite number
+ params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['action']).to eq('dial')
+ expect(json_response['number']).to eq('491714000000')
+ expect(json_response['caller_id']).to eq('41715880339000')
+
+ # outbound - III - set caller_id based on routing_table by 41*
+ params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['action']).to eq('dial')
+ expect(json_response['number']).to eq('4147110000000')
+ expect(json_response['caller_id']).to eq('41715880339000')
+
+ # no config
+ Setting.set('cti_config', {})
+ params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Feature not configured, please contact your admin!')
+
+ end
+
+ it 'does log call' do
+ token = Setting.get('cti_token')
+
+ # outbound - I - new call
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-1')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # outbound - I - hangup by agent
+ params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-1')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('cancel')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_truthy
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_nil
+
+ # outbound - II - new call
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # outbound - II - answer by customer
+ params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_nil
+
+ # outbound - II - hangup by customer
+ params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_truthy
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_truthy
+
+ # inbound - I - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - I - answer by customer
+ params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - I - hangup by customer
+ params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_truthy
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_truthy
+
+ # inbound - II - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - II - answer by voicemail
+ params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('voicemail')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - II - hangup by customer
+ params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('voicemail')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_truthy
+ expect(log.end_at).to be_truthy
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_truthy
+
+ # inbound - III - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-5')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - III - hangup by customer
+ params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-5')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_truthy
+ expect(log.duration_waiting_time).to be_truthy
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - IV - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-6')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('49999992222222')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
+ expect(log.preferences['to']).to be_falsey
+ expect(log.preferences['from']).to be_truthy
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # inbound - IV - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
+ post "/api/v1/cti/#{token}", params: params
+ expect(response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-7')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('anonymous')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to be_nil
+ expect(log.preferences['to']).to be_falsey
+ expect(log.preferences['from']).to be_falsey
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+ expect(log.initialized_at).to be_truthy
+ expect(log.start_at).to be_nil
+ expect(log.end_at).to be_nil
+ expect(log.duration_waiting_time).to be_nil
+ expect(log.duration_talking_time).to be_nil
+
+ # get caller list
+ get '/api/v1/cti/log'
+ expect(response).to have_http_status(401)
+
+ authenticated_as(agent_user)
+ get '/api/v1/cti/log', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['list']).to be_a_kind_of(Array)
+ expect(json_response['list'].count).to eq(7)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
+ expect(json_response['list'][0]['call_id']).to eq('1234567890-7')
+ expect(json_response['list'][1]['call_id']).to eq('1234567890-6')
+ expect(json_response['list'][2]['call_id']).to eq('1234567890-5')
+ expect(json_response['list'][3]['call_id']).to eq('1234567890-4')
+ expect(json_response['list'][4]['call_id']).to eq('1234567890-3')
+ expect(json_response['list'][5]['call_id']).to eq('1234567890-2')
+ expect(json_response['list'][5]['state']).to eq('hangup')
+ expect(json_response['list'][5]['from']).to eq('4930777000000')
+ expect(json_response['list'][5]['from_comment']).to eq('user 1')
+ expect(json_response['list'][5]['to']).to eq('4912347114711')
+ expect(json_response['list'][5]['to_comment']).to eq('CallerId Customer1')
+ expect(json_response['list'][5]['comment']).to eq('normalClearing')
+ expect(json_response['list'][5]['state']).to eq('hangup')
+ expect(json_response['list'][6]['call_id']).to eq('1234567890-1')
+ end
+ end
+end
diff --git a/spec/requests/integration/sipgate_spec.rb b/spec/requests/integration/sipgate_spec.rb
new file mode 100644
index 000000000..f88301419
--- /dev/null
+++ b/spec/requests/integration/sipgate_spec.rb
@@ -0,0 +1,445 @@
+require 'rails_helper'
+
+RSpec.describe 'Integration Sipgate', type: :request do
+
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let!(:customer_user1) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer1@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer1',
+ phone: '+49 99999 222222',
+ fax: '+49 99999 222223',
+ mobile: '+4912347114711',
+ note: 'Phone at home: +49 99999 222224',
+ )
+ end
+ let!(:customer_user2) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer2@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer2',
+ phone: '+49 99999 222222 2',
+ )
+ end
+ let!(:customer_user3) do
+ create(
+ :customer_user,
+ login: 'ticket-caller_id_cti-customer3@example.com',
+ firstname: 'CallerId',
+ lastname: 'Customer3',
+ phone: '+49 99999 222222 2',
+ )
+ end
+
+ before(:each) do
+ Cti::Log.destroy_all
+
+ Setting.set('sipgate_integration', true)
+ Setting.set('sipgate_config', {
+ outbound: {
+ routing_table: [
+ {
+ dest: '41*',
+ caller_id: '41715880339000',
+ },
+ {
+ dest: '491714000000',
+ caller_id: '41715880339000',
+ },
+ ],
+ default_caller_id: '4930777000000',
+ },
+ inbound: {
+ block_caller_ids: [
+ {
+ caller_id: '491715000000',
+ note: 'some note',
+ }
+ ],
+ notify_user_ids: {
+ 2 => true,
+ 4 => false,
+ },
+ }
+ },)
+
+ Cti::CallerId.rebuild
+ end
+
+ describe 'request handling' do
+
+ it 'does basic call' do
+
+ # inbound - I
+ params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ on_hangup = nil
+ on_answer = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response') do |element|
+ on_hangup = element.attributes['onHangup']
+ on_answer = element.attributes['onAnswer']
+ end
+ expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
+ expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
+
+ # inbound - II - block caller
+ params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ on_hangup = nil
+ on_answer = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response') do |element|
+ on_hangup = element.attributes['onHangup']
+ on_answer = element.attributes['onAnswer']
+ end
+ expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/in')
+ expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/in')
+ reason = nil
+ response.elements.each('Response/Reject') do |element|
+ reason = element.attributes['reason']
+ end
+ expect(reason).to eq('busy')
+
+ # outbound - I - set default_caller_id
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ on_hangup = nil
+ on_answer = nil
+ caller_id = nil
+ number_to_dail = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response') do |element|
+ on_hangup = element.attributes['onHangup']
+ on_answer = element.attributes['onAnswer']
+ end
+ response.elements.each('Response/Dial') do |element|
+ caller_id = element.attributes['callerId']
+ end
+ response.elements.each('Response/Dial/Number') do |element|
+ number_to_dail = element.text
+ end
+ expect(caller_id).to eq('4930777000000')
+ expect(number_to_dail).to eq('4912347114711')
+ expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+ expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+ # outbound - II - set caller_id based on routing_table by explicite number
+ params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ on_hangup = nil
+ on_answer = nil
+ caller_id = nil
+ number_to_dail = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response') do |element|
+ on_hangup = element.attributes['onHangup']
+ on_answer = element.attributes['onAnswer']
+ end
+ response.elements.each('Response/Dial') do |element|
+ caller_id = element.attributes['callerId']
+ end
+ response.elements.each('Response/Dial/Number') do |element|
+ number_to_dail = element.text
+ end
+ expect(caller_id).to eq('41715880339000')
+ expect(number_to_dail).to eq('491714000000')
+ expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+ expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+ # outbound - III - set caller_id based on routing_table by 41*
+ params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ on_hangup = nil
+ on_answer = nil
+ caller_id = nil
+ number_to_dail = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response') do |element|
+ on_hangup = element.attributes['onHangup']
+ on_answer = element.attributes['onAnswer']
+ end
+ response.elements.each('Response/Dial') do |element|
+ caller_id = element.attributes['callerId']
+ end
+ response.elements.each('Response/Dial/Number') do |element|
+ number_to_dail = element.text
+ end
+ expect(caller_id).to eq('41715880339000')
+ expect(number_to_dail).to eq('4147110000000')
+ expect(on_hangup).to eq('http://zammad.example.com/api/v1/sipgate/out')
+ expect(on_answer).to eq('http://zammad.example.com/api/v1/sipgate/out')
+
+ # no config
+ Setting.set('sipgate_config', {})
+ params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(422)
+ error = nil
+ content = @response.body
+ response = REXML::Document.new(content)
+ response.elements.each('Response/Error') do |element|
+ error = element.text
+ end
+ expect(error).to eq('Feature not configured, please contact your admin!')
+
+ end
+
+ it 'does log call' do
+
+ # outbound - I - new call
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-1')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(true)
+
+ # outbound - I - hangup by agent
+ params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-1')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('cancel')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+
+ # outbound - II - new call
+ params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(true)
+
+ # outbound - II - answer by customer
+ params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+
+ # outbound - II - hangup by customer
+ params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
+ post '/api/v1/sipgate/out', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-2')
+ expect(log).to be_truthy
+ expect(log.from).to eq('4930777000000')
+ expect(log.to).to eq('4912347114711')
+ expect(log.direction).to eq('out')
+ expect(log.from_comment).to eq('user 1')
+ expect(log.to_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+
+ # inbound - I - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+
+ # inbound - I - answer by customer
+ params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+
+ # inbound - I - hangup by customer
+ params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-3')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(true)
+
+ # inbound - II - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+
+ # inbound - II - answer by voicemail
+ params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('voicemail')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('answer')
+ expect(log.done).to eq(true)
+
+ # inbound - II - hangup by customer
+ params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-4')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('voicemail')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(false)
+
+ # inbound - III - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-5')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+
+ # inbound - III - hangup by customer
+ params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-5')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('4912347114711')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer1')
+ expect(log.comment).to eq('normalClearing')
+ expect(log.state).to eq('hangup')
+ expect(log.done).to eq(false)
+
+ # inbound - IV - new call
+ params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
+ post '/api/v1/sipgate/in', params: params
+ expect(@response).to have_http_status(200)
+ log = Cti::Log.find_by(call_id: '1234567890-6')
+ expect(log).to be_truthy
+ expect(log.to).to eq('4930600000000')
+ expect(log.from).to eq('49999992222222')
+ expect(log.direction).to eq('in')
+ expect(log.to_comment).to eq('user 1,user 2')
+ expect(log.from_comment).to eq('CallerId Customer3,CallerId Customer2')
+ expect(log.preferences['to']).to be_falsey
+ expect(log.preferences['from']).to be_truthy
+ expect(log.comment).to be_nil
+ expect(log.state).to eq('newCall')
+ expect(log.done).to eq(false)
+
+ # get caller list
+ get '/api/v1/cti/log'
+ expect(@response).to have_http_status(401)
+
+ authenticated_as(agent_user)
+ get '/api/v1/cti/log', as: :json
+ expect(@response).to have_http_status(200)
+ expect(json_response['list']).to be_a_kind_of(Array)
+ expect(json_response['list'].count).to eq(6)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user2.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user3.id.to_s]).to be_truthy
+ expect(json_response['list'][0]['call_id']).to eq('1234567890-6')
+ expect(json_response['list'][1]['call_id']).to eq('1234567890-5')
+ expect(json_response['list'][2]['call_id']).to eq('1234567890-4')
+ expect(json_response['list'][3]['call_id']).to eq('1234567890-3')
+ expect(json_response['list'][4]['call_id']).to eq('1234567890-2')
+ expect(json_response['list'][4]['state']).to eq('hangup')
+ expect(json_response['list'][4]['from']).to eq('4930777000000')
+ expect(json_response['list'][4]['from_comment']).to eq('user 1')
+ expect(json_response['list'][4]['to']).to eq('4912347114711')
+ expect(json_response['list'][4]['to_comment']).to eq('CallerId Customer1')
+ expect(json_response['list'][4]['comment']).to eq('normalClearing')
+ expect(json_response['list'][4]['state']).to eq('hangup')
+ expect(json_response['list'][5]['call_id']).to eq('1234567890-1')
+ end
+ end
+end
diff --git a/spec/requests/o_auth_spec.rb b/spec/requests/o_auth_spec.rb
new file mode 100644
index 000000000..4f7405369
--- /dev/null
+++ b/spec/requests/o_auth_spec.rb
@@ -0,0 +1,31 @@
+require 'rails_helper'
+
+RSpec.describe 'OAuth', type: :request do
+
+ describe 'request handling' do
+
+ it 'does o365 - start' do
+ get '/auth/microsoft_office365'
+ expect(response).to have_http_status(302)
+ expect(response.body).to include('https://login.microsoftonline.com/common/oauth2/v2.0/authorize')
+ expect(response.body).to include('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback')
+ expect(response.body).to include('scope=openid+email+profile')
+ expect(response.body).to include('response_type=code')
+ end
+
+ it 'does o365 - callback' do
+ get '/auth/microsoft_office365/callback?code=1234&state=1234'
+ expect(response).to have_http_status(302)
+ expect(response.body).to include('302 Moved')
+ end
+
+ it 'does auth failure' do
+ get '/auth/failure?message=123&strategy=some_provider'
+ expect(response).to have_http_status(422)
+ expect(response.body).to include('422: Unprocessable Entity')
+ expect(response.body).to include('422: The change you wanted was rejected.
')
+ expect(response.body).to include('Message from some_provider: 123
')
+ end
+ end
+
+end
diff --git a/spec/requests/organization_spec.rb b/spec/requests/organization_spec.rb
new file mode 100644
index 000000000..2ce65cbdc
--- /dev/null
+++ b/spec/requests/organization_spec.rb
@@ -0,0 +1,557 @@
+require 'rails_helper'
+
+RSpec.describe 'Organization', type: :request, searchindex: true do
+
+ let!(:admin_user) do
+ create(:admin_user, groups: Group.all)
+ end
+ let!(:agent_user) do
+ create(:agent_user, firstname: 'Search 1234', groups: Group.all)
+ end
+ let!(:customer_user) do
+ create(:customer_user)
+ end
+ let!(:organization) do
+ create(
+ :organization,
+ name: 'Rest Org #1',
+ note: 'Rest Org #1',
+ created_at: '2017-09-05 10:00:00',
+ )
+ end
+ let!(:organization2) do
+ create(
+ :organization,
+ name: 'Rest Org #2',
+ note: 'Rest Org #2',
+ created_at: '2017-09-05 11:00:00',
+ )
+ end
+ let!(:organization3) do
+ create(
+ :organization,
+ name: 'Rest Org #3',
+ note: 'Rest Org #3',
+ created_at: '2017-09-05 12:00:00',
+ )
+ end
+ let!(:customer_user2) do
+ create(:customer_user, organization: organization)
+ end
+
+ before(:each) do
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+ end
+
+ describe 'request handling' do
+
+ it 'does index with agent' do
+
+ # index
+ authenticated_as(agent_user)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
+ expect(json_response.length >= 3).to be_truthy
+
+ get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ organizations = Organization.order(:id).limit(2)
+ expect(json_response[0]['id']).to eq(organizations[0].id)
+ expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
+ expect(json_response[1]['id']).to eq(organizations[1].id)
+ expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
+ expect(json_response.count).to eq(2)
+
+ get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ organizations = Organization.order(:id).limit(4)
+ expect(json_response[0]['id']).to eq(organizations[2].id)
+ expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
+ expect(json_response[1]['id']).to eq(organizations[3].id)
+ expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
+
+ expect(json_response.count).to eq(2)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['member_ids']).to be_a_kind_of(Array)
+ expect(json_response['members']).to be_falsey
+ expect('Rest Org #1').to eq(json_response['name'])
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['member_ids']).to be_a_kind_of(Array)
+ expect(json_response['members']).to be_falsey
+ expect('Rest Org #2').to eq(json_response['name'])
+
+ # search as agent
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['name']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_truthy
+ expect(json_response[0]['members']).to be_falsey
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['name']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_truthy
+ expect(json_response[0]['members']).to be_truthy
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['label']).to eq('Zammad Foundation')
+ expect(json_response[0]['value']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_falsey
+ expect(json_response[0]['members']).to be_falsey
+ end
+
+ it 'does index with customer1' do
+
+ # index
+ authenticated_as(customer_user)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.length).to eq(0)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does index with customer2' do
+
+ # index
+ authenticated_as(customer_user2)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.length).to eq(1)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect('Rest Org #1').to eq(json_response['name'])
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does organization search sortable' do
+ authenticated_as(admin_user)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to be_a_kind_of(Array)
+ expect(result).to eq([ organization.id, organization3.id, organization2.id ])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to be_a_kind_of(Array)
+ expect(result).to eq([ organization.id, organization2.id, organization3.id ])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to be_a_kind_of(Array)
+ expect(result).to eq([ organization.id, organization2.id, organization3.id ])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, as: :json
+ expect(response).to have_http_status(200)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to be_a_kind_of(Array)
+ expect(result).to eq([ organization3.id, organization2.id, organization.id ])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to be_a_kind_of(Array)
+ expect(result).to eq([ organization3.id, organization2.id, organization.id ])
+ end
+
+ it 'does organization show and response format' do
+ organization = create(
+ :organization,
+ name: 'Rest Org NEW',
+ members: [customer_user],
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
+
+ authenticated_as(admin_user)
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(organization.id)
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['members']).to be_falsey
+ expect(json_response['member_ids']).to eq([customer_user.id])
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(organization.id)
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['members']).to be_truthy
+ expect(json_response['member_ids']).to eq([customer_user.id])
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(organization.id)
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['members']).to be_falsey
+ expect(json_response['member_ids']).to eq([customer_user.id])
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/organizations/#{organization.id}?full=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(organization.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Organization']).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+ get "/api/v1/organizations/#{organization.id}?full=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(organization.id)
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['members']).to be_falsey
+ expect(json_response['member_ids']).to eq([customer_user.id])
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+ end
+
+ it 'does organization index and response format' do
+ organization = create(
+ :organization,
+ name: 'Rest Org NEW',
+ members: [customer_user],
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
+
+ authenticated_as(admin_user)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(organization.id)
+ expect(json_response.last['name']).to eq(organization.name)
+ expect(json_response.last['members']).to be_falsey
+ expect(json_response.last['member_ids']).to eq(organization.member_ids)
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/organizations?expand=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(organization.id)
+ expect(json_response.last['name']).to eq(organization.name)
+ expect(json_response.last['member_ids']).to eq(organization.member_ids)
+ expect([customer_user.login]).to eq(organization.members.pluck(:login))
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/organizations?expand=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(organization.id)
+ expect(json_response.last['name']).to eq(organization.name)
+ expect(json_response.last['members']).to be_falsey
+ expect(json_response.last['member_ids']).to eq(organization.member_ids)
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/organizations?full=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['record_ids'].class).to eq(Array)
+ expect(json_response['record_ids'][0]).to eq(1)
+ expect(json_response['record_ids'].last).to eq(organization.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Organization']).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+ get '/api/v1/organizations?full=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(organization.id)
+ expect(json_response.last['name']).to eq(organization.name)
+ expect(json_response.last['members']).to be_falsey
+ expect(json_response.last['member_ids']).to eq(organization.member_ids)
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+ end
+
+ it 'does ticket create and response format' do
+ params = {
+ name: 'Rest Org NEW',
+ members: [customer_user.login],
+ }
+
+ authenticated_as(admin_user)
+ post '/api/v1/organizations', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['member_ids']).to eq(organization.member_ids)
+ expect(json_response['members']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ params[:name] = 'Rest Org NEW #2'
+ post '/api/v1/organizations?expand=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['name']).to eq(organization.name)
+ expect(json_response['member_ids']).to eq(organization.member_ids)
+ expect(json_response['members']).to eq(organization.members.pluck(:login))
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ params[:name] = 'Rest Org NEW #3'
+ post '/api/v1/organizations?full=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Organization']).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(organization.name)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+ end
+
+ it 'does ticket update and response formats' do
+ organization = create(
+ :organization,
+ name: 'Rest Org NEW',
+ members: [customer_user],
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
+
+ params = {
+ name: 'a update name #1',
+ }
+ authenticated_as(admin_user)
+ put "/api/v1/organizations/#{organization.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['name']).to eq(params[:name])
+ expect(json_response['member_ids']).to eq(organization.member_ids)
+ expect(json_response['members']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ params = {
+ name: 'a update name #2',
+ }
+ put "/api/v1/organizations/#{organization.id}?expand=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['name']).to eq(params[:name])
+ expect(json_response['member_ids']).to eq(organization.member_ids)
+ expect([customer_user.login]).to eq(organization.members.pluck(:login))
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ params = {
+ name: 'a update name #3',
+ }
+ put "/api/v1/organizations/#{organization.id}?full=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ organization = Organization.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Organization']).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]).to be_truthy
+ expect(json_response['assets']['Organization'][organization.id.to_s]['id']).to eq(organization.id)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['name']).to eq(params[:name])
+ expect(json_response['assets']['Organization'][organization.id.to_s]['member_ids']).to eq(organization.member_ids)
+ expect(json_response['assets']['Organization'][organization.id.to_s]['members']).to be_falsey
+
+ end
+
+ it 'does csv example - customer no access' do
+ authenticated_as(customer_user)
+ get '/api/v1/organizations/import_example', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+
+ it 'does csv example - admin access' do
+ authenticated_as(admin_user)
+ get '/api/v1/organizations/import_example', params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ rows = CSV.parse(@response.body)
+ header = rows.shift
+
+ expect(header[0]).to eq('id')
+ expect(header[1]).to eq('name')
+ expect(header[2]).to eq('shared')
+ expect(header[3]).to eq('domain')
+ expect(header[4]).to eq('domain_assignment')
+ expect(header[5]).to eq('active')
+ expect(header[6]).to eq('note')
+ expect(header.include?('members')).to be_truthy
+ end
+
+ it 'does csv import - admin access' do
+
+ UserInfo.current_user_id = 1
+ customer1 = create(
+ :customer_user,
+ login: 'customer1-members@example.com',
+ firstname: 'Member',
+ lastname: 'Customer',
+ email: 'customer1-members@example.com',
+ password: 'customerpw',
+ active: true,
+ )
+ customer2 = create(
+ :customer_user,
+ login: 'customer2-members@example.com',
+ firstname: 'Member',
+ lastname: 'Customer',
+ email: 'customer2-members@example.com',
+ password: 'customerpw',
+ active: true,
+ )
+ UserInfo.current_user_id = nil
+
+ # invalid file
+ authenticated_as(admin_user)
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to eq(true)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('failed')
+ expect(json_response['errors'].count).to eq(2)
+ expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'name2' for Organization.")
+ expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'name2' for Organization.")
+
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to eq(true)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
+
+ expect(Organization.find_by(name: 'organization-member-import1')).to be_nil
+ expect(Organization.find_by(name: 'organization-member-import2')).to be_nil
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to eq(false)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
+
+ organization1 = Organization.find_by(name: 'organization-member-import1')
+ expect(organization1).to be_truthy
+ expect(organization1.name).to eq('organization-member-import1')
+ expect(organization1.members.count).to eq(1)
+ expect(organization1.members.first.login).to eq(customer1.login)
+ expect(organization1.active).to eq(true)
+ organization2 = Organization.find_by(name: 'organization-member-import2')
+ expect(organization2).to be_truthy
+ expect(organization2.name).to eq('organization-member-import2')
+ expect(organization2.members.count).to eq(1)
+ expect(organization2.members.first.login).to eq(customer2.login)
+ expect(organization2.active).to eq(false)
+ end
+ end
+end
diff --git a/spec/requests/overview_spec.rb b/spec/requests/overview_spec.rb
new file mode 100644
index 000000000..a46ada2f4
--- /dev/null
+++ b/spec/requests/overview_spec.rb
@@ -0,0 +1,186 @@
+require 'rails_helper'
+
+RSpec.describe 'Overviews', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does return no permissions' do
+ params = {
+ name: 'Overview2',
+ link: 'my_overview',
+ roles: Role.where(name: 'Agent').pluck(:name),
+ condition: {
+ 'ticket.state_id' => {
+ operator: 'is',
+ value: [1, 2, 3],
+ },
+ },
+ order: {
+ by: 'created_at',
+ direction: 'DESC',
+ },
+ view: {
+ d: %w[title customer state created_at],
+ s: %w[number title customer state created_at],
+ m: %w[number title customer state created_at],
+ view_mode_default: 's',
+ },
+ }
+
+ agent_user = create(:agent_user, password: 'we need a password here')
+
+ authenticated_as(agent_user)
+ post '/api/v1/overviews', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does create overviews' do
+ params = {
+ name: 'Overview2',
+ link: 'my_overview',
+ roles: Role.where(name: 'Agent').pluck(:name),
+ condition: {
+ 'ticket.state_id' => {
+ operator: 'is',
+ value: [1, 2, 3],
+ },
+ },
+ order: {
+ by: 'created_at',
+ direction: 'DESC',
+ },
+ view: {
+ d: %w[title customer state created_at],
+ s: %w[number title customer state created_at],
+ m: %w[number title customer state created_at],
+ view_mode_default: 's',
+ },
+ }
+
+ authenticated_as(admin_user)
+ post '/api/v1/overviews', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('Overview2')
+ expect(json_response['link']).to eq('my_overview')
+
+ post '/api/v1/overviews', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('Overview2')
+ expect(json_response['link']).to eq('my_overview_1')
+ end
+
+ it 'does set mass prio' do
+ roles = Role.where(name: 'Agent')
+ overview1 = Overview.create!(
+ name: 'Overview1',
+ link: 'my_overview',
+ roles: roles,
+ condition: {
+ 'ticket.state_id' => {
+ operator: 'is',
+ value: [1, 2, 3],
+ },
+ },
+ order: {
+ by: 'created_at',
+ direction: 'DESC',
+ },
+ view: {
+ d: %w[title customer state created_at],
+ s: %w[number title customer state created_at],
+ m: %w[number title customer state created_at],
+ view_mode_default: 's',
+ },
+ prio: 1,
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+ overview2 = Overview.create!(
+ name: 'Overview2',
+ link: 'my_overview',
+ roles: roles,
+ condition: {
+ 'ticket.state_id' => {
+ operator: 'is',
+ value: [1, 2, 3],
+ },
+ },
+ order: {
+ by: 'created_at',
+ direction: 'DESC',
+ },
+ view: {
+ d: %w[title customer state created_at],
+ s: %w[number title customer state created_at],
+ m: %w[number title customer state created_at],
+ view_mode_default: 's',
+ },
+ prio: 2,
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+
+ params = {
+ prios: [
+ [overview2.id, 1],
+ [overview1.id, 2],
+ ]
+ }
+ authenticated_as(admin_user)
+ post '/api/v1/overviews_prio', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['success']).to eq(true)
+
+ overview1.reload
+ overview2.reload
+
+ expect(overview1.prio).to eq(2)
+ expect(overview2.prio).to eq(1)
+ end
+
+ it 'does create an overview with group_by direction' do
+
+ params = {
+ name: 'Overview2',
+ link: 'my_overview',
+ roles: Role.where(name: 'Agent').pluck(:name),
+ condition: {
+ 'ticket.state_id' => {
+ operator: 'is',
+ value: [1, 2, 3],
+ },
+ },
+ order: {
+ by: 'created_at',
+ direction: 'DESC',
+ },
+ group_by: 'priority',
+ group_direction: 'ASC',
+ view: {
+ d: %w[title customer state created_at],
+ s: %w[number title customer state created_at],
+ m: %w[number title customer state created_at],
+ view_mode_default: 's',
+ },
+ }
+
+ authenticated_as(admin_user)
+ post '/api/v1/overviews', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('Overview2')
+ expect(json_response['link']).to eq('my_overview')
+ expect(json_response['group_by']).to eq('priority')
+ expect(json_response['group_direction']).to eq('ASC')
+ end
+ end
+end
diff --git a/spec/requests/package_spec.rb b/spec/requests/package_spec.rb
new file mode 100644
index 000000000..af1eb82c3
--- /dev/null
+++ b/spec/requests/package_spec.rb
@@ -0,0 +1,75 @@
+require 'rails_helper'
+
+RSpec.describe 'Packages', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does packages index with nobody' do
+ get '/api/v1/packages', as: :json
+ expect(response).to have_http_status(401)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['packages']).to be_falsey
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does packages index with admin' do
+ authenticated_as(admin_user)
+ get '/api/v1/packages', as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['packages']).to be_truthy
+ end
+
+ it 'does packages index with admin and wrong pw' do
+ authenticated_as(admin_user, password: 'wrongadminpw')
+ get '/api/v1/packages', as: :json
+
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does packages index with inactive admin' do
+ admin_user = create(:admin_user, active: false, password: 'we need a password here')
+
+ authenticated_as(admin_user)
+ get '/api/v1/packages', as: :json
+
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does packages index with agent' do
+ authenticated_as(agent_user)
+ get '/api/v1/packages', as: :json
+
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['packages']).to be_falsey
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+
+ it 'does packages index with customer' do
+ authenticated_as(customer_user)
+ get '/api/v1/packages', as: :json
+
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['packages']).to be_falsey
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+ end
+end
diff --git a/spec/requests/report_spec.rb b/spec/requests/report_spec.rb
new file mode 100644
index 000000000..dcd2dcc80
--- /dev/null
+++ b/spec/requests/report_spec.rb
@@ -0,0 +1,59 @@
+require 'rails_helper'
+
+RSpec.describe 'Report', type: :request, searchindex: true do
+
+ let!(:admin_user) do
+ create(:admin_user)
+ end
+ let!(:agent_user) do
+ create(:agent_user)
+ end
+ let!(:customer_user) do
+ create(:customer_user)
+ end
+ let!(:year) do
+ DateTime.now.utc.year
+ end
+ let!(:month) do
+ DateTime.now.utc.month
+ end
+ let!(:week) do
+ DateTime.now.utc.strftime('%U').to_i
+ end
+ let!(:day) do
+ DateTime.now.utc.day
+ end
+ let!(:ticket) do
+ create(:ticket, title: 'ticket for report', customer: customer_user)
+ end
+ let!(:article) do
+ create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
+ end
+
+ before(:each) do
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+ end
+
+ describe 'request handling' do
+
+ it 'does report example - admin access' do
+ authenticated_as(admin_user)
+ get "/api/v1/reports/sets?sheet=true;metric=count;year=#{year};month=#{month};week=#{week};day=#{day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, as: :json
+
+ expect(response).to have_http_status(200)
+ assert(@response['Content-Disposition'])
+ expect(@response['Content-Disposition']).to eq('attachment; filename="tickets--all--Created.xls"')
+ expect(@response['Content-Type']).to eq('application/vnd.ms-excel')
+ end
+ end
+end
diff --git a/spec/requests/search_spec.rb b/spec/requests/search_spec.rb
new file mode 100644
index 000000000..32a41a24e
--- /dev/null
+++ b/spec/requests/search_spec.rb
@@ -0,0 +1,330 @@
+require 'rails_helper'
+
+RSpec.describe 'Search', type: :request, searchindex: true do
+
+ let!(:admin_user) do
+ create(:admin_user, groups: Group.all)
+ end
+ let!(:agent_user) do
+ create(:agent_user, firstname: 'Search 1234', groups: Group.all)
+ end
+ let!(:customer_user) do
+ create(:customer_user)
+ end
+ let!(:organization1) do
+ create(:organization, name: 'Rest Org')
+ end
+ let!(:organization2) do
+ create(:organization, name: 'Rest Org #2')
+ end
+ let!(:organization3) do
+ create(:organization, name: 'Rest Org #3')
+ end
+ let!(:organization4) do
+ create(:organization, name: 'Tes.t. Org')
+ end
+ let!(:organization5) do
+ create(:organization, name: 'ABC_D Org')
+ end
+ let!(:customer_user2) do
+ create(:customer_user, organization: organization1)
+ end
+ let!(:customer_user3) do
+ create(:customer_user, organization: organization1)
+ end
+ let!(:ticket1) do
+ create(:ticket, title: 'test 1234-1', customer: customer_user)
+ end
+ let!(:ticket2) do
+ create(:ticket, title: 'test 1234-2', customer: customer_user2)
+ end
+ let!(:ticket3) do
+ create(:ticket, title: 'test 1234-2', customer: customer_user3)
+ end
+ let!(:article1) do
+ create(:ticket_article, ticket_id: ticket1.id)
+ end
+ let!(:article2) do
+ create(:ticket_article, ticket_id: ticket2.id)
+ end
+ let!(:article3) do
+ create(:ticket_article, ticket_id: ticket3.id)
+ end
+
+ before(:each) do
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+ end
+
+ describe 'request handling' do
+
+ it 'does settings index with nobody' do
+ params = {
+ query: 'test 1234',
+ limit: 2,
+ }
+
+ post '/api/v1/search/ticket', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to_not be_blank
+ expect(json_response['error']).to eq('authentication failed')
+
+ post '/api/v1/search/user', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to_not be_blank
+ expect(json_response['error']).to eq('authentication failed')
+
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to_not be_blank
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does settings index with admin' do
+ params = {
+ query: '1234*',
+ limit: 1,
+ }
+ authenticated_as(admin_user)
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('User')
+ expect(json_response['result'][1]['id']).to eq(agent_user.id)
+ expect(json_response['result'][2]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]['type']).to eq('Ticket')
+ expect(json_response['result'][2]['id']).to eq(ticket1.id)
+ expect(json_response['result'][3]['type']).to eq('User')
+ expect(json_response['result'][3]['id']).to eq(agent_user.id)
+ expect(json_response['result'][4]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/ticket', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]['type']).to eq('Ticket')
+ expect(json_response['result'][2]['id']).to eq(ticket1.id)
+ expect(json_response['result'][3]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/user', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result'][0]['type']).to eq('User')
+ expect(json_response['result'][0]['id']).to eq(agent_user.id)
+ expect(json_response['result'][1]).to be_falsey
+ end
+
+ it 'does settings index with agent' do
+ params = {
+ query: '1234*',
+ limit: 1,
+ }
+
+ authenticated_as(agent_user)
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('User')
+ expect(json_response['result'][1]['id']).to eq(agent_user.id)
+ expect(json_response['result'][2]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]['type']).to eq('Ticket')
+ expect(json_response['result'][2]['id']).to eq(ticket1.id)
+ expect(json_response['result'][3]['type']).to eq('User')
+ expect(json_response['result'][3]['id']).to eq(agent_user.id)
+ expect(json_response['result'][4]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/ticket', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]['type']).to eq('Ticket')
+ expect(json_response['result'][2]['id']).to eq(ticket1.id)
+ expect(json_response['result'][3]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/user', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result'][0]['type']).to eq('User')
+ expect(json_response['result'][0]['id']).to eq(agent_user.id)
+ expect(json_response['result'][1]).to be_falsey
+ end
+
+ it 'does settings index with customer 1' do
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ authenticated_as(customer_user)
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket1.id)
+ expect(json_response['result'][1]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/ticket', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket1.id)
+ expect(json_response['result'][1]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/user', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result'][0]).to be_falsey
+ end
+
+ it 'does settings index with customer 2' do
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ authenticated_as(customer_user2)
+ post '/api/v1/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/ticket', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['result'][0]['type']).to eq('Ticket')
+ expect(json_response['result'][0]['id']).to eq(ticket3.id)
+ expect(json_response['result'][1]['type']).to eq('Ticket')
+ expect(json_response['result'][1]['id']).to eq(ticket2.id)
+ expect(json_response['result'][2]).to be_falsey
+
+ params = {
+ query: '1234*',
+ limit: 10,
+ }
+
+ post '/api/v1/search/user', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result'][0]).to be_falsey
+ end
+
+ # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
+ it 'does searching for organization with a dot in its name' do
+ authenticated_as(agent_user)
+ get '/api/v1/search/organization?query=tes.', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['result'].size).to eq(1)
+ expect(json_response['result'][0]['type']).to eq('Organization')
+ target_id = json_response['result'][0]['id']
+ expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org')
+ end
+
+ # Search query H& should correctly match H&M
+ it 'does searching for organization with _ in its name' do
+ authenticated_as(agent_user)
+ get '/api/v1/search/organization?query=abc_', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['result'].size).to eq(1)
+ expect(json_response['result'][0]['type']).to eq('Organization')
+ target_id = json_response['result'][0]['id']
+ expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org')
+ end
+ end
+end
diff --git a/spec/requests/settings_spec.rb b/spec/requests/settings_spec.rb
new file mode 100644
index 000000000..e396592a9
--- /dev/null
+++ b/spec/requests/settings_spec.rb
@@ -0,0 +1,227 @@
+require 'rails_helper'
+
+RSpec.describe 'Settings', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:admin_api_user) do
+ role_api = create(:role)
+ role_api.permission_grant('admin.api')
+
+ create(:admin_user, roles: [role_api])
+ end
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does settings index with nobody' do
+
+ # index
+ get '/api/v1/settings', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['settings']).to be_falsey
+
+ # show
+ setting = Setting.find_by(name: 'product_name')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does settings index with admin' do
+
+ # index
+ authenticated_as(admin_user)
+ get '/api/v1/settings', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ hit_api = false
+ hit_product_name = false
+ json_response.each do |setting|
+ if setting['name'] == 'api_token_access'
+ hit_api = true
+ end
+ if setting['name'] == 'product_name'
+ hit_product_name = true
+ end
+ end
+ expect(hit_api).to eq(true)
+ expect(hit_product_name).to eq(true)
+
+ # show
+ setting = Setting.find_by(name: 'product_name')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('product_name')
+
+ setting = Setting.find_by(name: 'api_token_access')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('api_token_access')
+
+ # update
+ setting = Setting.find_by(name: 'product_name')
+ params = {
+ id: setting.id,
+ name: 'some_new_name',
+ preferences: {
+ permission: ['admin.branding', 'admin.some_new_permission'],
+ some_new_key: true,
+ }
+ }
+ put "/api/v1/settings/#{setting.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('product_name')
+ expect(json_response['preferences']['permission'].length).to eq(1)
+ expect(json_response['preferences']['permission'][0]).to eq('admin.branding')
+ expect(json_response['preferences']['some_new_key']).to eq(true)
+
+ # update
+ setting = Setting.find_by(name: 'api_token_access')
+ params = {
+ id: setting.id,
+ name: 'some_new_name',
+ preferences: {
+ permission: ['admin.branding', 'admin.some_new_permission'],
+ some_new_key: true,
+ }
+ }
+ put "/api/v1/settings/#{setting.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('api_token_access')
+ expect(json_response['preferences']['permission'].length).to eq(1)
+ expect(json_response['preferences']['permission'][0]).to eq('admin.api')
+ expect(json_response['preferences']['some_new_key']).to eq(true)
+
+ # delete
+ setting = Setting.find_by(name: 'product_name')
+ delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (feature not possible)')
+ end
+
+ it 'does settings index with admin-api' do
+
+ # index
+ authenticated_as(admin_api_user)
+ get '/api/v1/settings', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ hit_api = false
+ hit_product_name = false
+ json_response.each do |setting|
+ if setting['name'] == 'api_token_access'
+ hit_api = true
+ end
+ if setting['name'] == 'product_name'
+ hit_product_name = true
+ end
+ end
+ expect(hit_api).to eq(true)
+ expect(hit_product_name).to eq(false)
+
+ # show
+ setting = Setting.find_by(name: 'product_name')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
+
+ setting = Setting.find_by(name: 'api_token_access')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('api_token_access')
+
+ # update
+ setting = Setting.find_by(name: 'product_name')
+ params = {
+ id: setting.id,
+ name: 'some_new_name',
+ preferences: {
+ permission: ['admin.branding', 'admin.some_new_permission'],
+ some_new_key: true,
+ }
+ }
+ put "/api/v1/settings/#{setting.id}", params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (required ["admin.branding"])')
+
+ # update
+ setting = Setting.find_by(name: 'api_token_access')
+ params = {
+ id: setting.id,
+ name: 'some_new_name',
+ preferences: {
+ permission: ['admin.branding', 'admin.some_new_permission'],
+ some_new_key: true,
+ }
+ }
+ put "/api/v1/settings/#{setting.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to eq('api_token_access')
+ expect(json_response['preferences']['permission'].length).to eq(1)
+ expect(json_response['preferences']['permission'][0]).to eq('admin.api')
+ expect(json_response['preferences']['some_new_key']).to eq(true)
+
+ # delete
+ setting = Setting.find_by(name: 'product_name')
+ delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (feature not possible)')
+ end
+
+ it 'does settings index with agent' do
+
+ # index
+ authenticated_as(agent_user)
+ get '/api/v1/settings', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['settings']).to be_falsey
+ expect(json_response['error']).to eq('Not authorized (user)!')
