Added existing and permission check for recent viewed.
This commit is contained in:
parent
4561849bc1
commit
39ec771676
8 changed files with 254 additions and 25 deletions
|
@ -106,6 +106,10 @@ class App.TicketZoom extends App.Controller
|
||||||
@load(data, force)
|
@load(data, force)
|
||||||
App.Store.write( @key, data )
|
App.Store.write( @key, data )
|
||||||
|
|
||||||
|
if !@doNotLog
|
||||||
|
@doNotLog = 1
|
||||||
|
@recentView( 'Ticket', ticket_id )
|
||||||
|
|
||||||
error: (xhr, status, error) =>
|
error: (xhr, status, error) =>
|
||||||
|
|
||||||
# do not close window if request is aborted
|
# do not close window if request is aborted
|
||||||
|
@ -118,9 +122,6 @@ class App.TicketZoom extends App.Controller
|
||||||
App.TaskManager.remove( @task_key )
|
App.TaskManager.remove( @task_key )
|
||||||
)
|
)
|
||||||
|
|
||||||
if !@doNotLog
|
|
||||||
@doNotLog = 1
|
|
||||||
@recentView( 'Ticket', ticket_id )
|
|
||||||
|
|
||||||
load: (data, force) =>
|
load: (data, force) =>
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
class Organization < ApplicationModel
|
class Organization < ApplicationModel
|
||||||
|
include Organization::Permission
|
||||||
load 'organization/assets.rb'
|
load 'organization/assets.rb'
|
||||||
include Organization::Assets
|
include Organization::Assets
|
||||||
extend Organization::Search
|
extend Organization::Search
|
||||||
|
|
38
app/models/organization/permission.rb
Normal file
38
app/models/organization/permission.rb
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
module Organization::Permission
|
||||||
|
|
||||||
|
=begin
|
||||||
|
|
||||||
|
check if user has access to user
|
||||||
|
|
||||||
|
user = Organization.find(123)
|
||||||
|
result = Organization.permission( :type => 'rw', :current_user => User.find(123) )
|
||||||
|
|
||||||
|
returns
|
||||||
|
|
||||||
|
result = true|false
|
||||||
|
|
||||||
|
=end
|
||||||
|
|
||||||
|
def permission (data)
|
||||||
|
|
||||||
|
# check customer
|
||||||
|
if data[:current_user].is_role('Customer')
|
||||||
|
|
||||||
|
# access ok if its own organization
|
||||||
|
return false if data[:type] != 'ro'
|
||||||
|
return false if !data[:current_user].organization_id
|
||||||
|
return true if self.id == data[:current_user].organization_id
|
||||||
|
|
||||||
|
# no access
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
# check agent
|
||||||
|
return true if data[:current_user].is_role('Admin')
|
||||||
|
return true if data[:current_user].is_role('Agent')
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -9,14 +9,17 @@ class RecentView < ApplicationModel
|
||||||
|
|
||||||
def self.log( object, o_id, user )
|
def self.log( object, o_id, user )
|
||||||
|
|
||||||
|
# access check
|
||||||
|
return if !access( object, o_id, user )
|
||||||
|
|
||||||
# lookups
|
# lookups
|
||||||
object_lookup_id = ObjectLookup.by_name( object )
|
object_lookup_id = ObjectLookup.by_name( object )
|
||||||
|
|
||||||
# create entry
|
# create entry
|
||||||
record = {
|
record = {
|
||||||
:o_id => o_id,
|
:o_id => o_id,
|
||||||
:recent_view_object_id => object_lookup_id.to_i,
|
:recent_view_object_id => object_lookup_id.to_i,
|
||||||
:created_by_id => user.id,
|
:created_by_id => user.id,
|
||||||
}
|
}
|
||||||
RecentView.create(record)
|
RecentView.create(record)
|
||||||
end
|
end
|
||||||
|
@ -45,9 +48,14 @@ class RecentView < ApplicationModel
|
||||||
|
|
||||||
list = []
|
list = []
|
||||||
recent_views.each { |item|
|
recent_views.each { |item|
|
||||||
data = item.attributes
|
data = item.attributes
|
||||||
data['object'] = ObjectLookup.by_id( data['recent_view_object_id'] )
|
data['object'] = ObjectLookup.by_id( data['recent_view_object_id'] )
|
||||||
data.delete( 'recent_view_object_id' )
|
data.delete( 'recent_view_object_id' )
|
||||||
|
|
||||||
|
# access check
|
||||||
|
next if !access( data['object'], data['o_id'], user )
|
||||||
|
|
||||||
|
# add to result list
|
||||||
list.push data
|
list.push data
|
||||||
}
|
}
|
||||||
list
|
list
|
||||||
|
@ -70,11 +78,26 @@ class RecentView < ApplicationModel
|
||||||
self.created_by_id,
|
self.created_by_id,
|
||||||
{
|
{
|
||||||
:event => 'RecentView::changed',
|
:event => 'RecentView::changed',
|
||||||
:data => {}
|
:data => {}
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
class Object < ApplicationModel
|
private
|
||||||
|
|
||||||
|
def self.access(object, o_id, user)
|
||||||
|
|
||||||
|
# check if object exists
|
||||||
|
begin
|
||||||
|
return if !Kernel.const_get( object )
|
||||||
|
record = Kernel.const_get( object ).where( :id => o_id ).first
|
||||||
|
return if !record
|
||||||
|
rescue
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
# check permission
|
||||||
|
return if !record.respond_to?(:permission)
|
||||||
|
record.permission( :current_user => user )
|
||||||
end
|
end
|
||||||
end
|
end
|
|
@ -24,6 +24,7 @@ require 'digest/md5'
