Fixes #1339 deny ticket creation over web

2018-05-17 18:20:17 +03:00 · 2018-05-17 18:20:17 +03:00 · 7fd539359d
commit 7fd539359d
parent 8f708b75ea
3 changed files with 94 additions and 29 deletions
--- a/app/assets/javascripts/app/controllers/customer_ticket_create.coffee
+++ b/app/assets/javascripts/app/controllers/customer_ticket_create.coffee
@ -21,6 +21,12 @@ class Index extends App.ControllerContent
    @bindId = App.TicketCreateCollection.one(load)

  render: (template = {}) ->
+    if !@Config.get('customer_ticket_create')
+      @renderScreenError(
+        detail:     'Your role cannot create new ticket. Please contact your administrator.'
+        objectName: 'Ticket'
+      )
+      return

    # set defaults
    defaults = template['options'] || {}
@ -190,4 +196,4 @@ class Index extends App.ControllerContent
      )

 App.Config.set('customer_ticket_new', Index, 'Routes')
-App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')
+App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], setting: ['customer_ticket_create'], divider: true }, 'NavBarRight')
--- a/app/assets/javascripts/app/controllers/navigation.coffee
+++ b/app/assets/javascripts/app/controllers/navigation.coffee
@ -305,6 +305,31 @@ class App.Navigation extends App.ControllerWidgetPermanent
    @searchContainer.toggleClass('filled', !!@query)
    @globalSearch.search(query: @query)

+  filterNavbar: (values, user, parent = null) ->
+    return _.filter values, (item) =>
+      if typeof item.callback is 'function'
+        data = item.callback() || {}
+        for key, value of data
+          item[key] = value
+
+      if !parent? && !item.parent || item.parent is parent
+        return @filterNavbarPermissionOk(item, user) &&
+          @filterNavbarSettingOk(item)
+      else
+        return false
+
+  filterNavbarPermissionOk: (item, user) ->
+    return true unless item.permission
+
+    return _.any item.permission, (permissionName) ->
+      return user && user.permission(permissionName)
+
+  filterNavbarSettingOk: (item) ->
+    return true unless item.setting
+
+    return _.any item.setting, (settingName) =>
+      return @Config.get(settingName)
+
  getItems: (data) ->
    navbar =  _.values(data.navbar)

@ -315,38 +340,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
    if App.Session.get('id')
      user = App.User.find(App.Session.get('id'))

-    for item in navbar
-      if typeof item.callback is 'function'
-        data = item.callback() || {}
-        for key, value of data
-          item[key] = value
-      if !item.parent
-        match = true
-        if item.permission
-          match = false
-          for permissionName in item.permission
-            if !match && user && user.permission(permissionName)
-              match = true
-        if match
-          level1.push item
+    level1 = @filterNavbar(navbar, user)

    for item in navbar
      if item.parent && !dropdown[ item.parent ]
-        dropdown[ item.parent ] = []
+        dropdown[ item.parent ] = @filterNavbar(navbar, user, item.parent)

-        # find all childs and order
-        for itemSub in navbar
-          if itemSub.parent is item.parent
-            match = true
-            if itemSub.permission
-              match = false
-              for permissionName in itemSub.permission
-                if !match && user && user.permission(permissionName)
-                  match = true
-            if match
-              dropdown[ item.parent ].push itemSub
-
-        # find parent
        for itemLevel1 in level1
          if itemLevel1.target is item.parent
            sub = @getOrder(dropdown[ item.parent ])
--- a/test/browser/customer_ticket_create_test.rb
+++ b/test/browser/customer_ticket_create_test.rb
@ -213,4 +213,64 @@ class CustomerTicketCreateTest < TestCase
    )
  end

+  def test_customer_disable_ticket_creation
+    @browser = browser_instance
+
+    # disable ticket creation
+    login(
+      username: 'master@example.com',
+      password: 'test',
+      url: browser_url,
+    )
+
+    click(css: 'a[href="#manage"]')
+    click(css: 'a[href="#channels/web"]')
+
+    @browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=false]').click
+    click(css: '#customer_ticket_create .btn')
+
+    sleep(1)
+
+    logout()
+
+    # check if new ticket button is not visible
+
+    login(
+      username: 'nicole.braun@zammad.org',
+      password: 'test',
+      url: browser_url,
+    )
+
+    assert(exists_not(css: 'a[href="#customer_ticket_new"]'))
+
+    logout()
+
+    # enable ticket creation
+
+    login(
+      username: 'master@example.com',
+      password: 'test',
+      url: browser_url,
+    )
+
+    click(css: 'a[href="#manage"]')
+    click(css: 'a[href="#channels/web"]')
+
+    @browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=true]').click
+    click(css: '#customer_ticket_create .btn')
+
+    sleep(1)
+
+    logout()
+
+    # check if new ticket button is visible
+
+    login(
+      username: 'nicole.braun@zammad.org',
+      password: 'test',
+      url: browser_url,
+    )
+
+    assert(exists(css: 'a[href="#customer_ticket_new"]'))
+  end
 end