+
+ # show
+ setting = Setting.find_by(name: 'product_name')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+
+ it 'does settings index with customer' do
+
+ # index
+ authenticated_as(customer_user)
+ get '/api/v1/settings', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['settings']).to be_falsey
+ expect(json_response['error']).to eq('Not authorized (user)!')
+
+ # show
+ setting = Setting.find_by(name: 'product_name')
+ get "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
+
+ # delete
+ setting = Setting.find_by(name: 'product_name')
+ delete "/api/v1/settings/#{setting.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+ end
+end
diff --git a/spec/requests/sla_spec.rb b/spec/requests/sla_spec.rb
new file mode 100644
index 000000000..9d52b9946
--- /dev/null
+++ b/spec/requests/sla_spec.rb
@@ -0,0 +1,45 @@
+require 'rails_helper'
+
+RSpec.describe 'SLAs', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does index sla with nobody' do
+ get '/api/v1/slas', as: :json
+ expect(response).to have_http_status(401)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does index sla with admin' do
+ authenticated_as(admin_user)
+ get '/api/v1/slas', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ expect(json_response.count).to eq(0)
+
+ get '/api/v1/slas?expand=true', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response).to be_truthy
+ expect(json_response.count).to eq(0)
+
+ get '/api/v1/slas?full=true', as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_truthy
+ expect(json_response['record_ids']).to be_truthy
+ expect(json_response['record_ids']).to be_blank
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Calendar']).to be_present
+ expect(json_response['assets']).to be_present
+ end
+ end
+
+end
diff --git a/spec/requests/taskbar_spec.rb b/spec/requests/taskbar_spec.rb
new file mode 100644
index 000000000..bf7f67a7c
--- /dev/null
+++ b/spec/requests/taskbar_spec.rb
@@ -0,0 +1,82 @@
+require 'rails_helper'
+
+RSpec.describe 'Taskbars', type: :request do
+
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does task ownership' do
+ params = {
+ user_id: customer_user.id,
+ client_id: '123',
+ key: 'Ticket-5',
+ callback: 'TicketZoom',
+ state: {
+ ticket: {
+ owner_id: agent_user.id,
+ },
+ article: {},
+ },
+ params: {
+ ticket_id: 5,
+ shown: true,
+ },
+ prio: 3,
+ notify: false,
+ active: false,
+ }
+
+ authenticated_as(agent_user)
+ post '/api/v1/taskbar', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['client_id']).to eq('123')
+ expect(json_response['user_id']).to eq(agent_user.id)
+ expect(json_response['params']['ticket_id']).to eq(5)
+ expect(json_response['params']['shown']).to eq(true)
+
+ taskbar_id = json_response['id']
+ params[:user_id] = customer_user.id
+ params[:params] = {
+ ticket_id: 5,
+ shown: false,
+ }
+ put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['client_id']).to eq('123')
+ expect(json_response['user_id']).to eq(agent_user.id)
+ expect(json_response['params']['ticket_id']).to eq(5)
+ expect(json_response['params']['shown']).to eq(false)
+
+ # try to access with other user
+ params = {
+ active: true,
+ }
+
+ authenticated_as(customer_user)
+ put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not allowed to access this task.')
+
+ delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not allowed to access this task.')
+
+ # delete with correct user
+ authenticated_as(agent_user)
+ delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response).to be_blank
+ end
+ end
+end
diff --git a/spec/requests/text_module_spec.rb b/spec/requests/text_module_spec.rb
new file mode 100644
index 000000000..026e3bf1a
--- /dev/null
+++ b/spec/requests/text_module_spec.rb
@@ -0,0 +1,104 @@
+require 'rails_helper'
+require 'byebug'
+
+RSpec.describe 'Text Module', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:agent_user) do
+ create(:agent_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does csv example - customer no access' do
+ authenticated_as(customer_user)
+ get '/api/v1/text_modules/import_example', as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
+ end
+
+ it 'does csv example - admin access' do
+ TextModule.load('en-en')
+
+ authenticated_as(admin_user)
+ get '/api/v1/text_modules/import_example', as: :json
+ expect(response).to have_http_status(200)
+ rows = CSV.parse(@response.body)
+ header = rows.shift
+
+ expect(header[0]).to eq('id')
+ expect(header[1]).to eq('name')
+ expect(header[2]).to eq('keywords')
+ expect(header[3]).to eq('content')
+ expect(header[4]).to eq('note')
+ expect(header[5]).to eq('active')
+ expect(header).to_not include('organization')
+ expect(header).to_not include('priority')
+ expect(header).to_not include('state')
+ expect(header).to_not include('owner')
+ expect(header).to_not include('customer')
+ end
+
+ it 'does csv import - admin access' do
+
+ # invalid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+
+ authenticated_as(admin_user)
+ post '/api/v1/text_modules/import', params: { try: true, file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to be_truthy
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('failed')
+ expect(json_response['errors'].count).to eq(2)
+ expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'keywords2' for TextModule.")
+ expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'keywords2' for TextModule.")
+
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to be_truthy
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
+
+ expect(TextModule.find_by(name: 'some name1')).to be_nil
+ expect(TextModule.find_by(name: 'some name2')).to be_nil
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to eq(false)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
+
+ text_module1 = TextModule.find_by(name: 'some name1')
+ expect(text_module1).to be_truthy
+ expect(text_module1.name).to eq('some name1')
+ expect(text_module1.keywords).to eq('keyword1')
+ expect(text_module1.content).to eq('some
content1')
+ expect(text_module1.active).to be_truthy
+ text_module2 = TextModule.find_by(name: 'some name2')
+ expect(text_module2).to be_truthy
+ expect(text_module2.name).to eq('some name2')
+ expect(text_module2.keywords).to eq('keyword2')
+ expect(text_module2.content).to eq('some content
test123')
+ expect(text_module2.active).to be_truthy
+ end
+ end
+end
diff --git a/spec/requests/ticket/article_attachments_spec.rb b/spec/requests/ticket/article_attachments_spec.rb
new file mode 100644
index 000000000..bfbdaec32
--- /dev/null
+++ b/spec/requests/ticket/article_attachments_spec.rb
@@ -0,0 +1,113 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Article Attachments', type: :request do
+
+ let(:agent_user) do
+ create(:agent_user, groups: Group.all)
+ end
+
+ describe 'request handling' do
+
+ it 'does test attachment urls' do
+ ticket1 = create(:ticket)
+ article1 = create(:ticket_article, ticket_id: ticket1.id)
+
+ store1 = Store.add(
+ object: 'Ticket::Article',
+ o_id: article1.id,
+ data: 'some content',
+ filename: 'some_file.txt',
+ preferences: {
+ 'Content-Type' => 'text/plain',
+ },
+ created_by_id: 1,
+ )
+ article2 = create(:ticket_article, ticket_id: ticket1.id)
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(200)
+ expect('some content').to eq(@response.body)
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(401)
+ expect(@response.body).to match(/401: Unauthorized/)
+
+ ticket2 = create(:ticket)
+ ticket1.merge_to(
+ ticket_id: ticket2.id,
+ user_id: 1,
+ )
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(200)
+ expect('some content').to eq(@response.body)
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(401)
+ expect(@response.body).to match(/401: Unauthorized/)
+
+ # allow access via merged ticket id also
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(200)
+ expect('some content').to eq(@response.body)
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}
+ expect(response).to have_http_status(401)
+ expect(@response.body).to match(/401: Unauthorized/)
+
+ end
+
+ it 'does test attachments for split' do
+ email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
+ email_raw_string = File.read(email_file_path)
+ ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+ authenticated_as(agent_user)
+ get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['attachments']).to be_a_kind_of(Array)
+ expect(json_response['attachments'].count).to eq(1)
+ expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+
+ end
+
+ it 'does test attachments for forward' do
+ email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box')
+ email_raw_string = File.read(email_file_path)
+ ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+ authenticated_as(agent_user)
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Need form_id to attach attachments to new form.')
+
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['attachments']).to be_a_kind_of(Array)
+ expect(json_response['attachments']).to be_blank
+
+ email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
+ email_raw_string = File.read(email_file_path)
+ ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
+
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['attachments']).to be_a_kind_of(Array)
+ expect(json_response['attachments'].count).to eq(1)
+ expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
+
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response['attachments']).to be_a_kind_of(Array)
+ expect(json_response['attachments']).to be_blank
+ end
+ end
+end
diff --git a/spec/requests/ticket/article_spec.rb b/spec/requests/ticket/article_spec.rb
new file mode 100644
index 000000000..23beff28e
--- /dev/null
+++ b/spec/requests/ticket/article_spec.rb
@@ -0,0 +1,475 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Article', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:agent_user) do
+ create(:agent_user, groups: Group.all)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+
+ describe 'request handling' do
+
+ it 'does ticket create with agent and articles' do
+ params = {
+ title: 'a new ticket #1',
+ group: 'Users',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some body',
+ }
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+
+ params = {
+ ticket_id: json_response['id'],
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ type: 'note',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.articles.count).to eq(2)
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+
+ params = {
+ ticket_id: json_response['ticket_id'],
+ content_type: 'text/html', # or text/html
+ body: 'some body 
',
+ type: 'note',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to_not match(/some body 
+ expect(json_response['body']).to match(%r{some body <img src=)
'some_file.txt',
+ 'data' => 'dGVzdCAxMjM=',
+ 'mime-type' => 'text/plain',
+ ],
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/html')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ expect(ticket.articles.count).to eq(4)
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+ expect(ticket.articles[2].attachments.count).to eq(1)
+ expect(ticket.articles[3].attachments.count).to eq(1)
+
+ get "/api/v1/ticket_articles/#{json_response['id']}?expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['attachments'].count).to eq(1)
+ expect(json_response['attachments'][0]['id']).to be_truthy
+ expect(json_response['attachments'][0]['filename']).to eq('some_file.txt')
+ expect(json_response['attachments'][0]['size']).to eq('8')
+ expect(json_response['attachments'][0]['preferences']['Mime-Type']).to eq('text/plain')
+
+ params = {
+ ticket_id: json_response['ticket_id'],
+ content_type: 'text/plain',
+ body: 'some body',
+ type: 'note',
+ preferences: {
+ some_key1: 123,
+ },
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ expect(json_response['preferences']['some_key1']).to eq(123)
+ expect(ticket.articles.count).to eq(5)
+
+ params = {
+ body: 'some body 2',
+ preferences: {
+ some_key2: 'abc',
+ },
+ }
+ put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body 2')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ expect(json_response['preferences']['some_key1']).to eq(123)
+ expect(json_response['preferences']['some_key2']).to eq('abc')
+
+ end
+
+ it 'does ticket create with customer and articles' do
+ params = {
+ title: 'a new ticket #2',
+ group: 'Users',
+ article: {
+ body: 'some body',
+ }
+ }
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+
+ params = {
+ ticket_id: json_response['id'],
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ type: 'note',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.articles.count).to eq(2)
+ expect(ticket.articles[1].sender.name).to eq('Customer')
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+
+ params = {
+ ticket_id: json_response['ticket_id'],
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ sender: 'Agent',
+ type: 'note',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.articles.count).to eq(3)
+ expect(ticket.articles[2].sender.name).to eq('Customer')
+ expect(ticket.articles[2].internal).to eq(false)
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+ expect(ticket.articles[2].attachments.count).to eq(0)
+
+ params = {
+ ticket_id: json_response['ticket_id'],
+ content_type: 'text/plain', # or text/html
+ body: 'some body 2',
+ sender: 'Agent',
+ type: 'note',
+ internal: true,
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['subject']).to be_nil
+ expect(json_response['body']).to eq('some body 2')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+
+ ticket = Ticket.find(json_response['ticket_id'])
+ expect(ticket.articles.count).to eq(4)
+ expect(ticket.articles[3].sender.name).to eq('Customer')
+ expect(ticket.articles[3].internal).to eq(false)
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+ expect(ticket.articles[2].attachments.count).to eq(0)
+ expect(ticket.articles[3].attachments.count).to eq(0)
+
+ # add internal article
+ article = create(
+ :ticket_article,
+ ticket_id: ticket.id,
+ internal: true,
+ sender: Ticket::Article::Sender.find_by(name: 'Agent'),
+ type: Ticket::Article::Type.find_by(name: 'note'),
+ )
+ expect(ticket.articles.count).to eq(5)
+ expect(ticket.articles[4].sender.name).to eq('Agent')
+ expect(ticket.articles[4].updated_by_id).to eq(1)
+ expect(ticket.articles[4].created_by_id).to eq(1)
+ expect(ticket.articles[0].attachments.count).to eq(0)
+ expect(ticket.articles[1].attachments.count).to eq(0)
+ expect(ticket.articles[2].attachments.count).to eq(0)
+ expect(ticket.articles[3].attachments.count).to eq(0)
+ expect(ticket.articles[4].attachments.count).to eq(0)
+
+ get "/api/v1/ticket_articles/#{article.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ end
+
+ it 'does create phone ticket for customer and expected origin_by_id' do
+ params = {
+ title: 'a new ticket #1',
+ group: 'Users',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some body',
+ sender: 'Customer',
+ type: 'phone',
+ }
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['title']).to eq('a new ticket #1')
+
+ article = Ticket::Article.find_by(ticket_id: json_response['id'])
+ expect(article.origin_by_id).to eq(customer_user.id)
+ expect(article.from).to eq("#{customer_user.firstname} #{customer_user.lastname} <#{customer_user.email}>")
+ end
+
+ it 'does create phone ticket by customer and manipulate origin_by_id' do
+ params = {
+ title: 'a new ticket #1',
+ group: 'Users',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some body',
+ sender: 'Customer',
+ type: 'phone',
+ origin_by_id: 1,
+ }
+ }
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ article = Ticket::Article.find_by(ticket_id: json_response['id'])
+ expect(article.origin_by_id).to eq(customer_user.id)
+ end
+
+ it 'does ticket split with html - check attachments' do
+ ticket = create(:ticket)
+ article = create(
+ :ticket_article,
+ ticket_id: ticket.id,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ body: 'test 
test 
',
+ content_type: 'text/html',
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file1.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file2_normally_should_be_an_image',
+ filename: 'some_file2.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file3_normally_should_be_an_image',
+ filename: 'some_file3.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.3@zammad.example.com',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file4_normally_should_be_an_image',
+ filename: 'some_file4.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.4@zammad.example.com',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_pdf',
+ filename: 'Rechnung_RE-2018-200.pdf',
+ preferences: {
+ 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+ 'Mime-Type' => 'application/octet-stream',
+ 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+ 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+ 'Content-Disposition' => 'attachment',
+ },
+ created_by_id: 1,
+ )
+
+ params = {
+ form_id: 'new_form_id123',
+ }
+ authenticated_as(agent_user)
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(3)
+
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(0)
+ end
+
+ it 'does ticket split with plain - check attachments' do
+ ticket = create(
+ :ticket,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+ article = create(
+ :ticket_article,
+ ticket_id: ticket.id,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ body: 'test 
',
+ content_type: 'text/plain',
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file1.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file2.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_pdf',
+ filename: 'Rechnung_RE-2018-200.pdf',
+ preferences: {
+ 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+ 'Mime-Type' => 'application/octet-stream',
+ 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+ 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+ 'Content-Disposition' => 'attachment',
+ },
+ created_by_id: 1,
+ )
+
+ params = {
+ form_id: 'new_form_id123',
+ }
+ authenticated_as(agent_user)
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(3)
+
+ post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(0)
+ end
+ end
+end
diff --git a/spec/requests/ticket/escalation_spec.rb b/spec/requests/ticket/escalation_spec.rb
new file mode 100644
index 000000000..428dde87f
--- /dev/null
+++ b/spec/requests/ticket/escalation_spec.rb
@@ -0,0 +1,153 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket Escalation', type: :request do
+
+ let!(:agent_user) do
+ create(:agent_user, groups: Group.all)
+ end
+ let!(:customer_user) do
+ create(:customer_user)
+ end
+ let!(:calendar) do
+ create(
+ :calendar,
+ name: 'Escalation Test',
+ timezone: 'Europe/Berlin',
+ business_hours: {
+ mon: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ tue: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ wed: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ thu: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ fri: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ sat: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ sun: {
+ active: true,
+ timeframes: [ ['00:00', '23:59'] ]
+ },
+ },
+ default: true,
+ ical_url: nil,
+ )
+ end
+ let!(:sla) do
+ create(
+ :sla,
+ name: 'test sla 1',
+ condition: {
+ 'ticket.title' => {
+ operator: 'contains',
+ value: 'some value 123',
+ },
+ },
+ first_response_time: 60,
+ update_time: 180,
+ solution_time: 240,
+ calendar: calendar,
+ )
+ end
+ let!(:mail_group) do
+ create(:group, email_address: create(:email_address) )
+ end
+
+ describe 'request handling' do
+
+ it 'does escalate by ticket created via web' do
+ params = {
+ title: 'some value 123',
+ group: mail_group.name,
+ article: {
+ body: 'some test 123',
+ },
+ }
+
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('some value 123')
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+
+ ticket_p = Ticket.find(json_response['id'])
+
+ expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
+ expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
+ expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
+ expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
+
+ expect(ticket_p.escalation_at).to be_truthy
+ expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+ expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
+ expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+ expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+ end
+
+ it 'does escalate by ticket got created via email - reply by agent via web' do
+
+ email = "From: Bob Smith
+To: #{mail_group.email_address.email}
+Subject: some value 123
+
+Some Text"
+
+ ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
+ ticket_p.reload
+ expect(ticket_p.escalation_at).to be_truthy
+ expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+ expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 3.hours).to_i)
+ expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+ expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+
+ travel 3.hours
+
+ params = {
+ title: 'some value 123 - update',
+ article: {
+ body: 'some test 123',
+ type: 'email',
+ to: 'customer@example.com',
+ },
+ }
+ authenticated_as(agent_user)
+ put "/api/v1/tickets/#{ticket_p.id}", params: params, as: :json
+
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'open').id)
+ expect(json_response['title']).to eq('some value 123 - update')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(user_p.id)
+
+ ticket_p.reload
+ expect(json_response['escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['escalation_at'].iso8601)
+ expect(json_response['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['first_response_escalation_at'].iso8601)
+ expect(json_response['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['update_escalation_at'].iso8601)
+ expect(json_response['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z')).to eq(ticket_p['close_escalation_at'].iso8601)
+
+ expect(ticket_p.first_response_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 1.hour).to_i)
+ expect(ticket_p.update_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.last_contact_agent_at + 3.hours).to_i)
+ expect(ticket_p.close_escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+ expect(ticket_p.escalation_at.to_i).to be_within(90.seconds).of((ticket_p.created_at + 4.hours).to_i)
+ end
+ end
+end
diff --git a/spec/requests/ticket_spec.rb b/spec/requests/ticket_spec.rb
new file mode 100644
index 000000000..2a779a782
--- /dev/null
+++ b/spec/requests/ticket_spec.rb
@@ -0,0 +1,2082 @@
+require 'rails_helper'
+
+RSpec.describe 'Ticket', type: :request do
+
+ let!(:ticket_group) do
+ create(:group, email_address: create(:email_address) )
+ end
+ let(:admin_user) do
+ create(:admin_user, groups: Group.all, firstname: 'Tickets', lastname: 'Admin')
+ end
+ let!(:agent_user) do
+ create(:agent_user, groups: Group.all, firstname: 'Tickets', lastname: 'Agent')
+ end
+ let!(:customer_user) do
+ create(
+ :customer_user,
+ login: 'tickets-customer1@example.com',
+ firstname: 'Tickets',
+ lastname: 'Customer1',
+ email: 'tickets-customer1@example.com',
+ )
+ end
+
+ describe 'request handling' do
+
+ it 'does ticket create with agent - missing group (01.01)' do
+ params = {
+ title: 'a new ticket #1',
+ article: {
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ sender: 'Customer',
+ type: 'note',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error_human']).to eq('Group can\'t be blank')
+ end
+
+ it 'does ticket create with agent - wrong group (01.02)' do
+ params = {
+ title: 'a new ticket #2',
+ group: 'not_existing',
+ article: {
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ sender: 'Customer',
+ type: 'note',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('No lookup value found for \'group\': "not_existing"')
+ end
+
+ it 'does ticket create with agent - missing article.body (01.03)' do
+ params = {
+ title: 'a new ticket #3',
+ group: ticket_group.name,
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {},
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Need at least article: { body: "some text" }')
+ end
+
+ it 'does ticket create with agent - minimal article (01.03)' do
+ params = {
+ title: 'a new ticket #3',
+ group: ticket_group.name,
+ priority: '2 normal',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #3')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - minimal article and customer.email (01.04)' do
+ params = {
+ title: 'a new ticket #3',
+ group: ticket_group.name,
+ priority: '2 normal',
+ state: 'new',
+ customer: customer_user.email,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #3')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - wrong owner_id - 0 (01.05)' do
+ params = {
+ title: 'a new ticket #4',
+ group: ticket_group.name,
+ priority: '2 normal',
+ owner_id: 0,
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid value for param \'owner_id\': 0')
+ end
+
+ it 'does ticket create with agent - wrong owner_id - "" (01.06)' do
+ params = {
+ title: 'a new ticket #5',
+ group: ticket_group.name,
+ priority: '2 normal',
+ owner_id: '',
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #5')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - wrong owner_id - 99999 (01.07)' do
+ params = {
+ title: 'a new ticket #6',
+ group: ticket_group.name,
+ priority: '2 normal',
+ owner_id: 99_999,
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid value for param \'owner_id\': 99999')
+ end
+
+ it 'does ticket create with agent - wrong owner_id - nil (01.08)' do
+ params = {
+ title: 'a new ticket #7',
+ group: ticket_group.name,
+ priority: '2 normal',
+ owner_id: nil,
+ state: 'new',
+ customer_id: customer_user.id,
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #7')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - minimal article with guess customer (01.09)' do
+ params = {
+ title: 'a new ticket #9',
+ group: ticket_group.name,
+ priority: '2 normal',
+ state: 'new',
+ customer_id: 'guess:some_new_customer@example.com',
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #9')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - minimal article with guess customer (01.10)' do
+ params = {
+ title: 'a new ticket #10',
+ group: ticket_group.name,
+ customer_id: 'guess:some_new_customer@example.com',
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #10')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash (01.11)' do
+ params = {
+ title: 'a new ticket #11',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #11')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do
+ params = {
+ title: 'a new ticket #11.1',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ body: 'some test 123',
+ origin_by: 'some_new_customer@example.com',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #11.1')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(agent_user.id)
+ expect(article.created_by_id).to eq(agent_user.id)
+ expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('some firstname some lastname')
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do
+ params = {
+ title: 'a new ticket #11.2',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ sender: 'Customer',
+ body: 'some test 123',
+ origin_by: 'some_new_customer@example.com',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #11.2')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(agent_user.id)
+ expect(article.created_by_id).to eq(agent_user.id)
+ expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('some firstname some lastname')
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do
+ params = {
+ title: 'a new ticket #11.3',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ sender: 'Agent',
+ from: 'somebody',
+ body: 'some test 123',
+ origin_by: 'some_new_customer@example.com',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #11.3')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(agent_user.id)
+ expect(article.created_by_id).to eq(agent_user.id)
+ expect(article.origin_by_id).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('some firstname some lastname')
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (01.11)' do
+ params = {
+ title: 'a new ticket #11.4',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ sender: 'Customer',
+ body: 'some test 123',
+ origin_by: customer_user.login,
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #11.4')
+ expect(json_response['customer_id']).to eq(User.lookup(email: 'some_new_customer@example.com').id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(agent_user.id)
+ expect(article.created_by_id).to eq(agent_user.id)
+ expect(article.origin_by_id).to eq(customer_user.id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('Tickets Customer1')
+ end
+
+ it 'does ticket create with agent - minimal article with missing body - with customer.id (01.12)' do
+ params = {
+ title: 'a new ticket #12',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Need at least article: { body: "some text" }')
+ end
+
+ it 'does ticket create with agent - minimal article and attachment with customer (01.13)' do
+ params = {
+ title: 'a new ticket #13',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => 'dGVzdCAxMjM=',
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #13')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(1)
+ file = ticket.articles.first.attachments.first
+ expect(file.content).to eq('test 123')
+ expect(file.filename).to eq('some_file.txt')
+ expect(file.preferences['Mime-Type']).to eq('text/plain')
+ expect(file.preferences['Content-ID']).to be_falsey
+ end
+
+ it 'does ticket create with agent - minimal article and attachment with customer (01.14)' do
+ params = {
+ title: 'a new ticket #14',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ {
+ 'filename' => 'some_file1.txt',
+ 'data' => 'dGVzdCAxMjM=',
+ 'mime-type' => 'text/plain',
+ },
+ {
+ 'filename' => 'some_file2.txt',
+ 'data' => 'w6TDtsO8w58=',
+ 'mime-type' => 'text/plain',
+ },
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #14')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(2)
+ file = ticket.articles.first.attachments.first
+ expect(file.content).to eq('test 123')
+ expect(file.filename).to eq('some_file1.txt')
+ expect(file.preferences['Mime-Type']).to eq('text/plain')
+ expect(file.preferences['Content-ID']).to be_falsey
+ end
+
+ it 'does ticket create with agent - minimal article and simple invalid base64 attachment with customer (01.15)' do
+ params = {
+ title: 'a new ticket #15',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => 'ABC_INVALID_BASE64',
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid base64 for attachment with index \'0\'')
+ end
+
+ it 'does ticket create with agent - minimal article and large invalid base64 attachment with customer (01.15a)' do
+ params = {
+ title: 'a new ticket #15a',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => "LARGE_INVALID_BASE64_#{'#' * 20_000_000}",
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Invalid base64 for attachment with index \'0\'')
+ end
+
+ it 'does ticket create with agent - minimal article and valid multiline base64 with linebreaks attachment with customer (01.15b)' do
+ params = {
+ title: 'a new ticket #15b',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => Base64.encode64('a' * 1_000),
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response['title']).to eq('a new ticket #15b')
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(1)
+ file = ticket.articles.first.attachments.first
+ expect(file.content).to eq('a' * 1_000)
+ end
+
+ it 'does ticket create with agent - minimal article and valid multiline base64 without linebreaks attachment with customer (01.15c)' do
+ params = {
+ title: 'a new ticket #15c',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => Base64.strict_encode64('a' * 1_000),
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response['title']).to eq('a new ticket #15c')
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(1)
+ file = ticket.articles.first.attachments.first
+ expect(file.content).to eq('a' * 1_000)
+ end
+
+ it 'does ticket create with agent - minimal article and attachment invalid base64 with customer (01.16)' do
+ params = {
+ title: 'a new ticket #16',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ subject: 'some test 123',
+ body: 'some test 123',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => 'dGVzdCAxMjM=',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Attachment needs \'mime-type\' param for attachment with index \'0\'')
+ end
+
+ it 'does ticket create with agent - minimal article and inline attachments with customer (01.17)' do
+ params = {
+ title: 'a new ticket #17',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ content_type: 'text/html',
+ subject: 'some test 123',
+ body: 'some test 123 
',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #17')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(2)
+ file = ticket.articles.first.attachments[0]
+ expect(Digest::MD5.hexdigest(file.content)).to eq('d3c1e09bdefb92b6a06b791a24ca9599')
+ expect(file.filename).to eq('image1.png')
+ expect(file.preferences['Mime-Type']).to eq('image/png')
+ expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/)
+ expect(file.preferences['Content-ID']).to be_truthy
+ file = ticket.articles.first.attachments[1]
+ expect(Digest::MD5.hexdigest(file.content)).to eq('006a2ca3793b550c8fe444acdeb39252')
+ expect(file.filename).to eq('image2.jpeg')
+ expect(file.preferences['Mime-Type']).to eq('image/jpeg')
+ expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/)
+ expect(file.preferences['Content-ID']).to be_truthy
+ end
+
+ it 'does ticket create with agent - minimal article and inline attachments with customer (01.18)' do
+ params = {
+ title: 'a new ticket #18',
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ article: {
+ content_type: 'text/html',
+ subject: 'some test 123',
+ body: 'some test 123 ',
+ attachments: [
+ 'filename' => 'some_file.txt',
+ 'data' => 'dGVzdCAxMjM=',
+ 'mime-type' => 'text/plain',
+ ],
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #18')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(ticket.articles.count).to eq(1)
+ expect(ticket.articles.first.attachments.count).to eq(2)
+ file = ticket.articles.first.attachments[0]
+ expect(Digest::MD5.hexdigest(file.content)).to eq('006a2ca3793b550c8fe444acdeb39252')
+ expect(file.filename).to eq('image1.jpeg')
+ expect(file.preferences['Mime-Type']).to eq('image/jpeg')
+ expect(file.preferences['Content-ID']).to be_truthy
+ expect(file.preferences['Content-ID']).to match(/#{ticket.id}\..+?@zammad.example.com/)
+ file = ticket.articles.first.attachments[1]
+ expect(Digest::MD5.hexdigest(file.content)).to eq('39d0d586a701e199389d954f2d592720')
+ expect(file.filename).to eq('some_file.txt')
+ expect(file.preferences['Mime-Type']).to eq('text/plain')
+ expect(file.preferences['Content-ID']).to be_falsey
+ end
+
+ it 'does ticket create with agent (02.02)' do
+ params = {
+ title: 'a new ticket #1',
+ state: 'new',
+ priority: '2 normal',
+ group: ticket_group.name,
+ customer: 'tickets-customer1@example.com',
+ article: {
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ },
+ links: {
+ Ticket: {
+ parent: [1],
+ }
+ }
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #1')
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ links = Link.list(
+ link_object: 'Ticket',
+ link_object_value: json_response['id'],
+ )
+ expect(links[0]['link_type']).to eq('child')
+ expect(links[0]['link_object']).to eq('Ticket')
+ expect(links[0]['link_object_value']).to eq(1)
+ end
+
+ it 'does ticket with wrong ticket id (02.03)' do
+ group = create(:group)
+ ticket = create(
+ :ticket,
+ title: 'ticket with wrong ticket id',
+ group_id: group.id,
+ customer_id: customer_user.id,
+ )
+ authenticated_as(agent_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ params = {
+ title: 'ticket with wrong ticket id - 2',
+ }
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+ end
+
+ it 'does ticket with correct ticket id (02.04)' do
+ title = "ticket with corret ticket id testagent#{rand(999_999_999)}"
+ ticket = create(
+ :ticket,
+ title: title,
+ group: ticket_group,
+ customer_id: customer_user.id,
+ preferences: {
+ some_key1: 123,
+ },
+ )
+ authenticated_as(agent_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(title)
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(1)
+ expect(json_response['created_by_id']).to eq(1)
+ expect(json_response['preferences']['some_key1']).to eq(123)
+
+ params = {
+ title: "#{title} - 2",
+ customer_id: agent_user.id,
+ preferences: {
+ some_key2: 'abc',
+ },
+ }
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq("#{title} - 2")
+ expect(json_response['customer_id']).to eq(agent_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(1)
+ expect(json_response['preferences']['some_key1']).to eq(123)
+ expect(json_response['preferences']['some_key2']).to eq('abc')
+
+ params = {
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ article_json_response = json_response
+ expect(article_json_response).to be_a_kind_of(Hash)
+ expect(article_json_response['ticket_id']).to eq(ticket.id)
+ expect(article_json_response['from']).to eq('Tickets Agent')
+ expect(article_json_response['subject']).to eq('some subject')
+ expect(article_json_response['body']).to eq('some body')
+ expect(article_json_response['content_type']).to eq('text/plain')
+ expect(article_json_response['internal']).to eq(false)
+ expect(article_json_response['created_by_id']).to eq(agent_user.id)
+ expect(article_json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(article_json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id)
+
+ Scheduler.worker(true)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(ticket.id)
+ expect(json_response['tickets_count']).to eq(1)
+
+ params = {
+ condition: {
+ 'ticket.title' => {
+ operator: 'contains',
+ value: title,
+ },
+ },
+ }
+ post '/api/v1/tickets/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(ticket.id)
+ expect(json_response['tickets_count']).to eq(1)
+
+ delete "/api/v1/ticket_articles/#{article_json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ params = {
+ from: 'something which should not be changed on server side',
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ type: 'email',
+ internal: true,
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq(%("Tickets Agent via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>))
+ expect(json_response['subject']).to eq('some subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(true)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id)
+
+ params = {
+ subject: 'new subject',
+ }
+ put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq(%("Tickets Agent via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>))
+ expect(json_response['subject']).to eq('new subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(true)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id)
+
+ delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (admin permission required)!')
+
+ delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (admin permission required)!')
+ end
+
+ it 'does ticket with correct ticket id (02.05)' do
+ ticket = create(
+ :ticket,
+ title: 'ticket with corret ticket id',
+ group: ticket_group,
+ customer_id: customer_user.id,
+ )
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq('ticket with corret ticket id')
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(1)
+ expect(json_response['created_by_id']).to eq(1)
+
+ params = {
+ title: 'ticket with corret ticket id - 2',
+ customer_id: agent_user.id,
+ }
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq('ticket with corret ticket id - 2')
+ expect(json_response['customer_id']).to eq(agent_user.id)
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(1)
+
+ params = {
+ from: 'something which should not be changed on server side',
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq('Tickets Admin')
+ expect(json_response['subject']).to eq('some subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(false)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id)
+
+ params = {
+ subject: 'new subject',
+ internal: true,
+ }
+ put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq('Tickets Admin')
+ expect(json_response['subject']).to eq('new subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(true)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id)
+
+ delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ params = {
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ type: 'email',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq(%("Tickets Admin via #{ticket_group.email_address.realname}" <#{ticket_group.email_address.email}>))
+ expect(json_response['subject']).to eq('some subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(false)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Agent').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'email').id)
+
+ delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ end
+
+ it 'does ticket pagination (02.05)' do
+ title = "ticket pagination #{rand(999_999_999)}"
+ tickets = []
+ (1..20).each do |count|
+ ticket = create(
+ :ticket,
+ title: "#{title} - #{count}",
+ group: ticket_group,
+ customer_id: customer_user.id,
+ )
+ create(
+ :ticket_article,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ ticket_id: ticket.id,
+ )
+ tickets.push ticket
+ travel 2.seconds
+ end
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(tickets[19].id)
+ expect(json_response['tickets'][19]).to eq(tickets[0].id)
+ expect(json_response['tickets_count']).to eq(20)
+
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(tickets[19].id)
+ expect(json_response['tickets'][9]).to eq(tickets[10].id)
+ expect(json_response['tickets_count']).to eq(10)
+
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(tickets[19].id)
+ expect(json_response['tickets'][4]).to eq(tickets[15].id)
+ expect(json_response['tickets_count']).to eq(5)
+
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(tickets[14].id)
+ expect(json_response['tickets'][4]).to eq(tickets[10].id)
+ expect(json_response['tickets_count']).to eq(5)
+
+ get '/api/v1/tickets?limit=40&page=1&per_page=5', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ tickets = Ticket.order(:id).limit(5)
+ expect(json_response[0]['id']).to eq(tickets[0].id)
+ expect(json_response[4]['id']).to eq(tickets[4].id)
+ expect(json_response.count).to eq(5)
+
+ get '/api/v1/tickets?limit=40&page=2&per_page=5', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ tickets = Ticket.order(:id).limit(10)
+ expect(json_response[0]['id']).to eq(tickets[5].id)
+ expect(json_response[4]['id']).to eq(tickets[9].id)
+ expect(json_response.count).to eq(5)
+
+ end
+
+ it 'does ticket create with customer minimal (03.01)' do
+ params = {
+ title: 'a new ticket #c1',
+ state: 'new',
+ priority: '2 normal',
+ group: ticket_group.name,
+ article: {
+ body: 'some body',
+ },
+ }
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #c1')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ end
+
+ it 'does ticket create with customer with wrong customer (03.02)' do
+ params = {
+ title: 'a new ticket #c2',
+ state: 'new',
+ priority: '2 normal',
+ group: ticket_group.name,
+ customer_id: agent_user.id,
+ article: {
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ sender: 'System',
+ },
+ }
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #c2')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ end
+
+ it 'does ticket create with customer with wrong customer hash (03.03)' do
+ params = {
+ title: 'a new ticket #c2',
+ state: 'new',
+ priority: '2 normal',
+ group: ticket_group.name,
+ customer: {
+ firstname: agent_user.firstname,
+ lastname: agent_user.lastname,
+ email: agent_user.email,
+ },
+ article: {
+ content_type: 'text/plain', # or text/html
+ body: 'some body',
+ sender: 'System',
+ },
+ }
+ authenticated_as(customer_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #c2')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ end
+
+ it 'does ticket with wrong ticket id (03.04)' do
+ ticket = create(
+ :ticket,
+ title: 'ticket with wrong ticket id',
+ group: ticket_group,
+ customer_id: agent_user.id,
+ )
+ authenticated_as(customer_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ params = {
+ title: 'ticket with wrong ticket id - 2',
+ }
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+
+ delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+ end
+
+ it 'does ticket with correct ticket id (03.05)' do
+ title = "ticket with corret ticket id testme#{rand(999_999_999)}"
+ ticket = create(
+ :ticket,
+ title: title,
+ group: ticket_group,
+ customer_id: customer_user.id,
+ )
+ authenticated_as(customer_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(title)
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(1)
+ expect(json_response['created_by_id']).to eq(1)
+
+ params = {
+ title: "#{title} - 2",
+ customer_id: agent_user.id,
+ }
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq("#{title} - 2")
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(1)
+
+ params = {
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ article_json_response = json_response
+ expect(article_json_response).to be_a_kind_of(Hash)
+ expect(article_json_response['ticket_id']).to eq(ticket.id)
+ expect(article_json_response['from']).to eq('Tickets Customer1')
+ expect(article_json_response['subject']).to eq('some subject')
+ expect(article_json_response['body']).to eq('some body')
+ expect(article_json_response['content_type']).to eq('text/plain')
+ expect(article_json_response['created_by_id']).to eq(customer_user.id)
+ expect(article_json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id)
+ expect(article_json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id)
+
+ Scheduler.worker(true)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(ticket.id)
+ expect(json_response['tickets_count']).to eq(1)
+
+ params = {
+ condition: {
+ 'ticket.title' => {
+ operator: 'contains',
+ value: title,
+ },
+ },
+ }
+ post '/api/v1/tickets/search', params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets'][0]).to eq(ticket.id)
+ expect(json_response['tickets_count']).to eq(1)
+
+ delete "/api/v1/ticket_articles/#{article_json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (admin permission required)!')
+
+ params = {
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ type: 'email',
+ sender: 'Agent',
+ }
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq('Tickets Customer1')
+ expect(json_response['subject']).to eq('some subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'note').id)
+
+ delete "/api/v1/ticket_articles/#{json_response['id']}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (admin permission required)!')
+
+ params = {
+ from: 'something which should not be changed on server side',
+ ticket_id: ticket.id,
+ subject: 'some subject',
+ body: 'some body',
+ type: 'web',
+ sender: 'Agent',
+ internal: true,
+ }
+
+ post '/api/v1/ticket_articles', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['ticket_id']).to eq(ticket.id)
+ expect(json_response['from']).to eq('Tickets Customer1 ')
+ expect(json_response['subject']).to eq('some subject')
+ expect(json_response['body']).to eq('some body')
+ expect(json_response['content_type']).to eq('text/plain')
+ expect(json_response['internal']).to eq(false)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ expect(json_response['sender_id']).to eq(Ticket::Article::Sender.lookup(name: 'Customer').id)
+ expect(json_response['type_id']).to eq(Ticket::Article::Type.lookup(name: 'web').id)
+
+ params = {
+ subject: 'new subject',
+ }
+ put "/api/v1/ticket_articles/#{json_response['id']}", params: params, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (ticket.agent or admin permission required)!')
+
+ delete "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized (admin permission required)!')
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (03.6)' do
+ authenticated_as(customer_user)
+ params = {
+ title: 'a new ticket #3.6',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ body: 'some test 123',
+ origin_by: agent_user.login,
+ },
+ }
+
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #3.6')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(customer_user.id)
+ expect(article.created_by_id).to eq(customer_user.id)
+ expect(article.origin_by_id).to eq(customer_user.id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('Tickets Customer1')
+ end
+
+ it 'does ticket create with agent - minimal article with customer hash with article.origin_by (03.6)' do
+ authenticated_as(customer_user)
+ params = {
+ title: 'a new ticket #3.6.1',
+ group: ticket_group.name,
+ customer: {
+ firstname: 'some firstname',
+ lastname: 'some lastname',
+ email: 'some_new_customer@example.com',
+ },
+ article: {
+ sender: 'Agent',
+ body: 'some test 123',
+ origin_by_id: agent_user.id,
+ },
+ }
+
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['state_id']).to eq(Ticket::State.lookup(name: 'new').id)
+ expect(json_response['title']).to eq('a new ticket #3.6.1')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(customer_user.id)
+ expect(json_response['created_by_id']).to eq(customer_user.id)
+ ticket = Ticket.find(json_response['id'])
+ article = ticket.articles.first
+ expect(article.updated_by_id).to eq(customer_user.id)
+ expect(article.created_by_id).to eq(customer_user.id)
+ expect(article.origin_by_id).to eq(customer_user.id)
+ expect(article.sender.name).to eq('Customer')
+ expect(article.type.name).to eq('note')
+ expect(article.from).to eq('Tickets Customer1')
+ end
+
+ it 'does ticket show and response format (04.01)' do
+ title = "ticket testagent#{rand(999_999_999)}"
+ ticket = create(
+ :ticket,
+ title: title,
+ group: ticket_group,
+ customer_id: customer_user.id,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+ authenticated_as(agent_user)
+ get "/api/v1/tickets/#{ticket.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(ticket.title)
+ expect(json_response['group']).to be_falsey
+ expect(json_response['priority']).to be_falsey
+ expect(json_response['owner']).to be_falsey
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ get "/api/v1/tickets/#{ticket.id}?expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(ticket.title)
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['group']).to eq(ticket.group.name)
+ expect(json_response['priority']).to eq(ticket.priority.name)
+ expect(json_response['owner']).to eq(ticket.owner.login)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ get "/api/v1/tickets/#{ticket.id}?expand=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(ticket.title)
+ expect(json_response['group']).to be_falsey
+ expect(json_response['priority']).to be_falsey
+ expect(json_response['owner']).to be_falsey
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ get "/api/v1/tickets/#{ticket.id}?full=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(ticket.title)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname)
+
+ get "/api/v1/tickets/#{ticket.id}?full=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(ticket.id)
+ expect(json_response['title']).to eq(ticket.title)
+ expect(json_response['group']).to be_falsey
+ expect(json_response['priority']).to be_falsey
+ expect(json_response['owner']).to be_falsey
+ expect(json_response['customer_id']).to eq(ticket.customer_id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket index and response format (04.02)' do
+ title = "ticket testagent#{rand(999_999_999)}"
+ ticket = create(
+ :ticket,
+ title: title,
+ group: ticket_group,
+ customer_id: customer_user.id,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+ authenticated_as(agent_user)
+ get '/api/v1/tickets', params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]).to be_a_kind_of(Hash)
+ expect(json_response[0]['id']).to eq(1)
+ expect(json_response[1]['id']).to eq(ticket.id)
+ expect(json_response[1]['title']).to eq(ticket.title)
+ expect(json_response[1]['group']).to be_falsey
+ expect(json_response[1]['priority']).to be_falsey
+ expect(json_response[1]['owner']).to be_falsey
+ expect(json_response[1]['customer_id']).to eq(ticket.customer_id)
+ expect(json_response[1]['updated_by_id']).to eq(agent_user.id)
+ expect(json_response[1]['created_by_id']).to eq(agent_user.id)
+
+ get '/api/v1/tickets?expand=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]).to be_a_kind_of(Hash)
+ expect(json_response[0]['id']).to eq(1)
+ expect(json_response[1]['id']).to eq(ticket.id)
+ expect(json_response[1]['title']).to eq(ticket.title)
+ expect(json_response[1]['customer_id']).to eq(ticket.customer_id)
+ expect(json_response[1]['group']).to eq(ticket.group.name)
+ expect(json_response[1]['priority']).to eq(ticket.priority.name)
+ expect(json_response[1]['owner']).to eq(ticket.owner.login)
+ expect(json_response[1]['updated_by_id']).to eq(agent_user.id)
+ expect(json_response[1]['created_by_id']).to eq(agent_user.id)
+
+ get '/api/v1/tickets?expand=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]).to be_a_kind_of(Hash)
+ expect(json_response[0]['id']).to eq(1)
+ expect(json_response[1]['id']).to eq(ticket.id)
+ expect(json_response[1]['title']).to eq(ticket.title)
+ expect(json_response[1]['group']).to be_falsey
+ expect(json_response[1]['priority']).to be_falsey
+ expect(json_response[1]['owner']).to be_falsey
+ expect(json_response[1]['customer_id']).to eq(ticket.customer_id)
+ expect(json_response[1]['updated_by_id']).to eq(agent_user.id)
+ expect(json_response[1]['created_by_id']).to eq(agent_user.id)
+
+ get '/api/v1/tickets?full=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['record_ids'].class).to eq(Array)
+ expect(json_response['record_ids'][0]).to eq(1)
+ expect(json_response['record_ids'][1]).to eq(ticket.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(ticket.title)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname)
+
+ get '/api/v1/tickets?full=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]).to be_a_kind_of(Hash)
+ expect(json_response[0]['id']).to eq(1)
+ expect(json_response[1]['id']).to eq(ticket.id)
+ expect(json_response[1]['title']).to eq(ticket.title)
+ expect(json_response[1]['group']).to be_falsey
+ expect(json_response[1]['priority']).to be_falsey
+ expect(json_response[1]['owner']).to be_falsey
+ expect(json_response[1]['customer_id']).to eq(ticket.customer_id)
+ expect(json_response[1]['updated_by_id']).to eq(agent_user.id)
+ expect(json_response[1]['created_by_id']).to eq(agent_user.id)
+ end
+
+ it 'does ticket create and response format (04.03)' do
+ title = "ticket testagent#{rand(999_999_999)}"
+ params = {
+ title: title,
+ group: ticket_group.name,
+ customer_id: customer_user.id,
+ state: 'new',
+ priority: '2 normal',
+ article: {
+ body: 'some test 123',
+ },
+ }
+ authenticated_as(agent_user)
+ post '/api/v1/tickets', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['state_id']).to eq(ticket.state_id)
+ expect(json_response['state']).to be_falsey
+ expect(json_response['priority_id']).to eq(ticket.priority_id)
+ expect(json_response['priority']).to be_falsey
+ expect(json_response['group_id']).to eq(ticket.group_id)
+ expect(json_response['group']).to be_falsey
+ expect(json_response['title']).to eq(title)
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ post '/api/v1/tickets?expand=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['state_id']).to eq(ticket.state_id)
+ expect(json_response['state']).to eq(ticket.state.name)
+ expect(json_response['priority_id']).to eq(ticket.priority_id)
+ expect(json_response['priority']).to eq(ticket.priority.name)
+ expect(json_response['group_id']).to eq(ticket.group_id)
+ expect(json_response['group']).to eq(ticket.group.name)
+ expect(json_response['title']).to eq(title)
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ post '/api/v1/tickets?full=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq(title)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname)
+
+ end
+
+ it 'does ticket update and response formats (04.04)' do
+ title = "ticket testagent#{rand(999_999_999)}"
+ ticket = create(
+ :ticket,
+ title: title,
+ group: ticket_group,
+ customer_id: customer_user.id,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+
+ params = {
+ title: 'a update ticket #1',
+ }
+ authenticated_as(agent_user)
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['state_id']).to eq(ticket.state_id)
+ expect(json_response['state']).to be_falsey
+ expect(json_response['priority_id']).to eq(ticket.priority_id)
+ expect(json_response['priority']).to be_falsey
+ expect(json_response['group_id']).to eq(ticket.group_id)
+ expect(json_response['group']).to be_falsey
+ expect(json_response['title']).to eq('a update ticket #1')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ params = {
+ title: 'a update ticket #2',
+ }
+ put "/api/v1/tickets/#{ticket.id}?expand=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['state_id']).to eq(ticket.state_id)
+ expect(json_response['state']).to eq(ticket.state.name)
+ expect(json_response['priority_id']).to eq(ticket.priority_id)
+ expect(json_response['priority']).to eq(ticket.priority.name)
+ expect(json_response['group_id']).to eq(ticket.group_id)
+ expect(json_response['group']).to eq(ticket.group.name)
+ expect(json_response['title']).to eq('a update ticket #2')
+ expect(json_response['customer_id']).to eq(customer_user.id)
+ expect(json_response['updated_by_id']).to eq(agent_user.id)
+ expect(json_response['created_by_id']).to eq(agent_user.id)
+
+ params = {
+ title: 'a update ticket #3',
+ }
+ put "/api/v1/tickets/#{ticket.id}?full=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ ticket = Ticket.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['id']).to eq(ticket.id)
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['title']).to eq('a update ticket #3')
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]['customer_id']).to eq(ticket.customer_id)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][agent_user.id.to_s]['id']).to eq(agent_user.id)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['firstname']).to eq(agent_user.firstname)
+ expect(json_response['assets']['User'][agent_user.id.to_s]['lastname']).to eq(agent_user.lastname)
+
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][customer_user.id.to_s]['id']).to eq(customer_user.id)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['firstname']).to eq(customer_user.firstname)
+ expect(json_response['assets']['User'][customer_user.id.to_s]['lastname']).to eq(customer_user.lastname)
+
+ end
+
+ it 'does ticket split with html - check attachments (05.01)' do
+ ticket = create(
+ :ticket,
+ title: 'some title',
+ group: ticket_group,
+ customer_id: customer_user.id,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+ article = create(
+ :ticket_article,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ body: 'test test ',
+ content_type: 'text/html',
+ ticket_id: ticket.id,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file1.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file2_normally_should_be_an_image',
+ filename: 'some_file2.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file3_normally_should_be_an_image',
+ filename: 'some_file3.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.3@zammad.example.com',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file4_normally_should_be_an_image',
+ filename: 'some_file4.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.4@zammad.example.com',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_pdf',
+ filename: 'Rechnung_RE-2018-200.pdf',
+ preferences: {
+ 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+ 'Mime-Type' => 'application/octet-stream',
+ 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+ 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+ 'Content-Disposition' => 'attachment',
+ },
+ created_by_id: 1,
+ )
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(3)
+
+ get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(0)
+
+ end
+
+ it 'does ticket split with plain - check attachments (05.02)' do
+ ticket = create(
+ :ticket,
+ title: 'some title',
+ group: ticket_group,
+ customer_id: customer_user.id,
+ updated_by_id: agent_user.id,
+ created_by_id: agent_user.id,
+ )
+ article = create(
+ :ticket_article,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ body: 'test ',
+ content_type: 'text/plain',
+ ticket_id: ticket.id,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file1.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_image',
+ filename: 'some_file2.jpg',
+ preferences: {
+ 'Content-Type' => 'image/jpeg',
+ 'Mime-Type' => 'image/jpeg',
+ 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
+ 'Content-Disposition' => 'inline',
+ },
+ created_by_id: 1,
+ )
+ Store.add(
+ object: 'Ticket::Article',
+ o_id: article.id,
+ data: 'content_file1_normally_should_be_an_pdf',
+ filename: 'Rechnung_RE-2018-200.pdf',
+ preferences: {
+ 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
+ 'Mime-Type' => 'application/octet-stream',
+ 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
+ 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
+ 'Content-Disposition' => 'attachment',
+ },
+ created_by_id: 1,
+ )
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(3)
+
+ get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['Ticket']).to be_truthy
+ expect(json_response['assets']['Ticket'][ticket.id.to_s]).to be_truthy
+ expect(json_response['assets']['TicketArticle'][article.id.to_s]).to be_truthy
+ expect(json_response['attachments']).to be_truthy
+ expect(json_response['attachments'].count).to eq(0)
+
+ end
+
+ it 'does ticket with follow up possible set to new_ticket (06.01)' do
+ group = create(
+ :group,
+ follow_up_possible: 'new_ticket' # disable follow up possible
+ )
+
+ ticket = create(
+ :ticket,
+ title: 'ticket with wrong ticket id',
+ group_id: group.id,
+ customer_id: customer_user.id,
+ state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
+ )
+
+ state = Ticket::State.find_by(name: 'open') # try to open a ticket from a closed state
+
+ # customer
+ params = {
+ state_id: state.id, # set the state id
+ }
+
+ authenticated_as(customer_user)
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.')
+
+ ticket = create(
+ :ticket,
+ title: 'ticket with wrong ticket id',
+ group_id: group.id,
+ customer_id: customer_user.id,
+ state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
+ )
+
+ authenticated_as(admin_user)
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.')
+
+ ticket = create(
+ :ticket,
+ title: 'ticket with wrong ticket id',
+ group_id: group.id,
+ customer_id: customer_user.id,
+ state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
+ )
+
+ # agent
+ authenticated_as(agent_user)
+ put "/api/v1/tickets/#{ticket.id}", params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Cannot follow up on a closed ticket. Please create a new ticket.')
+ end
+
+ it 'does ticket merge (07.01)' do
+ group_no_permission = create(:group)
+ ticket1 = create(
+ :ticket,
+ title: 'ticket merge1',
+ group: ticket_group,
+ customer_id: customer_user.id,
+ )
+ ticket2 = create(
+ :ticket,
+ title: 'ticket merge2',
+ group: ticket_group,
+ customer_id: customer_user.id,
+ )
+ ticket3 = create(
+ :ticket,
+ title: 'ticket merge2',
+ group: group_no_permission,
+ customer_id: customer_user.id,
+ )
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_merge/#{ticket2.id}/#{ticket1.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('failed')
+ expect(json_response['message']).to eq('No such master ticket number!')
+
+ get "/api/v1/ticket_merge/#{ticket3.id}/#{ticket1.number}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+ expect(json_response['error_human']).to eq('Not authorized')
+
+ get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket3.number}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['error']).to eq('Not authorized')
+ expect(json_response['error_human']).to eq('Not authorized')
+
+ get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('success')
+ expect(json_response['master_ticket']['id']).to eq(ticket2.id)
+ end
+
+ it 'does ticket merge - change permission (07.02)' do
+ group_change_permission = Group.create!(
+ name: 'GroupWithChangePermission',
+ active: true,
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+ ticket1 = create(
+ :ticket,
+ title: 'ticket merge1',
+ group: group_change_permission,
+ customer_id: customer_user.id,
+ )
+ ticket2 = create(
+ :ticket,
+ title: 'ticket merge2',
+ group: group_change_permission,
+ customer_id: customer_user.id,
+ )
+
+ agent_user.group_names_access_map = { group_change_permission.name => %w[read change] }
+
+ authenticated_as(agent_user)
+ get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['result']).to eq('success')
+ expect(json_response['master_ticket']['id']).to eq(ticket2.id)
+ end
+
+ it 'does ticket search sorted (08.01)' do
+ title = "ticket pagination #{rand(999_999_999)}"
+ tickets = []
+
+ ticket1 = create(
+ :ticket,
+ title: "#{title} A",
+ group: ticket_group,
+ customer_id: customer_user.id,
+ created_at: '2018-02-05 17:42:00',
+ updated_at: '2018-02-05 20:42:00',
+ )
+ create(
+ :ticket_article,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ ticket_id: ticket1.id,
+ )
+
+ ticket2 = create(
+ :ticket,
+ title: "#{title} B",
+ group: ticket_group,
+ customer_id: customer_user.id,
+ state: Ticket::State.lookup(name: 'new'),
+ priority: Ticket::Priority.lookup(name: '3 hoch'),
+ created_at: '2018-02-05 19:42:00',
+ updated_at: '2018-02-05 19:42:00',
+ )
+ create(
+ :ticket_article,
+ type: Ticket::Article::Type.lookup(name: 'note'),
+ sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+ ticket_id: ticket2.id,
+ )
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket2.id, ticket1.id])
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket1.id, ticket2.id])
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket1.id, ticket2.id])
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'desc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket2.id, ticket1.id])
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[asc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket1.id, ticket2.id])
+
+ authenticated_as(admin_user)
+ get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[desc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['tickets']).to eq([ticket2.id, ticket1.id])
+ end
+ end
+end
diff --git a/spec/requests/time_accounting_spec.rb b/spec/requests/time_accounting_spec.rb
new file mode 100644
index 000000000..9bcc3b247
--- /dev/null
+++ b/spec/requests/time_accounting_spec.rb
@@ -0,0 +1,36 @@
+require 'rails_helper'
+
+RSpec.describe 'Time Accounting', type: :request do
+
+ let(:admin_user) do
+ create(:admin_user)
+ end
+ let(:customer_user) do
+ create(:customer_user)
+ end
+ let(:year) do
+ DateTime.now.utc.year
+ end
+ let(:month) do
+ DateTime.now.utc.month
+ end
+
+ describe 'request handling' do
+
+ it 'does time account report' do
+ group = create(:group)
+ ticket = create(:ticket, state: Ticket::State.lookup(name: 'open'), customer: customer_user )
+ article = create(:ticket_article, ticket_id: ticket.id, type: Ticket::Article::Type.lookup(name: 'note') )
+
+ create(:ticket_time_accounting, ticket_id: ticket.id, ticket_article_id: article.id)
+
+ authenticated_as(admin_user)
+ get "/api/v1/time_accounting/log/by_ticket/#{year}/#{month}?download=true", params: {}
+
+ expect(response).to have_http_status(200)
+ expect(response['Content-Disposition']).to be_truthy
+ expect(response['Content-Disposition']).to eq("attachment; filename=\"by_ticket-#{year}-#{month}.xls\"")
+ expect(response['Content-Type']).to eq('application/vnd.ms-excel')
+ end
+ end
+end
diff --git a/spec/requests/user/organization_spec.rb b/spec/requests/user/organization_spec.rb
new file mode 100644
index 000000000..d6d504777
--- /dev/null
+++ b/spec/requests/user/organization_spec.rb
@@ -0,0 +1,160 @@
+require 'rails_helper'
+
+RSpec.describe 'User Organization', type: :request, searchindex: true do
+
+ let!(:admin_user) do
+ create(:admin_user, groups: Group.all)
+ end
+ let!(:agent_user) do
+ create(:agent_user, groups: Group.all)
+ end
+ let!(:customer_user) do
+ create(:customer_user)
+ end
+ let!(:organization) do
+ create(:organization, name: 'Rest Org', note: 'Rest Org A')
+ end
+ let!(:organization2) do
+ create(:organization, name: 'Rest Org #2', note: 'Rest Org B')
+ end
+ let!(:organization3) do
+ create(:organization, name: 'Rest Org #3', note: 'Rest Org C')
+ end
+ let!(:customer_user2) do
+ create(:customer_user, organization: organization)
+ end
+
+ before(:each) do
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+ end
+
+ describe 'request handling' do
+
+ it 'does organization index with agent' do
+ authenticated_as(agent_user)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['member_ids']).to be_a_kind_of(Array)
+ expect(json_response.length >= 3).to be_truthy
+
+ get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response.class).to eq(Array)
+ organizations = Organization.order(:id).limit(2)
+ expect(json_response[0]['id']).to eq(organizations[0].id)
+ expect(json_response[0]['member_ids']).to eq(organizations[0].member_ids)
+ expect(json_response[1]['id']).to eq(organizations[1].id)
+ expect(json_response[1]['member_ids']).to eq(organizations[1].member_ids)
+ expect(json_response.count).to eq(2)
+
+ get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response.class).to eq(Array)
+ organizations = Organization.order(:id).limit(4)
+ expect(json_response[0]['id']).to eq(organizations[2].id)
+ expect(json_response[0]['member_ids']).to eq(organizations[2].member_ids)
+ expect(json_response[1]['id']).to eq(organizations[3].id)
+ expect(json_response[1]['member_ids']).to eq(organizations[3].member_ids)
+
+ expect(json_response.count).to eq(2)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['member_ids']).to be_a_kind_of(Array)
+ expect(json_response['members']).to be_falsey
+ expect('Rest Org').to eq(json_response['name'])
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['member_ids']).to be_a_kind_of(Array)
+ expect(json_response['members']).to be_falsey
+ expect('Rest Org #2').to eq(json_response['name'])
+
+ # search as agent
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response.class).to eq(Array)
+ expect(json_response[0]['name']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_truthy
+ expect(json_response[0]['members']).to be_falsey
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response.class).to eq(Array)
+ expect(json_response[0]['name']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_truthy
+ expect(json_response[0]['members']).to be_truthy
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response.class).to eq(Array)
+ expect(json_response[0]['label']).to eq('Zammad Foundation')
+ expect(json_response[0]['value']).to eq('Zammad Foundation')
+ expect(json_response[0]['member_ids']).to be_falsey
+ expect(json_response[0]['members']).to be_falsey
+ end
+
+ it 'does organization index with customer1' do
+ authenticated_as(customer_user)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.length).to eq(0)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does organization index with customer2' do
+ authenticated_as(customer_user2)
+ get '/api/v1/organizations', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.length).to eq(1)
+
+ # show/:id
+ get "/api/v1/organizations/#{organization.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect('Rest Org').to eq(json_response['name'])
+
+ get "/api/v1/organizations/#{organization2.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['name']).to be_nil
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+ end
+end
diff --git a/spec/requests/user/permission_spec.rb b/spec/requests/user/permission_spec.rb
new file mode 100644
index 000000000..87c00c748
--- /dev/null
+++ b/spec/requests/user/permission_spec.rb
@@ -0,0 +1,676 @@
+require 'rails_helper'
+
+RSpec.describe 'User endpoint', type: :request do
+
+ let(:role_with_admin_user_permissions) do
+ create(:role).tap do |role|
+ role.permission_grant('admin.user')
+ end
+ end
+ let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) }
+
+ let(:role_without_admin_user_permissions) do
+ create(:role).tap do |role|
+ role.permission_grant('admin.tag')
+ end
+ end
+ let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) }
+
+ describe 'User creation' do
+
+ let(:attributes) { attributes_params_for(:user) }
+
+ it 'responds unauthorized for customer' do
+ requester = create(:customer_user)
+ authenticated_as(requester)
+
+ expect do
+ post api_v1_users_path, params: attributes
+ end.to not_change {
+ User.count
+ }
+
+ expect(response).to have_http_status(:unauthorized)
+ end
+
+ context 'privileged attributes' do
+
+ context 'group assignment' do
+
+ # group access assignment is in general only valid for agents
+ # see HasGroups.groups_access_permission?
+ let(:agent_attributes) do
+ attributes.merge(
+ roles: Role.where(name: 'Agent').map(&:name),
+ )
+ end
+
+ shared_examples 'group assignment' do |map_method_id|
+
+ it 'responds success for admin.user' do
+ authenticated_as(admin_with_admin_user_permissions)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to change {
+ User.count
+ }.by(1)
+
+ expect(response).to have_http_status(:success)
+ expect(User.last.send(map_method_id)).to eq(send(map_method_id))
+ end
+
+ it 'responds unauthorized for sub admin without admin.user' do
+ authenticated_as(admin_without_admin_user_permissions)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to not_change {
+ User.count
+ }
+
+ expect(response).to have_http_status(:unauthorized)
+ end
+
+ it 'responds successful for agent but removes assignment' do
+ requester = create(:agent_user)
+ authenticated_as(requester)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to change {
+ User.count
+ }.by(1)
+
+ expect(response).to have_http_status(:success)
+ expect(User.last.send(map_method_id)).to be_blank
+ end
+ end
+
+ context 'parameter groups' do
+
+ let(:group_names_access_map) do
+ Group.all.map { |g| [g.name, ['full']] }.to_h
+ end
+
+ let(:payload) do
+ agent_attributes.merge(
+ groups: group_names_access_map,
+ )
+ end
+
+ it_behaves_like 'group assignment', :group_names_access_map
+ end
+
+ context 'parameter group_ids' do
+
+ let(:group_ids_access_map) do
+ Group.all.map { |g| [g.id, ['full']] }.to_h
+ end
+
+ let(:payload) do
+ agent_attributes.merge(
+ group_ids: group_ids_access_map,
+ )
+ end
+
+ it_behaves_like 'group assignment', :group_ids_access_map
+ end
+ end
+
+ context 'role assignment' do
+
+ shared_examples 'role assignment' do
+
+ let(:privileged) { Role.where(name: 'Admin') }
+
+ it 'responds success for admin.user' do
+ authenticated_as(admin_with_admin_user_permissions)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to change {
+ User.count
+ }.by(1)
+
+ expect(response).to have_http_status(:success)
+ expect(User.last.roles).to eq(privileged)
+ end
+
+ it 'responds unauthorized for sub admin without admin.user' do
+ authenticated_as(admin_without_admin_user_permissions)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to not_change {
+ User.count
+ }
+
+ expect(response).to have_http_status(:unauthorized)
+ end
+
+ it 'responds successful for agent but removes assignment' do
+ requester = create(:agent_user)
+ authenticated_as(requester)
+
+ expect do
+ post api_v1_users_path, params: payload
+ end.to change {
+ User.count
+ }.by(1)
+
+ expect(response).to have_http_status(:success)
+ expect(User.last.roles).to eq(Role.signup_roles)
+ end
+ end
+
+ context 'parameter roles' do
+ let(:payload) do
+ attributes.merge(
+ roles: privileged.map(&:name),
+ )
+ end
+
+ it_behaves_like 'role assignment'
+ end
+
+ context 'parameter role_ids' do
+ let(:payload) do
+ attributes.merge(
+ role_ids: privileged.map(&:id),
+ )
+ end
+
+ it_behaves_like 'role assignment'
+ end
+ end
+ end
+ end
+
+ describe 'User update' do
+
+ def authorized_update_request(requester:, requested:)
+ authenticated_as(requester)
+
+ expect do
+ put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
+ end.to change {
+ requested.reload.firstname
+ }
+
+ expect(response).to have_http_status(:success)
+ end
+
+ def unauthorized_update_request(requester:, requested:)
+ authenticated_as(requester)
+
+ expect do
+ put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
+ end.to not_change {
+ requested.reload.attributes
+ }
+
+ expect(response).to have_http_status(:unauthorized)
+ end
+
+ context 'request by admin.user' do
+
+ let(:requester) { admin_with_admin_user_permissions }
+
+ it 'is successful for same admin' do
+ authorized_update_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is successful for other admin' do
+ authorized_update_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is successful for agent' do
+ authorized_update_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is successful for customer' do
+ authorized_update_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by sub admin without admin.user' do
+
+ let(:requester) { admin_without_admin_user_permissions }
+
+ it 'is unauthorized for same admin' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other admin' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized for agent' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is unauthorized for customer' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by agent' do
+
+ let(:requester) { create(:agent_user) }
+
+ it 'is unauthorized for admin' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized same agent' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other agent' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is successful for customer' do
+ authorized_update_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by customer' do
+
+ let(:requester) { create(:customer_user) }
+
+ it 'is unauthorized for admin' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized for agent' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is unauthorized for same customer' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other customer' do
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+
+ it 'is unauthorized for same organization' do
+ same_organization = create(:organization)
+
+ requester.update!(organization: same_organization)
+
+ unauthorized_update_request(
+ requester: requester,
+ requested: create(:customer_user, organization: same_organization),
+ )
+ end
+ end
+
+ context 'privileged attributes' do
+
+ let(:requested) { create(:user) }
+ let(:attribute) { privileged.keys.first }
+ let(:payload) { cleaned_params_for(requested).merge(privileged) }
+
+ def value_of_attribute
+ # we need to call .to_a otherwise Rails will load the
+ # ActiveRecord::Associations::CollectionProxy
+ # on comparsion which is to late
+ requested.reload.public_send(attribute).to_a
+ end
+
+ shared_examples 'admin types requests' do
+
+ it 'responds success for admin.user' do
+ authenticated_as(admin_with_admin_user_permissions)
+
+ expect do
+ put api_v1_update_user_path(requested), params: payload
+ end.to change {
+ value_of_attribute
+ }
+ expect(response).to have_http_status(:success)
+ end
+
+ it 'responds unauthorized for sub admin without admin.user' do
+ authenticated_as(admin_without_admin_user_permissions)
+
+ expect do
+ put api_v1_update_user_path(requested), params: payload
+ end.to not_change {
+ value_of_attribute
+ }
+
+ expect(response).to have_http_status(:unauthorized)
+ end
+ end
+
+ shared_examples 'permitted agent update' do
+
+ it 'responds successful for agent but removes assignment' do
+ requester = create(:agent_user)
+ authenticated_as(requester)
+
+ expect do
+ put api_v1_update_user_path(requested), params: payload
+ end.to change {
+ value_of_attribute
+ }
+
+ expect(response).to have_http_status(:success)
+ end
+ end
+
+ shared_examples 'forbidden agent update' do
+
+ it 'responds successful for agent but removes assignment' do
+ requester = create(:agent_user)
+ authenticated_as(requester)
+
+ expect do
+ put api_v1_update_user_path(requested), params: payload
+ end.to not_change {
+ value_of_attribute
+ }
+
+ expect(response).to have_http_status(:success)
+ end
+ end
+
+ context 'group assignment' do
+
+ context 'parameter groups' do
+
+ let(:privileged) do
+ {
+ groups: Group.all.map { |g| [g.name, ['full']] }.to_h
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'forbidden agent update'
+ end
+
+ context 'parameter group_ids' do
+
+ let(:privileged) do
+ {
+ group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'forbidden agent update'
+ end
+ end
+
+ context 'role assignment' do
+
+ let(:admin_role) { Role.where(name: 'Admin') }
+
+ context 'parameter roles' do
+ let(:privileged) do
+ {
+ roles: admin_role.map(&:name),
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'forbidden agent update'
+ end
+
+ context 'parameter role_ids' do
+ let(:privileged) do
+ {
+ role_ids: admin_role.map(&:id),
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'forbidden agent update'
+ end
+ end
+
+ context 'organization assignment' do
+
+ let(:new_organizations) { create_list(:organization, 2) }
+
+ context 'parameter organizations' do
+ let(:privileged) do
+ {
+ organizations: new_organizations.map(&:name),
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'permitted agent update'
+ end
+
+ context 'parameter organization_ids' do
+ let(:privileged) do
+ {
+ organization_ids: new_organizations.map(&:id),
+ }
+ end
+
+ it_behaves_like 'admin types requests'
+ it_behaves_like 'permitted agent update'
+ end
+ end
+ end
+ end
+
+ describe 'User deletion' do
+
+ def authorized_destroy_request(requester:, requested:)
+ authenticated_as(requester)
+
+ delete api_v1_delete_user_path(requested)
+
+ expect(response).to have_http_status(:success)
+ expect(requested).not_to exist_in_database
+ end
+
+ def unauthorized_destroy_request(requester:, requested:)
+ authenticated_as(requester)
+
+ delete api_v1_delete_user_path(requested)
+
+ expect(response).to have_http_status(:unauthorized)
+ expect(requested).to exist_in_database
+ end
+
+ context 'request by admin.user' do
+
+ let(:requester) { admin_with_admin_user_permissions }
+
+ it 'is successful for same admin' do
+ authorized_destroy_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is successful for other admin' do
+ authorized_destroy_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is successful for agent' do
+ authorized_destroy_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is successful for customer' do
+ authorized_destroy_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by sub admin without admin.user' do
+
+ let(:requester) { admin_without_admin_user_permissions }
+
+ it 'is unauthorized for same admin' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other admin' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized for agent' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is unauthorized for customer' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by agent' do
+
+ let(:requester) { create(:agent_user) }
+
+ it 'is unauthorized for admin' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized same agent' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other agent' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is unauthorized for customer' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+ end
+
+ context 'request by customer' do
+
+ let(:requester) { create(:customer_user) }
+
+ it 'is unauthorized for admin' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:admin_user),
+ )
+ end
+
+ it 'is unauthorized for agent' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:agent_user),
+ )
+ end
+
+ it 'is unauthorized for same customer' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: requester,
+ )
+ end
+
+ it 'is unauthorized for other customer' do
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:customer_user),
+ )
+ end
+
+ it 'is unauthorized for same organization' do
+ same_organization = create(:organization)
+
+ requester.update!(organization: same_organization)
+
+ unauthorized_destroy_request(
+ requester: requester,
+ requested: create(:customer_user, organization: same_organization),
+ )
+ end
+ end
+ end
+end
diff --git a/spec/requests/user_spec.rb b/spec/requests/user_spec.rb
index 87c00c748..f0d6168cb 100644
--- a/spec/requests/user_spec.rb
+++ b/spec/requests/user_spec.rb
@@ -1,676 +1,1013 @@
require 'rails_helper'
-RSpec.describe 'User endpoint', type: :request do
+RSpec.describe 'User', type: :request, searchindex: true do
- let(:role_with_admin_user_permissions) do
- create(:role).tap do |role|
- role.permission_grant('admin.user')
+ let!(:admin_user) do
+ create(
+ :admin_user,
+ groups: Group.all,
+ login: 'rest-admin',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin@example.com',
+ )
+ end
+ let!(:admin_user_pw) do
+ create(
+ :admin_user,
+ groups: Group.all,
+ login: 'rest-admin-pw',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin-pw@example.com',
+ password: 'adminpw',
+ )
+ end
+ let!(:agent_user) do
+ create(
+ :agent_user,
+ groups: Group.all,
+ login: 'rest-agent@example.com',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-agent@example.com',
+ )
+ end
+ let!(:customer_user) do
+ create(
+ :customer_user,
+ login: 'rest-customer1@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer1',
+ email: 'rest-customer1@example.com',
+ )
+ end
+ let!(:organization) do
+ create(:organization, name: 'Rest Org')
+ end
+ let!(:organization2) do
+ create(:organization, name: 'Rest Org #2')
+ end
+ let!(:organization3) do
+ create(:organization, name: 'Rest Org #3')
+ end
+ let!(:customer_user2) do
+ create(
+ :customer_user,
+ organization: organization,
+ login: 'rest-customer2@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer2',
+ email: 'rest-customer2@example.com',
+ )
+ end
+
+ before(:each) do
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
end
end
- let(:admin_with_admin_user_permissions) { create(:user, roles: [role_with_admin_user_permissions]) }
- let(:role_without_admin_user_permissions) do
- create(:role).tap do |role|
- role.permission_grant('admin.tag')
+ describe 'request handling' do
+
+ it 'does user create tests - no user' do
+
+ post '/api/v1/signshow', params: {}, as: :json
+
+ # create user with disabled feature
+ Setting.set('user_create_account', false)
+ token = @response.headers['CSRF-TOKEN']
+
+ # token based on form
+ params = { email: 'some_new_customer@example.com', authenticity_token: token }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Feature not enabled!')
