From 3bd0642b50ce53b688696525ef6d3074dcd001aa Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 4 Mar 2018 05:11:04 +0100 Subject: [PATCH] Moved from full to change permissions to merge tickets. Added controller tests. --- app/controllers/tickets_controller.rb | 4 +- test/controllers/tickets_controller_test.rb | 104 ++++++++++++++++++++ 2 files changed, 106 insertions(+), 2 deletions(-) diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb index 6c326b5f0..2ee14e46d 100644 --- a/app/controllers/tickets_controller.rb +++ b/app/controllers/tickets_controller.rb @@ -364,7 +364,7 @@ class TicketsController < ApplicationController } return end - access!(ticket_master, 'full') + access!(ticket_master, 'change') # check slave ticket ticket_slave = Ticket.find_by(id: params[:slave_ticket_id]) @@ -375,7 +375,7 @@ class TicketsController < ApplicationController } return end - access!(ticket_slave, 'full') + access!(ticket_slave, 'change') # merge ticket ticket_slave.merge_to( diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb index 78f58854b..fdf503b2a 100644 --- a/test/controllers/tickets_controller_test.rb +++ b/test/controllers/tickets_controller_test.rb @@ -2020,4 +2020,108 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO assert_equal('Cannot follow up on a closed ticket. Please create a new ticket.', result['error']) end + test '07.01 ticket merge' do + group_no_permission = Group.create_or_update( + name: 'GroupWithNoPermission', + active: true, + updated_by_id: 1, + created_by_id: 1, + ) + ticket1 = Ticket.create!( + title: 'ticket merge1', + group: Group.lookup(name: 'Users'), + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: 1, + created_by_id: 1, + ) + ticket2 = Ticket.create!( + title: 'ticket merge2', + group: Group.lookup(name: 'Users'), + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: 1, + created_by_id: 1, + ) + ticket3 = Ticket.create!( + title: 'ticket merge2', + group: group_no_permission, + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: 1, + created_by_id: 1, + ) + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + + get "/api/v1/ticket_merge/#{ticket2.id}/#{ticket1.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('failed', result['result']) + assert_equal('No such master ticket number!', result['message']) + + get "/api/v1/ticket_merge/#{ticket3.id}/#{ticket1.number}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('Not authorized', result['error']) + assert_equal('Not authorized', result['error_human']) + + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket3.number}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('Not authorized', result['error']) + assert_equal('Not authorized', result['error_human']) + + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + p @response.body + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('success', result['result']) + assert_equal(ticket2.id, result['master_ticket']['id']) + end + + test '07.02 ticket merge - change permission' do + group_change_permission = Group.create_or_update( + name: 'GroupWithChangePermission', + active: true, + updated_by_id: 1, + created_by_id: 1, + ) + ticket1 = Ticket.create!( + title: 'ticket merge1', + group: group_change_permission, + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: 1, + created_by_id: 1, + ) + ticket2 = Ticket.create!( + title: 'ticket merge2', + group: group_change_permission, + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: 1, + created_by_id: 1, + ) + + @agent.group_names_access_map = { group_change_permission.name => %w[read change] } + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + + get "/api/v1/ticket_merge/#{ticket1.id}/#{ticket2.number}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('success', result['result']) + assert_equal(ticket2.id, result['master_ticket']['id']) + end + end