|
||||||
# @property active [Boolean] The flag that shows the active state of the User.
|
# @property active [Boolean] The flag that shows the active state of the User.
|
||||||
# @property note [String] The note or comment stored to the User.
|
# @property note [String] The note or comment stored to the User.
|
||||||
class User < ApplicationModel
|
class User < ApplicationModel
|
||||||
|
include User::Permission
|
||||||
load 'user/assets.rb'
|
load 'user/assets.rb'
|
||||||
include User::Assets
|
include User::Assets
|
||||||
extend User::Search
|
extend User::Search
|
||||||
|
|
36
app/models/user/permission.rb
Normal file
36
app/models/user/permission.rb
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# Copyright (C) 2012-2014 Zammad Foundation, http://zammad-foundation.org/
|
||||||
|
|
||||||
|
module User::Permission
|
||||||
|
|
||||||
|
=begin
|
||||||
|
|
||||||
|
check if user has access to user
|
||||||
|
|
||||||
|
user = User.find(123)
|
||||||
|
result = user.permission( :type => 'rw', :current_user => User.find(123) )
|
||||||
|
|
||||||
|
returns
|
||||||
|
|
||||||
|
result = true|false
|
||||||
|
|
||||||
|
=end
|
||||||
|
|
||||||
|
def permission (data)
|
||||||
|
|
||||||
|
# check customer
|
||||||
|
if data[:current_user].is_role('Customer')
|
||||||
|
|
||||||
|
# access ok if its own user
|
||||||
|
return true if self.id == data[:current_user].id
|
||||||
|
|
||||||
|
# no access
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
# check agent
|
||||||
|
return true if data[:current_user].is_role('Admin')
|
||||||
|
return true if data[:current_user].is_role('Agent')
|
||||||
|
return false
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -6,23 +6,23 @@ class RecentViewTest < ActiveSupport::TestCase
|
||||||
test 'simple tests' do
|
test 'simple tests' do
|
||||||
|
|
||||||
ticket1 = Ticket.create(
|
ticket1 = Ticket.create(
|
||||||
:title => 'RecentViewTest 1 some title äöüß',
|
:title => 'RecentViewTest 1 some title äöüß',
|
||||||
:group => Group.lookup( :name => 'Users'),
|
:group => Group.lookup( :name => 'Users'),
|
||||||
:customer_id => 2,
|
:customer_id => 2,
|
||||||
:state => Ticket::State.lookup( :name => 'new' ),
|
:state => Ticket::State.lookup( :name => 'new' ),
|
||||||
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
||||||
:updated_by_id => 1,
|
:updated_by_id => 1,
|
||||||
:created_by_id => 1,
|
:created_by_id => 1,
|
||||||
)
|
)
|
||||||
assert( ticket1, "ticket created" )
|
assert( ticket1, "ticket created" )
|
||||||
ticket2 = Ticket.create(
|
ticket2 = Ticket.create(
|
||||||
:title => 'RecentViewTest 2 some title äöüß',
|
:title => 'RecentViewTest 2 some title äöüß',
|
||||||
:group => Group.lookup( :name => 'Users'),
|
:group => Group.lookup( :name => 'Users'),
|
||||||
:customer_id => 2,
|
:customer_id => 2,
|
||||||
:state => Ticket::State.lookup( :name => 'new' ),
|
:state => Ticket::State.lookup( :name => 'new' ),
|
||||||
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
||||||
:updated_by_id => 1,
|
:updated_by_id => 1,
|
||||||
:created_by_id => 1,
|
:created_by_id => 1,
|
||||||
)
|
)
|
||||||
assert( ticket2, "ticket created" )
|
assert( ticket2, "ticket created" )
|
||||||
user1 = User.find(2)
|
user1 = User.find(2)
|
||||||
|
@ -56,4 +56,133 @@ class RecentViewTest < ActiveSupport::TestCase
|
||||||
list = RecentView.list( user1 )
|
list = RecentView.list( user1 )
|
||||||
assert( !list[0], 'check if recent view list is empty' )
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test 'existing tests' do
|
||||||
|
user = User.find(2)
|
||||||
|
|
||||||
|
# log entry of not existing object
|
||||||
|
RecentView.user_log_destroy(user)
|
||||||
|
RecentView.log( 'ObjectNotExisting', 1, user )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( user )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
|
||||||
|
# log entry of not existing record
|
||||||
|
RecentView.user_log_destroy(user)
|
||||||
|