+
+ # token based on headers
+ headers = { 'X-CSRF-Token' => token }
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Feature not enabled!')
+
+ Setting.set('user_create_account', true)
+
+ # no signup param with enabled feature
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Only signup with not authenticate user possible!')
+
+ # already existing user with enabled feature
+ params = { email: 'rest-customer1@example.com', signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Email address is already used for other user.')
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Attribute \'email\' required!')
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response['error']).to be_truthy
+ expect(json_response['error']).to eq('Attribute \'email\' required!')
+
+ # create user with enabled feature (take customer role)
+ params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+
+ expect(json_response['firstname']).to eq('Me First')
+ expect(json_response['lastname']).to eq('Me Last')
+ expect(json_response['login']).to eq('new_here@example.com')
+ expect(json_response['email']).to eq('new_here@example.com')
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+
+ # create user with admin role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+
+ # create user with agent role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params, headers: headers, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+
+ # no user (because of no session)
+ get '/api/v1/users', params: {}, headers: headers, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: headers, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
end
- end
- let(:admin_without_admin_user_permissions) { create(:user, roles: [role_without_admin_user_permissions]) }
- describe 'User creation' do
+ it 'does auth tests - not existing user' do
+ authenticated_as(nil, login: 'not_existing@example.com', password: 'adminpw')
+ get '/api/v1/users/me', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
- let(:attributes) { attributes_params_for(:user) }
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
+ end
- it 'responds unauthorized for customer' do
- requester = create(:customer_user)
- authenticated_as(requester)
+ it 'does auth tests - username auth, wrong pw' do
+ authenticated_as(admin_user, password: 'not_existing')
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
+ end
- expect do
- post api_v1_users_path, params: attributes
- end.to not_change {
- User.count
+ it 'does auth tests - email auth, wrong pw' do
+ authenticated_as(nil, login: 'rest-admin@example.com', password: 'not_existing')
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('authentication failed')
+ end
+
+ it 'does auth tests - username auth' do
+ authenticated_as(nil, login: 'rest-admin-pw', password: 'adminpw')
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ end
+
+ it 'does auth tests - email auth' do
+ authenticated_as(nil, login: 'rest-admin-pw@example.com', password: 'adminpw')
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ end
+
+ it 'does user index and create with admin' do
+ authenticated_as(admin_user)
+ get '/api/v1/users/me', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect('rest-admin@example.com').to eq(json_response['email'])
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect(Array).to eq(json_response.class)
+ expect(json_response.length >= 3).to be_truthy
+
+ # show/:id
+ get "/api/v1/users/#{agent_user.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect(Hash).to eq(json_response.class)
+ expect('rest-agent@example.com').to eq(json_response['email'])
+
+ get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect(Hash).to eq(json_response.class)
+ expect('rest-customer1@example.com').to eq(json_response['email'])
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_truthy
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_falsey
+ expect(json_response['login']).to eq('new_admin_by_admin@example.com')
+ expect(json_response['email']).to eq('new_admin_by_admin@example.com')
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_truthy
+ expect(user.role?('Customer')).to be_falsey
+ expect(json_response['login']).to eq('new_agent_by_admin1@example.com')
+ expect(json_response['email']).to eq('new_agent_by_admin1@example.com')
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_truthy
+ expect(user.role?('Customer')).to be_falsey
+ expect(json_response['login']).to eq('new_agent_by_admin2@example.com')
+ expect(json_response['email']).to eq('new_agent_by_admin2@example.com')
+ expect(json_response['firstname']).to eq('Agent')
+ expect(json_response['lastname']).to eq('First')
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_truthy
+ expect(json_response['error']).to eq('Email address is already used for other user.')
+
+ # missing required attributes
+ params = { note: 'some note' }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_truthy
+ expect(json_response['error']).to eq('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.')
+
+ # invalid email
+ params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(422)
+ expect(json_response).to be_truthy
+ expect(json_response['error']).to eq('Invalid email')
+
+ # with valid attributes
+ params = { firstname: 'newfirstname123', note: 'some note' }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_truthy
+ user = User.find(json_response['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+ expect(json_response['login'].start_with?('auto-')).to be_truthy
+ expect(json_response['email']).to eq('')
+ expect(json_response['firstname']).to eq('newfirstname123')
+ expect(json_response['lastname']).to eq('')
+ end
+
+ it 'does user index and create with agent' do
+ authenticated_as(agent_user)
+ get '/api/v1/users/me', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect('rest-agent@example.com').to eq(json_response['email'])
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect(Array).to eq(json_response.class)
+ expect(json_response.length >= 3).to be_truthy
+
+ get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ users = User.order(:id).limit(2)
+ expect(json_response[0]['id']).to eq(users[0].id)
+ expect(json_response[1]['id']).to eq(users[1].id)
+ expect(json_response.count).to eq(2)
+
+ get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ users = User.order(:id).limit(4)
+ expect(json_response[0]['id']).to eq(users[2].id)
+ expect(json_response[1]['id']).to eq(users[3].id)
+ expect(json_response.count).to eq(2)
+
+ # create user with admin role
+ firstname = "First test#{rand(999_999_999)}"
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ json_response_user1 = JSON.parse(@response.body)
+ expect(json_response_user1).to be_truthy
+ user = User.find(json_response_user1['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+ expect(json_response_user1['login']).to eq('new_admin_by_agent@example.com')
+ expect(json_response_user1['email']).to eq('new_admin_by_agent@example.com')
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ json_response_user1 = JSON.parse(@response.body)
+ expect(json_response_user1).to be_truthy
+ user = User.find(json_response_user1['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+ expect(json_response_user1['login']).to eq('new_agent_by_agent@example.com')
+ expect(json_response_user1['email']).to eq('new_agent_by_agent@example.com')
+
+ # create user with customer role
+ role = Role.lookup(name: 'Customer')
+ params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ json_response_user1 = JSON.parse(@response.body)
+ expect(json_response_user1).to be_truthy
+ user = User.find(json_response_user1['id'])
+ expect(user.role?('Admin')).to be_falsey
+ expect(user.role?('Agent')).to be_falsey
+ expect(user.role?('Customer')).to be_truthy
+ expect(json_response_user1['login']).to eq('new_customer_by_agent@example.com')
+ expect(json_response_user1['email']).to eq('new_customer_by_agent@example.com')
+
+ # search as agent
+ Scheduler.worker(true)
+ sleep 2 # let es time to come ready
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
+ expect(json_response[0]['lastname']).to eq('Customer Last')
+ expect(json_response[0]['role_ids']).to be_truthy
+ expect(json_response[0]['roles']).to be_falsey
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['firstname']).to eq("Customer#{firstname}")
+ expect(json_response[0]['lastname']).to eq('Customer Last')
+ expect(json_response[0]['role_ids']).to be_truthy
+ expect(json_response[0]['roles']).to be_truthy
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['role_ids']).to be_falsey
+ expect(json_response[0]['roles']).to be_falsey
+
+ get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['value']).to eq('new_customer_by_agent@example.com')
+ expect(json_response[0]['role_ids']).to be_falsey
+ expect(json_response[0]['roles']).to be_falsey
+
+ role = Role.find_by(name: 'Agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.count).to eq(0)
+
+ role = Role.find_by(name: 'Customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['role_ids']).to be_falsey
+ expect(json_response[0]['roles']).to be_falsey
+
+ permission = Permission.find_by(name: 'ticket.agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response.count).to eq(0)
+
+ permission = Permission.find_by(name: 'ticket.customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0]['id']).to eq(json_response_user1['id'])
+ expect(json_response[0]['label']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['value']).to eq("Customer#{firstname} Customer Last ")
+ expect(json_response[0]['role_ids']).to be_falsey
+ expect(json_response[0]['roles']).to be_falsey
+ end
+
+ it 'does user index and create with customer1' do
+ authenticated_as(customer_user)
+ get '/api/v1/users/me', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect('rest-customer1@example.com').to eq(json_response['email'])
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(Array).to eq(json_response.class)
+ expect(1).to eq(json_response.length)
+
+ # show/:id
+ get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(Hash).to eq(json_response.class)
+ expect('rest-customer1@example.com').to eq(json_response['email'])
+
+ get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(Hash).to eq(json_response.class)
+ expect(json_response['error']).to be_truthy
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(401)
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(401)
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does user index with customer2' do
+ authenticated_as(customer_user2)
+ get '/api/v1/users/me', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_truthy
+ expect('rest-customer2@example.com').to eq(json_response['email'])
+
+ # index
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(Array).to eq(json_response.class)
+ expect(1).to eq(json_response.length)
+
+ # show/:id
+ get "/api/v1/users/#{customer_user2.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(Hash).to eq(json_response.class)
+ expect('rest-customer2@example.com').to eq(json_response['email'])
+
+ get "/api/v1/users/#{customer_user.id}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(Hash).to eq(json_response.class)
+ expect(json_response['error']).to be_truthy
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, as: :json
+ expect(response).to have_http_status(401)
+ end
+
+ it 'does users show and response format (04.01)' do
+ user = create(
+ :customer_user,
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
+
+ authenticated_as(admin_user)
+ get "/api/v1/users/#{user.id}", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(user.id)
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization']).to be_falsey
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['role_ids']).to eq(user.role_ids)
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/users/#{user.id}?expand=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(user.id)
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['organization']).to eq(user.organization.name)
+ expect(json_response['role_ids']).to eq(user.role_ids)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/users/#{user.id}?expand=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(user.id)
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization']).to be_falsey
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['role_ids']).to eq(user.role_ids)
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ get "/api/v1/users/#{user.id}?full=true", params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(user.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
+ expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
+ expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
+ expect(json_response['assets']['User'][user.id.to_s]['role_ids']).to eq(user.role_ids)
+
+ get "/api/v1/users/#{user.id}?full=false", params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['id']).to eq(user.id)
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization']).to be_falsey
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['role_ids']).to eq(user.role_ids)
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+ end
+
+ it 'does user index and response format (04.02)' do
+ user = create(
+ :customer_user,
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
+
+ authenticated_as(admin_user)
+ get '/api/v1/users', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(user.id)
+ expect(json_response.last['lastname']).to eq(user.lastname)
+ expect(json_response.last['organization']).to be_falsey
+ expect(json_response.last['role_ids']).to eq(user.role_ids)
+ expect(json_response.last['organization_id']).to eq(user.organization_id)
+ expect(json_response.last['password']).to be_falsey
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/users?expand=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(user.id)
+ expect(json_response.last['lastname']).to eq(user.lastname)
+ expect(json_response.last['organization_id']).to eq(user.organization_id)
+ expect(json_response.last['organization']).to eq(user.organization.name)
+ expect(json_response.last['password']).to be_falsey
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/users?expand=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(user.id)
+ expect(json_response.last['lastname']).to eq(user.lastname)
+ expect(json_response.last['organization']).to be_falsey
+ expect(json_response.last['role_ids']).to eq(user.role_ids)
+ expect(json_response.last['organization_id']).to eq(user.organization_id)
+ expect(json_response.last['password']).to be_falsey
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+
+ get '/api/v1/users?full=true', params: {}, as: :json
+ expect(response).to have_http_status(200)
+
+ expect(json_response).to be_a_kind_of(Hash)
+ expect(json_response['record_ids'].class).to eq(Array)
+ expect(json_response['record_ids'][0]).to eq(1)
+ expect(json_response['record_ids'].last).to eq(user.id)
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
+ expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
+ expect(json_response['assets']['User'][user.id.to_s]['organization_id']).to eq(user.organization_id)
+ expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
+
+ get '/api/v1/users?full=false', params: {}, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ expect(json_response[0].class).to eq(Hash)
+ expect(json_response.last['id']).to eq(user.id)
+ expect(json_response.last['lastname']).to eq(user.lastname)
+ expect(json_response.last['organization']).to be_falsey
+ expect(json_response.last['role_ids']).to eq(user.role_ids)
+ expect(json_response.last['organization_id']).to eq(user.organization_id)
+ expect(json_response.last['password']).to be_falsey
+ expect(json_response.last['updated_by_id']).to eq(admin_user.id)
+ expect(json_response.last['created_by_id']).to eq(admin_user.id)
+ end
+
+ it 'does ticket create and response format (04.03)' do
+ organization = Organization.first
+ params = {
+ firstname: 'newfirstname123',
+ note: 'some note',
+ organization: organization.name,
}
- expect(response).to have_http_status(:unauthorized)
+ authenticated_as(admin_user)
+ post '/api/v1/users', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ user = User.find(json_response['id'])
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['organization']).to be_falsey
+ expect(json_response['password']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ post '/api/v1/users?expand=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ user = User.find(json_response['id'])
+ expect(json_response['firstname']).to eq(user.firstname)
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['organization']).to eq(user.organization.name)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ post '/api/v1/users?full=true', params: params, as: :json
+ expect(response).to have_http_status(201)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ user = User.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
+ expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(user.firstname)
+ expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
+ expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
+
+ expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey
+
end
- context 'privileged attributes' do
+ it 'does ticket update and response formats (04.04)' do
+ user = create(
+ :customer_user,
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ updated_by_id: admin_user.id,
+ created_by_id: admin_user.id,
+ )
- context 'group assignment' do
-
- # group access assignment is in general only valid for agents
- # see HasGroups.groups_access_permission?
- let(:agent_attributes) do
- attributes.merge(
- roles: Role.where(name: 'Agent').map(&:name),
- )
- end
-
- shared_examples 'group assignment' do |map_method_id|
-
- it 'responds success for admin.user' do
- authenticated_as(admin_with_admin_user_permissions)
-
- expect do
- post api_v1_users_path, params: payload
- end.to change {
- User.count
- }.by(1)
-
- expect(response).to have_http_status(:success)
- expect(User.last.send(map_method_id)).to eq(send(map_method_id))
- end
-
- it 'responds unauthorized for sub admin without admin.user' do
- authenticated_as(admin_without_admin_user_permissions)
-
- expect do
- post api_v1_users_path, params: payload
- end.to not_change {
- User.count
- }
-
- expect(response).to have_http_status(:unauthorized)
- end
-
- it 'responds successful for agent but removes assignment' do
- requester = create(:agent_user)
- authenticated_as(requester)
-
- expect do
- post api_v1_users_path, params: payload
- end.to change {
- User.count
- }.by(1)
-
- expect(response).to have_http_status(:success)
- expect(User.last.send(map_method_id)).to be_blank
- end
- end
-
- context 'parameter groups' do
-
- let(:group_names_access_map) do
- Group.all.map { |g| [g.name, ['full']] }.to_h
- end
-
- let(:payload) do
- agent_attributes.merge(
- groups: group_names_access_map,
- )
- end
-
- it_behaves_like 'group assignment', :group_names_access_map
- end
-
- context 'parameter group_ids' do
-
- let(:group_ids_access_map) do
- Group.all.map { |g| [g.id, ['full']] }.to_h
- end
-
- let(:payload) do
- agent_attributes.merge(
- group_ids: group_ids_access_map,
- )
- end
-
- it_behaves_like 'group assignment', :group_ids_access_map
- end
- end
-
- context 'role assignment' do
-
- shared_examples 'role assignment' do
-
- let(:privileged) { Role.where(name: 'Admin') }
-
- it 'responds success for admin.user' do
- authenticated_as(admin_with_admin_user_permissions)
-
- expect do
- post api_v1_users_path, params: payload
- end.to change {
- User.count
- }.by(1)
-
- expect(response).to have_http_status(:success)
- expect(User.last.roles).to eq(privileged)
- end
-
- it 'responds unauthorized for sub admin without admin.user' do
- authenticated_as(admin_without_admin_user_permissions)
-
- expect do
- post api_v1_users_path, params: payload
- end.to not_change {
- User.count
- }
-
- expect(response).to have_http_status(:unauthorized)
- end
-
- it 'responds successful for agent but removes assignment' do
- requester = create(:agent_user)
- authenticated_as(requester)
-
- expect do
- post api_v1_users_path, params: payload
- end.to change {
- User.count
- }.by(1)
-
- expect(response).to have_http_status(:success)
- expect(User.last.roles).to eq(Role.signup_roles)
- end
- end
-
- context 'parameter roles' do
- let(:payload) do
- attributes.merge(
- roles: privileged.map(&:name),
- )
- end
-
- it_behaves_like 'role assignment'
- end
-
- context 'parameter role_ids' do
- let(:payload) do
- attributes.merge(
- role_ids: privileged.map(&:id),
- )
- end
-
- it_behaves_like 'role assignment'
- end
- end
- end
- end
-
- describe 'User update' do
-
- def authorized_update_request(requester:, requested:)
- authenticated_as(requester)
-
- expect do
- put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
- end.to change {
- requested.reload.firstname
+ authenticated_as(admin_user)
+ params = {
+ firstname: 'a update firstname #1',
}
+ put "/api/v1/users/#{user.id}", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
- expect(response).to have_http_status(:success)
- end
+ user = User.find(json_response['id'])
+ expect(json_response['lastname']).to eq(user.lastname)
+ expect(json_response['firstname']).to eq(params[:firstname])
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['organization']).to be_falsey
+ expect(json_response['password']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
- def unauthorized_update_request(requester:, requested:)
- authenticated_as(requester)
-
- expect do
- put api_v1_update_user_path(requested), params: cleaned_params_for(requested).merge(firstname: 'Changed')
- end.to not_change {
- requested.reload.attributes
+ params = {
+ firstname: 'a update firstname #2',
}
+ put "/api/v1/users/#{user.id}?expand=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ user = User.find(json_response['id'])
+ expect(json_response['lastname']).to eq(user.lastname)
+ expect(json_response['firstname']).to eq(params[:firstname])
+ expect(json_response['organization_id']).to eq(user.organization_id)
+ expect(json_response['organization']).to eq(user.organization.name)
+ expect(json_response['password']).to be_falsey
+ expect(json_response['updated_by_id']).to eq(admin_user.id)
+ expect(json_response['created_by_id']).to eq(admin_user.id)
+
+ params = {
+ firstname: 'a update firstname #3',
+ }
+ put "/api/v1/users/#{user.id}?full=true", params: params, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ user = User.find(json_response['id'])
+ expect(json_response['assets']).to be_truthy
+ expect(json_response['assets']['User']).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][user.id.to_s]['id']).to eq(user.id)
+ expect(json_response['assets']['User'][user.id.to_s]['firstname']).to eq(params[:firstname])
+ expect(json_response['assets']['User'][user.id.to_s]['lastname']).to eq(user.lastname)
+ expect(json_response['assets']['User'][user.id.to_s]['password']).to be_falsey
+
+ expect(json_response['assets']['User'][admin_user.id.to_s]).to be_truthy
+ expect(json_response['assets']['User'][admin_user.id.to_s]['id']).to eq(admin_user.id)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['firstname']).to eq(admin_user.firstname)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['lastname']).to eq(admin_user.lastname)
+ expect(json_response['assets']['User'][admin_user.id.to_s]['password']).to be_falsey
- expect(response).to have_http_status(:unauthorized)
end
- context 'request by admin.user' do
+ it 'does csv example - customer no access (05.01)' do
- let(:requester) { admin_with_admin_user_permissions }
-
- it 'is successful for same admin' do
- authorized_update_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is successful for other admin' do
- authorized_update_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is successful for agent' do
- authorized_update_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is successful for customer' do
- authorized_update_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
+ authenticated_as(customer_user)
+ get '/api/v1/users/import_example', params: {}, as: :json
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('Not authorized (user)!')
end
- context 'request by sub admin without admin.user' do
+ it 'does csv example - admin access (05.02)' do
- let(:requester) { admin_without_admin_user_permissions }
+ authenticated_as(admin_user)
+ get '/api/v1/users/import_example', params: {}, as: :json
+ expect(response).to have_http_status(200)
- it 'is unauthorized for same admin' do
- unauthorized_update_request(
- requester: requester,
- requested: requester,
- )
- end
+ rows = CSV.parse(@response.body)
+ header = rows.shift
- it 'is unauthorized for other admin' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is unauthorized for agent' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is unauthorized for customer' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
+ expect(header[0]).to eq('id')
+ expect(header[1]).to eq('login')
+ expect(header[2]).to eq('firstname')
+ expect(header[3]).to eq('lastname')
+ expect(header[4]).to eq('email')
+ expect(header.include?('organization')).to be_truthy
end
- context 'request by agent' do
+ it 'does csv import - admin access (05.03)' do
- let(:requester) { create(:agent_user) }
+ # invalid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ authenticated_as(admin_user)
+ post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
- it 'is unauthorized for admin' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
+ expect(json_response['try']).to eq(true)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('failed')
+ expect(json_response['errors'].count).to eq(2)
+ expect(json_response['errors'][0]).to eq("Line 1: unknown attribute 'firstname2' for User.")
+ expect(json_response['errors'][1]).to eq("Line 2: unknown attribute 'firstname2' for User.")
- it 'is unauthorized same agent' do
- unauthorized_update_request(
- requester: requester,
- requested: requester,
- )
- end
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
- it 'is unauthorized for other agent' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
+ expect(json_response['try']).to eq(true)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
- it 'is successful for customer' do
- authorized_update_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
+ expect(User.find_by(login: 'user-simple-import1')).to be_nil
+ expect(User.find_by(login: 'user-simple-import2')).to be_nil
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Hash)
+
+ expect(json_response['try']).to eq(false)
+ expect(json_response['records'].count).to eq(2)
+ expect(json_response['result']).to eq('success')
+
+ user1 = User.find_by(login: 'user-simple-import1')
+ expect(user1).to be_truthy
+ expect(user1.login).to eq('user-simple-import1')
+ expect(user1.firstname).to eq('firstname-simple-import1')
+ expect(user1.lastname).to eq('lastname-simple-import1')
+ expect(user1.email).to eq('user-simple-import1@example.com')
+ expect(user1.active).to eq(true)
+ user2 = User.find_by(login: 'user-simple-import2')
+ expect(user2).to be_truthy
+ expect(user2.login).to eq('user-simple-import2')
+ expect(user2.firstname).to eq('firstname-simple-import2')
+ expect(user2.lastname).to eq('lastname-simple-import2')
+ expect(user2.email).to eq('user-simple-import2@example.com')
+ expect(user2.active).to eq(false)
+
+ user1.destroy!
+ user2.destroy!
end
- context 'request by customer' do
-
- let(:requester) { create(:customer_user) }
-
- it 'is unauthorized for admin' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is unauthorized for agent' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is unauthorized for same customer' do
- unauthorized_update_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is unauthorized for other customer' do
- unauthorized_update_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
-
- it 'is unauthorized for same organization' do
- same_organization = create(:organization)
-
- requester.update!(organization: same_organization)
-
- unauthorized_update_request(
- requester: requester,
- requested: create(:customer_user, organization: same_organization),
- )
- end
- end
-
- context 'privileged attributes' do
-
- let(:requested) { create(:user) }
- let(:attribute) { privileged.keys.first }
- let(:payload) { cleaned_params_for(requested).merge(privileged) }
-
- def value_of_attribute
- # we need to call .to_a otherwise Rails will load the
- # ActiveRecord::Associations::CollectionProxy
- # on comparsion which is to late
- requested.reload.public_send(attribute).to_a
- end
-
- shared_examples 'admin types requests' do
-
- it 'responds success for admin.user' do
- authenticated_as(admin_with_admin_user_permissions)
-
- expect do
- put api_v1_update_user_path(requested), params: payload
- end.to change {
- value_of_attribute
- }
- expect(response).to have_http_status(:success)
- end
-
- it 'responds unauthorized for sub admin without admin.user' do
- authenticated_as(admin_without_admin_user_permissions)
-
- expect do
- put api_v1_update_user_path(requested), params: payload
- end.to not_change {
- value_of_attribute
- }
-
- expect(response).to have_http_status(:unauthorized)
- end
- end
-
- shared_examples 'permitted agent update' do
-
- it 'responds successful for agent but removes assignment' do
- requester = create(:agent_user)
- authenticated_as(requester)
-
- expect do
- put api_v1_update_user_path(requested), params: payload
- end.to change {
- value_of_attribute
- }
-
- expect(response).to have_http_status(:success)
- end
- end
-
- shared_examples 'forbidden agent update' do
-
- it 'responds successful for agent but removes assignment' do
- requester = create(:agent_user)
- authenticated_as(requester)
-
- expect do
- put api_v1_update_user_path(requested), params: payload
- end.to not_change {
- value_of_attribute
- }
-
- expect(response).to have_http_status(:success)
- end
- end
-
- context 'group assignment' do
-
- context 'parameter groups' do
-
- let(:privileged) do
- {
- groups: Group.all.map { |g| [g.name, ['full']] }.to_h
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'forbidden agent update'
- end
-
- context 'parameter group_ids' do
-
- let(:privileged) do
- {
- group_ids: Group.all.map { |g| [g.id, ['full']] }.to_h
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'forbidden agent update'
- end
- end
-
- context 'role assignment' do
-
- let(:admin_role) { Role.where(name: 'Admin') }
-
- context 'parameter roles' do
- let(:privileged) do
- {
- roles: admin_role.map(&:name),
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'forbidden agent update'
- end
-
- context 'parameter role_ids' do
- let(:privileged) do
- {
- role_ids: admin_role.map(&:id),
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'forbidden agent update'
- end
- end
-
- context 'organization assignment' do
-
- let(:new_organizations) { create_list(:organization, 2) }
-
- context 'parameter organizations' do
- let(:privileged) do
- {
- organizations: new_organizations.map(&:name),
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'permitted agent update'
- end
-
- context 'parameter organization_ids' do
- let(:privileged) do
- {
- organization_ids: new_organizations.map(&:id),
- }
- end
-
- it_behaves_like 'admin types requests'
- it_behaves_like 'permitted agent update'
- end
- end
- end
- end
-
- describe 'User deletion' do
-
- def authorized_destroy_request(requester:, requested:)
- authenticated_as(requester)
-
- delete api_v1_delete_user_path(requested)
-
- expect(response).to have_http_status(:success)
- expect(requested).not_to exist_in_database
- end
-
- def unauthorized_destroy_request(requester:, requested:)
- authenticated_as(requester)
-
- delete api_v1_delete_user_path(requested)
-
- expect(response).to have_http_status(:unauthorized)
- expect(requested).to exist_in_database
- end
-
- context 'request by admin.user' do
-
- let(:requester) { admin_with_admin_user_permissions }
-
- it 'is successful for same admin' do
- authorized_destroy_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is successful for other admin' do
- authorized_destroy_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is successful for agent' do
- authorized_destroy_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is successful for customer' do
- authorized_destroy_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
- end
-
- context 'request by sub admin without admin.user' do
-
- let(:requester) { admin_without_admin_user_permissions }
-
- it 'is unauthorized for same admin' do
- unauthorized_destroy_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is unauthorized for other admin' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is unauthorized for agent' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is unauthorized for customer' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
- end
-
- context 'request by agent' do
-
- let(:requester) { create(:agent_user) }
-
- it 'is unauthorized for admin' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is unauthorized same agent' do
- unauthorized_destroy_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is unauthorized for other agent' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is unauthorized for customer' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
- end
-
- context 'request by customer' do
-
- let(:requester) { create(:customer_user) }
-
- it 'is unauthorized for admin' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:admin_user),
- )
- end
-
- it 'is unauthorized for agent' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:agent_user),
- )
- end
-
- it 'is unauthorized for same customer' do
- unauthorized_destroy_request(
- requester: requester,
- requested: requester,
- )
- end
-
- it 'is unauthorized for other customer' do
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:customer_user),
- )
- end
-
- it 'is unauthorized for same organization' do
- same_organization = create(:organization)
-
- requester.update!(organization: same_organization)
-
- unauthorized_destroy_request(
- requester: requester,
- requested: create(:customer_user, organization: same_organization),
- )
- end
+ it 'does user search sortable' do
+ firstname = "user_search_sortable #{rand(999_999_999)}"
+
+ user1 = create(
+ :customer_user,
+ login: 'rest-user_search_sortableA@example.com',
+ firstname: "#{firstname} A",
+ lastname: 'user_search_sortableA',
+ email: 'rest-user_search_sortableA@example.com',
+ password: 'user_search_sortableA',
+ active: true,
+ organization_id: organization.id,
+ out_of_office: false,
+ created_at: '2016-02-05 17:42:00',
+ )
+ user2 = create(
+ :customer_user,
+ login: 'rest-user_search_sortableB@example.com',
+ firstname: "#{firstname} B",
+ lastname: 'user_search_sortableB',
+ email: 'rest-user_search_sortableB@example.com',
+ password: 'user_search_sortableB',
+ active: true,
+ organization_id: organization.id,
+ out_of_office_start_at: '2016-02-06 19:42:00',
+ out_of_office_end_at: '2016-02-07 19:42:00',
+ out_of_office_replacement_id: 1,
+ out_of_office: true,
+ created_at: '2016-02-05 19:42:00',
+ )
+ Scheduler.worker(true)
+ sleep 2 # let es time to come ready
+
+ authenticated_as(admin_user)
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user1.id, user2.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user1.id, user2.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user2.id, user1.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user2.id, user1.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user2.id, user1.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user1.id, user2.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user2.id, user1.id])
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, as: :json
+ expect(response).to have_http_status(200)
+ expect(json_response).to be_a_kind_of(Array)
+ result = json_response
+ result.collect! { |v| v['id'] }
+ expect(result).to eq([user1.id, user2.id])
end
end
end
diff --git a/spec/support/request.rb b/spec/support/request.rb
index 762859a04..1ef7548b6 100644
--- a/spec/support/request.rb
+++ b/spec/support/request.rb
@@ -51,16 +51,38 @@ module ZammadSpecSupportRequest
# @example
# authenticated_as(some_admin_user)
#
+ # @example
+ # authenticated_as(some_admin_user, on_behalf_of: customer_user)
+ #
+ # @example
+ # authenticated_as(some_admin_user, password: 'wrongpw')
+ #
+ # @example
+ # authenticated_as(some_admin_user, password: 'wrongpw', token: create(:token, action: 'api', user_id: some_admin_user.id) )
+ #
+ # @example
+ # authenticated_as(nil, login: 'not_existing', password: 'wrongpw' )
+ #
# @return nil
- def authenticated_as(user)
+ def authenticated_as(user, login: nil, password: nil, token: nil, on_behalf_of: nil)
+ password ||= user.password
+ login ||= user.login
+
# mock authentication otherwise login won't
# if user has no password (which is expensive to create)
- if user.password.nil?
- allow(User).to receive(:authenticate).with(user.login, '').and_return(user)
+ if password.nil?
+ allow(User).to receive(:authenticate).with(login, '').and_return(user)
end
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials(user.login, user.password)
- add_headers('Authorization' => credentials)
+ # if we want to authenticate by token
+ if token.present?
+ credentials = "Token token=#{token.name}"
+
+ return add_headers('Authorization' => credentials)
+ end
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials(login, password)
+ add_headers('Authorization' => credentials, 'X-On-Behalf-Of' => on_behalf_of)
end
# Provides a Hash of attributes for the given FactoryBot
@@ -106,4 +128,8 @@ end
RSpec.configure do |config|
config.include ZammadSpecSupportRequest, type: :request
+
+ config.before(:each, type: :request) do
+ Setting.set('system_init_done', true)
+ end
end
diff --git a/spec/support/searchindex_backend.rb b/spec/support/searchindex_backend.rb
new file mode 100644
index 000000000..263dbf1c9
--- /dev/null
+++ b/spec/support/searchindex_backend.rb
@@ -0,0 +1,56 @@
+require 'rake'
+
+module SearchindexBackendHelper
+
+ def configure_elasticsearch(required: false)
+ if ENV['ES_URL'].blank?
+ return if !required
+ raise "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'"
+ end
+
+ Setting.set('es_url', ENV['ES_URL'])
+
+ # Setting.set('es_url', 'http://127.0.0.1:9200')
+ # Setting.set('es_index', 'estest.local_zammad')
+ # Setting.set('es_user', 'elasticsearch')
+ # Setting.set('es_password', 'zammad')
+
+ if ENV['ES_INDEX_RAND'].present?
+ rand_id = ENV.fetch('CI_JOB_ID', "r#{rand(999)}")
+ test_method_name = subject.gsub(/[^\w]/, '_')
+ ENV['ES_INDEX'] = "es_index_#{test_method_name}_#{rand_id}_#{rand(999_999_999)}"
+ end
+ if ENV['ES_INDEX'].blank?
+ raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'"
+ end
+ Setting.set('es_index', ENV['ES_INDEX'])
+
+ # set max attachment size in mb
+ Setting.set('es_attachment_max_size_in_mb', 1)
+
+ yield if block_given?
+ end
+
+ def rebuild_searchindex
+ Rake::Task.clear
+ Zammad::Application.load_tasks
+ Rake::Task['searchindex:rebuild'].execute
+ end
+
+ def self.included(base)
+
+ # Execute in RSpec class context
+ base.class_exec do
+
+ after(:each) do
+ next if ENV['ES_URL'].blank?
+
+ Rake::Task['searchindex:drop'].execute
+ end
+ end
+ end
+end
+
+RSpec.configure do |config|
+ config.include SearchindexBackendHelper, searchindex: true
+end
diff --git a/test/controllers/api_auth_controller_test.rb b/test/controllers/api_auth_controller_test.rb
deleted file mode 100644
index c60162269..000000000
--- a/test/controllers/api_auth_controller_test.rb
+++ /dev/null
@@ -1,443 +0,0 @@
-
-require 'test_helper'
-
-class ApiAuthControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'api-admin',
- firstname: 'API',
- lastname: 'Admin',
- email: 'api-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'api-agent@example.com',
- firstname: 'API',
- lastname: 'Agent',
- email: 'api-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer = User.create!(
- login: 'api-customer1@example.com',
- firstname: 'API',
- lastname: 'Customer1',
- email: 'api-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test 'basic auth - admin' do
-
- admin_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin@example.com', 'adminpw')
-
- Setting.set('api_password_access', false)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API password access disabled!', result['error'])
-
- Setting.set('api_password_access', true)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- end
-
- test 'basic auth - agent' do
-
- agent_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-agent@example.com', 'agentpw')
-
- Setting.set('api_password_access', false)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API password access disabled!', result['error'])
-
- Setting.set('api_password_access', true)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- end
-
- test 'basic auth - customer' do
-
- customer_credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1@example.com', 'customer1pw')
-
- Setting.set('api_password_access', false)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API password access disabled!', result['error'])
-
- Setting.set('api_password_access', true)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- end
-
- test 'token auth - admin' do
-
- admin_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @admin.id,
- preferences: {
- permission: ['admin.session'],
- },
- )
- admin_credentials = "Token token=#{admin_token.name}"
-
- Setting.set('api_token_access', false)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API token access disabled!', result['error'])
-
- Setting.set('api_token_access', true)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
-
- admin_token.preferences[:permission] = ['admin.session_not_existing']
- admin_token.save!
-
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (token)!', result['error'])
-
- admin_token.preferences[:permission] = []
- admin_token.save!
-
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (token)!', result['error'])
-
- @admin.active = false
- @admin.save!
-
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('User is inactive!', result['error'])
-
- admin_token.preferences[:permission] = ['admin.session']
- admin_token.save!
-
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('User is inactive!', result['error'])
-
- @admin.active = true
- @admin.save!
-
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
-
- get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (token)!', result['error'])
-
- admin_token.preferences[:permission] = ['admin.session_not_existing', 'admin.role']
- admin_token.save!
-
- get '/api/v1/roles', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- admin_token.preferences[:permission] = ['ticket.agent']
- admin_token.save!
-
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- name = "some org name #{rand(999_999_999)}"
- post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- name = "some org name #{rand(999_999_999)} - 2"
- put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- admin_token.preferences[:permission] = ['admin.organization']
- admin_token.save!
-
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- name = "some org name #{rand(999_999_999)}"
- post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- name = "some org name #{rand(999_999_999)} - 2"
- put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- admin_token.preferences[:permission] = ['admin']
- admin_token.save!
-
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- name = "some org name #{rand(999_999_999)}"
- post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- name = "some org name #{rand(999_999_999)} - 2"
- put "/api/v1/organizations/#{result['id']}", params: { name: name }.to_json, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(name, result['name'])
- assert(result)
-
- end
-
- test 'token auth - agent' do
-
- agent_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @agent.id,
- )
- agent_credentials = "Token token=#{agent_token.name}"
-
- Setting.set('api_token_access', false)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API token access disabled!', result['error'])
-
- Setting.set('api_token_access', true)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- name = "some org name #{rand(999_999_999)}"
- post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => agent_credentials)
- assert_response(401)
-
- end
-
- test 'token auth - customer' do
-
- customer_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @customer.id,
- )
- customer_credentials = "Token token=#{customer_token.name}"
-
- Setting.set('api_token_access', false)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API token access disabled!', result['error'])
-
- Setting.set('api_token_access', true)
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => customer_credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- name = "some org name #{rand(999_999_999)}"
- post '/api/v1/organizations', params: { name: name }.to_json, headers: @headers.merge('Authorization' => customer_credentials)
- assert_response(401)
- end
-
- test 'token auth - invalid user - admin' do
-
- admin_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @admin.id,
- )
- admin_credentials = "Token token=#{admin_token.name}"
-
- @admin.active = false
- @admin.save!
-
- Setting.set('api_token_access', false)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('API token access disabled!', result['error'])
-
- Setting.set('api_token_access', true)
- get '/api/v1/sessions', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('User is inactive!', result['error'])
- end
-
- test 'token auth - expired' do
-
- Setting.set('api_token_access', true)
-
- admin_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @admin.id,
- expires_at: Time.zone.today
- )
- admin_credentials = "Token token=#{admin_token.name}"
-
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (token expired)!', result['error'])
-
- admin_token.reload
- assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
- end
-
- test 'token auth - not expired' do
-
- Setting.set('api_token_access', true)
-
- admin_token = Token.create(
- action: 'api',
- persistent: true,
- user_id: @admin.id,
- expires_at: Time.zone.tomorrow
- )
- admin_credentials = "Token token=#{admin_token.name}"
-
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => admin_credentials)
- assert_response(200)
- assert_equal('*', @response.header['Access-Control-Allow-Origin'])
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
-
- admin_token.reload
- assert_in_delta(admin_token.last_used_at, Time.zone.now, 1.second)
- end
-
- test 'session auth - admin' do
-
- post '/api/v1/signin', params: { username: 'api-admin@example.com', password: 'adminpw', fingerprint: '123456789' }
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- assert_response(201)
-
- get '/api/v1/sessions', params: {}
- assert_response(200)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- end
-end
diff --git a/test/controllers/api_auth_on_behalf_of_controller_test.rb b/test/controllers/api_auth_on_behalf_of_controller_test.rb
deleted file mode 100644
index 492aaed27..000000000
--- a/test/controllers/api_auth_on_behalf_of_controller_test.rb
+++ /dev/null
@@ -1,231 +0,0 @@
-
-require 'test_helper'
-
-class ApiAuthControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'api-admin-auth-behalf',
- firstname: 'API',
- lastname: 'Admin',
- email: 'api-admin-auth-behalf@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer = User.create!(
- login: 'api-customer1-auth-behalf@example.com',
- firstname: 'API',
- lastname: 'Customer1',
- email: 'api-customer1-auth-behalf@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test 'X-On-Behalf-Of auth - ticket create admin for customer by id' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => @customer.id,
- )
-
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(result['created_by_id'], @customer.id)
- end
-
- test 'X-On-Behalf-Of auth - ticket create admin for customer by login' do
- ActivityStream.cleanup(1.year)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => @customer.login,
- )
- admin_headers = @headers.merge(
- 'Authorization' => credentials,
- )
-
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(201)
- result_ticket_create = JSON.parse(@response.body)
- assert_equal(Hash, result_ticket_create.class)
- assert_equal(result_ticket_create['created_by_id'], @customer.id)
-
- get '/api/v1/activity_stream?full=true', params: {}, headers: admin_headers
- assert_response(200)
- result_activity_stream = JSON.parse(@response.body)
- assert_equal(Hash, result_activity_stream.class)
-
- ticket_created = nil
- result_activity_stream['record_ids'].each do |record_id|
- activity_stream = ActivityStream.find(record_id)
- next if activity_stream.object.name != 'Ticket'
- next if activity_stream.o_id != result_ticket_create['id']
- ticket_created = activity_stream
- end
-
- assert(ticket_created)
- assert_equal(ticket_created.created_by_id, @customer.id)
-
- get '/api/v1/activity_stream', params: {}, headers: admin_headers
- assert_response(200)
- result_activity_stream = JSON.parse(@response.body)
- assert_equal(Array, result_activity_stream.class)
-
- ticket_created = nil
- result_activity_stream.each do |record|
- activity_stream = ActivityStream.find(record['id'])
- next if activity_stream.object.name != 'Ticket'
- next if activity_stream.o_id != result_ticket_create['id']
- ticket_created = activity_stream
- end
-
- assert(ticket_created)
- assert_equal(ticket_created.created_by_id, @customer.id)
-
- end
-
- test 'X-On-Behalf-Of auth - ticket create admin for customer by email' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => @customer.email,
- )
-
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(result['created_by_id'], @customer.id)
- end
-
- test 'X-On-Behalf-Of auth - ticket create admin for unknown' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => 99_449_494_949,
- )
-
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal("No such user '99449494949'", result['error'])
- end
-
- test 'X-On-Behalf-Of auth - ticket create customer for admin' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-customer1-auth-behalf@example.com', 'customer1pw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => @admin.email,
- )
-
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(401)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal("Current user has no permission to use 'X-On-Behalf-Of'!", result['error'])
- end
-
- test 'X-On-Behalf-Of auth - ticket create admin for customer by email but no permitted action' do
- group_secret = Group.new(name: 'secret1234')
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('api-admin-auth-behalf@example.com', 'adminpw')
-
- ticket_create_headers = @headers.merge(
- 'Authorization' => credentials,
- 'X-On-Behalf-Of' => @customer.email,
- )
-
- params = {
- title: 'a new ticket #3',
- group: group_secret.name,
- priority: '2 normal',
- state: 'new',
- customer_id: @customer.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: ticket_create_headers
- assert_response(422)
- assert_not(@response.header.key?('Access-Control-Allow-Origin'))
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('No lookup value found for \'group\': "secret1234"', result['error'])
- end
-end
diff --git a/test/controllers/basic_controller_test.rb b/test/controllers/basic_controller_test.rb
deleted file mode 100644
index da6306be3..000000000
--- a/test/controllers/basic_controller_test.rb
+++ /dev/null
@@ -1,121 +0,0 @@
-
-require 'test_helper'
-
-class BasicControllerTest < ActionDispatch::IntegrationTest
-
- test 'json requests' do
-
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # 404
- get '/not_existing_url', params: {}, headers: @headers
- assert_response(404)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'No route matches [GET] /not_existing_url')
-
- # 401
- get '/api/v1/organizations', params: {}, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'authentication failed')
-
- # 422
- get '/tests/unprocessable_entity', params: {}, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'some error message')
-
- # 401
- get '/tests/not_authorized', params: {}, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'some error message')
-
- # 401
- get '/tests/ar_not_found', params: {}, headers: @headers
- assert_response(404)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'some error message')
-
- # 500
- get '/tests/standard_error', params: {}, headers: @headers
- assert_response(500)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'some error message')
-
- # 422
- get '/tests/argument_error', params: {}, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'some error message')
-
- end
-
- test 'html requests' do
-
- # 404
- get '/not_existing_url', params: {}, headers: @headers
- assert_response(404)
- assert_match(/404: Not Found}, @response.body)
- assert_match(%r{404: Requested Ressource was not found.
}, @response.body)
- assert_match(%r{No route matches \[GET\] /not_existing_url}, @response.body)
-
- # 401
- get '/api/v1/organizations', params: {}, headers: @headers
- assert_response(401)
- assert_match(/401: Unauthorized}, @response.body)
- assert_match(%r{401: Unauthorized
}, @response.body)
- assert_match(/authentication failed/, @response.body)
-
- # 422
- get '/tests/unprocessable_entity', params: {}, headers: @headers
- assert_response(422)
- assert_match(/422: Unprocessable Entity}, @response.body)
- assert_match(%r{422: The change you wanted was rejected.
}, @response.body)
- assert_match(/some error message/, @response.body)
-
- # 401
- get '/tests/not_authorized', params: {}, headers: @headers
- assert_response(401)
- assert_match(/401: Unauthorized}, @response.body)
- assert_match(%r{401: Unauthorized
}, @response.body)
- assert_match(/some error message/, @response.body)
-
- # 401
- get '/tests/ar_not_found', params: {}, headers: @headers
- assert_response(404)
- assert_match(/404: Not Found}, @response.body)
- assert_match(%r{404: Requested Ressource was not found.
}, @response.body)
- assert_match(/some error message/, @response.body)
-
- # 500
- get '/tests/standard_error', params: {}, headers: @headers
- assert_response(500)
- assert_match(/500: Something went wrong}, @response.body)
- assert_match(%r{500: We're sorry, but something went wrong.
}, @response.body)
- assert_match(/some error message/, @response.body)
-
- # 422
- get '/tests/argument_error', params: {}, headers: @headers
- assert_response(422)
- assert_match(/422: Unprocessable Entity}, @response.body)
- assert_match(%r{422: The change you wanted was rejected.
}, @response.body)
- assert_match(/some error message/, @response.body)
-
- end
-
-end
diff --git a/test/controllers/calendar_controller_test.rb b/test/controllers/calendar_controller_test.rb
deleted file mode 100644
index 927b952cd..000000000
--- a/test/controllers/calendar_controller_test.rb
+++ /dev/null
@@ -1,90 +0,0 @@
-
-require 'test_helper'
-
-class CalendarControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'calendar-admin',
- firstname: 'Packages',
- lastname: 'Admin',
- email: 'calendar-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- end
-
- test '01 calendar index with nobody' do
-
- get '/api/v1/calendars', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/calendars_init', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
- end
-
- test '02 calendar index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
-
- # index
- get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(1, result.count)
-
- get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(1, result.count)
-
- get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert(result['record_ids'])
- assert_equal(1, result['record_ids'].count)
- assert(result['assets'])
- assert(result['assets'].present?)
-
- # index
- get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['record_ids'])
- assert(result['ical_feeds'])
- assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
- assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
- assert(result['timezones'])
- assert_equal(2, result['timezones']['Africa/Johannesburg'])
- assert_equal(-8, result['timezones']['America/Sitka'])
- assert(result['assets'])
-
- end
-
-end
diff --git a/test/controllers/calendars_controller_test.rb b/test/controllers/calendars_controller_test.rb
deleted file mode 100644
index 4f1938a96..000000000
--- a/test/controllers/calendars_controller_test.rb
+++ /dev/null
@@ -1,90 +0,0 @@
-
-require 'test_helper'
-
-class CalendarsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'calendar-admin',
- firstname: 'Packages',
- lastname: 'Admin',
- email: 'calendar-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- end
-
- test '01 calendar index with nobody' do
-
- get '/api/v1/calendars', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/calendars_init', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
- end
-
- test '02 calendar index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
-
- # index
- get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(1, result.count)
-
- get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(1, result.count)
-
- get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert(result['record_ids'])
- assert_equal(1, result['record_ids'].count)
- assert(result['assets'])
- assert(result['assets'].present?)
-
- # index
- get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['record_ids'])
- assert(result['ical_feeds'])
- assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
- assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
- assert(result['timezones'])
- assert_equal(2, result['timezones']['Africa/Johannesburg'])
- assert_equal(-8, result['timezones']['America/Sitka'])
- assert(result['assets'])
-
- end
-
-end
diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb
deleted file mode 100644
index 69d47de62..000000000
--- a/test/controllers/form_controller_test.rb
+++ /dev/null
@@ -1,244 +0,0 @@
-require 'test_helper'
-
-class FormControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.4' }
-
- configure_elasticsearch
-
- Ticket.destroy_all
-
- rebuild_searchindex
- end
-
- test '01 - get config call' do
- post '/api/v1/form_config', params: {}.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['error'], 'Not authorized')
- end
-
- test '02 - get config call' do
- Setting.set('form_ticket_create', true)
- post '/api/v1/form_config', params: {}.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['error'], 'Not authorized')
-
- end
-
- test '03 - get config call & do submit' do
- Setting.set('form_ticket_create', true)
- fingerprint = SecureRandom.hex(40)
- post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['enabled'], true)
- assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
- assert(result['token'])
- token = result['token']
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['error'], 'Not authorized')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert(result['errors'])
- assert_equal(result['errors']['name'], 'required')
- assert_equal(result['errors']['email'], 'required')
- assert_equal(result['errors']['title'], 'required')
- assert_equal(result['errors']['body'], 'required')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert(result['errors'])
- assert_equal(result['errors']['name'], 'required')
- assert_equal(result['errors']['email'], 'invalid')
- assert_equal(result['errors']['title'], 'required')
- assert_equal(result['errors']['body'], 'required')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert_not(result['errors'])
- assert(result['ticket'])
- assert(result['ticket']['id'])
- assert(result['ticket']['number'])
-
- travel 5.hours
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
-
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert_not(result['errors'])
- assert(result['ticket'])
- assert(result['ticket']['id'])
- assert(result['ticket']['number'])
-
- travel 20.hours
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test', body: 'hello' }.to_json, headers: @headers
- assert_response(401)
-
- end
-
- test '04 - get config call & do submit' do
- Setting.set('form_ticket_create', true)
- fingerprint = SecureRandom.hex(40)
- post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['enabled'], true)
- assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
- assert(result['token'])
- token = result['token']
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: 'invalid' }.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['error'], 'Not authorized')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert(result['errors'])
- assert_equal(result['errors']['name'], 'required')
- assert_equal(result['errors']['email'], 'required')
- assert_equal(result['errors']['title'], 'required')
- assert_equal(result['errors']['body'], 'required')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, email: 'some' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert(result['errors'])
- assert_equal(result['errors']['name'], 'required')
- assert_equal(result['errors']['email'], 'invalid')
- assert_equal(result['errors']['title'], 'required')
- assert_equal(result['errors']['body'], 'required')
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'somebody@example.com', title: 'test', body: 'hello' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert(result['errors'])
- assert_equal(result['errors']['email'], 'invalid')
-
- end
-
- test '05 - limits' do
- return if !SearchIndexBackend.enabled?
-
- Setting.set('form_ticket_create', true)
- fingerprint = SecureRandom.hex(40)
- post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['enabled'], true)
- assert_equal(result['endpoint'], 'http://zammad.example.com/api/v1/form_submit')
- assert(result['token'])
- token = result['token']
-
- (1..20).each do |count|
- travel 10.seconds
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test#{count}", body: 'hello' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert_not(result['errors'])
- assert(result['ticket'])
- assert(result['ticket']['id'])
- assert(result['ticket']['number'])
- Scheduler.worker(true)
- sleep 1 # wait until elasticsearch is index
- end
-
- sleep 10 # wait until elasticsearch is index
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-last', body: 'hello' }.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json', 'REMOTE_ADDR' => '1.2.3.5' }
-
- (1..20).each do |count|
- travel 10.seconds
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: "test-2-#{count}", body: 'hello' }.to_json, headers: @headers
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
-
- assert_not(result['errors'])
- assert(result['ticket'])
- assert(result['ticket']['id'])
- assert(result['ticket']['number'])
- Scheduler.worker(true)
- sleep 1 # wait until elasticsearch is index
- end
-
- sleep 10 # wait until elasticsearch is index
-
- post '/api/v1/form_submit', params: { fingerprint: fingerprint, token: token, name: 'Bob Smith', email: 'discard@znuny.com', title: 'test-2-last', body: 'hello' }.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
- end
-
- test '06 - customer_ticket_create false disables form' do
- Setting.set('form_ticket_create', false)
- Setting.set('customer_ticket_create', true)
-
- fingerprint = SecureRandom.hex(40)
-
- post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
-
- result = JSON.parse(@response.body)
- token = result['token']
- params = {
- fingerprint: fingerprint,
- token: token,
- name: 'Bob Smith',
- email: 'discard@znuny.com',
- title: 'test',
- body: 'hello'
- }
-
- post '/api/v1/form_submit', params: params.to_json, headers: @headers
-
- assert_response(401)
- end
-
-end
diff --git a/test/controllers/integration_check_mk_controller_test.rb b/test/controllers/integration_check_mk_controller_test.rb
deleted file mode 100644
index d14a7534a..000000000
--- a/test/controllers/integration_check_mk_controller_test.rb
+++ /dev/null
@@ -1,270 +0,0 @@
-
-require 'test_helper'
-
-class IntegationCheckMkControllerTest < ActionDispatch::IntegrationTest
- setup do
- token = SecureRandom.urlsafe_base64(16)
- Setting.set('check_mk_token', token)
- Setting.set('check_mk_integration', true)
- end
-
- test '01 without token' do
- post '/api/v1/integration/check_mk/', params: {}
- assert_response(404)
- end
-
- test '01 invalid token & enabled feature' do
- post '/api/v1/integration/check_mk/invalid_token', params: {}
- assert_response(422)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid token!', result['error'])
- end
-
- test '01 invalid token & disabled feature' do
- Setting.set('check_mk_integration', false)
-
- post '/api/v1/integration/check_mk/invalid_token', params: {}
- assert_response(422)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Feature is disable, please contact your admin to enable it!', result['error'])
- end
-
- test '02 ticket create & close' do
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_id'])
- assert(result['ticket_number'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal('new', ticket.state.name)
- assert_equal(1, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'up',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('closed', ticket.state.name)
- assert_equal(2, ticket.articles.count)
- end
-
- test '02 ticket create & create & auto close' do
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_id'])
- assert(result['ticket_number'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal('new', ticket.state.name)
- assert_equal(1, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal('ticket already open, added note', result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('new', ticket.state.name)
- assert_equal(2, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'up',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('closed', ticket.state.name)
- assert_equal(3, ticket.articles.count)
- end
-
- test '02 ticket close' do
- params = {
- event_id: '123',
- state: 'up',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal('no open tickets found, ignore action', result['result'])
- end
-
- test '02 ticket create & create & no auto close' do
- Setting.set('check_mk_auto_close', false)
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_id'])
- assert(result['ticket_number'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal('new', ticket.state.name)
- assert_equal(1, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal('ticket already open, added note', result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('new', ticket.state.name)
- assert_equal(2, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'up',
- host: 'some host',
- service: 'some service',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal('ticket already open, added note', result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('new', ticket.state.name)
- assert_equal(3, ticket.articles.count)
- end
-
- test '02 ticket create & create & auto close - host only' do
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_id'])
- assert(result['ticket_number'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal('new', ticket.state.name)
- assert_equal(1, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'down',
- host: 'some host',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal('ticket already open, added note', result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('new', ticket.state.name)
- assert_equal(2, ticket.articles.count)
-
- params = {
- event_id: '123',
- state: 'up',
- host: 'some host',
- }
- post "/api/v1/integration/check_mk/#{Setting.get('check_mk_token')}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert(result['result'])
- assert(result['ticket_ids'].include?(ticket.id))
-
- ticket.reload
- assert_equal('closed', ticket.state.name)
- assert_equal(3, ticket.articles.count)
- end
-end
diff --git a/test/controllers/integration_cti_controller_test.rb b/test/controllers/integration_cti_controller_test.rb
deleted file mode 100644
index 8e92f911c..000000000
--- a/test/controllers/integration_cti_controller_test.rb
+++ /dev/null
@@ -1,508 +0,0 @@
-
-require 'test_helper'
-require 'rexml/document'
-
-class IntegrationCtiControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- Cti::Log.destroy_all
-
- Setting.set('cti_integration', true)
- Setting.set('cti_config', {
- outbound: {
- routing_table: [
- {
- dest: '41*',
- caller_id: '41715880339000',
- },
- {
- dest: '491714000000',
- caller_id: '41715880339000',
- },
- ],
- default_caller_id: '4930777000000',
- },
- inbound: {
- block_caller_ids: [
- {
- caller_id: '491715000000',
- note: 'some note',
- }
- ],
- notify_user_ids: {
- 2 => true,
- 4 => false,
- },
- }
- },)
-
- groups = Group.where(name: 'Users')
- roles = Role.where(name: %w[Agent])
- agent = User.create_or_update(
- login: 'cti-agent@example.com',
- firstname: 'E',
- lastname: 'S',
- email: 'cti-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- customer1 = User.create_or_update(
- login: 'ticket-caller_id_cti-customer1@example.com',
- firstname: 'CallerId',
- lastname: 'Customer1',
- email: 'ticket-caller_id_cti-customer1@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222',
- fax: '+49 99999 222223',
- mobile: '+4912347114711',
- note: 'Phone at home: +49 99999 222224',
- updated_by_id: 1,
- created_by_id: 1,
- )
- customer2 = User.create_or_update(
- login: 'ticket-caller_id_cti-customer2@example.com',
- firstname: 'CallerId',
- lastname: 'Customer2',
- email: 'ticket-caller_id_cti-customer2@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222 2',
- updated_by_id: 1,
- created_by_id: 1,
- )
- customer3 = User.create_or_update(
- login: 'ticket-caller_id_cti-customer3@example.com',
- firstname: 'CallerId',
- lastname: 'Customer3',
- email: 'ticket-caller_id_cti-customer3@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222 2',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Cti::CallerId.rebuild
-
- end
-
- test 'token check' do
- params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
- post '/api/v1/cti/not_existing_token', params: params
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid token, please contact your admin!', result['error'])
- end
-
- test 'basic call' do
- token = Setting.get('cti_token')
-
- # inbound - I
- params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result.blank?)
-
- # inbound - II - block caller
- params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&call_id=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('reject', result['action'])
- assert_equal('busy', result['reason'])
-
- # outbound - I - set default_caller_id
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=8621106404543334274-3&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('dial', result['action'])
- assert_equal('4912347114711', result['number'])
- assert_equal('4930777000000', result['caller_id'])
-
- # outbound - II - set caller_id based on routing_table by explicite number
- params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&call_id=8621106404543334274-4&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('dial', result['action'])
- assert_equal('491714000000', result['number'])
- assert_equal('41715880339000', result['caller_id'])
-
- # outbound - III - set caller_id based on routing_table by 41*
- params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&call_id=8621106404543334274-5&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('dial', result['action'])
- assert_equal('4147110000000', result['number'])
- assert_equal('41715880339000', result['caller_id'])
-
- # no config
- Setting.set('cti_config', {})
- params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&call_id=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Feature not configured, please contact your admin!', result['error'])
-
- end
-
- test 'log call' do
- token = Setting.get('cti_token')
-
- # outbound - I - new call
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-1&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-1')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # outbound - I - hangup by agent
- params = 'event=hangup&direction=out&call_id=1234567890-1&cause=cancel'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-1')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_equal('cancel', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert(log.end_at)
- assert(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # outbound - II - new call
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&call_id=1234567890-2&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # outbound - II - answer by customer
- params = 'event=answer&direction=out&call_id=1234567890-2&from=4930600000000&to=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert_nil(log.end_at)
- assert(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # outbound - II - hangup by customer
- params = 'event=hangup&direction=out&call_id=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert(log.end_at)
- assert(log.duration_waiting_time)
- assert(log.duration_talking_time)
-
- # inbound - I - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-3&user%5B%5D=user+1'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - I - answer by customer
- params = 'event=answer&direction=in&call_id=1234567890-3&to=4930600000000&from=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert_nil(log.end_at)
- assert(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - I - hangup by customer
- params = 'event=hangup&direction=in&call_id=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert(log.end_at)
- assert(log.duration_waiting_time)
- assert(log.duration_talking_time)
-
- # inbound - II - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-4&user%5B%5D=user+1,user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - II - answer by voicemail
- params = 'event=answer&direction=in&call_id=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('voicemail', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert_nil(log.end_at)
- assert(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - II - hangup by customer
- params = 'event=hangup&direction=in&call_id=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('voicemail', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert(log.start_at)
- assert(log.end_at)
- assert(log.duration_waiting_time)
- assert(log.duration_talking_time)
-
- # inbound - III - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&call_id=1234567890-5&user%5B%5D=user+1,user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-5')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - III - hangup by customer
- params = 'event=hangup&direction=in&call_id=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-5')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert(log.end_at)
- assert(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - IV - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&call_id=1234567890-6&user%5B%5D=user+1,user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-6')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('49999992222222', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
- assert_not(log.preferences['to'])
- assert(log.preferences['from'])
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # inbound - IV - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=anonymous&call_id=1234567890-7&user%5B%5D=user+1,user+2'
- post "/api/v1/cti/#{token}", params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-7')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('anonymous', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_nil(log.from_comment)
- assert_not(log.preferences['to'])
- assert_not(log.preferences['from'])
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
- assert(log.initialized_at)
- assert_nil(log.start_at)
- assert_nil(log.end_at)
- assert_nil(log.duration_waiting_time)
- assert_nil(log.duration_talking_time)
-
- # get caller list
- get '/api/v1/cti/log'
- assert_response(401)
-
- customer2 = User.lookup(login: 'ticket-caller_id_cti-customer2@example.com')
- customer3 = User.lookup(login: 'ticket-caller_id_cti-customer3@example.com')
-
- headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
- get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result['list'].class, Array)
- assert_equal(7, result['list'].count)
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][customer2.id.to_s])
- assert(result['assets']['User'][customer3.id.to_s])
- assert_equal('1234567890-7', result['list'][0]['call_id'])
- assert_equal('1234567890-6', result['list'][1]['call_id'])
- assert_equal('1234567890-5', result['list'][2]['call_id'])
- assert_equal('1234567890-4', result['list'][3]['call_id'])
- assert_equal('1234567890-3', result['list'][4]['call_id'])
- assert_equal('1234567890-2', result['list'][5]['call_id'])
- assert_equal('hangup', result['list'][5]['state'])
- assert_equal('4930777000000', result['list'][5]['from'])
- assert_equal('user 1', result['list'][5]['from_comment'])
- assert_equal('4912347114711', result['list'][5]['to'])
- assert_equal('CallerId Customer1', result['list'][5]['to_comment'])
- assert_equal('normalClearing', result['list'][5]['comment'])
- assert_equal('hangup', result['list'][5]['state'])
- assert_equal('1234567890-1', result['list'][6]['call_id'])
-
- end
-
-end
diff --git a/test/controllers/integration_sipgate_controller_test.rb b/test/controllers/integration_sipgate_controller_test.rb
deleted file mode 100644
index 97462d054..000000000
--- a/test/controllers/integration_sipgate_controller_test.rb
+++ /dev/null
@@ -1,469 +0,0 @@
-
-require 'test_helper'
-require 'rexml/document'
-
-class IntegrationSipgateControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- Cti::Log.destroy_all
-
- Setting.set('sipgate_integration', true)
- Setting.set('sipgate_config', {
- outbound: {
- routing_table: [
- {
- dest: '41*',
- caller_id: '41715880339000',
- },
- {
- dest: '491714000000',
- caller_id: '41715880339000',
- },
- ],
- default_caller_id: '4930777000000',
- },
- inbound: {
- block_caller_ids: [
- {
- caller_id: '491715000000',
- note: 'some note',
- }
- ],
- notify_user_ids: {
- 2 => true,
- 4 => false,
- },
- }
- },)
-
- groups = Group.where(name: 'Users')
- roles = Role.where(name: %w[Agent])
- agent = User.create_or_update(
- login: 'cti-agent@example.com',
- firstname: 'E',
- lastname: 'S',
- email: 'cti-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- customer1 = User.create_or_update(
- login: 'ticket-caller_id_sipgate-customer1@example.com',
- firstname: 'CallerId',
- lastname: 'Customer1',
- email: 'ticket-caller_id_sipgate-customer1@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222',
- fax: '+49 99999 222223',
- mobile: '+4912347114711',
- note: 'Phone at home: +49 99999 222224',
- updated_by_id: 1,
- created_by_id: 1,
- )
- customer2 = User.create_or_update(
- login: 'ticket-caller_id_sipgate-customer2@example.com',
- firstname: 'CallerId',
- lastname: 'Customer2',
- email: 'ticket-caller_id_sipgate-customer2@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222 2',
- updated_by_id: 1,
- created_by_id: 1,
- )
- customer3 = User.create_or_update(
- login: 'ticket-caller_id_sipgate-customer3@example.com',
- firstname: 'CallerId',
- lastname: 'Customer3',
- email: 'ticket-caller_id_sipgate-customer3@example.com',
- password: 'customerpw',
- active: true,
- phone: '+49 99999 222222 2',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Cti::CallerId.rebuild
-
- end
-
- test 'basic call' do
-
- # inbound - I
- params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-1&user%5B%5D=user+1&user%5B%5D=user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- on_hangup = nil
- on_answer = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response') do |element|
- on_hangup = element.attributes['onHangup']
- on_answer = element.attributes['onAnswer']
- end
- assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
- assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
-
- # inbound - II - block caller
- params = 'event=newCall&direction=in&from=491715000000&to=4930600000000&callId=4991155921769858278-2&user%5B%5D=user+1&user%5B%5D=user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- on_hangup = nil
- on_answer = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response') do |element|
- on_hangup = element.attributes['onHangup']
- on_answer = element.attributes['onAnswer']
- end
- assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_hangup)
- assert_equal('http://zammad.example.com/api/v1/sipgate/in', on_answer)
- reason = nil
- response.elements.each('Response/Reject') do |element|
- reason = element.attributes['reason']
- end
- assert_equal('busy', reason)
-
- # outbound - I - set default_caller_id
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=8621106404543334274-3&user%5B%5D=user+1'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- on_hangup = nil
- on_answer = nil
- caller_id = nil
- number_to_dail = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response') do |element|
- on_hangup = element.attributes['onHangup']
- on_answer = element.attributes['onAnswer']
- end
- response.elements.each('Response/Dial') do |element|
- caller_id = element.attributes['callerId']
- end
- response.elements.each('Response/Dial/Number') do |element|
- number_to_dail = element.text
- end
- assert_equal('4930777000000', caller_id)
- assert_equal('4912347114711', number_to_dail)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
- # outbound - II - set caller_id based on routing_table by explicite number
- params = 'event=newCall&direction=out&from=4930600000000&to=491714000000&callId=8621106404543334274-4&user%5B%5D=user+1'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- on_hangup = nil
- on_answer = nil
- caller_id = nil
- number_to_dail = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response') do |element|
- on_hangup = element.attributes['onHangup']
- on_answer = element.attributes['onAnswer']
- end
- response.elements.each('Response/Dial') do |element|
- caller_id = element.attributes['callerId']
- end
- response.elements.each('Response/Dial/Number') do |element|
- number_to_dail = element.text
- end
- assert_equal('41715880339000', caller_id)
- assert_equal('491714000000', number_to_dail)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
- # outbound - III - set caller_id based on routing_table by 41*
- params = 'event=newCall&direction=out&from=4930600000000&to=4147110000000&callId=8621106404543334274-5&user%5B%5D=user+1'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- on_hangup = nil
- on_answer = nil
- caller_id = nil
- number_to_dail = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response') do |element|
- on_hangup = element.attributes['onHangup']
- on_answer = element.attributes['onAnswer']
- end
- response.elements.each('Response/Dial') do |element|
- caller_id = element.attributes['callerId']
- end
- response.elements.each('Response/Dial/Number') do |element|
- number_to_dail = element.text
- end
- assert_equal('41715880339000', caller_id)
- assert_equal('4147110000000', number_to_dail)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_hangup)
- assert_equal('http://zammad.example.com/api/v1/sipgate/out', on_answer)
-
- # no config
- Setting.set('sipgate_config', {})
- params = 'event=newCall&direction=in&from=4912347114711&to=4930600000000&callId=4991155921769858278-6&user%5B%5D=user+1&user%5B%5D=user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(422)
- error = nil
- content = @response.body
- response = REXML::Document.new(content)
- response.elements.each('Response/Error') do |element|
- error = element.text
- end
- assert_equal('Feature not configured, please contact your admin!', error)
-
- end
-
- test 'log call' do
-
- # outbound - I - new call
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-1&user%5B%5D=user+1'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-1')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(true, log.done)
-
- # outbound - I - hangup by agent
- params = 'event=hangup&direction=out&callId=1234567890-1&cause=cancel'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-1')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_equal('cancel', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
-
- # outbound - II - new call
- params = 'event=newCall&direction=out&from=4930600000000&to=4912347114711&callId=1234567890-2&user%5B%5D=user+1'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(true, log.done)
-
- # outbound - II - answer by customer
- params = 'event=answer&direction=out&callId=1234567890-2&from=4930600000000&to=4912347114711'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
-
- # outbound - II - hangup by customer
- params = 'event=hangup&direction=out&callId=1234567890-2&cause=normalClearing&from=4930600000000&to=4912347114711'
- post '/api/v1/sipgate/out', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-2')
- assert(log)
- assert_equal('4930777000000', log.from)
- assert_equal('4912347114711', log.to)
- assert_equal('out', log.direction)
- assert_equal('user 1', log.from_comment)
- assert_equal('CallerId Customer1', log.to_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
-
- # inbound - I - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-3&user%5B%5D=user+1'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
-
- # inbound - I - answer by customer
- params = 'event=answer&direction=in&callId=1234567890-3&to=4930600000000&from=4912347114711'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
-
- # inbound - I - hangup by customer
- params = 'event=hangup&direction=in&callId=1234567890-3&cause=normalClearing&to=4930600000000&from=4912347114711'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-3')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(true, log.done)
-
- # inbound - II - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-4&user%5B%5D=user+1,user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
-
- # inbound - II - answer by voicemail
- params = 'event=answer&direction=in&callId=1234567890-4&to=4930600000000&from=4912347114711&user=voicemail'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('voicemail', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('answer', log.state)
- assert_equal(true, log.done)
-
- # inbound - II - hangup by customer
- params = 'event=hangup&direction=in&callId=1234567890-4&cause=normalClearing&to=4930600000000&from=4912347114711'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-4')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('voicemail', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(false, log.done)
-
- # inbound - III - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=4912347114711&callId=1234567890-5&user%5B%5D=user+1,user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-5')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
-
- # inbound - III - hangup by customer
- params = 'event=hangup&direction=in&callId=1234567890-5&cause=normalClearing&to=4930600000000&from=4912347114711'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-5')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('4912347114711', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer1', log.from_comment)
- assert_equal('normalClearing', log.comment)
- assert_equal('hangup', log.state)
- assert_equal(false, log.done)
-
- # inbound - IV - new call
- params = 'event=newCall&direction=in&to=4930600000000&from=49999992222222&callId=1234567890-6&user%5B%5D=user+1,user+2'
- post '/api/v1/sipgate/in', params: params
- assert_response(200)
- log = Cti::Log.find_by(call_id: '1234567890-6')
- assert(log)
- assert_equal('4930600000000', log.to)
- assert_equal('49999992222222', log.from)
- assert_equal('in', log.direction)
- assert_equal('user 1,user 2', log.to_comment)
- assert_equal('CallerId Customer3,CallerId Customer2', log.from_comment)
- assert_not(log.preferences['to'])
- assert(log.preferences['from'])
- assert_nil(log.comment)
- assert_equal('newCall', log.state)
- assert_equal(false, log.done)
-
- # get caller list
- get '/api/v1/cti/log'
- assert_response(401)
-
- customer2 = User.lookup(login: 'ticket-caller_id_sipgate-customer2@example.com')
- customer3 = User.lookup(login: 'ticket-caller_id_sipgate-customer3@example.com')
-
- headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('cti-agent@example.com', 'agentpw')
- get '/api/v1/cti/log', headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result['list'].class, Array)
- assert_equal(6, result['list'].count)
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][customer2.id.to_s])
- assert(result['assets']['User'][customer3.id.to_s])
- assert_equal('1234567890-6', result['list'][0]['call_id'])
- assert_equal('1234567890-5', result['list'][1]['call_id'])
- assert_equal('1234567890-4', result['list'][2]['call_id'])
- assert_equal('1234567890-3', result['list'][3]['call_id'])
- assert_equal('1234567890-2', result['list'][4]['call_id'])
- assert_equal('hangup', result['list'][4]['state'])
- assert_equal('4930777000000', result['list'][4]['from'])
- assert_equal('user 1', result['list'][4]['from_comment'])
- assert_equal('4912347114711', result['list'][4]['to'])
- assert_equal('CallerId Customer1', result['list'][4]['to_comment'])
- assert_equal('normalClearing', result['list'][4]['comment'])
- assert_equal('hangup', result['list'][4]['state'])
- assert_equal('1234567890-1', result['list'][5]['call_id'])
-
- end
-
-end
diff --git a/test/controllers/o_auth_controller_test.rb b/test/controllers/o_auth_controller_test.rb
deleted file mode 100644
index ac342c907..000000000
--- a/test/controllers/o_auth_controller_test.rb
+++ /dev/null
@@ -1,29 +0,0 @@
-
-require 'test_helper'
-
-class OAuthControllerTest < ActionDispatch::IntegrationTest
-
- test 'o365 - start' do
- get '/auth/microsoft_office365', params: {}
- assert_response(302)
- assert_match('https://login.microsoftonline.com/common/oauth2/v2.0/authorize', @response.body)
- assert_match('redirect_uri=http%3A%2F%2Fzammad.example.com%2Fauth%2Fmicrosoft_office365%2Fcallback', @response.body)
- assert_match('scope=openid+email+profile', @response.body)
- assert_match('response_type=code', @response.body)
- end
-
- test 'o365 - callback' do
- get '/auth/microsoft_office365/callback?code=1234&state=1234', params: {}
- assert_response(302)
- assert_match('302 Moved', @response.body)
- end
-
- test 'auth failure' do
- get '/auth/failure?message=123&strategy=some_provider', params: {}
- assert_response(422)
- assert_match('422: Unprocessable Entity', @response.body)
- assert_match('422: The change you wanted was rejected.
