Fixes #1339 deny ticket creation over web
This commit is contained in:
parent
8f708b75ea
commit
7fd539359d
3 changed files with 94 additions and 29 deletions
|
@ -21,6 +21,12 @@ class Index extends App.ControllerContent
|
|||
@bindId = App.TicketCreateCollection.one(load)
|
||||
|
||||
render: (template = {}) ->
|
||||
if !@Config.get('customer_ticket_create')
|
||||
@renderScreenError(
|
||||
detail: 'Your role cannot create new ticket. Please contact your administrator.'
|
||||
objectName: 'Ticket'
|
||||
)
|
||||
return
|
||||
|
||||
# set defaults
|
||||
defaults = template['options'] || {}
|
||||
|
@ -190,4 +196,4 @@ class Index extends App.ControllerContent
|
|||
)
|
||||
|
||||
App.Config.set('customer_ticket_new', Index, 'Routes')
|
||||
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')
|
||||
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], setting: ['customer_ticket_create'], divider: true }, 'NavBarRight')
|
||||
|
|
|
@ -305,6 +305,31 @@ class App.Navigation extends App.ControllerWidgetPermanent
|
|||
@searchContainer.toggleClass('filled', !!@query)
|
||||
@globalSearch.search(query: @query)
|
||||
|
||||
filterNavbar: (values, user, parent = null) ->
|
||||
return _.filter values, (item) =>
|
||||
if typeof item.callback is 'function'
|
||||
data = item.callback() || {}
|
||||
for key, value of data
|
||||
item[key] = value
|
||||
|
||||
if !parent? && !item.parent || item.parent is parent
|
||||
return @filterNavbarPermissionOk(item, user) &&
|
||||
@filterNavbarSettingOk(item)
|
||||
else
|
||||
return false
|
||||
|
||||
filterNavbarPermissionOk: (item, user) ->
|
||||
return true unless item.permission
|
||||
|
||||
return _.any item.permission, (permissionName) ->
|
||||
return user && user.permission(permissionName)
|
||||
|
||||
filterNavbarSettingOk: (item) ->
|
||||
return true unless item.setting
|
||||
|
||||
return _.any item.setting, (settingName) =>
|
||||
return @Config.get(settingName)
|
||||
|
||||
getItems: (data) ->
|
||||
navbar = _.values(data.navbar)
|
||||
|
||||
|
@ -315,38 +340,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
|
|||
if App.Session.get('id')
|
||||
user = App.User.find(App.Session.get('id'))
|
||||
|
||||
for item in navbar
|
||||
if typeof item.callback is 'function'
|
||||
data = item.callback() || {}
|
||||
for key, value of data
|
||||
item[key] = value
|
||||
if !item.parent
|
||||
match = true
|
||||
if item.permission
|
||||
match = false
|
||||
for permissionName in item.permission
|
||||
if !match && user && user.permission(permissionName)
|
||||
match = true
|
||||
if match
|
||||
level1.push item
|
||||
level1 = @filterNavbar(navbar, user)
|
||||
|
||||
for item in navbar
|
||||
if item.parent && !dropdown[ item.parent ]
|
||||
dropdown[ item.parent ] = []
|
||||
dropdown[ item.parent ] = @filterNavbar(navbar, user, item.parent)
|
||||
|
||||
# find all childs and order
|
||||
for itemSub in navbar
|
||||
if itemSub.parent is item.parent
|
||||
match = true
|
||||
if itemSub.permission
|
||||
match = false
|
||||
for permissionName in itemSub.permission
|
||||
if !match && user && user.permission(permissionName)
|
||||
match = true
|
||||
if match
|
||||
dropdown[ item.parent ].push itemSub
|
||||
|
||||
# find parent
|
||||
for itemLevel1 in level1
|
||||
if itemLevel1.target is item.parent
|
||||
sub = @getOrder(dropdown[ item.parent ])
|
||||
|
|
|
@ -213,4 +213,64 @@ class CustomerTicketCreateTest < TestCase
|
|||
)
|
||||
end
|
||||
|
||||
def test_customer_disable_ticket_creation
|
||||
@browser = browser_instance
|
||||
|
||||
# disable ticket creation
|
||||
login(
|
||||
username: 'master@example.com',
|
||||
password: 'test',
|
||||
url: browser_url,
|
||||
)
|
||||
|
||||
click(css: 'a[href="#manage"]')
|
||||
click(css: 'a[href="#channels/web"]')
|
||||
|
||||
@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=false]').click
|
||||
click(css: '#customer_ticket_create .btn')
|
||||
|
||||
sleep(1)
|
||||
|
||||
logout()
|
||||
|
||||
# check if new ticket button is not visible
|
||||
|
||||
login(
|
||||
username: 'nicole.braun@zammad.org',
|
||||
password: 'test',
|
||||
url: browser_url,
|
||||
)
|
||||
|
||||
assert(exists_not(css: 'a[href="#customer_ticket_new"]'))
|
||||
|
||||
logout()
|
||||
|
||||
# enable ticket creation
|
||||
|
||||
login(
|
||||
username: 'master@example.com',
|
||||
password: 'test',
|
||||
url: browser_url,
|
||||
)
|
||||
|
||||
click(css: 'a[href="#manage"]')
|
||||
click(css: 'a[href="#channels/web"]')
|
||||
|
||||
@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=true]').click
|
||||
click(css: '#customer_ticket_create .btn')
|
||||
|
||||
sleep(1)
|
||||
|
||||
logout()
|
||||
|
||||
# check if new ticket button is visible
|
||||
|
||||
login(
|
||||
username: 'nicole.braun@zammad.org',
|
||||
password: 'test',
|
||||
url: browser_url,
|
||||
)
|
||||
|
||||
assert(exists(css: 'a[href="#customer_ticket_new"]'))
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue