Merged /api/v1/search and /api/v1/search/object controller methods. Added controller tests for permission handling.

This commit is contained in:
Martin Edenhofer 2015-08-16 01:27:11 +02:00
parent 67c708daa5
commit 4655039cd1
5 changed files with 467 additions and 120 deletions

View file

@ -142,15 +142,15 @@ class App.Navigation extends App.ControllerWidgetPermanent
searchFunction = => searchFunction = =>
# use cache for search result # use cache for search result
if @searchResultCache[@term] if @searchResultCache[@query]
@renderResult( @searchResultCache[@term] ) @renderResult( @searchResultCache[@query] )
App.Ajax.request( App.Ajax.request(
id: 'search' id: 'search'
type: 'GET' type: 'GET'
url: @apiPath + '/search' url: @apiPath + '/search'
data: data:
term: @term query: @query
processData: true, processData: true,
success: (data, status, xhr) => success: (data, status, xhr) =>
@ -158,25 +158,21 @@ class App.Navigation extends App.ControllerWidgetPermanent
App.Collection.loadAssets( data.assets ) App.Collection.loadAssets( data.assets )
# cache search result # cache search result
@searchResultCache[@term] = data.result @searchResultCache[@query] = data.result
result = data.result result = {}
for area in result for item in data.result
if area.name is 'Ticket' if App[item.type] && App[item.type].find
area.result = [] if !result[item.type]
for id in area.ids result[item.type] = []
ticket = App.Ticket.find( id ) item_object = App[item.type].find(item.id)
area.result.push ticket.searchResultAttributes() if item_object.searchResultAttributes
else if area.name is 'User' item_object_search_attributes = item_object.searchResultAttributes()
area.result = [] result[item.type].push item_object_search_attributes
for id in area.ids else
user = App.User.find( id ) @log 'error', "No such model #{item.type.toLocaleLowerCase()}.searchResultAttributes()"
area.result.push user.searchResultAttributes() else
else if area.name is 'Organization' @log 'error', "No such model App.#{item.type}"
area.result = []
for id in area.ids
organization = App.Organization.find( id )
area.result.push organization.searchResultAttributes()
@renderResult(result) @renderResult(result)
@ -219,9 +215,9 @@ class App.Navigation extends App.ControllerWidgetPermanent
removePopovers() removePopovers()
# check if search is needed # check if search is needed
term = @$('#global-search').val().trim() query = @$('#global-search').val().trim()
return if !term return if !query
@term = term @query = query
@delay( searchFunction, 220, 'search' ) @delay( searchFunction, 220, 'search' )
) )
@ -239,11 +235,11 @@ class App.Navigation extends App.ControllerWidgetPermanent
return return
# on other keys, show result # on other keys, show result
term = @$('#global-search').val().trim() query = @$('#global-search').val().trim()
return if !term return if !query
return if term is @term return if query is @query
@term = term @query = query
@$('.search').toggleClass('filled', !!@term) @$('.search').toggleClass('filled', !!@query)
@delay( searchFunction, 200, 'search' ) @delay( searchFunction, 200, 'search' )
) )

View file

@ -1,6 +1,7 @@
<% for area, i in @result: %> <% for area, items of @result: %>
<% if i > 0: %> <li class="divider"></li> <% end %> <% if done && items.length > 0: %> <li class="divider"></li> <% end %>
<% for item in area.result: %> <% done = true %>
<% for item in items: %>
<li> <li>
<a href="<%- item.url %>" class="nav-tab nav-tab--search <%= item.class %>" data-id="<%= item.id %>"> <a href="<%- item.url %>" class="nav-tab nav-tab--search <%= item.class %>" data-id="<%= item.id %>">
<div class="nav-tab-icon"> <div class="nav-tab-icon">

