Fixed issue #2750 - Can't change Ticket attributes of "Shared Organization" Ticket.

This commit is contained in:
Martin Edenhofer 2019-09-20 08:48:57 +02:00 committed by Thorsten Eckel
parent 6606aa29cd
commit 5e38ca46fc
5 changed files with 127 additions and 0 deletions

View file

@ -266,6 +266,8 @@ class App.Ticket extends App.Model
user = App.User.current() user = App.User.current()
return false if !user? return false if !user?
return true if user.id is @customer_id return true if user.id is @customer_id
return true if user.organization_id && @organization_id && user.organization_id is @organization_id
return false if !@group_id
group_ids = user.allGroupIds(permission) group_ids = user.allGroupIds(permission)
for local_group_id in group_ids for local_group_id in group_ids
if local_group_id.toString() is @group_id.toString() if local_group_id.toString() is @group_id.toString()

View file

@ -0,0 +1,16 @@
<link rel="stylesheet" href="/assets/tests/qunit-1.21.0.css">
<script src="/assets/tests/qunit-1.21.0.js"></script>
<script src="/assets/tests/model_ticket.js"></script>
<style type="text/css">
body {
padding-top: 0px;
}
</style>
<script type="text/javascript">
</script>
<div id="qunit" class="u-dontfold"></div>

View file

@ -7,6 +7,7 @@ Zammad::Application.routes.draw do
match '/tests_model', to: 'tests#model', via: :get match '/tests_model', to: 'tests#model', via: :get
match '/tests_model_binding', to: 'tests#model_binding', via: :get match '/tests_model_binding', to: 'tests#model_binding', via: :get
match '/tests_model_ui', to: 'tests#model_ui', via: :get match '/tests_model_ui', to: 'tests#model_ui', via: :get
match '/tests_model_ticket', to: 'tests#model_ticket', via: :get
match '/tests_form', to: 'tests#form', via: :get match '/tests_form', to: 'tests#form', via: :get
match '/tests_form_tree_select', to: 'tests#form_tree_select', via: :get match '/tests_form_tree_select', to: 'tests#form_tree_select', via: :get
match '/tests_form_find', to: 'tests#form_find', via: :get match '/tests_form_find', to: 'tests#form_find', via: :get

View file

@ -0,0 +1,104 @@
window.onload = function() {
App.Ticket.refresh([{
id: 1,
title: 'ticket1',
state_id: 1,
customer_id: 33,
organization_id: 1,
owner_id: 1,
},
{
id: 2,
title: 'ticket2',
state_id: 1,
customer_id: 44,
organization_id: 1,
owner_id: 1,
},
{
id: 3,
title: 'ticket3',
state_id: 1,
customer_id: 55,
organization_id: undefined,
owner_id: 1,
},
{
id: 4,
title: 'ticket4',
state_id: 1,
customer_id: 66,
organization_id: undefined,
owner_id: 1,
group_id: 1,
}])
App.User.refresh([{
id: 33,
login: 'hh@1example.com',
firstname: 'Harald',
lastname: 'Habebe',
email: 'hh1@example.com',
organization_id: 1,
role_ids: [3],
active: true,
},
{
id: 44,
login: 'hh2@example.com',
firstname: 'Harald',
lastname: 'Habebe',
email: 'hh2@example.com',
organization_id: 2,
role_ids: [3],
active: true,
},
{
id: 55,
login: 'hh3example.com',
firstname: 'Harald',
lastname: 'Habebe',
email: 'hh3@example.com',
organization_id: undefined,
role_ids: [3],
active: true,
}])
test('ticket.editabe customer user #1', function() {
App.Session.set(33)
ticket1 = App.Ticket.find(1);
ok(ticket1.editable(), 'access via customer_id');
ticket2 = App.Ticket.find(2);
ok(ticket2.editable(), 'access via organization_id');
ticket3 = App.Ticket.find(3);
ok(!ticket3.editable(), 'no access');
ticket4 = App.Ticket.find(4);
ok(!ticket4.editable(), 'no access');
});
test('ticket.editabe customer user #2', function() {
App.Session.set(44)
ticket1 = App.Ticket.find(1);
ok(!ticket1.editable(), 'no access');
ticket2 = App.Ticket.find(2);
ok(ticket2.editable(), 'access via customer_id');
ticket3 = App.Ticket.find(3);
ok(!ticket3.editable(), 'no access');
ticket4 = App.Ticket.find(4);
ok(!ticket4.editable(), 'no access');
});
test('ticket.editabe customer user #3', function() {
App.Session.set(55)
ticket1 = App.Ticket.find(1);
ok(!ticket1.editable(), 'no access');
ticket2 = App.Ticket.find(2);
ok(!ticket2.editable(), 'no access');
ticket3 = App.Ticket.find(3);
ok(ticket3.editable(), 'access via customer_id');
ticket4 = App.Ticket.find(4);
ok(!ticket4.editable(), 'no access');
});
}

View file

@ -51,6 +51,10 @@ RSpec.describe 'QUnit', type: :system, authenticated: false, set_up: true, webso
q_unit_tests('model_ui') q_unit_tests('model_ui')
end end
it 'Model Ticket' do
q_unit_tests('model_ticket')
end
it 'Ticket selector' do it 'Ticket selector' do
q_unit_tests('ticket_selector') q_unit_tests('ticket_selector')
end end