RecentView.log( 'User', 99999999, user )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( user )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
|
||||||
|
# log entry of not existing model with permission check
|
||||||
|
RecentView.user_log_destroy(user)
|
||||||
|
RecentView.log( 'Overview', 99999999, user )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( user )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
end
|
||||||
|
|
||||||
|
test 'permission tests' do
|
||||||
|
customer = User.find(2)
|
||||||
|
|
||||||
|
groups = Group.where( :name => 'Users' )
|
||||||
|
roles = Role.where( :name => 'Agent' )
|
||||||
|
agent = User.create_or_update(
|
||||||
|
:login => 'recent-viewed-agent@example.com',
|
||||||
|
:firstname => 'RecentViewed',
|
||||||
|
:lastname => 'Agent',
|
||||||
|
:email => 'recent-viewed-agent@example.com',
|
||||||
|
:password => 'agentpw',
|
||||||
|
:active => true,
|
||||||
|
:roles => roles,
|
||||||
|
:groups => groups,
|
||||||
|
:updated_by_id => 1,
|
||||||
|
:created_by_id => 1,
|
||||||
|
)
|
||||||
|
Group.create_if_not_exists(
|
||||||
|
:name => 'WithoutAccess',
|
||||||
|
:note => 'Test for not access check.',
|
||||||
|
:updated_by_id => 1,
|
||||||
|
:created_by_id => 1
|
||||||
|
)
|
||||||
|
|
||||||
|
# no access for customer
|
||||||
|
ticket1 = Ticket.create(
|
||||||
|
:title => 'RecentViewTest 1 some title äöüß',
|
||||||
|
:group => Group.lookup( :name => 'WithoutAccess'),
|
||||||
|
:customer_id => 1,
|
||||||
|
:state => Ticket::State.lookup( :name => 'new' ),
|
||||||
|
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
||||||
|
:updated_by_id => 1,
|
||||||
|
:created_by_id => 1,
|
||||||
|
)
|
||||||
|
assert( ticket1, "ticket created" )
|
||||||
|
|
||||||
|
# log entry of not existing object
|
||||||
|
RecentView.user_log_destroy(customer)
|
||||||
|
RecentView.log( ticket1.class.to_s, ticket1.id, customer )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( customer )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
# log entry of not existing object
|
||||||
|
RecentView.user_log_destroy(agent)
|
||||||
|
RecentView.log( ticket1.class.to_s, ticket1.id, agent )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( agent )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
|
||||||
|
# access for customer via customer id
|
||||||
|
ticket1 = Ticket.create(
|
||||||
|
:title => 'RecentViewTest 1 some title äöüß',
|
||||||
|
:group => Group.lookup( :name => 'WithoutAccess'),
|
||||||
|
:customer_id => 2,
|
||||||
|
:state => Ticket::State.lookup( :name => 'new' ),
|
||||||
|
:priority => Ticket::Priority.lookup( :name => '2 normal' ),
|
||||||
|
:updated_by_id => 1,
|
||||||
|
:created_by_id => 1,
|
||||||
|
)
|
||||||
|
assert( ticket1, "ticket created" )
|
||||||
|
|
||||||
|
# log entry
|
||||||
|
RecentView.user_log_destroy(customer)
|
||||||
|
RecentView.log( ticket1.class.to_s, ticket1.id, customer )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( customer )
|
||||||
|
assert( list[0]['o_id'], ticket1.id )
|
||||||
|
assert( list[0]['object'], 'Ticket' )
|
||||||
|
assert( !list[1], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
|
||||||
|
# log entry
|
||||||
|
organization = Organization.find(1)
|
||||||
|
RecentView.user_log_destroy(customer)
|
||||||
|
RecentView.log( organization.class.to_s, organization.id, customer )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( customer )
|
||||||
|
assert( !list[0], 'check if recent view list is empty' )
|
||||||
|
|
||||||
|
|
||||||
|
# log entry
|
||||||
|
organization = Organization.find(1)
|
||||||
|
RecentView.user_log_destroy(agent)
|
||||||
|
RecentView.log( organization.class.to_s, organization.id, agent )
|
||||||
|
|
||||||
|
# check if list is empty
|
||||||
|
list = RecentView.list( agent )
|
||||||
|
assert( list[0]['o_id'], organization.id )
|
||||||
|
assert( list[0]['object'], 'Organization' )
|
||||||
|
assert( !list[1], 'check if recent view list is empty' )
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
Loading…
Reference in a new issue