View file

@ -3,12 +3,13 @@
class SearchController < ApplicationController class SearchController < ApplicationController
before_action :authentication_check before_action :authentication_check
# GET|POST /api/v1/search
# GET|POST /api/v1/search/:objects # GET|POST /api/v1/search/:objects
def search_generic def search_generic
# enable search only for agents and admins # enable search only for users with valid session
if !current_user.role?(Z_ROLENAME_AGENT) && !current_user.role?(Z_ROLENAME_ADMIN) if !current_user
response_access_deny response_access_deny
return true return true
end end
@ -19,9 +20,15 @@ class SearchController < ApplicationController
# convert objects string into array of class names # convert objects string into array of class names
# e.g. user-ticket-another_object = %w( User Ticket AnotherObject ) # e.g. user-ticket-another_object = %w( User Ticket AnotherObject )
objects = params[:objects].split('-').map(&:camelize) if !params[:objects]
objects_all = %w( Ticket User Organization )
else
objects_all = params[:objects].split('-').map(&:camelize)
end
objects = objects_all.clone
puts "OBJECTS: #{objects.inspect}"
search_tickets = objects.delete('Ticket') search_tickets = objects.delete('Ticket')
puts "OBJECTS_a: #{objects_all.inspect}/#{search_tickets.inspect}"
# try search index backend # try search index backend
assets = {} assets = {}
result = [] result = []
@ -53,7 +60,7 @@ class SearchController < ApplicationController
else else
# do query # do query
objects.each { |object| objects_all.each { |object|
found_objects = object.constantize.search( found_objects = object.constantize.search(
query: query, query: query,
@ -78,84 +85,4 @@ class SearchController < ApplicationController
} }
end end
# GET /api/v1/search
def search
# get params
query = params[:term]
limit = params[:limit] || 10
assets = {}
result = []
objects = %w( Ticket User Organization )
if SearchIndexBackend.enabled?
# to ticket search in serparate call
objects.delete('Ticket')
# to query search index backend (excluse tickets here, see below)
found_objects = {}
items = SearchIndexBackend.search( query, limit, objects )
items.each { |item|
require item[:type].to_filename
record = Kernel.const_get( item[:type] ).find( item[:id] )
assets = record.assets(assets)
found_objects[ item[:type] ] ||= []
found_objects[ item[:type] ].push item[:id]
}
# do ticket query by Ticket class to handle ticket permissions
tickets = Ticket.search(
query: query,
limit: limit,
current_user: current_user,
)
tickets.each do |ticket|
found_objects[ 'Ticket' ] ||= []
found_objects[ 'Ticket' ].push ticket.id
end
# generate whole result
found_objects.each { |object, object_ids|
data = {
name: object,
ids: object_ids,
}
result.push data
}
else
objects.each { |object|
found_objects = object.constantize.search(
query: query,
limit: limit,
current_user: current_user,
)
object_ids = []
found_objects.each do |found_object|
object_ids.push found_object.id
assets = found_object.assets(assets)
end
next if object_ids.empty?
data = {
name: object,
ids: object_ids,
}
result.push data
}
end
# return result
render json: {
assets: assets,
result: result,
}
end
end end

View file

@ -2,8 +2,6 @@ Zammad::Application.routes.draw do
api_path = Rails.configuration.api_path api_path = Rails.configuration.api_path
# search # search
match api_path + '/search', to: 'search#search', via: [:get, :post] match api_path + '/search', to: 'search#search_generic', via: [:get, :post]
# search_generic
match api_path + '/search/:objects', to: 'search#search_generic', via: [:get, :post] match api_path + '/search/:objects', to: 'search#search_generic', via: [:get, :post]
end end

