Fixes #1339 deny ticket creation over web
This commit is contained in:
parent
8f708b75ea
commit
7fd539359d
3 changed files with 94 additions and 29 deletions
|
@ -21,6 +21,12 @@ class Index extends App.ControllerContent
|
||||||
@bindId = App.TicketCreateCollection.one(load)
|
@bindId = App.TicketCreateCollection.one(load)
|
||||||
|
|
||||||
render: (template = {}) ->
|
render: (template = {}) ->
|
||||||
|
if !@Config.get('customer_ticket_create')
|
||||||
|
@renderScreenError(
|
||||||
|
detail: 'Your role cannot create new ticket. Please contact your administrator.'
|
||||||
|
objectName: 'Ticket'
|
||||||
|
)
|
||||||
|
return
|
||||||
|
|
||||||
# set defaults
|
# set defaults
|
||||||
defaults = template['options'] || {}
|
defaults = template['options'] || {}
|
||||||
|
@ -190,4 +196,4 @@ class Index extends App.ControllerContent
|
||||||
)
|
)
|
||||||
|
|
||||||
App.Config.set('customer_ticket_new', Index, 'Routes')
|
App.Config.set('customer_ticket_new', Index, 'Routes')
|
||||||
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')
|
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], setting: ['customer_ticket_create'], divider: true }, 'NavBarRight')
|
||||||
|
|
|
@ -305,6 +305,31 @@ class App.Navigation extends App.ControllerWidgetPermanent
|
||||||
@searchContainer.toggleClass('filled', !!@query)
|
@searchContainer.toggleClass('filled', !!@query)
|
||||||
@globalSearch.search(query: @query)
|
@globalSearch.search(query: @query)
|
||||||
|
|
||||||
|
filterNavbar: (values, user, parent = null) ->
|
||||||
|
return _.filter values, (item) =>
|
||||||
|
if typeof item.callback is 'function'
|
||||||
|
data = item.callback() || {}
|
||||||
|
for key, value of data
|
||||||
|
item[key] = value
|
||||||
|
|
||||||
|
if !parent? && !item.parent || item.parent is parent
|
||||||
|
return @filterNavbarPermissionOk(item, user) &&
|
||||||
|
@filterNavbarSettingOk(item)
|
||||||
|
else
|
||||||
|
return false
|
||||||
|
|
||||||
|
filterNavbarPermissionOk: (item, user) ->
|
||||||
|
return true unless item.permission
|
||||||
|
|
||||||
|
return _.any item.permission, (permissionName) ->
|
||||||
|
return user && user.permission(permissionName)
|
||||||
|
|
||||||
|
filterNavbarSettingOk: (item) ->
|
||||||
|
return true unless item.setting
|
||||||
|
|
||||||
|
return _.any item.setting, (settingName) =>
|
||||||
|
return @Config.get(settingName)
|
||||||
|
|
||||||
getItems: (data) ->
|
getItems: (data) ->
|
||||||
navbar = _.values(data.navbar)
|
navbar = _.values(data.navbar)
|
||||||
|
|
||||||
|
@ -315,38 +340,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
|
||||||
if App.Session.get('id')
|
if App.Session.get('id')
|
||||||
user = App.User.find(App.Session.get('id'))
|
user = App.User.find(App.Session.get('id'))
|
||||||
|
|
||||||
for item in navbar
|
level1 = @filterNavbar(navbar, user)
|
||||||
if typeof item.callback is 'function'
|
|
||||||
data = item.callback() || {}
|
|
||||||
for key, value of data
|
|
||||||
item[key] = value
|
|
||||||
if !item.parent
|
|
||||||
match = true
|
|
||||||
if item.permission
|
|
||||||
match = false
|
|
||||||
for permissionName in item.permission
|
|
||||||
if !match && user && user.permission(permissionName)
|
|
||||||
match = true
|
|
||||||
if match
|
|
||||||
level1.push item
|
|
||||||
|
|
||||||
for item in navbar
|
for item in navbar
|
||||||
if item.parent && !dropdown[ item.parent ]
|
if item.parent && !dropdown[ item.parent ]
|
||||||
dropdown[ item.parent ] = []
|
dropdown[ item.parent ] = @filterNavbar(navbar, user, item.parent)
|
||||||
|
|
||||||
# find all childs and order
|
|
||||||
for itemSub in navbar
|
|
||||||
if itemSub.parent is item.parent
|
|
||||||
match = true
|
|
||||||
if itemSub.permission
|
|
||||||
match = false
|
|
||||||
for permissionName in itemSub.permission
|
|
||||||
if !match && user && user.permission(permissionName)
|
|
||||||
match = true
|
|
||||||
if match
|
|
||||||
dropdown[ item.parent ].push itemSub
|
|
||||||
|
|
||||||
# find parent
|
|
||||||
for itemLevel1 in level1
|
for itemLevel1 in level1
|
||||||
if itemLevel1.target is item.parent
|
if itemLevel1.target is item.parent
|
||||||
sub = @getOrder(dropdown[ item.parent ])
|
sub = @getOrder(dropdown[ item.parent ])
|
||||||
|
|
|
@ -213,4 +213,64 @@ class CustomerTicketCreateTest < TestCase
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def test_customer_disable_ticket_creation
|
||||||
|
@browser = browser_instance
|
||||||
|
|
||||||
|
# disable ticket creation
|
||||||
|
login(
|
||||||
|
username: 'master@example.com',
|
||||||
|
password: 'test',
|
||||||
|
url: browser_url,
|
||||||
|
)
|
||||||
|
|
||||||
|
click(css: 'a[href="#manage"]')
|
||||||
|
click(css: 'a[href="#channels/web"]')
|
||||||
|
|
||||||
|
@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=false]').click
|
||||||
|
click(css: '#customer_ticket_create .btn')
|
||||||
|
|
||||||
|
sleep(1)
|
||||||
|
|
||||||
|
logout()
|
||||||
|
|
||||||
|
# check if new ticket button is not visible
|
||||||
|
|
||||||
|
login(
|
||||||
|
username: 'nicole.braun@zammad.org',
|
||||||
|
password: 'test',
|
||||||
|
url: browser_url,
|
||||||
|
)
|
||||||
|
|
||||||
|
assert(exists_not(css: 'a[href="#customer_ticket_new"]'))
|
||||||
|
|
||||||
|
logout()
|
||||||
|
|
||||||
|
# enable ticket creation
|
||||||
|
|
||||||
|
login(
|
||||||
|
username: 'master@example.com',
|
||||||
|
password: 'test',
|
||||||
|
url: browser_url,
|
||||||
|
)
|
||||||
|
|
||||||
|
click(css: 'a[href="#manage"]')
|
||||||
|
click(css: 'a[href="#channels/web"]')
|
||||||
|
|
||||||
|
@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=true]').click
|
||||||
|
click(css: '#customer_ticket_create .btn')
|
||||||
|
|
||||||
|
sleep(1)
|
||||||
|
|
||||||
|
logout()
|
||||||
|
|
||||||
|
# check if new ticket button is visible
|
||||||
|
|
||||||
|
login(
|
||||||
|
username: 'nicole.braun@zammad.org',
|
||||||
|
password: 'test',
|
||||||
|
url: browser_url,
|
||||||
|
)
|
||||||
|
|
||||||
|
assert(exists(css: 'a[href="#customer_ticket_new"]'))
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue