From ba2d22e8a4a8cf3a4df214d7787b2bfe1b50c9ea Mon Sep 17 00:00:00 2001
From: Rolando <rolando.torres2810@gmail.com>
Date: Sat, 23 Sep 2017 18:38:16 +0200
Subject: [PATCH 1/2] Adds customer_ticket_create requirement to enable form

---
 app/controllers/form_controller.rb       |  2 +-
 test/controllers/form_controller_test.rb | 25 ++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb
index 9e1328748..30b6476f0 100644
--- a/app/controllers/form_controller.rb
+++ b/app/controllers/form_controller.rb
@@ -241,7 +241,7 @@ class FormController < ApplicationController
 
   def enabled?
     return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular')
-    return true if Setting.get('form_ticket_create')
+    return true if Setting.get('form_ticket_create') && Setting.get('customer_ticket_create')
     response_access_deny
     false
   end
diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb
index 8aacf1157..cefcb5cca 100644
--- a/test/controllers/form_controller_test.rb
+++ b/test/controllers/form_controller_test.rb
@@ -244,4 +244,29 @@ class FormControllerTest < ActionDispatch::IntegrationTest
     assert(result['error'])
   end
 
+  test '06 - customer_ticket_create false disables form' do
+    Setting.set('form_ticket_create', true)
+    Setting.set('customer_ticket_create', false)
+
+    fingerprint = SecureRandom.hex(40)
+
+    post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers
+
+    result = JSON.parse(@response.body)
+    token = result['token']
+    params = {
+        fingerprint: fingerprint,
+        token: token,
+        name: 'Bob Smith',
+        email: 'discard@znuny.com',
+        title: 'test',
+        body: 'hello'
+    }
+
+    post '/api/v1/form_submit', params: params.to_json, headers: @headers
+
+    assert_response(401)
+  end
+
+
 end

From 7b28ad80a4db2725a6b4b63e82ac9afb8e456a9c Mon Sep 17 00:00:00 2001
From: Thorsten Eckel <te@znuny.com>
Date: Tue, 10 Oct 2017 16:37:27 +0200
Subject: [PATCH 2/2] Applied rubocop.

---
 test/controllers/form_controller_test.rb | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb
index cefcb5cca..48ae47081 100644
--- a/test/controllers/form_controller_test.rb
+++ b/test/controllers/form_controller_test.rb
@@ -255,12 +255,12 @@ class FormControllerTest < ActionDispatch::IntegrationTest
     result = JSON.parse(@response.body)
     token = result['token']
     params = {
-        fingerprint: fingerprint,
-        token: token,
-        name: 'Bob Smith',
-        email: 'discard@znuny.com',
-        title: 'test',
-        body: 'hello'
+      fingerprint: fingerprint,
+      token: token,
+      name: 'Bob Smith',
+      email: 'discard@znuny.com',
+      title: 'test',
+      body: 'hello'
     }
 
     post '/api/v1/form_submit', params: params.to_json, headers: @headers
@@ -268,5 +268,4 @@ class FormControllerTest < ActionDispatch::IntegrationTest
     assert_response(401)
   end
 
-
 end