View file

@ -0,0 +1,425 @@
# encoding: utf-8
require 'test_helper'
class SearchControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
# create agent
roles = Role.where( name: %w(Admin Agent) )
groups = Group.all
UserInfo.current_user_id = 1
@admin = User.create_or_update(
login: 'search-admin',
firstname: 'Search',
lastname: 'Admin',
email: 'search-admin@example.com',
password: 'adminpw',
active: true,
roles: roles,
groups: groups,
)
# create agent
roles = Role.where( name: 'Agent' )
@agent = User.create_or_update(
login: 'search-agent@example.com',
firstname: 'Search 1234',
lastname: 'Agent',
email: 'search-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where( name: 'Customer' )
@customer_without_org = User.create_or_update(
login: 'search-customer1@example.com',
firstname: 'Search',
lastname: 'Customer1',
email: 'search-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
# create orgs
@organization = Organization.create_or_update(
name: 'Rest Org',
)
@organization2 = Organization.create_or_update(
name: 'Rest Org #2',
)
@organization3 = Organization.create_or_update(
name: 'Rest Org #3',
)
# create customer with org
@customer_with_org2 = User.create_or_update(
login: 'search-customer2@example.com',
firstname: 'Search',
lastname: 'Customer2',
email: 'search-customer2@example.com',
password: 'customer2pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
@customer_with_org3 = User.create_or_update(
login: 'search-customer3@example.com',
firstname: 'Search',
lastname: 'Customer3',
email: 'search-customer3@example.com',
password: 'customer3pw',
active: true,
roles: roles,
organization_id: @organization.id,
)
Ticket.all.destroy_all
@ticket1 = Ticket.create(
title: 'test 1234-1',
group: Group.lookup( name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup( name: 'new' ),
priority: Ticket::Priority.lookup( name: '2 normal' ),
updated_by_id: 1,
created_by_id: 1,
)
@article1 = Ticket::Article.create(
ticket_id: @ticket1.id,
from: 'some_sender1@example.com',
to: 'some_recipient1@example.com',
subject: 'some subject1',
message_id: 'some@id',
body: 'some message1',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
updated_by_id: 1,
created_by_id: 1,
)
sleep 1
@ticket2 = Ticket.create(
title: 'test 1234-2',
group: Group.lookup( name: 'Users'),
customer_id: @customer_with_org2.id,
state: Ticket::State.lookup( name: 'new' ),
priority: Ticket::Priority.lookup( name: '2 normal' ),
updated_by_id: 1,
created_by_id: 1,
)
@article2 = Ticket::Article.create(
ticket_id: @ticket2.id,
from: 'some_sender2@example.com',
to: 'some_recipient2@example.com',
subject: 'some subject2',
message_id: 'some@id',
body: 'some message2',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
updated_by_id: 1,
created_by_id: 1,
)
sleep 1
@ticket3 = Ticket.create(
title: 'test 1234-2',
group: Group.lookup( name: 'Users'),
customer_id: @customer_with_org3.id,
state: Ticket::State.lookup( name: 'new' ),
priority: Ticket::Priority.lookup( name: '2 normal' ),
updated_by_id: 1,
created_by_id: 1,
)
@article3 = Ticket::Article.create(
ticket_id: @ticket3.id,
from: 'some_sender3@example.com',
to: 'some_recipient3@example.com',
subject: 'some subject3',
message_id: 'some@id',
body: 'some message3',
internal: false,
sender: Ticket::Article::Sender.where(name: 'Customer').first,
type: Ticket::Article::Type.where(name: 'email').first,
updated_by_id: 1,
created_by_id: 1,
)
end
test 'settings index with nobody' do
params = {
query: 'test 1234',
limit: 2,
}
post '/api/v1/search/ticket', params.to_json, @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result.empty?)
post '/api/v1/search/user', params.to_json, @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result.empty?)
post '/api/v1/search', params.to_json, @headers
assert_response(401)
result = JSON.parse(@response.body)
assert_equal(result.class, Hash)
assert_not(result.empty?)
end
test 'settings index with admin' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw')
params = {
query: '1234*',
limit: 1,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('User', result['result'][1]['type'])
assert_equal(@agent.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_equal('User', result['result'][3]['type'])
assert_equal(@agent.id, result['result'][3]['id'])
assert_not(result['result'][4])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_not(result['result'][3])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User', result['result'][0]['type'])
assert_equal(@agent.id, result['result'][0]['id'])
assert_not(result['result'][1])
end
test 'settings index with agent' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')
params = {
query: '1234*',
limit: 1,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('User', result['result'][1]['type'])
assert_equal(@agent.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_equal('User', result['result'][3]['type'])
assert_equal(@agent.id, result['result'][3]['id'])
assert_not(result['result'][4])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_equal('Ticket', result['result'][2]['type'])
assert_equal(@ticket1.id, result['result'][2]['id'])
assert_not(result['result'][3])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('User', result['result'][0]['type'])
assert_equal(@agent.id, result['result'][0]['id'])
assert_not(result['result'][1])
end
test 'settings index with customer 1' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw')
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket1.id, result['result'][0]['id'])
assert_not(result['result'][1])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket1.id, result['result'][0]['id'])
assert_not(result['result'][1])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['result'][0])
end
test 'settings index with customer 2' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw')
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/ticket', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result)
assert_equal('Ticket', result['result'][0]['type'])
assert_equal(@ticket3.id, result['result'][0]['id'])
assert_equal('Ticket', result['result'][1]['type'])
assert_equal(@ticket2.id, result['result'][1]['id'])
assert_not(result['result'][2])
params = {
query: '1234*',
limit: 10,
}
post '/api/v1/search/user', params.to_json, @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_not(result['result'][0])
end
end