', @response.body)
- assert_match('Message from some_provider: 123
', @response.body)
- end
-
-end
diff --git a/test/controllers/organization_controller_test.rb b/test/controllers/organization_controller_test.rb
deleted file mode 100644
index 994331559..000000000
--- a/test/controllers/organization_controller_test.rb
+++ /dev/null
@@ -1,590 +0,0 @@
-require 'test_helper'
-
-class OrganizationControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
-
- UserInfo.current_user_id = nil
- end
-
- test 'organization index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result[0]['member_ids'].class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(2)
- assert_equal(organizations[0].id, result[0]['id'])
- assert_equal(organizations[0].member_ids, result[0]['member_ids'])
- assert_equal(organizations[1].id, result[1]['id'])
- assert_equal(organizations[1].member_ids, result[1]['member_ids'])
- assert_equal(2, result.count)
-
- get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(4)
- assert_equal(organizations[2].id, result[0]['id'])
- assert_equal(organizations[2].member_ids, result[0]['member_ids'])
- assert_equal(organizations[3].id, result[1]['id'])
- assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
- assert_equal(2, result.count)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org #2')
-
- # search as agent
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert_not(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['label'])
- assert_equal('Zammad Foundation', result[0]['value'])
- assert_not(result[0]['member_ids'])
- assert_not(result[0]['members'])
- end
-
- test 'organization index with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 0)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test '04.01 organization show and response format' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
- end
-
- test '04.02 organization index and response format' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(Array, result['record_ids'].class)
- assert_equal(1, result['record_ids'][0])
- assert_equal(organization.id, result['record_ids'].last)
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
- end
-
- test '04.03 ticket create and response format' do
- params = {
- name: 'Rest Org NEW',
- members: [@customer_without_org.login],
- }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(organization.name, result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_not(result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params[:name] = 'Rest Org NEW #2'
- post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(organization.name, result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_equal(organization.members.pluck(:login), result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params[:name] = 'Rest Org NEW #3'
- post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- end
-
- test '04.04 ticket update and response formats' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- params = {
- name: 'a update name #1',
- }
- put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(params[:name], result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_not(result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- name: 'a update name #2',
- }
- put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(params[:name], result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- name: 'a update name #3',
- }
- put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('name', header[1])
- assert_equal('shared', header[2])
- assert_equal('domain', header[3])
- assert_equal('domain_assignment', header[4])
- assert_equal('active', header[5])
- assert_equal('note', header[6])
- assert(header.include?('members'))
- end
-
- test '05.03 csv import - admin access' do
-
- UserInfo.current_user_id = 1
- customer1 = User.create!(
- login: 'customer1-members@example.com',
- firstname: 'Member',
- lastname: 'Customer',
- email: 'customer1-members@example.com',
- password: 'customerpw',
- active: true,
- )
- customer2 = User.create!(
- login: 'customer2-members@example.com',
- firstname: 'Member',
- lastname: 'Customer',
- email: 'customer2-members@example.com',
- password: 'customerpw',
- active: true,
- )
- UserInfo.current_user_id = nil
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(Organization.find_by(name: 'organization-member-import1'))
- assert_nil(Organization.find_by(name: 'organization-member-import2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- organization1 = Organization.find_by(name: 'organization-member-import1')
- assert(organization1)
- assert_equal(organization1.name, 'organization-member-import1')
- assert_equal(organization1.members.count, 1)
- assert_equal(organization1.members.first.login, customer1.login)
- assert_equal(organization1.active, true)
- organization2 = Organization.find_by(name: 'organization-member-import2')
- assert(organization2)
- assert_equal(organization2.name, 'organization-member-import2')
- assert_equal(organization2.members.count, 1)
- assert_equal(organization2.members.first.login, customer2.login)
- assert_equal(organization2.active, false)
-
- end
-
-end
diff --git a/test/controllers/organizations_controller_test.rb b/test/controllers/organizations_controller_test.rb
deleted file mode 100644
index fa18d9f99..000000000
--- a/test/controllers/organizations_controller_test.rb
+++ /dev/null
@@ -1,638 +0,0 @@
-require 'test_helper'
-
-class OrganizationsControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org #1',
- note: 'Rest Org A',
- created_at: '2018-02-05 17:42:00',
- updated_at: '2018-02-05 20:42:00',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- note: 'Rest Org B',
- created_at: '2018-02-05 18:42:00',
- updated_at: '2018-02-05 18:42:00',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- note: 'Rest Org C',
- created_at: '2018-02-05 19:42:00',
- updated_at: '2018-02-05 19:42:00',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
-
- UserInfo.current_user_id = nil
- end
-
- test 'organization index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result[0]['member_ids'].class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(2)
- assert_equal(organizations[0].id, result[0]['id'])
- assert_equal(organizations[0].member_ids, result[0]['member_ids'])
- assert_equal(organizations[1].id, result[1]['id'])
- assert_equal(organizations[1].member_ids, result[1]['member_ids'])
- assert_equal(2, result.count)
-
- get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(4)
- assert_equal(organizations[2].id, result[0]['id'])
- assert_equal(organizations[2].member_ids, result[0]['member_ids'])
- assert_equal(organizations[3].id, result[1]['id'])
- assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
- assert_equal(2, result.count)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org #1')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org #2')
-
- # search as agent
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert_not(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['label'])
- assert_equal('Zammad Foundation', result[0]['value'])
- assert_not(result[0]['member_ids'])
- assert_not(result[0]['members'])
- end
-
- test 'organization index with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 0)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['name'], 'Rest Org #1')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization search sortable' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- result.collect! { |v| v['id'] }
- assert_equal(Array, result.class)
- assert_equal([ @organization.id, @organization3.id, @organization2.id ], result)
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- result.collect! { |v| v['id'] }
- assert_equal(Array, result.class)
- assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- result.collect! { |v| v['id'] }
- assert_equal(Array, result.class)
- assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- result.collect! { |v| v['id'] }
- assert_equal(Array, result.class)
- assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- result.collect! { |v| v['id'] }
- assert_equal(Array, result.class)
- assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
- end
-
- test '04.01 organization show and response format' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(organization.id, result['id'])
- assert_equal(organization.name, result['name'])
- assert_not(result['members'])
- assert_equal([@customer_without_org.id], result['member_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
- end
-
- test '04.02 organization index and response format' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(Array, result['record_ids'].class)
- assert_equal(1, result['record_ids'][0])
- assert_equal(organization.id, result['record_ids'].last)
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(organization.id, result.last['id'])
- assert_equal(organization.name, result.last['name'])
- assert_not(result.last['members'])
- assert_equal(organization.member_ids, result.last['member_ids'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
- end
-
- test '04.03 ticket create and response format' do
- params = {
- name: 'Rest Org NEW',
- members: [@customer_without_org.login],
- }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(organization.name, result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_not(result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params[:name] = 'Rest Org NEW #2'
- post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(organization.name, result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_equal(organization.members.pluck(:login), result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params[:name] = 'Rest Org NEW #3'
- post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- end
-
- test '04.04 ticket update and response formats' do
- organization = Organization.create!(
- name: 'Rest Org NEW',
- members: [@customer_without_org],
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- params = {
- name: 'a update name #1',
- }
- put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(params[:name], result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_not(result['members'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- name: 'a update name #2',
- }
- put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert_equal(params[:name], result['name'])
- assert_equal(organization.member_ids, result['member_ids'])
- assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- name: 'a update name #3',
- }
- put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- organization = Organization.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Organization'])
- assert(result['assets']['Organization'][organization.id.to_s])
- assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
- assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
- assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
- assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
-
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('name', header[1])
- assert_equal('shared', header[2])
- assert_equal('domain', header[3])
- assert_equal('domain_assignment', header[4])
- assert_equal('active', header[5])
- assert_equal('note', header[6])
- assert(header.include?('members'))
- end
-
- test '05.03 csv import - admin access' do
-
- UserInfo.current_user_id = 1
- customer1 = User.create!(
- login: 'customer1-members@example.com',
- firstname: 'Member',
- lastname: 'Customer',
- email: 'customer1-members@example.com',
- password: 'customerpw',
- active: true,
- )
- customer2 = User.create!(
- login: 'customer2-members@example.com',
- firstname: 'Member',
- lastname: 'Customer',
- email: 'customer2-members@example.com',
- password: 'customerpw',
- active: true,
- )
- UserInfo.current_user_id = nil
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(Organization.find_by(name: 'organization-member-import1'))
- assert_nil(Organization.find_by(name: 'organization-member-import2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- organization1 = Organization.find_by(name: 'organization-member-import1')
- assert(organization1)
- assert_equal(organization1.name, 'organization-member-import1')
- assert_equal(organization1.members.count, 1)
- assert_equal(organization1.members.first.login, customer1.login)
- assert_equal(organization1.active, true)
- organization2 = Organization.find_by(name: 'organization-member-import2')
- assert(organization2)
- assert_equal(organization2.name, 'organization-member-import2')
- assert_equal(organization2.members.count, 1)
- assert_equal(organization2.members.first.login, customer2.login)
- assert_equal(organization2.active, false)
-
- end
-
-end
diff --git a/test/controllers/overviews_controller_test.rb b/test/controllers/overviews_controller_test.rb
deleted file mode 100644
index 639a04ec8..000000000
--- a/test/controllers/overviews_controller_test.rb
+++ /dev/null
@@ -1,221 +0,0 @@
-
-require 'test_helper'
-
-class OverviewsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'tickets-admin',
- firstname: 'Tickets',
- lastname: 'Admin',
- email: 'tickets-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'tickets-agent@example.com',
- firstname: 'Tickets',
- lastname: 'Agent',
- email: 'tickets-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: Group.all,
- )
-
- end
-
- test 'no permissions' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent', 'agentpw')
-
- params = {
- name: 'Overview2',
- link: 'my_overview',
- roles: Role.where(name: 'Agent').pluck(:name),
- condition: {
- 'ticket.state_id' => {
- operator: 'is',
- value: [1, 2, 3],
- },
- },
- order: {
- by: 'created_at',
- direction: 'DESC',
- },
- view: {
- d: %w[title customer state created_at],
- s: %w[number title customer state created_at],
- m: %w[number title customer state created_at],
- view_mode_default: 's',
- },
- }
-
- post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'create overviews' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
-
- params = {
- name: 'Overview2',
- link: 'my_overview',
- roles: Role.where(name: 'Agent').pluck(:name),
- condition: {
- 'ticket.state_id' => {
- operator: 'is',
- value: [1, 2, 3],
- },
- },
- order: {
- by: 'created_at',
- direction: 'DESC',
- },
- view: {
- d: %w[title customer state created_at],
- s: %w[number title customer state created_at],
- m: %w[number title customer state created_at],
- view_mode_default: 's',
- },
- }
-
- post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Overview2', result['name'])
- assert_equal('my_overview', result['link'])
-
- post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Overview2', result['name'])
- assert_equal('my_overview_1', result['link'])
- end
-
- test 'set mass prio' do
- roles = Role.where(name: 'Agent')
- overview1 = Overview.create!(
- name: 'Overview1',
- link: 'my_overview',
- roles: roles,
- condition: {
- 'ticket.state_id' => {
- operator: 'is',
- value: [1, 2, 3],
- },
- },
- order: {
- by: 'created_at',
- direction: 'DESC',
- },
- view: {
- d: %w[title customer state created_at],
- s: %w[number title customer state created_at],
- m: %w[number title customer state created_at],
- view_mode_default: 's',
- },
- prio: 1,
- updated_by_id: 1,
- created_by_id: 1,
- )
- overview2 = Overview.create!(
- name: 'Overview2',
- link: 'my_overview',
- roles: roles,
- condition: {
- 'ticket.state_id' => {
- operator: 'is',
- value: [1, 2, 3],
- },
- },
- order: {
- by: 'created_at',
- direction: 'DESC',
- },
- view: {
- d: %w[title customer state created_at],
- s: %w[number title customer state created_at],
- m: %w[number title customer state created_at],
- view_mode_default: 's',
- },
- prio: 2,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- params = {
- prios: [
- [overview2.id, 1],
- [overview1.id, 2],
- ]
- }
- post '/api/v1/overviews_prio', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(true, result['success'])
-
- overview1.reload
- overview2.reload
-
- assert_equal(2, overview1.prio)
- assert_equal(1, overview2.prio)
- end
-
- test 'create an overview with group_by direction' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
-
- params = {
- name: 'Overview2',
- link: 'my_overview',
- roles: Role.where(name: 'Agent').pluck(:name),
- condition: {
- 'ticket.state_id' => {
- operator: 'is',
- value: [1, 2, 3],
- },
- },
- order: {
- by: 'created_at',
- direction: 'DESC',
- },
- group_by: 'priority',
- group_direction: 'ASC',
- view: {
- d: %w[title customer state created_at],
- s: %w[number title customer state created_at],
- m: %w[number title customer state created_at],
- view_mode_default: 's',
- },
- }
-
- post '/api/v1/overviews', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Overview2', result['name'])
- assert_equal('my_overview', result['link'])
- assert_equal('priority', result['group_by'])
- assert_equal('ASC', result['group_direction'])
- end
-
-end
diff --git a/test/controllers/packages_controller_test.rb b/test/controllers/packages_controller_test.rb
deleted file mode 100644
index 25f254d92..000000000
--- a/test/controllers/packages_controller_test.rb
+++ /dev/null
@@ -1,131 +0,0 @@
-
-require 'test_helper'
-
-class PackagesControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'packages-admin',
- firstname: 'Packages',
- lastname: 'Admin',
- email: 'packages-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'packages-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'packages-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'packages-customer1@example.com',
- firstname: 'Packages',
- lastname: 'Customer1',
- email: 'packages-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test '01 packages index with nobody' do
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['packages'])
- assert_equal('authentication failed', result['error'])
- end
-
- test '02 packages index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['packages'])
- end
-
- test '03 packages index with admin and wrong pw' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'wrongadminpw')
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
- end
-
- test '04 packages index with inactive admin' do
- @admin.active = false
- @admin.save!
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-admin@example.com', 'adminpw')
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
- end
-
- test '05 packages index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['packages'])
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '06 packages index with customer' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('packages-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/packages', params: {}, headers: @headers.merge('Authorization' => credentials)
-
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['packages'])
- assert_equal('Not authorized (user)!', result['error'])
- end
-
-end
diff --git a/test/controllers/reports_controller_test.rb b/test/controllers/reports_controller_test.rb
deleted file mode 100644
index df24fb9d4..000000000
--- a/test/controllers/reports_controller_test.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'test_helper'
-
-class ReportsControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- @year = DateTime.now.utc.year
- @month = DateTime.now.utc.month
- @week = DateTime.now.utc.strftime('%U').to_i
- @day = DateTime.now.utc.day
-
- roles = Role.where(name: 'Admin')
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- updated_by_id: 1,
- created_by_id: 1
- )
-
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- updated_by_id: 1,
- created_by_id: 1
- )
-
- @group1 = Group.create!(
- name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- )
- @ticket1 = Ticket.create!(
- title: 'ticket for report',
- group_id: @group1.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'open'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'some body',
- ticket_id: @ticket1.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
- end
-
- test '01.01 report example - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get "/api/v1/reports/sets?sheet=true;metric=count;year=#{@year};month=#{@month};week=#{@week};day=#{@day};timeRange=year;profile_id=1;downloadBackendSelected=count::created", params: {}, headers: @headers.merge('Authorization' => credentials)
-
- assert_response(200)
- assert(@response['Content-Disposition'])
- assert_equal('attachment; filename="tickets--all--Created.xls"', @response['Content-Disposition'])
- assert_equal('application/vnd.ms-excel', @response['Content-Type'])
- end
-end
diff --git a/test/controllers/search_controller_test.rb b/test/controllers/search_controller_test.rb
deleted file mode 100644
index b9c3f9b80..000000000
--- a/test/controllers/search_controller_test.rb
+++ /dev/null
@@ -1,448 +0,0 @@
-require 'test_helper'
-
-class SearchControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set current user
- UserInfo.current_user_id = 1
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- @admin = User.create!(
- login: 'search-admin',
- firstname: 'Search',
- lastname: 'Admin',
- email: 'search-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'search-agent@example.com',
- firstname: 'Search 1234',
- lastname: 'Agent',
- email: 'search-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'search-customer1@example.com',
- firstname: 'Search',
- lastname: 'Customer1',
- email: 'search-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- )
- @organization4 = Organization.create!(
- name: 'Tes.t. Org',
- )
- @organization5 = Organization.create!(
- name: 'ABC_D Org',
- )
-
- # create customer with org
- @customer_with_org2 = User.create!(
- login: 'search-customer2@example.com',
- firstname: 'Search',
- lastname: 'Customer2',
- email: 'search-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- @customer_with_org3 = User.create!(
- login: 'search-customer3@example.com',
- firstname: 'Search',
- lastname: 'Customer3',
- email: 'search-customer3@example.com',
- password: 'customer3pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- @ticket1 = Ticket.create!(
- title: 'test 1234-1',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- )
- @article1 = Ticket::Article.create!(
- ticket_id: @ticket1.id,
- from: 'some_sender1@example.com',
- to: 'some_recipient1@example.com',
- subject: 'some subject1',
- message_id: 'some@id',
- body: 'some message1',
- internal: false,
- sender: Ticket::Article::Sender.where(name: 'Customer').first,
- type: Ticket::Article::Type.where(name: 'email').first,
- )
- travel 1.second
- @ticket2 = Ticket.create!(
- title: 'test 1234-2',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_with_org2.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- )
- @article2 = Ticket::Article.create!(
- ticket_id: @ticket2.id,
- from: 'some_sender2@example.com',
- to: 'some_recipient2@example.com',
- subject: 'some subject2',
- message_id: 'some@id',
- body: 'some message2',
- internal: false,
- sender: Ticket::Article::Sender.where(name: 'Customer').first,
- type: Ticket::Article::Type.where(name: 'email').first,
- )
- travel 1.second
- @ticket3 = Ticket.create!(
- title: 'test 1234-2',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_with_org3.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- )
- @article3 = Ticket::Article.create!(
- ticket_id: @ticket3.id,
- from: 'some_sender3@example.com',
- to: 'some_recipient3@example.com',
- subject: 'some subject3',
- message_id: 'some@id',
- body: 'some message3',
- internal: false,
- sender: Ticket::Article::Sender.where(name: 'Customer').first,
- type: Ticket::Article::Type.where(name: 'email').first,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
- end
-
- test 'settings index with nobody' do
- params = {
- query: 'test 1234',
- limit: 2,
- }
-
- post '/api/v1/search/ticket', params: params.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result.blank?)
- assert_equal('authentication failed', result['error'])
-
- post '/api/v1/search/user', params: params.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result.blank?)
- assert_equal('authentication failed', result['error'])
-
- post '/api/v1/search', params: params.to_json, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result.blank?)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'settings index with admin' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw')
-
- params = {
- query: '1234*',
- limit: 1,
- }
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('User', result['result'][1]['type'])
- assert_equal(@agent.id, result['result'][1]['id'])
- assert_not(result['result'][2])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_equal('Ticket', result['result'][2]['type'])
- assert_equal(@ticket1.id, result['result'][2]['id'])
- assert_equal('User', result['result'][3]['type'])
- assert_equal(@agent.id, result['result'][3]['id'])
- assert_not(result['result'][4])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_equal('Ticket', result['result'][2]['type'])
- assert_equal(@ticket1.id, result['result'][2]['id'])
- assert_not(result['result'][3])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('User', result['result'][0]['type'])
- assert_equal(@agent.id, result['result'][0]['id'])
- assert_not(result['result'][1])
- end
-
- test 'settings index with agent' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
- params = {
- query: '1234*',
- limit: 1,
- }
-
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('User', result['result'][1]['type'])
- assert_equal(@agent.id, result['result'][1]['id'])
- assert_not(result['result'][2])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_equal('Ticket', result['result'][2]['type'])
- assert_equal(@ticket1.id, result['result'][2]['id'])
- assert_equal('User', result['result'][3]['type'])
- assert_equal(@agent.id, result['result'][3]['id'])
- assert_not(result['result'][4])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_equal('Ticket', result['result'][2]['type'])
- assert_equal(@ticket1.id, result['result'][2]['id'])
- assert_not(result['result'][3])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('User', result['result'][0]['type'])
- assert_equal(@agent.id, result['result'][0]['id'])
- assert_not(result['result'][1])
- end
-
- test 'settings index with customer 1' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw')
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket1.id, result['result'][0]['id'])
- assert_not(result['result'][1])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket1.id, result['result'][0]['id'])
- assert_not(result['result'][1])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['result'][0])
- end
-
- test 'settings index with customer 2' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw')
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_not(result['result'][2])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert_equal('Ticket', result['result'][0]['type'])
- assert_equal(@ticket3.id, result['result'][0]['id'])
- assert_equal('Ticket', result['result'][1]['type'])
- assert_equal(@ticket2.id, result['result'][1]['id'])
- assert_not(result['result'][2])
-
- params = {
- query: '1234*',
- limit: 10,
- }
-
- post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['result'][0])
- end
-
- # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
- test 'searching for organization with a dot in its name' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
- get '/api/v1/search/organization?query=tes.', headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(1, result['result'].size)
- assert_equal('Organization', result['result'][0]['type'])
- target_id = result['result'][0]['id']
- assert_equal('Tes.t. Org', result['assets']['Organization'][target_id.to_s]['name'])
- end
-
- # Search query H& should correctly match H&M
- test 'searching for organization with _ in its name' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
-
- get '/api/v1/search/organization?query=abc_', headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(1, result['result'].size)
- assert_equal('Organization', result['result'][0]['type'])
- target_id = result['result'][0]['id']
- assert_equal('ABC_D Org', result['assets']['Organization'][target_id.to_s]['name'])
- end
-end
diff --git a/test/controllers/settings_controller_test.rb b/test/controllers/settings_controller_test.rb
deleted file mode 100644
index bf8a570f4..000000000
--- a/test/controllers/settings_controller_test.rb
+++ /dev/null
@@ -1,302 +0,0 @@
-
-require 'test_helper'
-
-class SettingsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin_full = User.create!(
- login: 'setting-admin',
- firstname: 'Setting',
- lastname: 'Admin',
- email: 'setting-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- role_api = Role.create!(
- name: 'AdminApi',
- note: 'To configure your api.',
- preferences: {
- not: ['Customer'],
- },
- default_at_signup: false,
- updated_by_id: 1,
- created_by_id: 1
- )
- role_api.permission_grant('admin.api')
- @admin_api = User.create!(
- login: 'setting-admin-api',
- firstname: 'Setting',
- lastname: 'Admin Api',
- email: 'setting-admin-api@example.com',
- password: 'adminpw',
- active: true,
- roles: [role_api],
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'setting-agent@example.com',
- firstname: 'Setting',
- lastname: 'Agent',
- email: 'setting-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'setting-customer1@example.com',
- firstname: 'Setting',
- lastname: 'Customer1',
- email: 'setting-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test 'settings index with nobody' do
-
- # index
- get '/api/v1/settings', params: {}, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['settings'])
-
- # show
- setting = Setting.find_by(name: 'product_name')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'settings index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin@example.com', 'adminpw')
-
- # index
- get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- hit_api = false
- hit_product_name = false
- result.each do |setting|
- if setting['name'] == 'api_token_access'
- hit_api = true
- end
- if setting['name'] == 'product_name'
- hit_product_name = true
- end
- end
- assert_equal(true, hit_api)
- assert_equal(true, hit_product_name)
-
- # show
- setting = Setting.find_by(name: 'product_name')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('product_name', result['name'])
-
- setting = Setting.find_by(name: 'api_token_access')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('api_token_access', result['name'])
-
- # update
- setting = Setting.find_by(name: 'product_name')
- params = {
- id: setting.id,
- name: 'some_new_name',
- preferences: {
- permission: ['admin.branding', 'admin.some_new_permission'],
- some_new_key: true,
- }
- }
- put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('product_name', result['name'])
- assert_equal(1, result['preferences']['permission'].length)
- assert_equal('admin.branding', result['preferences']['permission'][0])
- assert_equal(true, result['preferences']['some_new_key'])
-
- # update
- setting = Setting.find_by(name: 'api_token_access')
- params = {
- id: setting.id,
- name: 'some_new_name',
- preferences: {
- permission: ['admin.branding', 'admin.some_new_permission'],
- some_new_key: true,
- }
- }
- put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('api_token_access', result['name'])
- assert_equal(1, result['preferences']['permission'].length)
- assert_equal('admin.api', result['preferences']['permission'][0])
- assert_equal(true, result['preferences']['some_new_key'])
-
- # delete
- setting = Setting.find_by(name: 'product_name')
- delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (feature not possible)', result['error'])
- end
-
- test 'settings index with admin-api' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin-api@example.com', 'adminpw')
-
- # index
- get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- hit_api = false
- hit_product_name = false
- result.each do |setting|
- if setting['name'] == 'api_token_access'
- hit_api = true
- end
- if setting['name'] == 'product_name'
- hit_product_name = true
- end
- end
- assert_equal(true, hit_api)
- assert_equal(false, hit_product_name)
-
- # show
- setting = Setting.find_by(name: 'product_name')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (required ["admin.branding"])', result['error'])
-
- setting = Setting.find_by(name: 'api_token_access')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('api_token_access', result['name'])
-
- # update
- setting = Setting.find_by(name: 'product_name')
- params = {
- id: setting.id,
- name: 'some_new_name',
- preferences: {
- permission: ['admin.branding', 'admin.some_new_permission'],
- some_new_key: true,
- }
- }
- put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (required ["admin.branding"])', result['error'])
-
- # update
- setting = Setting.find_by(name: 'api_token_access')
- params = {
- id: setting.id,
- name: 'some_new_name',
- preferences: {
- permission: ['admin.branding', 'admin.some_new_permission'],
- some_new_key: true,
- }
- }
- put "/api/v1/settings/#{setting.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('api_token_access', result['name'])
- assert_equal(1, result['preferences']['permission'].length)
- assert_equal('admin.api', result['preferences']['permission'][0])
- assert_equal(true, result['preferences']['some_new_key'])
-
- # delete
- setting = Setting.find_by(name: 'product_name')
- delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (feature not possible)', result['error'])
- end
-
- test 'settings index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['settings'])
- assert_equal('Not authorized (user)!', result['error'])
-
- # show
- setting = Setting.find_by(name: 'product_name')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test 'settings index with customer' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/settings', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_not(result['settings'])
- assert_equal('Not authorized (user)!', result['error'])
-
- # show
- setting = Setting.find_by(name: 'product_name')
- get "/api/v1/settings/#{setting.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
-
- # delete
- setting = Setting.find_by(name: 'product_name')
- delete "/api/v1/settings/#{setting.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
-end
diff --git a/test/controllers/sla_controller_test.rb b/test/controllers/sla_controller_test.rb
deleted file mode 100644
index e8b8a932b..000000000
--- a/test/controllers/sla_controller_test.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-
-require 'test_helper'
-
-class SlaControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'sla-admin',
- firstname: 'Packages',
- lastname: 'Admin',
- email: 'sla-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- end
-
- test '01 sla index with nobody' do
-
- get '/api/v1/slas', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
-
- end
-
- test '02 sla index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
-
- get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(0, result.count)
-
- get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(0, result.count)
-
- get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert(result['record_ids'])
- assert(result['record_ids'].blank?)
- assert(result['assets'])
- assert(result['assets']['Calendar'].present?)
- assert(result['assets'].present?)
-
- end
-
-end
diff --git a/test/controllers/slas_controller_test.rb b/test/controllers/slas_controller_test.rb
deleted file mode 100644
index 591e85a3c..000000000
--- a/test/controllers/slas_controller_test.rb
+++ /dev/null
@@ -1,70 +0,0 @@
-
-require 'test_helper'
-
-class SlasControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'sla-admin',
- firstname: 'Packages',
- lastname: 'Admin',
- email: 'sla-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- end
-
- test '01 sla index with nobody' do
-
- get '/api/v1/slas', params: {}, headers: @headers
- assert_response(401)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('authentication failed', result['error'])
-
- end
-
- test '02 sla index with admin' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
-
- get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(0, result.count)
-
- get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert(result)
- assert_equal(0, result.count)
-
- get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result)
- assert(result['record_ids'])
- assert(result['record_ids'].blank?)
- assert(result['assets'])
- assert(result['assets']['Calendar'].present?)
- assert(result['assets'].present?)
-
- end
-
-end
diff --git a/test/controllers/taskbars_controller_test.rb b/test/controllers/taskbars_controller_test.rb
deleted file mode 100644
index b37c52ff5..000000000
--- a/test/controllers/taskbars_controller_test.rb
+++ /dev/null
@@ -1,112 +0,0 @@
-
-require 'test_helper'
-
-class TaskbarsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
- UserInfo.current_user_id = 1
-
- # create agent
- roles = Role.where(name: 'Agent')
- groups = Group.all
-
- @agent = User.create!(
- login: 'taskbar-agent@example.com',
- firstname: 'Taskbar',
- lastname: 'Agent',
- email: 'taskbar-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'taskbar-customer1@example.com',
- firstname: 'Taskbar',
- lastname: 'Customer1',
- email: 'taskbar-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test 'task ownership' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
- params = {
- user_id: @customer_without_org.id,
- client_id: '123',
- key: 'Ticket-5',
- callback: 'TicketZoom',
- state: {
- ticket: {
- owner_id: @agent.id,
- },
- article: {},
- },
- params: {
- ticket_id: 5,
- shown: true,
- },
- prio: 3,
- notify: false,
- active: false,
- }
-
- post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('123', result['client_id'])
- assert_equal(@agent.id, result['user_id'])
- assert_equal(5, result['params']['ticket_id'])
- assert_equal(true, result['params']['shown'])
-
- taskbar_id = result['id']
- params[:user_id] = @customer_without_org.id
- params[:params] = {
- ticket_id: 5,
- shown: false,
- }
- put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('123', result['client_id'])
- assert_equal(@agent.id, result['user_id'])
- assert_equal(5, result['params']['ticket_id'])
- assert_equal(false, result['params']['shown'])
-
- # try to access with other user
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
- params = {
- active: true,
- }
- put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not allowed to access this task.', result['error'])
-
- delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not allowed to access this task.', result['error'])
-
- # delete with correct user
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
- delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result.blank?)
- end
-
-end
diff --git a/test/controllers/text_module_controller_test.rb b/test/controllers/text_module_controller_test.rb
deleted file mode 100644
index 4dc6ab2b3..000000000
--- a/test/controllers/text_module_controller_test.rb
+++ /dev/null
@@ -1,160 +0,0 @@
-
-require 'test_helper'
-require 'rake'
-
-class TextModuleControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create customer
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- )
-
- UserInfo.current_user_id = nil
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
- TextModule.load('en-en')
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('name', header[1])
- assert_equal('keywords', header[2])
- assert_equal('content', header[3])
- assert_equal('note', header[4])
- assert_equal('active', header[5])
- assert_not(header.include?('organization'))
- assert_not(header.include?('priority'))
- assert_not(header.include?('state'))
- assert_not(header.include?('owner'))
- assert_not(header.include?('customer'))
- end
-
- test '05.03 csv import - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(TextModule.find_by(name: 'some name1'))
- assert_nil(TextModule.find_by(name: 'some name2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- text_module1 = TextModule.find_by(name: 'some name1')
- assert(text_module1)
- assert_equal(text_module1.name, 'some name1')
- assert_equal(text_module1.keywords, 'keyword1')
- assert_equal(text_module1.content, 'some
content1')
- assert_equal(text_module1.active, true)
- text_module2 = TextModule.find_by(name: 'some name2')
- assert(text_module2)
- assert_equal(text_module2.name, 'some name2')
- assert_equal(text_module2.keywords, 'keyword2')
- assert_equal(text_module2.content, 'some content
test123')
- assert_equal(text_module2.active, true)
-
- end
-
-end
diff --git a/test/controllers/text_modules_controller_test.rb b/test/controllers/text_modules_controller_test.rb
deleted file mode 100644
index 429eea41f..000000000
--- a/test/controllers/text_modules_controller_test.rb
+++ /dev/null
@@ -1,160 +0,0 @@
-
-require 'test_helper'
-require 'rake'
-
-class TextModulesControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create customer
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- )
-
- UserInfo.current_user_id = nil
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
- TextModule.load('en-en')
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('name', header[1])
- assert_equal('keywords', header[2])
- assert_equal('content', header[3])
- assert_equal('note', header[4])
- assert_equal('active', header[5])
- assert_not(header.include?('organization'))
- assert_not(header.include?('priority'))
- assert_not(header.include?('state'))
- assert_not(header.include?('owner'))
- assert_not(header.include?('customer'))
- end
-
- test '05.03 csv import - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(TextModule.find_by(name: 'some name1'))
- assert_nil(TextModule.find_by(name: 'some name2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- text_module1 = TextModule.find_by(name: 'some name1')
- assert(text_module1)
- assert_equal(text_module1.name, 'some name1')
- assert_equal(text_module1.keywords, 'keyword1')
- assert_equal(text_module1.content, 'some
content1')
- assert_equal(text_module1.active, true)
- text_module2 = TextModule.find_by(name: 'some name2')
- assert(text_module2)
- assert_equal(text_module2.name, 'some name2')
- assert_equal(text_module2.keywords, 'keyword2')
- assert_equal(text_module2.content, 'some content
test123')
- assert_equal(text_module2.active, true)
-
- end
-
-end
diff --git a/test/controllers/ticket_article_attachments_controller_test.rb b/test/controllers/ticket_article_attachments_controller_test.rb
deleted file mode 100644
index 2b55969b0..000000000
--- a/test/controllers/ticket_article_attachments_controller_test.rb
+++ /dev/null
@@ -1,200 +0,0 @@
-
-require 'test_helper'
-
-class TicketArticleAttachmentsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'tickets-admin',
- firstname: 'Tickets',
- lastname: 'Admin',
- email: 'tickets-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'tickets-agent@example.com',
- firstname: 'Tickets',
- lastname: 'Agent',
- email: 'tickets-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'tickets-customer1@example.com',
- firstname: 'Tickets',
- lastname: 'Customer1',
- email: 'tickets-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test '01.01 test attachment urls' do
- ticket1 = Ticket.create(
- title: 'attachment test 1',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- article1 = Ticket::Article.create(
- ticket_id: ticket1.id,
- from: 'some_customer_com-1@example.com',
- to: 'some_zammad_com-1@example.com',
- subject: 'attachment test 1-1',
- message_id: 'some@id_com_1',
- body: 'some message 123',
- internal: false,
- sender: Ticket::Article::Sender.find_by(name: 'Customer'),
- type: Ticket::Article::Type.find_by(name: 'email'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- store1 = Store.add(
- object: 'Ticket::Article',
- o_id: article1.id,
- data: 'some content',
- filename: 'some_file.txt',
- preferences: {
- 'Content-Type' => 'text/plain',
- },
- created_by_id: 1,
- )
- article2 = Ticket::Article.create(
- ticket_id: ticket1.id,
- from: 'some_customer_com-1@example.com',
- to: 'some_zammad_com-1@example.com',
- subject: 'attachment test 1-2',
- message_id: 'some@id_com_1',
- body: 'some message 123',
- internal: false,
- sender: Ticket::Article::Sender.find_by(name: 'Customer'),
- type: Ticket::Article::Type.find_by(name: 'email'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(200)
- assert_equal('some content', @response.body)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(401)
- assert_match(/401: Unauthorized/, @response.body)
-
- ticket2 = Ticket.create(
- title: 'attachment test 2',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket1.merge_to(
- ticket_id: ticket2.id,
- user_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(200)
- assert_equal('some content', @response.body)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(401)
- assert_match(/401: Unauthorized/, @response.body)
-
- # allow access via merged ticket id also
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(200)
- assert_equal('some content', @response.body)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store1.id}", params: {}, headers: { 'Authorization' => credentials }
- assert_response(401)
- assert_match(/401: Unauthorized/, @response.body)
-
- end
-
- test '01.02 test attachments for split' do
- headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
- email_raw_string = File.read(email_file_path)
- ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result['assets'])
- assert_equal(result['attachments'].class, Array)
- assert_equal(result['attachments'].count, 1)
- assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
-
- end
-
- test '01.03 test attachments for forward' do
- headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- email_file_path = Rails.root.join('test', 'data', 'mail', 'mail008.box')
- email_raw_string = File.read(email_file_path)
- ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, headers: headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'], 'Need form_id to attach attachments to new form')
-
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }.to_json, headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result['attachments'].class, Array)
- assert(result['attachments'].blank?)
-
- email_file_path = Rails.root.join('test', 'data', 'mail', 'mail024.box')
- email_raw_string = File.read(email_file_path)
- ticket_p, article_p, user_p = Channel::EmailParser.new.process({}, email_raw_string)
-
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result['attachments'].class, Array)
- assert_equal(result['attachments'].count, 1)
- assert_equal(result['attachments'][0]['filename'], 'rulesets-report.csv')
-
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }.to_json, headers: headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result['attachments'].class, Array)
- assert(result['attachments'].blank?)
- end
-
-end
diff --git a/test/controllers/ticket_articles_controller_test.rb b/test/controllers/ticket_articles_controller_test.rb
deleted file mode 100644
index 62b5ba792..000000000
--- a/test/controllers/ticket_articles_controller_test.rb
+++ /dev/null
@@ -1,559 +0,0 @@
-
-require 'test_helper'
-
-class TicketArticlesControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'tickets-admin',
- firstname: 'Tickets',
- lastname: 'Admin',
- email: 'tickets-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'tickets-agent@example.com',
- firstname: 'Tickets',
- lastname: 'Agent',
- email: 'tickets-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'tickets-customer1@example.com',
- firstname: 'Tickets',
- lastname: 'Customer1',
- email: 'tickets-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- end
-
- test '01.01 ticket create with agent and articles' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- params = {
- title: 'a new ticket #1',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some body',
- }
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
-
- params = {
- ticket_id: result['id'],
- content_type: 'text/plain', # or text/html
- body: 'some body',
- type: 'note',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal(2, ticket.articles.count)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
-
- params = {
- ticket_id: result['ticket_id'],
- content_type: 'text/html', # or text/html
- body: 'some body 
',
- type: 'note',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_no_match(/some body 
- assert_match(%r{some body <img src=)
'some_file.txt',
- 'data' => 'dGVzdCAxMjM=',
- 'mime-type' => 'text/plain',
- ],
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/html', result['content_type'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- assert_equal(4, ticket.articles.count)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
- assert_equal(1, ticket.articles[2].attachments.count)
- assert_equal(1, ticket.articles[3].attachments.count)
-
- get "/api/v1/ticket_articles/#{result['id']}?expand=true", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(1, result['attachments'].count)
- assert(result['attachments'][0]['id'])
- assert_equal('some_file.txt', result['attachments'][0]['filename'])
- assert_equal('8', result['attachments'][0]['size'])
- assert_equal('text/plain', result['attachments'][0]['preferences']['Mime-Type'])
-
- params = {
- ticket_id: result['ticket_id'],
- content_type: 'text/plain',
- body: 'some body',
- type: 'note',
- preferences: {
- some_key1: 123,
- },
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- assert_equal(123, result['preferences']['some_key1'])
- assert_equal(5, ticket.articles.count)
-
- params = {
- body: 'some body 2',
- preferences: {
- some_key2: 'abc',
- },
- }
- put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body 2', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- assert_equal(123, result['preferences']['some_key1'])
- assert_equal('abc', result['preferences']['some_key2'])
-
- end
-
- test '02.01 ticket create with customer and articles' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
-
- params = {
- title: 'a new ticket #2',
- group: 'Users',
- article: {
- body: 'some body',
- }
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
-
- params = {
- ticket_id: result['id'],
- content_type: 'text/plain', # or text/html
- body: 'some body',
- type: 'note',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal(2, ticket.articles.count)
- assert_equal('Customer', ticket.articles[1].sender.name)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
-
- params = {
- ticket_id: result['ticket_id'],
- content_type: 'text/plain', # or text/html
- body: 'some body',
- sender: 'Agent',
- type: 'note',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal(3, ticket.articles.count)
- assert_equal('Customer', ticket.articles[2].sender.name)
- assert_equal(false, ticket.articles[2].internal)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
- assert_equal(0, ticket.articles[2].attachments.count)
-
- params = {
- ticket_id: result['ticket_id'],
- content_type: 'text/plain', # or text/html
- body: 'some body 2',
- sender: 'Agent',
- type: 'note',
- internal: true,
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_nil(result['subject'])
- assert_equal('some body 2', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
-
- ticket = Ticket.find(result['ticket_id'])
- assert_equal(4, ticket.articles.count)
- assert_equal('Customer', ticket.articles[3].sender.name)
- assert_equal(false, ticket.articles[3].internal)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
- assert_equal(0, ticket.articles[2].attachments.count)
- assert_equal(0, ticket.articles[3].attachments.count)
-
- # add internal article
- article = Ticket::Article.create!(
- ticket_id: ticket.id,
- from: 'some_sender@example.com',
- to: 'some_recipient@example.com',
- subject: 'some subject',
- message_id: 'some@id',
- body: 'some message 123',
- internal: true,
- sender: Ticket::Article::Sender.find_by(name: 'Agent'),
- type: Ticket::Article::Type.find_by(name: 'note'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- assert_equal(5, ticket.articles.count)
- assert_equal('Agent', ticket.articles[4].sender.name)
- assert_equal(1, ticket.articles[4].updated_by_id)
- assert_equal(1, ticket.articles[4].created_by_id)
- assert_equal(0, ticket.articles[0].attachments.count)
- assert_equal(0, ticket.articles[1].attachments.count)
- assert_equal(0, ticket.articles[2].attachments.count)
- assert_equal(0, ticket.articles[3].attachments.count)
- assert_equal(0, ticket.articles[4].attachments.count)
-
- get "/api/v1/ticket_articles/#{article.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- put "/api/v1/ticket_articles/#{article.id}", params: { internal: false }.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- end
-
- test '03.01 create phone ticket for customer and expected origin_by_id' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- params = {
- title: 'a new ticket #1',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some body',
- sender: 'Customer',
- type: 'phone',
- }
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('a new ticket #1', result['title'])
-
- article = Ticket::Article.find_by(ticket_id: result['id'])
- assert_equal(@customer_without_org.id, article.origin_by_id)
- assert_equal('Tickets Customer1 ', article.from)
- end
-
- test '03.02 create phone ticket by customer and manipulate origin_by_id' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
-
- params = {
- title: 'a new ticket #1',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some body',
- sender: 'Customer',
- type: 'phone',
- origin_by_id: 1,
- }
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- article = Ticket::Article.find_by(ticket_id: result['id'])
- assert_equal(@customer_without_org.id, article.origin_by_id)
- end
-
- test '04.01 ticket split with html - check attachments' do
- ticket = Ticket.create!(
- title: 'some title',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- article = Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'test test ',
- content_type: 'text/html',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file1.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file2_normally_should_be_an_image',
- filename: 'some_file2.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file3_normally_should_be_an_image',
- filename: 'some_file3.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.3@zammad.example.com',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file4_normally_should_be_an_image',
- filename: 'some_file4.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.4@zammad.example.com',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_pdf',
- filename: 'Rechnung_RE-2018-200.pdf',
- preferences: {
- 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
- 'Mime-Type' => 'application/octet-stream',
- 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
- 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
- 'Content-Disposition' => 'attachment',
- },
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- params = {
- form_id: 'new_form_id123',
- }
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 3)
-
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 0)
- end
-
- test '04.02 ticket split with plain - check attachments' do
- ticket = Ticket.create!(
- title: 'some title',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- article = Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'test ',
- content_type: 'text/plain',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file1.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file2.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_pdf',
- filename: 'Rechnung_RE-2018-200.pdf',
- preferences: {
- 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
- 'Mime-Type' => 'application/octet-stream',
- 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
- 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
- 'Content-Disposition' => 'attachment',
- },
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- params = {
- form_id: 'new_form_id123',
- }
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 3)
-
- post "/api/v1/ticket_attachment_upload_clone_by_article/#{article.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 0)
-
- end
-
-end
diff --git a/test/controllers/tickets_controller_escalation_test.rb b/test/controllers/tickets_controller_escalation_test.rb
deleted file mode 100644
index ae808f7df..000000000
--- a/test/controllers/tickets_controller_escalation_test.rb
+++ /dev/null
@@ -1,190 +0,0 @@
-
-require 'test_helper'
-
-class TicketsControllerEscalationTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'tickets-admin',
- firstname: 'Tickets',
- lastname: 'Admin',
- email: 'tickets-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'tickets-agent@example.com',
- firstname: 'Tickets',
- lastname: 'Agent',
- email: 'tickets-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'tickets-customer1@example.com',
- firstname: 'Tickets',
- lastname: 'Customer1',
- email: 'tickets-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- @calendar = Calendar.create!(
- name: 'Escalation Test',
- timezone: 'Europe/Berlin',
- business_hours: {
- mon: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- tue: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- wed: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- thu: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- fri: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- sat: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- sun: {
- active: true,
- timeframes: [ ['00:00', '23:59'] ]
- },
- },
- default: true,
- ical_url: nil,
- )
-
- @sla = Sla.create!(
- name: 'test sla 1',
- condition: {
- 'ticket.title' => {
- operator: 'contains',
- value: 'some value 123',
- },
- },
- first_response_time: 60,
- update_time: 180,
- solution_time: 240,
- calendar_id: @calendar.id,
- )
-
- UserInfo.current_user_id = nil
-
- end
-
- test '01.01 ticket created via web' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'some value 123',
- group: 'Users',
- article: {
- body: 'some test 123',
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
-
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('some value 123', result['title'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
-
- ticket_p = Ticket.find(result['id'])
-
- assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-
- assert(ticket_p.escalation_at)
- assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
- assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
- assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
- assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
- end
-
- test '01.02 ticket got created via email - reply by agent via web' do
-
- email = "From: Bob Smith
-To: zammad@example.com
-Subject: some value 123
-
-Some Text"
-
- ticket_p, article_p, user_p, mail = Channel::EmailParser.new.process({}, email)
- ticket_p.reload
- assert(ticket_p.escalation_at)
- assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
- assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.created_at + 3.hours).to_i, 90)
- assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
- assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
-
- travel 3.hours
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'some value 123 - update',
- article: {
- body: 'some test 123',
- type: 'email',
- to: 'customer@example.com',
- },
- }
- put "/api/v1/tickets/#{ticket_p.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
-
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'open').id, result['state_id'])
- assert_equal('some value 123 - update', result['title'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(user_p.id, result['created_by_id'])
-
- ticket_p.reload
- assert_equal(ticket_p['escalation_at'].iso8601, result['escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['first_response_escalation_at'].iso8601, result['first_response_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['update_escalation_at'].iso8601, result['update_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
- assert_equal(ticket_p['close_escalation_at'].iso8601, result['close_escalation_at'].sub(/.\d\d\dZ$/, 'Z'))
-
- assert_in_delta(ticket_p.first_response_escalation_at.to_i, (ticket_p.created_at + 1.hour).to_i, 90)
- assert_in_delta(ticket_p.update_escalation_at.to_i, (ticket_p.last_contact_agent_at + 3.hours).to_i, 90)
- assert_in_delta(ticket_p.close_escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
- assert_in_delta(ticket_p.escalation_at.to_i, (ticket_p.created_at + 4.hours).to_i, 90)
-
- end
-
-end
diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb
deleted file mode 100644
index b24724ba8..000000000
--- a/test/controllers/tickets_controller_test.rb
+++ /dev/null
@@ -1,2306 +0,0 @@
-
-require 'test_helper'
-
-class TicketsControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
- @admin = User.create!(
- login: 'tickets-admin',
- firstname: 'Tickets',
- lastname: 'Admin',
- email: 'tickets-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'tickets-agent@example.com',
- firstname: 'Tickets',
- lastname: 'Agent',
- email: 'tickets-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'tickets-customer1@example.com',
- firstname: 'Tickets',
- lastname: 'Customer1',
- email: 'tickets-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
- UserInfo.current_user_id = nil
-
- end
-
- test '01.01 ticket create with agent - missing group' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #1',
- article: {
- content_type: 'text/plain', # or text/html
- body: 'some body',
- sender: 'Customer',
- type: 'note',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Group can\'t be blank', result['error_human'])
- end
-
- test '01.02 ticket create with agent - wrong group' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #2',
- group: 'not_existing',
- article: {
- content_type: 'text/plain', # or text/html
- body: 'some body',
- sender: 'Customer',
- type: 'note',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('No lookup value found for \'group\': "not_existing"', result['error'])
- end
-
- test '01.03 ticket create with agent - missing article.body' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {},
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Need at least article: { body: "some text" }', result['error'])
- end
-
- test '01.03 ticket create with agent - minimal article' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #3', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.04 ticket create with agent - minimal article and customer.email' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #3',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer: @customer_without_org.email,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #3', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.05 ticket create with agent - wrong owner_id - 0' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #4',
- group: 'Users',
- priority: '2 normal',
- owner_id: 0,
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid value for param \'owner_id\': 0', result['error'])
- end
-
- test '01.06 ticket create with agent - wrong owner_id - ""' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #5',
- group: 'Users',
- priority: '2 normal',
- owner_id: '',
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- #assert_response(422)
- #result = JSON.parse(@response.body)
- #assert_equal(Hash, result.class)
- #assert_equal('Invalid value for param \'owner_id\': ""', result['error'])
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #5', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.07 ticket create with agent - wrong owner_id - 99999' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #6',
- group: 'Users',
- priority: '2 normal',
- owner_id: 99_999,
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid value for param \'owner_id\': 99999', result['error'])
- end
-
- test '01.08 ticket create with agent - wrong owner_id - nil' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #7',
- group: 'Users',
- priority: '2 normal',
- owner_id: nil,
- state: 'new',
- customer_id: @customer_without_org.id,
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #7', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.09 ticket create with agent - minimal article with guess customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #9',
- group: 'Users',
- priority: '2 normal',
- state: 'new',
- customer_id: 'guess:some_new_customer@example.com',
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #9', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.10 ticket create with agent - minimal article with guess customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #10',
- group: 'Users',
- customer_id: 'guess:some_new_customer@example.com',
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #10', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.11 ticket create with agent - minimal article with customer hash' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #11',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- body: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #11', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '01.11.1 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #11.1',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- body: 'some test 123',
- origin_by: 'some_new_customer@example.com',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #11.1', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@agent.id, article.updated_by_id)
- assert_equal(@agent.id, article.created_by_id)
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('some firstname some lastname', article.from)
- end
-
- test '01.11.2 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #11.2',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- sender: 'Customer',
- body: 'some test 123',
- origin_by: 'some_new_customer@example.com',
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #11.2', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@agent.id, article.updated_by_id)
- assert_equal(@agent.id, article.created_by_id)
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('some firstname some lastname', article.from)
- end
-
- test '01.11.3 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #11.3',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- sender: 'Agent',
- from: 'somebody',
- body: 'some test 123',
- origin_by: 'some_new_customer@example.com',
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #11.3', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@agent.id, article.updated_by_id)
- assert_equal(@agent.id, article.created_by_id)
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('some firstname some lastname', article.from)
- end
-
- test '01.11.4 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #11.4',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- sender: 'Customer',
- body: 'some test 123',
- origin_by: @customer_without_org.login,
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #11.4', result['title'])
- assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@agent.id, article.updated_by_id)
- assert_equal(@agent.id, article.created_by_id)
- assert_equal(@customer_without_org.id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('Tickets Customer1', article.from)
- end
-
- test '01.12 ticket create with agent - minimal article with missing body - with customer.id' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #12',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Need at least article: { body: "some text" }', result['error'])
- end
-
- test '01.13 ticket create with agent - minimal article and attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #13',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => 'dGVzdCAxMjM=',
- 'mime-type' => 'text/plain',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #13', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(1, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments.first
- assert_equal('test 123', file.content)
- assert_equal('some_file.txt', file.filename)
- assert_equal('text/plain', file.preferences['Mime-Type'])
- assert_not(file.preferences['Content-ID'])
- end
-
- test '01.14 ticket create with agent - minimal article and attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #14',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- {
- 'filename' => 'some_file1.txt',
- 'data' => 'dGVzdCAxMjM=',
- 'mime-type' => 'text/plain',
- },
- {
- 'filename' => 'some_file2.txt',
- 'data' => 'w6TDtsO8w58=',
- 'mime-type' => 'text/plain',
- },
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #14', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(2, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments.first
- assert_equal('test 123', file.content)
- assert_equal('some_file1.txt', file.filename)
- assert_equal('text/plain', file.preferences['Mime-Type'])
- assert_not(file.preferences['Content-ID'])
- end
-
- test '01.15 ticket create with agent - minimal article and simple invalid base64 attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #15',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => 'ABC_INVALID_BASE64',
- 'mime-type' => 'text/plain',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid base64 for attachment with index \'0\'', result['error'])
- end
-
- test '01.15a ticket create with agent - minimal article and large invalid base64 attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #15a',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => "LARGE_INVALID_BASE64_#{'#' * 20_000_000}",
- 'mime-type' => 'text/plain',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Invalid base64 for attachment with index \'0\'', result['error'])
- end
-
- test '01.15b ticket create with agent - minimal article and valid multiline base64 with linebreaks attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #15b',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => Base64.encode64('a' * 1_000),
- 'mime-type' => 'text/plain',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal('a new ticket #15b', result['title'])
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(1, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments.first
- assert_equal('a' * 1_000, file.content)
- end
-
- test '01.15c ticket create with agent - minimal article and valid multiline base64 without linebreaks attachment with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #15c',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => Base64.strict_encode64('a' * 1_000),
- 'mime-type' => 'text/plain',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal('a new ticket #15c', result['title'])
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(1, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments.first
- assert_equal('a' * 1_000, file.content)
- end
-
- test '01.16 ticket create with agent - minimal article and attachment invalid base64 with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #16',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- subject: 'some test 123',
- body: 'some test 123',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => 'dGVzdCAxMjM=',
- ],
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Attachment needs \'mime-type\' param for attachment with index \'0\'', result['error'])
- end
-
- test '01.17 ticket create with agent - minimal article and inline attachments with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #17',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- content_type: 'text/html',
- subject: 'some test 123',
- body: 'some test 123 ',
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #17', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(2, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments[0]
- assert_equal('d3c1e09bdefb92b6a06b791a24ca9599', Digest::MD5.hexdigest(file.content))
- assert_equal('image1.png', file.filename)
- assert_equal('image/png', file.preferences['Mime-Type'])
- assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID'])
- assert(file.preferences['Content-ID'])
- file = ticket.articles.first.attachments[1]
- assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content))
- assert_equal('image2.jpeg', file.filename)
- assert_equal('image/jpeg', file.preferences['Mime-Type'])
- assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID'])
- assert(file.preferences['Content-ID'])
- end
-
- test '01.18 ticket create with agent - minimal article and inline attachments with customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #18',
- group: 'Users',
- customer_id: @customer_without_org.id,
- article: {
- content_type: 'text/html',
- subject: 'some test 123',
- body: 'some test 123 ',
- attachments: [
- 'filename' => 'some_file.txt',
- 'data' => 'dGVzdCAxMjM=',
- 'mime-type' => 'text/plain',
- ],
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #18', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- ticket = Ticket.find(result['id'])
- assert_equal(1, ticket.articles.count)
- assert_equal(2, ticket.articles.first.attachments.count)
- file = ticket.articles.first.attachments[0]
- assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content))
- assert_equal('image1.jpeg', file.filename)
- assert_equal('image/jpeg', file.preferences['Mime-Type'])
- assert(file.preferences['Content-ID'])
- assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.preferences['Content-ID'])
- file = ticket.articles.first.attachments[1]
- assert_equal('39d0d586a701e199389d954f2d592720', Digest::MD5.hexdigest(file.content))
- assert_equal('some_file.txt', file.filename)
- assert_equal('text/plain', file.preferences['Mime-Type'])
- assert_not(file.preferences['Content-ID'])
- end
-
- test '02.02 ticket create with agent' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- params = {
- title: 'a new ticket #1',
- state: 'new',
- priority: '2 normal',
- group: 'Users',
- customer: 'tickets-customer1@example.com',
- article: {
- content_type: 'text/plain', # or text/html
- body: 'some body',
- },
- links: {
- Ticket: {
- parent: [1],
- }
- }
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #1', result['title'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- links = Link.list(
- link_object: 'Ticket',
- link_object_value: result['id'],
- )
- assert_equal('child', links[0]['link_type'])
- assert_equal('Ticket', links[0]['link_object'])
- assert_equal(1, links[0]['link_object_value'])
- end
-
- test '02.03 ticket with wrong ticket id' do
- group = Group.create!(
- name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket = Ticket.create!(
- title: 'ticket with wrong ticket id',
- group_id: group.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- params = {
- title: 'ticket with wrong ticket id - 2',
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
- end
-
- test '02.04 ticket with correct ticket id' do
- title = "ticket with corret ticket id testagent#{rand(999_999_999)}"
- ticket = Ticket.create!(
- title: title,
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- preferences: {
- some_key1: 123,
- },
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(title, result['title'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(1, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
- assert_equal(123, result['preferences']['some_key1'])
-
- params = {
- title: "#{title} - 2",
- customer_id: @agent.id,
- preferences: {
- some_key2: 'abc',
- },
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal("#{title} - 2", result['title'])
- assert_equal(@agent.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
- assert_equal(123, result['preferences']['some_key1'])
- assert_equal('abc', result['preferences']['some_key2'])
-
- params = {
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- article_result = JSON.parse(@response.body)
- assert_equal(Hash, article_result.class)
- assert_equal(ticket.id, article_result['ticket_id'])
- assert_equal('Tickets Agent', article_result['from'])
- assert_equal('some subject', article_result['subject'])
- assert_equal('some body', article_result['body'])
- assert_equal('text/plain', article_result['content_type'])
- assert_equal(false, article_result['internal'])
- assert_equal(@agent.id, article_result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, article_result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id'])
-
- Scheduler.worker(true)
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['tickets'][0])
- assert_equal(1, result['tickets_count'])
-
- params = {
- condition: {
- 'ticket.title' => {
- operator: 'contains',
- value: title,
- },
- },
- }
- post '/api/v1/tickets/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['tickets'][0])
- assert_equal(1, result['tickets_count'])
-
- delete "/api/v1/ticket_articles/#{article_result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- params = {
- from: 'something which should not be changed on server side',
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- type: 'email',
- internal: true,
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('"Tickets Agent via Zammad" ', result['from'])
- assert_equal('some subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(true, result['internal'])
- assert_equal(@agent.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
-
- params = {
- subject: 'new subject',
- }
- put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('"Tickets Agent via Zammad" ', result['from'])
- assert_equal('new subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(true, result['internal'])
- assert_equal(@agent.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
-
- delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (admin permission required)!', result['error'])
-
- delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (admin permission required)!', result['error'])
- end
-
- test '02.05 ticket with correct ticket id' do
- ticket = Ticket.create!(
- title: 'ticket with corret ticket id',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal('ticket with corret ticket id', result['title'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(1, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
-
- params = {
- title: 'ticket with corret ticket id - 2',
- customer_id: @agent.id,
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal('ticket with corret ticket id - 2', result['title'])
- assert_equal(@agent.id, result['customer_id'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
-
- params = {
- from: 'something which should not be changed on server side',
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('Tickets Admin', result['from'])
- assert_equal('some subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(false, result['internal'])
- assert_equal(@admin.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
-
- params = {
- subject: 'new subject',
- internal: true,
- }
- put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('Tickets Admin', result['from'])
- assert_equal('new subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(true, result['internal'])
- assert_equal(@admin.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
-
- delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- params = {
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- type: 'email',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('"Tickets Admin via Zammad" ', result['from'])
- assert_equal('some subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(false, result['internal'])
- assert_equal(@admin.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
-
- delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- end
-
- test '02.05 ticket pagination' do
- title = "ticket pagination #{rand(999_999_999)}"
- tickets = []
- (1..20).each do |count|
- ticket = Ticket.create!(
- title: "#{title} - #{count}",
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'some body',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
- tickets.push ticket
- travel 2.seconds
- end
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(tickets[19].id, result['tickets'][0])
- assert_equal(tickets[0].id, result['tickets'][19])
- assert_equal(20, result['tickets_count'])
-
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(tickets[19].id, result['tickets'][0])
- assert_equal(tickets[10].id, result['tickets'][9])
- assert_equal(10, result['tickets_count'])
-
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(tickets[19].id, result['tickets'][0])
- assert_equal(tickets[15].id, result['tickets'][4])
- assert_equal(5, result['tickets_count'])
-
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(tickets[14].id, result['tickets'][0])
- assert_equal(tickets[10].id, result['tickets'][4])
- assert_equal(5, result['tickets_count'])
-
- get '/api/v1/tickets?limit=40&page=1&per_page=5', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- tickets = Ticket.order(:id).limit(5)
- assert_equal(tickets[0].id, result[0]['id'])
- assert_equal(tickets[4].id, result[4]['id'])
- assert_equal(5, result.count)
-
- get '/api/v1/tickets?limit=40&page=2&per_page=5', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- tickets = Ticket.order(:id).limit(10)
- assert_equal(tickets[5].id, result[0]['id'])
- assert_equal(tickets[9].id, result[4]['id'])
- assert_equal(5, result.count)
-
- end
-
- test '03.01 ticket create with customer minimal' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'a new ticket #c1',
- state: 'new',
- priority: '2 normal',
- group: 'Users',
- article: {
- body: 'some body',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #c1', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- end
-
- test '03.02 ticket create with customer with wrong customer' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'a new ticket #c2',
- state: 'new',
- priority: '2 normal',
- group: 'Users',
- customer_id: @agent.id,
- article: {
- content_type: 'text/plain', # or text/html
- body: 'some body',
- sender: 'System',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #c2', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- end
-
- test '03.03 ticket create with customer with wrong customer hash' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'a new ticket #c2',
- state: 'new',
- priority: '2 normal',
- group: 'Users',
- customer: {
- firstname: @agent.firstname,
- lastname: @agent.lastname,
- email: @agent.email,
- },
- article: {
- content_type: 'text/plain', # or text/html
- body: 'some body',
- sender: 'System',
- },
- }
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #c2', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- end
-
- test '03.04 ticket with wrong ticket id' do
- ticket = Ticket.create!(
- title: 'ticket with wrong ticket id',
- group: Group.lookup(name: 'Users'),
- customer_id: @agent.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- params = {
- title: 'ticket with wrong ticket id - 2',
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
-
- delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
- end
-
- test '03.05 ticket with correct ticket id' do
- title = "ticket with corret ticket id testme#{rand(999_999_999)}"
- ticket = Ticket.create!(
- title: title,
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(title, result['title'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(1, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
-
- params = {
- title: "#{title} - 2",
- customer_id: @agent.id,
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal("#{title} - 2", result['title'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(1, result['created_by_id'])
-
- params = {
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- article_result = JSON.parse(@response.body)
- assert_equal(Hash, article_result.class)
- assert_equal(ticket.id, article_result['ticket_id'])
- assert_equal('Tickets Customer1', article_result['from'])
- assert_equal('some subject', article_result['subject'])
- assert_equal('some body', article_result['body'])
- assert_equal('text/plain', article_result['content_type'])
- assert_equal(@customer_without_org.id, article_result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, article_result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id'])
-
- Scheduler.worker(true)
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['tickets'][0])
- assert_equal(1, result['tickets_count'])
-
- params = {
- condition: {
- 'ticket.title' => {
- operator: 'contains',
- value: title,
- },
- },
- }
- post '/api/v1/tickets/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['tickets'][0])
- assert_equal(1, result['tickets_count'])
-
- delete "/api/v1/ticket_articles/#{article_result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (admin permission required)!', result['error'])
-
- params = {
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- type: 'email',
- sender: 'Agent',
- }
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('Tickets Customer1', result['from'])
- assert_equal('some subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
-
- delete "/api/v1/ticket_articles/#{result['id']}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (admin permission required)!', result['error'])
-
- params = {
- from: 'something which should not be changed on server side',
- ticket_id: ticket.id,
- subject: 'some subject',
- body: 'some body',
- type: 'web',
- sender: 'Agent',
- internal: true,
- }
-
- post '/api/v1/ticket_articles', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['ticket_id'])
- assert_equal('Tickets Customer1 ', result['from'])
- assert_equal('some subject', result['subject'])
- assert_equal('some body', result['body'])
- assert_equal('text/plain', result['content_type'])
- assert_equal(false, result['internal'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
- assert_equal(Ticket::Article::Type.lookup(name: 'web').id, result['type_id'])
-
- params = {
- subject: 'new subject',
- }
- put "/api/v1/ticket_articles/#{result['id']}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (ticket.agent or admin permission required)!', result['error'])
-
- delete "/api/v1/tickets/#{ticket.id}", params: {}.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized (admin permission required)!', result['error'])
- end
-
- test '03.6 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'a new ticket #3.6',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- body: 'some test 123',
- origin_by: @agent.login,
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #3.6', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@customer_without_org.id, article.updated_by_id)
- assert_equal(@customer_without_org.id, article.created_by_id)
- assert_equal(@customer_without_org.id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('Tickets Customer1', article.from)
- end
-
- test '03.6.1 ticket create with agent - minimal article with customer hash with article.origin_by' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- title: 'a new ticket #3.6.1',
- group: 'Users',
- customer: {
- firstname: 'some firstname',
- lastname: 'some lastname',
- email: 'some_new_customer@example.com',
- },
- article: {
- sender: 'Agent',
- body: 'some test 123',
- origin_by_id: @agent.id,
- },
- }
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
- assert_equal('a new ticket #3.6.1', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@customer_without_org.id, result['updated_by_id'])
- assert_equal(@customer_without_org.id, result['created_by_id'])
- ticket = Ticket.find(result['id'])
- article = ticket.articles.first
- assert_equal(@customer_without_org.id, article.updated_by_id)
- assert_equal(@customer_without_org.id, article.created_by_id)
- assert_equal(@customer_without_org.id, article.origin_by_id)
- assert_equal('Customer', article.sender.name)
- assert_equal('note', article.type.name)
- assert_equal('Tickets Customer1', article.from)
- end
-
- test '04.01 ticket show and response format' do
- title = "ticket testagent#{rand(999_999_999)}"
- ticket = Ticket.create!(
- title: title,
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(ticket.title, result['title'])
- assert_not(result['group'])
- assert_not(result['priority'])
- assert_not(result['owner'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- get "/api/v1/tickets/#{ticket.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(ticket.title, result['title'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(ticket.group.name, result['group'])
- assert_equal(ticket.priority.name, result['priority'])
- assert_equal(ticket.owner.login, result['owner'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- get "/api/v1/tickets/#{ticket.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(ticket.title, result['title'])
- assert_not(result['group'])
- assert_not(result['priority'])
- assert_not(result['owner'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- get "/api/v1/tickets/#{ticket.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id'])
- assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title'])
- assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@agent.id.to_s])
- assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id'])
- assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname'])
- assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@customer_without_org.id.to_s])
- assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id'])
- assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname'])
- assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname'])
-
- get "/api/v1/tickets/#{ticket.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(ticket.id, result['id'])
- assert_equal(ticket.title, result['title'])
- assert_not(result['group'])
- assert_not(result['priority'])
- assert_not(result['owner'])
- assert_equal(ticket.customer_id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
- end
-
- test '04.02 ticket index and response format' do
- title = "ticket testagent#{rand(999_999_999)}"
- ticket = Ticket.create!(
- title: title,
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
- get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(1, result[0]['id'])
- assert_equal(ticket.id, result[1]['id'])
- assert_equal(ticket.title, result[1]['title'])
- assert_not(result[1]['group'])
- assert_not(result[1]['priority'])
- assert_not(result[1]['owner'])
- assert_equal(ticket.customer_id, result[1]['customer_id'])
- assert_equal(@agent.id, result[1]['updated_by_id'])
- assert_equal(@agent.id, result[1]['created_by_id'])
-
- get '/api/v1/tickets?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(1, result[0]['id'])
- assert_equal(ticket.id, result[1]['id'])
- assert_equal(ticket.title, result[1]['title'])
- assert_equal(ticket.customer_id, result[1]['customer_id'])
- assert_equal(ticket.group.name, result[1]['group'])
- assert_equal(ticket.priority.name, result[1]['priority'])
- assert_equal(ticket.owner.login, result[1]['owner'])
- assert_equal(@agent.id, result[1]['updated_by_id'])
- assert_equal(@agent.id, result[1]['created_by_id'])
-
- get '/api/v1/tickets?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(1, result[0]['id'])
- assert_equal(ticket.id, result[1]['id'])
- assert_equal(ticket.title, result[1]['title'])
- assert_not(result[1]['group'])
- assert_not(result[1]['priority'])
- assert_not(result[1]['owner'])
- assert_equal(ticket.customer_id, result[1]['customer_id'])
- assert_equal(@agent.id, result[1]['updated_by_id'])
- assert_equal(@agent.id, result[1]['created_by_id'])
-
- get '/api/v1/tickets?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(Array, result['record_ids'].class)
- assert_equal(1, result['record_ids'][0])
- assert_equal(ticket.id, result['record_ids'][1])
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id'])
- assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title'])
- assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@agent.id.to_s])
- assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id'])
- assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname'])
- assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@customer_without_org.id.to_s])
- assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id'])
- assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname'])
- assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname'])
-
- get '/api/v1/tickets?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(1, result[0]['id'])
- assert_equal(ticket.id, result[1]['id'])
- assert_equal(ticket.title, result[1]['title'])
- assert_not(result[1]['group'])
- assert_not(result[1]['priority'])
- assert_not(result[1]['owner'])
- assert_equal(ticket.customer_id, result[1]['customer_id'])
- assert_equal(@agent.id, result[1]['updated_by_id'])
- assert_equal(@agent.id, result[1]['created_by_id'])
- end
-
- test '04.03 ticket create and response format' do
- title = "ticket testagent#{rand(999_999_999)}"
- params = {
- title: title,
- group: 'Users',
- customer_id: @customer_without_org.id,
- state: 'new',
- priority: '2 normal',
- article: {
- body: 'some test 123',
- },
- }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert_equal(ticket.state_id, result['state_id'])
- assert_not(result['state'])
- assert_equal(ticket.priority_id, result['priority_id'])
- assert_not(result['priority'])
- assert_equal(ticket.group_id, result['group_id'])
- assert_not(result['group'])
- assert_equal(title, result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- post '/api/v1/tickets?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert_equal(ticket.state_id, result['state_id'])
- assert_equal(ticket.state.name, result['state'])
- assert_equal(ticket.priority_id, result['priority_id'])
- assert_equal(ticket.priority.name, result['priority'])
- assert_equal(ticket.group_id, result['group_id'])
- assert_equal(ticket.group.name, result['group'])
- assert_equal(title, result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- post '/api/v1/tickets?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id'])
- assert_equal(title, result['assets']['Ticket'][ticket.id.to_s]['title'])
- assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@agent.id.to_s])
- assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id'])
- assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname'])
- assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@customer_without_org.id.to_s])
- assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id'])
- assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname'])
- assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname'])
-
- end
-
- test '04.04 ticket update and response formats' do
- title = "ticket testagent#{rand(999_999_999)}"
- ticket = Ticket.create!(
- title: title,
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- params = {
- title: 'a update ticket #1',
- }
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert_equal(ticket.state_id, result['state_id'])
- assert_not(result['state'])
- assert_equal(ticket.priority_id, result['priority_id'])
- assert_not(result['priority'])
- assert_equal(ticket.group_id, result['group_id'])
- assert_not(result['group'])
- assert_equal('a update ticket #1', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- params = {
- title: 'a update ticket #2',
- }
- put "/api/v1/tickets/#{ticket.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert_equal(ticket.state_id, result['state_id'])
- assert_equal(ticket.state.name, result['state'])
- assert_equal(ticket.priority_id, result['priority_id'])
- assert_equal(ticket.priority.name, result['priority'])
- assert_equal(ticket.group_id, result['group_id'])
- assert_equal(ticket.group.name, result['group'])
- assert_equal('a update ticket #2', result['title'])
- assert_equal(@customer_without_org.id, result['customer_id'])
- assert_equal(@agent.id, result['updated_by_id'])
- assert_equal(@agent.id, result['created_by_id'])
-
- params = {
- title: 'a update ticket #3',
- }
- put "/api/v1/tickets/#{ticket.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- ticket = Ticket.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id'])
- assert_equal('a update ticket #3', result['assets']['Ticket'][ticket.id.to_s]['title'])
- assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@agent.id.to_s])
- assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id'])
- assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname'])
- assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname'])
-
- assert(result['assets']['User'])
- assert(result['assets']['User'][@customer_without_org.id.to_s])
- assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id'])
- assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname'])
- assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname'])
-
- end
-
- test '05.01 ticket split with html - check attachments' do
- ticket = Ticket.create!(
- title: 'some title',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- article = Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'test test ',
- content_type: 'text/html',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file1.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file2_normally_should_be_an_image',
- filename: 'some_file2.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file3_normally_should_be_an_image',
- filename: 'some_file3.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.3@zammad.example.com',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file4_normally_should_be_an_image',
- filename: 'some_file4.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.4@zammad.example.com',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_pdf',
- filename: 'Rechnung_RE-2018-200.pdf',
- preferences: {
- 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
- 'Mime-Type' => 'application/octet-stream',
- 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
