Fixed issue #2750 - Can't change Ticket attributes of "Shared Organization" Ticket.

2019-09-20 08:48:57 +02:00 · 2019-09-20 08:48:57 +02:00 · 5e38ca46fc
commit 5e38ca46fc
parent 6606aa29cd
5 changed files with 127 additions and 0 deletions
--- a/app/assets/javascripts/app/models/ticket.coffee
+++ b/app/assets/javascripts/app/models/ticket.coffee
@ -266,6 +266,8 @@ class App.Ticket extends App.Model
    user = App.User.current()
    return false if !user?
    return true if user.id is @customer_id
+    return true if user.organization_id && @organization_id && user.organization_id is @organization_id
+    return false if !@group_id
    group_ids = user.allGroupIds(permission)
    for local_group_id in group_ids
      if local_group_id.toString() is @group_id.toString()
--- a/app/views/tests/model_ticket.html.erb
+++ b/app/views/tests/model_ticket.html.erb
@ -0,0 +1,16 @@
+
+<link rel="stylesheet" href="/assets/tests/qunit-1.21.0.css">
+<script src="/assets/tests/qunit-1.21.0.js"></script>
+<script src="/assets/tests/model_ticket.js"></script>
+
+<style type="text/css">
+body {
+  padding-top: 0px;
+}
+</style>
+
+<script type="text/javascript">
+</script>
+
+<div id="qunit" class="u-dontfold"></div>
+
--- a/config/routes/test.rb
+++ b/config/routes/test.rb
@ -7,6 +7,7 @@ Zammad::Application.routes.draw do
  match '/tests_model',                       to: 'tests#model',                      via: :get
  match '/tests_model_binding',               to: 'tests#model_binding',              via: :get
  match '/tests_model_ui',                    to: 'tests#model_ui',                   via: :get
+  match '/tests_model_ticket',                to: 'tests#model_ticket',               via: :get
  match '/tests_form',                        to: 'tests#form',                       via: :get
  match '/tests_form_tree_select',            to: 'tests#form_tree_select',           via: :get
  match '/tests_form_find',                   to: 'tests#form_find',                  via: :get
--- a/public/assets/tests/model_ticket.js
+++ b/public/assets/tests/model_ticket.js
@ -0,0 +1,104 @@
+window.onload = function() {
+
+  App.Ticket.refresh([{
+    id: 1,
+    title: 'ticket1',
+    state_id: 1,
+    customer_id: 33,
+    organization_id: 1,
+    owner_id: 1,
+  },
+  {
+    id: 2,
+    title: 'ticket2',
+    state_id: 1,
+    customer_id: 44,
+    organization_id: 1,
+    owner_id: 1,
+  },
+  {
+    id: 3,
+    title: 'ticket3',
+    state_id: 1,
+    customer_id: 55,
+    organization_id: undefined,
+    owner_id: 1,
+  },
+  {
+    id: 4,
+    title: 'ticket4',
+    state_id: 1,
+    customer_id: 66,
+    organization_id: undefined,
+    owner_id: 1,
+    group_id: 1,
+  }])
+
+  App.User.refresh([{
+    id: 33,
+    login: 'hh@1example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh1@example.com',
+    organization_id: 1,
+    role_ids: [3],
+    active: true,
+  },
+  {
+    id: 44,
+    login: 'hh2@example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh2@example.com',
+    organization_id: 2,
+    role_ids: [3],
+    active: true,
+  },
+  {
+    id: 55,
+    login: 'hh3example.com',
+    firstname: 'Harald',
+    lastname: 'Habebe',
+    email: 'hh3@example.com',
+    organization_id: undefined,
+    role_ids: [3],
+    active: true,
+  }])
+
+  test('ticket.editabe customer user #1', function() {
+    App.Session.set(33)
+    ticket1 = App.Ticket.find(1);
+    ok(ticket1.editable(), 'access via customer_id');
+    ticket2 = App.Ticket.find(2);
+    ok(ticket2.editable(), 'access via organization_id');
+    ticket3 = App.Ticket.find(3);
+    ok(!ticket3.editable(), 'no access');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+  test('ticket.editabe customer user #2', function() {
+    App.Session.set(44)
+    ticket1 = App.Ticket.find(1);
+    ok(!ticket1.editable(), 'no access');
+    ticket2 = App.Ticket.find(2);
+    ok(ticket2.editable(), 'access via customer_id');
+    ticket3 = App.Ticket.find(3);
+    ok(!ticket3.editable(), 'no access');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+  test('ticket.editabe customer user #3', function() {
+    App.Session.set(55)
+    ticket1 = App.Ticket.find(1);
+    ok(!ticket1.editable(), 'no access');
+    ticket2 = App.Ticket.find(2);
+    ok(!ticket2.editable(), 'no access');
+    ticket3 = App.Ticket.find(3);
+    ok(ticket3.editable(), 'access via customer_id');
+    ticket4 = App.Ticket.find(4);
+    ok(!ticket4.editable(), 'no access');
+  });
+
+}
--- a/spec/system/js/q_unit_spec.rb
+++ b/spec/system/js/q_unit_spec.rb
@ -51,6 +51,10 @@ RSpec.describe 'QUnit', type: :system, authenticated: false, set_up: true, webso
      q_unit_tests('model_ui')
    end

+    it 'Model Ticket' do
+      q_unit_tests('model_ticket')
+    end
+
    it 'Ticket selector' do
      q_unit_tests('ticket_selector')
    end