- 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
- 'Content-Disposition' => 'attachment',
- },
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert(result['assets']['TicketArticle'][article.id.to_s])
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 3)
-
- get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert(result['assets']['TicketArticle'][article.id.to_s])
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 0)
-
- end
-
- test '05.02 ticket split with plain - check attachments' do
- ticket = Ticket.create!(
- title: 'some title',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: @agent.id,
- created_by_id: @agent.id,
- )
- article = Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'test ',
- content_type: 'text/plain',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file1.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_image',
- filename: 'some_file2.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => '15.274327094.140938.2@zammad.example.com',
- 'Content-Disposition' => 'inline',
- },
- created_by_id: 1,
- )
- Store.add(
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'content_file1_normally_should_be_an_pdf',
- filename: 'Rechnung_RE-2018-200.pdf',
- preferences: {
- 'Content-Type' => 'application/octet-stream; name="Rechnung_RE-2018-200.pdf"',
- 'Mime-Type' => 'application/octet-stream',
- 'Content-ID' => '8AB0BEC88984EE4EBEF643C79C8E0346@zammad.example.com',
- 'Content-Description' => 'Rechnung_RE-2018-200.pdf',
- 'Content-Disposition' => 'attachment',
- },
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert(result['assets']['TicketArticle'][article.id.to_s])
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 3)
-
- get "/api/v1/ticket_split?ticket_id=#{ticket.id}&article_id=#{article.id}&form_id=new_form_id123", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert(result['assets'])
- assert(result['assets']['Ticket'])
- assert(result['assets']['Ticket'][ticket.id.to_s])
- assert(result['assets']['TicketArticle'][article.id.to_s])
- assert(result['attachments'])
- assert_equal(result['attachments'].count, 0)
-
- end
-
- test '06.01 - ticket with follow up possible set to new_ticket' do
- group = Group.create!(
- name: "GroupWithNoFollowUp-#{rand(9_999_999_999)}",
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- follow_up_possible: 'new_ticket' # disable follow up possible
- )
-
- ticket = Ticket.create!(
- title: 'ticket with wrong ticket id',
- group_id: group.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- state = Ticket::State.find_by(name: 'open') # try to open a ticket from a closed state
-
- # customer
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
- params = {
- state_id: state.id, # set the state id
- }
-
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error'])
-
- ticket = Ticket.create!(
- title: 'ticket with wrong ticket id',
- group_id: group.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- # admin
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin@example.com', 'adminpw')
-
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error'])
-
- ticket = Ticket.create!(
- title: 'ticket with wrong ticket id',
- group_id: group.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'closed'), # set the ticket to closed
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- # agent
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error'])
- end
-
- test '07.01 ticket merge' do
- group_no_permission = Group.create!(
- name: 'GroupWithNoPermission',
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket1 = Ticket.create!(
- title: 'ticket merge1',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket2 = Ticket.create!(
- title: 'ticket merge2',
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket3 = Ticket.create!(
- title: 'ticket merge2',
- group: group_no_permission,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- get "/api/v1/ticket_merge/#{ticket2.id}/#{ticket1.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('failed', result['result'])
- assert_equal('No such master ticket number!', result['message'])
-
- get "/api/v1/ticket_merge/#{ticket3.id}/#{ticket1.number}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
- assert_equal('Not authorized', result['error_human'])
-
- get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket3.number}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('Not authorized', result['error'])
- assert_equal('Not authorized', result['error_human'])
-
- get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('success', result['result'])
- assert_equal(ticket2.id, result['master_ticket']['id'])
- end
-
- test '07.02 ticket merge - change permission' do
- group_change_permission = Group.create!(
- name: 'GroupWithChangePermission',
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket1 = Ticket.create!(
- title: 'ticket merge1',
- group: group_change_permission,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket2 = Ticket.create!(
- title: 'ticket merge2',
- group: group_change_permission,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- @agent.group_names_access_map = { group_change_permission.name => %w[read change] }
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
-
- get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal('success', result['result'])
- assert_equal(ticket2.id, result['master_ticket']['id'])
- end
-
- test '08.01 ticket search sorted' do
- title = "ticket pagination #{rand(999_999_999)}"
- tickets = []
-
- ticket1 = Ticket.create!(
- title: "#{title} A",
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- created_at: '2018-02-05 17:42:00',
- updated_at: '2018-02-05 20:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'some body',
- ticket_id: ticket1.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- ticket2 = Ticket.create!(
- title: "#{title} B",
- group: Group.lookup(name: 'Users'),
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'new'),
- priority: Ticket::Priority.lookup(name: '3 hoch'),
- created_at: '2018-02-05 19:42:00',
- updated_at: '2018-02-05 19:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'some body',
- ticket_id: ticket2.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket2.id, ticket1.id], result['tickets'])
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket1.id, ticket2.id], result['tickets'])
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket1.id, ticket2.id], result['tickets'])
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'title', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket2.id, ticket1.id], result['tickets'])
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket1.id, ticket2.id], result['tickets'])
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
- get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: %w[created_at updated_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal([ticket2.id, ticket1.id], result['tickets'])
- end
-
-end
diff --git a/test/controllers/time_accounting_controller_test.rb b/test/controllers/time_accounting_controller_test.rb
deleted file mode 100644
index dd386340c..000000000
--- a/test/controllers/time_accounting_controller_test.rb
+++ /dev/null
@@ -1,88 +0,0 @@
-require 'test_helper'
-require 'rake'
-
-class TimeAccountingControllerTest < ActionDispatch::IntegrationTest
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- roles = Role.where(name: 'Admin')
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @year = DateTime.now.utc.year
- @month = DateTime.now.utc.month
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- updated_by_id: 1,
- created_by_id: 1
- )
-
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- updated_by_id: 1,
- created_by_id: 1
- )
- end
-
- test '01.01 time account report' do
- group = Group.create!(
- name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
- active: true,
- updated_by_id: 1,
- created_by_id: 1,
- )
- ticket = Ticket.create!(
- title: 'ticket for report',
- group_id: group.id,
- customer_id: @customer_without_org.id,
- state: Ticket::State.lookup(name: 'open'),
- priority: Ticket::Priority.lookup(name: '2 normal'),
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- article = Ticket::Article.create!(
- type: Ticket::Article::Type.lookup(name: 'note'),
- sender: Ticket::Article::Sender.lookup(name: 'Customer'),
- from: 'sender',
- subject: 'subject',
- body: 'some body',
- ticket_id: ticket.id,
- updated_by_id: 1,
- created_by_id: 1,
- )
-
- Ticket::TimeAccounting.create!(
- ticket_id: ticket.id,
- ticket_article_id: article.id,
- time_unit: 200,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get "/api/v1/time_accounting/log/by_ticket/#{@year}/#{@month}?download=true", params: {}, headers: @headers.merge('Authorization' => credentials)
-
- assert_response(200)
- assert(@response['Content-Disposition'])
- assert_equal("attachment; filename=\"by_ticket-#{@year}-#{@month}.xls\"", @response['Content-Disposition'])
- assert_equal('application/vnd.ms-excel', @response['Content-Type'])
- end
-end
diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb
deleted file mode 100644
index 58e437893..000000000
--- a/test/controllers/user_controller_test.rb
+++ /dev/null
@@ -1,1137 +0,0 @@
-require 'test_helper'
-
-class UserControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @backup_admin = User.create!(
- login: 'backup-admin',
- firstname: 'Backup',
- lastname: 'Agent',
- email: 'backup-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
-
- UserInfo.current_user_id = nil
- end
-
- test 'user create tests - no user' do
-
- post '/api/v1/signshow', params: {}, headers: @headers
-
- # create user with disabled feature
- Setting.set('user_create_account', false)
- token = @response.headers['CSRF-TOKEN']
-
- # token based on form
- params = { email: 'some_new_customer@example.com', authenticity_token: token }
- post '/api/v1/users', params: params.to_json, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- # token based on headers
- headers = @headers.merge('X-CSRF-Token' => token)
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- Setting.set('user_create_account', true)
-
- # no signup param with enabled feature
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Only signup with not authenticate user possible!', result['error'])
-
- # already existing user with enabled feature
- params = { email: 'rest-customer1@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Email address is already used for other user.', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # create user with enabled feature (take customer role)
- params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
-
- assert_equal('Me First', result['firstname'])
- assert_equal('Me Last', result['lastname'])
- assert_equal('new_here@example.com', result['login'])
- assert_equal('new_here@example.com', result['email'])
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with admin role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with agent role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # no user (because of no session)
- get '/api/v1/users', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- # me
- get '/api/v1/users/me', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - not existing user' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - email auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'auth tests - email auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'user index and create with admin' do
-
- # email auth
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-admin@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- # show/:id
- get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_admin_by_admin@example.com', result['login'])
- assert_equal('new_admin_by_admin@example.com', result['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin1@example.com', result['login'])
- assert_equal('new_agent_by_admin1@example.com', result['email'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin2@example.com', result['login'])
- assert_equal('new_agent_by_admin2@example.com', result['email'])
- assert_equal('Agent', result['firstname'])
- assert_equal('First', result['lastname'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Email address is already used for other user.', result['error'])
-
- # missing required attributes
- params = { note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
- # invalid email
- params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Invalid email', result['error'])
-
- # with valid attributes
- params = { firstname: 'newfirstname123', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert(result['login'].start_with?('auto-'))
- assert_equal('', result['email'])
- assert_equal('newfirstname123', result['firstname'])
- assert_equal('', result['lastname'])
- end
-
- test 'user index and create with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(2)
- assert_equal(users[0].id, result[0]['id'])
- assert_equal(users[1].id, result[1]['id'])
- assert_equal(2, result.count)
-
- get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(4)
- assert_equal(users[2].id, result[0]['id'])
- assert_equal(users[3].id, result[1]['id'])
- assert_equal(2, result.count)
-
- # create user with admin role
- firstname = "First test#{rand(999_999_999)}"
- role = Role.lookup(name: 'Admin')
- params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_admin_by_agent@example.com', result_user1['login'])
- assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_agent_by_agent@example.com', result_user1['login'])
- assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
- # create user with customer role
- role = Role.lookup(name: 'Customer')
- params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_customer_by_agent@example.com', result_user1['login'])
- assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
- # search as agent
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
-
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal('new_customer_by_agent@example.com', result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- role = Role.find_by(name: 'Agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- role = Role.find_by(name: 'Customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- permission = Permission.find_by(name: 'ticket.agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- permission = Permission.find_by(name: 'ticket.customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
- end
-
- test 'user index and create with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'user index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test '04.01 users show and response format' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
- assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids'])
-
- get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
- end
-
- test '04.02 user index and response format' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_equal(user.organization.name, result.last['organization'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(Array, result['record_ids'].class)
- assert_equal(1, result['record_ids'][0])
- assert_equal(user.id, result['record_ids'].last)
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
- end
-
- test '04.03 ticket create and response format' do
- organization = Organization.first
- params = {
- firstname: 'newfirstname123',
- note: 'some note',
- organization: organization.name,
- }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- assert(result['assets']['User'][@admin.id.to_s])
- assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
- assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
- assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
- assert_not(result['assets']['User'][@admin.id.to_s]['password'])
-
- end
-
- test '04.04 ticket update and response formats' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- params = {
- firstname: 'a update firstname #1',
- }
- put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.lastname, result['lastname'])
- assert_equal(params[:firstname], result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- firstname: 'a update firstname #2',
- }
- put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.lastname, result['lastname'])
- assert_equal(params[:firstname], result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- firstname: 'a update firstname #3',
- }
- put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- assert(result['assets']['User'][@admin.id.to_s])
- assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
- assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
- assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
- assert_not(result['assets']['User'][@admin.id.to_s]['password'])
-
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('login', header[1])
- assert_equal('firstname', header[2])
- assert_equal('lastname', header[3])
- assert_equal('email', header[4])
- assert(header.include?('organization'))
- end
-
- test '05.03 csv import - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(User.find_by(login: 'user-simple-import1'))
- assert_nil(User.find_by(login: 'user-simple-import2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- user1 = User.find_by(login: 'user-simple-import1')
- assert(user1)
- assert_equal(user1.login, 'user-simple-import1')
- assert_equal(user1.firstname, 'firstname-simple-import1')
- assert_equal(user1.lastname, 'lastname-simple-import1')
- assert_equal(user1.email, 'user-simple-import1@example.com')
- assert_equal(user1.active, true)
- user2 = User.find_by(login: 'user-simple-import2')
- assert(user2)
- assert_equal(user2.login, 'user-simple-import2')
- assert_equal(user2.firstname, 'firstname-simple-import2')
- assert_equal(user2.lastname, 'lastname-simple-import2')
- assert_equal(user2.email, 'user-simple-import2@example.com')
- assert_equal(user2.active, false)
-
- user1.destroy!
- user2.destroy!
- end
-
- test 'user search sortable' do
- firstname = "user_search_sortable #{rand(999_999_999)}"
-
- roles = Role.where(name: 'Customer')
- user1 = User.create_or_update(
- login: 'rest-user_search_sortableA@example.com',
- firstname: "#{firstname} A",
- lastname: 'user_search_sortableA',
- email: 'rest-user_search_sortableA@example.com',
- password: 'user_search_sortableA',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- out_of_office: false,
- created_at: '2016-02-05 17:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- user2 = User.create_or_update(
- login: 'rest-user_search_sortableB@example.com',
- firstname: "#{firstname} B",
- lastname: 'user_search_sortableB',
- email: 'rest-user_search_sortableB@example.com',
- password: 'user_search_sortableB',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- out_of_office_start_at: '2016-02-06 19:42:00',
- out_of_office_end_at: '2016-02-07 19:42:00',
- out_of_office_replacement_id: 1,
- out_of_office: true,
- created_at: '2016-02-05 19:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
- end
-
-end
diff --git a/test/controllers/user_organization_controller_test.rb b/test/controllers/user_organization_controller_test.rb
deleted file mode 100644
index 2bb496ef1..000000000
--- a/test/controllers/user_organization_controller_test.rb
+++ /dev/null
@@ -1,773 +0,0 @@
-require 'test_helper'
-
-class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @backup_admin = User.create!(
- login: 'backup-admin',
- firstname: 'Backup',
- lastname: 'Agent',
- email: 'backup-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- note: 'Rest Org A',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- note: 'Rest Org B',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- note: 'Rest Org C',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
- end
-
- test 'user create tests - no user' do
-
- post '/api/v1/signshow', params: {}, headers: @headers
-
- # create user with disabled feature
- Setting.set('user_create_account', false)
- token = @response.headers['CSRF-TOKEN']
-
- # token based on form
- params = { email: 'some_new_customer@example.com', authenticity_token: token }
- post '/api/v1/users', params: params.to_json, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- # token based on headers
- headers = @headers.merge('X-CSRF-Token' => token)
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- Setting.set('user_create_account', true)
-
- # no signup param with enabled feature
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Only signup with not authenticate user possible!', result['error'])
-
- # already existing user with enabled feature
- params = { email: 'rest-customer1@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Email address is already used for other user.', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # create user with enabled feature (take customer role)
- params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
-
- assert_equal('Me First', result['firstname'])
- assert_equal('Me Last', result['lastname'])
- assert_equal('new_here@example.com', result['login'])
- assert_equal('new_here@example.com', result['email'])
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with admin role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with agent role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # no user (because of no session)
- get '/api/v1/users', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- # me
- get '/api/v1/users/me', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - not existing user' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - email auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'auth tests - email auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'user index and create with admin' do
-
- # email auth
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-admin@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- # show/:id
- get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_admin_by_admin@example.com', result['login'])
- assert_equal('new_admin_by_admin@example.com', result['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin1@example.com', result['login'])
- assert_equal('new_agent_by_admin1@example.com', result['email'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin2@example.com', result['login'])
- assert_equal('new_agent_by_admin2@example.com', result['email'])
- assert_equal('Agent', result['firstname'])
- assert_equal('First', result['lastname'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Email address is already used for other user.', result['error'])
-
- # missing required attributes
- params = { note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
- # invalid email
- params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Invalid email', result['error'])
-
- # with valid attributes
- params = { firstname: 'newfirstname123', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert(result['login'].start_with?('auto-'))
- assert_equal('', result['email'])
- assert_equal('newfirstname123', result['firstname'])
- assert_equal('', result['lastname'])
- end
-
- test 'user index and create with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(2)
- assert_equal(users[0].id, result[0]['id'])
- assert_equal(users[1].id, result[1]['id'])
- assert_equal(2, result.count)
-
- get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(4)
- assert_equal(users[2].id, result[0]['id'])
- assert_equal(users[3].id, result[1]['id'])
- assert_equal(2, result.count)
-
- # create user with admin role
- firstname = "First test#{rand(999_999_999)}"
- role = Role.lookup(name: 'Admin')
- params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_admin_by_agent@example.com', result_user1['login'])
- assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_agent_by_agent@example.com', result_user1['login'])
- assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
- # create user with customer role
- role = Role.lookup(name: 'Customer')
- params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_customer_by_agent@example.com', result_user1['login'])
- assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
- # search as agent
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
-
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- role = Role.find_by(name: 'Agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- role = Role.find_by(name: 'Customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- permission = Permission.find_by(name: 'ticket.agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- permission = Permission.find_by(name: 'ticket.customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
- end
-
- test 'user index and create with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'user index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result[0]['member_ids'].class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(2)
- assert_equal(organizations[0].id, result[0]['id'])
- assert_equal(organizations[0].member_ids, result[0]['member_ids'])
- assert_equal(organizations[1].id, result[1]['id'])
- assert_equal(organizations[1].member_ids, result[1]['member_ids'])
- assert_equal(2, result.count)
-
- get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(4)
- assert_equal(organizations[2].id, result[0]['id'])
- assert_equal(organizations[2].member_ids, result[0]['member_ids'])
- assert_equal(organizations[3].id, result[1]['id'])
- assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
- assert_equal(2, result.count)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org #2')
-
- # search as agent
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert_not(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['label'])
- assert_equal('Zammad Foundation', result[0]['value'])
- assert_not(result[0]['member_ids'])
- assert_not(result[0]['members'])
- end
-
- test 'organization index with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 0)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
-end
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
deleted file mode 100644
index 2c627314d..000000000
--- a/test/controllers/users_controller_test.rb
+++ /dev/null
@@ -1,1146 +0,0 @@
-require 'test_helper'
-
-class UsersControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @backup_admin = User.create!(
- login: 'backup-admin',
- firstname: 'Backup',
- lastname: 'Agent',
- email: 'backup-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
-
- UserInfo.current_user_id = nil
- end
-
- test 'user create tests - no user' do
-
- post '/api/v1/signshow', params: {}, headers: @headers
-
- # create user with disabled feature
- Setting.set('user_create_account', false)
- token = @response.headers['CSRF-TOKEN']
-
- # token based on form
- params = { email: 'some_new_customer@example.com', authenticity_token: token }
- post '/api/v1/users', params: params.to_json, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- # token based on headers
- headers = @headers.merge('X-CSRF-Token' => token)
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- Setting.set('user_create_account', true)
-
- # no signup param with enabled feature
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Only signup with not authenticate user possible!', result['error'])
-
- # already existing user with enabled feature
- params = { email: 'rest-customer1@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Email address is already used for other user.', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # create user with enabled feature (take customer role)
- params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
-
- assert_equal('Me First', result['firstname'])
- assert_equal('Me Last', result['lastname'])
- assert_equal('new_here@example.com', result['login'])
- assert_equal('new_here@example.com', result['email'])
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with admin role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with agent role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # no user (because of no session)
- get '/api/v1/users', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- # me
- get '/api/v1/users/me', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - not existing user' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - email auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'auth tests - email auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'user index and create with admin' do
-
- # email auth
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-admin@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- # show/:id
- get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_admin_by_admin@example.com', result['login'])
- assert_equal('new_admin_by_admin@example.com', result['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin1@example.com', result['login'])
- assert_equal('new_agent_by_admin1@example.com', result['email'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin2@example.com', result['login'])
- assert_equal('new_agent_by_admin2@example.com', result['email'])
- assert_equal('Agent', result['firstname'])
- assert_equal('First', result['lastname'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Email address is already used for other user.', result['error'])
-
- # missing required attributes
- params = { note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
- # invalid email
- params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Invalid email', result['error'])
-
- # with valid attributes
- params = { firstname: 'newfirstname123', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert(result['login'].start_with?('auto-'))
- assert_equal('', result['email'])
- assert_equal('newfirstname123', result['firstname'])
- assert_equal('', result['lastname'])
- end
-
- test 'user index and create with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(2)
- assert_equal(users[0].id, result[0]['id'])
- assert_equal(users[1].id, result[1]['id'])
- assert_equal(2, result.count)
-
- get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(4)
- assert_equal(users[2].id, result[0]['id'])
- assert_equal(users[3].id, result[1]['id'])
- assert_equal(2, result.count)
-
- # create user with admin role
- firstname = "First test#{rand(999_999_999)}"
- role = Role.lookup(name: 'Admin')
- params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_admin_by_agent@example.com', result_user1['login'])
- assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_agent_by_agent@example.com', result_user1['login'])
- assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
- # create user with customer role
- role = Role.lookup(name: 'Customer')
- params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_customer_by_agent@example.com', result_user1['login'])
- assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
- # search as agent
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
-
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal('new_customer_by_agent@example.com', result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- role = Role.find_by(name: 'Agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- role = Role.find_by(name: 'Customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- permission = Permission.find_by(name: 'ticket.agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- permission = Permission.find_by(name: 'ticket.customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
- end
-
- test 'user index and create with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'user index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test '04.01 users show and response format' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
- assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids'])
-
- get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
- assert_equal(user.id, result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_not(result['organization'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['password'])
- assert_equal(user.role_ids, result['role_ids'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
- end
-
- test '04.02 user index and response format' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_equal(user.organization.name, result.last['organization'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
-
- get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
-
- assert_equal(Hash, result.class)
- assert_equal(Array, result['record_ids'].class)
- assert_equal(1, result['record_ids'][0])
- assert_equal(user.id, result['record_ids'].last)
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(Hash, result[0].class)
- assert_equal(user.id, result.last['id'])
- assert_equal(user.lastname, result.last['lastname'])
- assert_not(result.last['organization'])
- assert_equal(user.role_ids, result.last['role_ids'])
- assert_equal(user.organization_id, result.last['organization_id'])
- assert_not(result.last['password'])
- assert_equal(@admin.id, result.last['updated_by_id'])
- assert_equal(@admin.id, result.last['created_by_id'])
- end
-
- test '04.03 ticket create and response format' do
- organization = Organization.first
- params = {
- firstname: 'newfirstname123',
- note: 'some note',
- organization: organization.name,
- }
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.firstname, result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- assert(result['assets']['User'][@admin.id.to_s])
- assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
- assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
- assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
- assert_not(result['assets']['User'][@admin.id.to_s]['password'])
-
- end
-
- test '04.04 ticket update and response formats' do
- roles = Role.where(name: 'Customer')
- organization = Organization.first
- user = User.create!(
- login: 'rest-customer3@example.com',
- firstname: 'Rest',
- lastname: 'Customer3',
- email: 'rest-customer3@example.com',
- password: 'customer3pw',
- active: true,
- organization: organization,
- roles: roles,
- updated_by_id: @admin.id,
- created_by_id: @admin.id,
- )
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- params = {
- firstname: 'a update firstname #1',
- }
- put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.lastname, result['lastname'])
- assert_equal(params[:firstname], result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_not(result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- firstname: 'a update firstname #2',
- }
- put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert_equal(user.lastname, result['lastname'])
- assert_equal(params[:firstname], result['firstname'])
- assert_equal(user.organization_id, result['organization_id'])
- assert_equal(user.organization.name, result['organization'])
- assert_not(result['password'])
- assert_equal(@admin.id, result['updated_by_id'])
- assert_equal(@admin.id, result['created_by_id'])
-
- params = {
- firstname: 'a update firstname #3',
- }
- put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- user = User.find(result['id'])
- assert(result['assets'])
- assert(result['assets']['User'])
- assert(result['assets']['User'][user.id.to_s])
- assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
- assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname'])
- assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
- assert_not(result['assets']['User'][user.id.to_s]['password'])
-
- assert(result['assets']['User'][@admin.id.to_s])
- assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
- assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
- assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
- assert_not(result['assets']['User'][@admin.id.to_s]['password'])
-
- end
-
- test '05.01 csv example - customer no access' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('Not authorized (user)!', result['error'])
- end
-
- test '05.02 csv example - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
-
- rows = CSV.parse(@response.body)
- header = rows.shift
-
- assert_equal('id', header[0])
- assert_equal('login', header[1])
- assert_equal('firstname', header[2])
- assert_equal('lastname', header[3])
- assert_equal('email', header[4])
- assert(header.include?('organization'))
- end
-
- test '05.03 csv import - admin access' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # invalid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('failed', result['result'])
- assert_equal(2, result['errors'].count)
- assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0])
- assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1])
-
- # valid file try
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(true, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- assert_nil(User.find_by(login: 'user-simple-import1'))
- assert_nil(User.find_by(login: 'user-simple-import2'))
-
- # valid file
- csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
- csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
- post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Hash, result.class)
-
- assert_equal(false, result['try'])
- assert_equal(2, result['records'].count)
- assert_equal('success', result['result'])
-
- user1 = User.find_by(login: 'user-simple-import1')
- assert(user1)
- assert_equal(user1.login, 'user-simple-import1')
- assert_equal(user1.firstname, 'firstname-simple-import1')
- assert_equal(user1.lastname, 'lastname-simple-import1')
- assert_equal(user1.email, 'user-simple-import1@example.com')
- assert_equal(user1.active, true)
- user2 = User.find_by(login: 'user-simple-import2')
- assert(user2)
- assert_equal(user2.login, 'user-simple-import2')
- assert_equal(user2.firstname, 'firstname-simple-import2')
- assert_equal(user2.lastname, 'lastname-simple-import2')
- assert_equal(user2.email, 'user-simple-import2@example.com')
- assert_equal(user2.active, false)
-
- user1.destroy!
- user2.destroy!
- end
-
- test 'user search sortable' do
- firstname = "user_search_sortable #{rand(999_999_999)}"
-
- roles = Role.where(name: 'Customer')
- user1 = User.create_or_update(
- login: 'rest-user_search_sortableA@example.com',
- firstname: "#{firstname} A",
- lastname: 'user_search_sortableA',
- email: 'rest-user_search_sortableA@example.com',
- password: 'user_search_sortableA',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- out_of_office: false,
- created_at: '2016-02-05 17:42:00',
- updated_at: '2016-02-05 20:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- user2 = User.create_or_update(
- login: 'rest-user_search_sortableB@example.com',
- firstname: "#{firstname} B",
- lastname: 'user_search_sortableB',
- email: 'rest-user_search_sortableB@example.com',
- password: 'user_search_sortableB',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- out_of_office_start_at: '2016-02-06 19:42:00',
- out_of_office_end_at: '2016-02-07 19:42:00',
- out_of_office_replacement_id: 1,
- out_of_office: true,
- created_at: '2016-02-05 19:42:00',
- updated_at: '2016-02-05 19:42:00',
- updated_by_id: 1,
- created_by_id: 1,
- )
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user2.id, user1.id], result)
-
- get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- result.collect! { |v| v['id'] }
- assert_equal([user1.id, user2.id], result)
- end
-
-end
diff --git a/test/controllers/users_organization_controller_test.rb b/test/controllers/users_organization_controller_test.rb
deleted file mode 100644
index 17b8aa0c6..000000000
--- a/test/controllers/users_organization_controller_test.rb
+++ /dev/null
@@ -1,773 +0,0 @@
-require 'test_helper'
-
-class UsersOrganizationControllerTest < ActionDispatch::IntegrationTest
- include SearchindexHelper
-
- setup do
-
- # set accept header
- @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
-
- # create agent
- roles = Role.where(name: %w[Admin Agent])
- groups = Group.all
-
- UserInfo.current_user_id = 1
-
- @backup_admin = User.create!(
- login: 'backup-admin',
- firstname: 'Backup',
- lastname: 'Agent',
- email: 'backup-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- @admin = User.create!(
- login: 'rest-admin',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-admin@example.com',
- password: 'adminpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create agent
- roles = Role.where(name: 'Agent')
- @agent = User.create!(
- login: 'rest-agent@example.com',
- firstname: 'Rest',
- lastname: 'Agent',
- email: 'rest-agent@example.com',
- password: 'agentpw',
- active: true,
- roles: roles,
- groups: groups,
- )
-
- # create customer without org
- roles = Role.where(name: 'Customer')
- @customer_without_org = User.create!(
- login: 'rest-customer1@example.com',
- firstname: 'Rest',
- lastname: 'Customer1',
- email: 'rest-customer1@example.com',
- password: 'customer1pw',
- active: true,
- roles: roles,
- )
-
- # create orgs
- @organization = Organization.create!(
- name: 'Rest Org',
- note: 'Rest Org A',
- )
- @organization2 = Organization.create!(
- name: 'Rest Org #2',
- note: 'Rest Org B',
- )
- @organization3 = Organization.create!(
- name: 'Rest Org #3',
- note: 'Rest Org C',
- )
-
- # create customer with org
- @customer_with_org = User.create!(
- login: 'rest-customer2@example.com',
- firstname: 'Rest',
- lastname: 'Customer2',
- email: 'rest-customer2@example.com',
- password: 'customer2pw',
- active: true,
- roles: roles,
- organization_id: @organization.id,
- )
-
- configure_elasticsearch do
-
- travel 1.minute
-
- rebuild_searchindex
-
- # execute background jobs
- Scheduler.worker(true)
-
- sleep 6
- end
- end
-
- test 'user create tests - no user' do
-
- post '/api/v1/signshow', params: {}, headers: @headers
-
- # create user with disabled feature
- Setting.set('user_create_account', false)
- token = @response.headers['CSRF-TOKEN']
-
- # token based on form
- params = { email: 'some_new_customer@example.com', authenticity_token: token }
- post '/api/v1/users', params: params.to_json, headers: @headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- # token based on headers
- headers = @headers.merge('X-CSRF-Token' => token)
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Feature not enabled!', result['error'])
-
- Setting.set('user_create_account', true)
-
- # no signup param with enabled feature
- params = { email: 'some_new_customer@example.com' }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Only signup with not authenticate user possible!', result['error'])
-
- # already existing user with enabled feature
- params = { email: 'rest-customer1@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Email address is already used for other user.', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # email missing with enabled feature
- params = { firstname: 'some firstname', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result['error'])
- assert_equal('Attribute \'email\' required!', result['error'])
-
- # create user with enabled feature (take customer role)
- params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
-
- assert_equal('Me First', result['firstname'])
- assert_equal('Me Last', result['lastname'])
- assert_equal('new_here@example.com', result['login'])
- assert_equal('new_here@example.com', result['email'])
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with admin role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # create user with agent role (not allowed for signup, take customer role)
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
- post '/api/v1/users', params: params.to_json, headers: headers
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
-
- # no user (because of no session)
- get '/api/v1/users', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- # me
- get '/api/v1/users/me', params: {}, headers: headers
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - not existing user' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - email auth, wrong pw' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal('authentication failed', result['error'])
- end
-
- test 'auth tests - username auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'auth tests - email auth' do
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- end
-
- test 'user index and create with admin' do
-
- # email auth
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-admin@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- # show/:id
- get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_admin_by_admin@example.com', result['login'])
- assert_equal('new_admin_by_admin@example.com', result['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin1@example.com', result['login'])
- assert_equal('new_agent_by_admin1@example.com', result['email'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert(user.role?('Agent'))
- assert_not(user.role?('Customer'))
- assert_equal('new_agent_by_admin2@example.com', result['login'])
- assert_equal('new_agent_by_admin2@example.com', result['email'])
- assert_equal('Agent', result['firstname'])
- assert_equal('First', result['lastname'])
-
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Email address is already used for other user.', result['error'])
-
- # missing required attributes
- params = { note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
-
- # invalid email
- params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(422)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal('Invalid email', result['error'])
-
- # with valid attributes
- params = { firstname: 'newfirstname123', note: 'some note' }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result = JSON.parse(@response.body)
- assert(result)
- user = User.find(result['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert(result['login'].start_with?('auto-'))
- assert_equal('', result['email'])
- assert_equal('newfirstname123', result['firstname'])
- assert_equal('', result['lastname'])
- end
-
- test 'user index and create with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-agent@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result.class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(2)
- assert_equal(users[0].id, result[0]['id'])
- assert_equal(users[1].id, result[1]['id'])
- assert_equal(2, result.count)
-
- get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- users = User.order(:id).limit(4)
- assert_equal(users[2].id, result[0]['id'])
- assert_equal(users[3].id, result[1]['id'])
- assert_equal(2, result.count)
-
- # create user with admin role
- firstname = "First test#{rand(999_999_999)}"
- role = Role.lookup(name: 'Admin')
- params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_admin_by_agent@example.com', result_user1['login'])
- assert_equal('new_admin_by_agent@example.com', result_user1['email'])
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_agent_by_agent@example.com', result_user1['login'])
- assert_equal('new_agent_by_agent@example.com', result_user1['email'])
-
- # create user with customer role
- role = Role.lookup(name: 'Customer')
- params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(201)
- result_user1 = JSON.parse(@response.body)
- assert(result_user1)
- user = User.find(result_user1['id'])
- assert_not(user.role?('Admin'))
- assert_not(user.role?('Agent'))
- assert(user.role?('Customer'))
- assert_equal('new_customer_by_agent@example.com', result_user1['login'])
- assert_equal('new_customer_by_agent@example.com', result_user1['email'])
-
- # search as agent
- Scheduler.worker(true)
- sleep 2 # let es time to come ready
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
-
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname}", result[0]['firstname'])
- assert_equal('Customer Last', result[0]['lastname'])
- assert(result[0]['role_ids'])
- assert(result[0]['roles'])
-
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- role = Role.find_by(name: 'Agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- role = Role.find_by(name: 'Customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
-
- permission = Permission.find_by(name: 'ticket.agent')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(0, result.count)
-
- permission = Permission.find_by(name: 'ticket.customer')
- get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal(result_user1['id'], result[0]['id'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
- assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
- assert_not(result[0]['role_ids'])
- assert_not(result[0]['roles'])
- end
-
- test 'user index and create with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer1@example.com')
-
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # create user with admin role
- role = Role.lookup(name: 'Admin')
- params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # create user with agent role
- role = Role.lookup(name: 'Agent')
- params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
- post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'user index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # me
- get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert(result)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- # index
- get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['email'], 'rest-customer2@example.com')
-
- get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert(result['error'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with agent' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result[0]['member_ids'].class, Array)
- assert(result.length >= 3)
-
- get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(2)
- assert_equal(organizations[0].id, result[0]['id'])
- assert_equal(organizations[0].member_ids, result[0]['member_ids'])
- assert_equal(organizations[1].id, result[1]['id'])
- assert_equal(organizations[1].member_ids, result[1]['member_ids'])
- assert_equal(2, result.count)
-
- get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- organizations = Organization.order(:id).limit(4)
- assert_equal(organizations[2].id, result[0]['id'])
- assert_equal(organizations[2].member_ids, result[0]['member_ids'])
- assert_equal(organizations[3].id, result[1]['id'])
- assert_equal(organizations[3].member_ids, result[1]['member_ids'])
-
- assert_equal(2, result.count)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['member_ids'].class, Array)
- assert_not(result['members'])
- assert_equal(result['name'], 'Rest Org #2')
-
- # search as agent
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert_not(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['name'])
- assert(result[0]['member_ids'])
- assert(result[0]['members'])
-
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(Array, result.class)
- assert_equal('Zammad Foundation', result[0]['label'])
- assert_equal('Zammad Foundation', result[0]['value'])
- assert_not(result[0]['member_ids'])
- assert_not(result[0]['members'])
- end
-
- test 'organization index with customer1' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 0)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
- test 'organization index with customer2' do
-
- credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
-
- # index
- get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Array)
- assert_equal(result.length, 1)
-
- # show/:id
- get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(200)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_equal(result['name'], 'Rest Org')
-
- get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- result = JSON.parse(@response.body)
- assert_equal(result.class, Hash)
- assert_nil(result['name'])
-
- # search
- Scheduler.worker(true)
- get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
- assert_response(401)
- end
-
-end