diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ff0935592..7353601b4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -245,8 +245,8 @@ test:integration:es_mysql:
- ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb
- ruby -I test/ test/controllers/form_controller_test.rb
- - ruby -I test/ test/controllers/user_controller_test.rb
- - ruby -I test/ test/controllers/organization_controller_test.rb
+ - ruby -I test/ test/controllers/users_controller_test.rb
+ - ruby -I test/ test/controllers/organizations_controller_test.rb
- rake db:drop
test:integration:es_postgresql:
@@ -265,8 +265,8 @@ test:integration:es_postgresql:
- ruby -I test/ test/controllers/search_controller_test.rb
- ruby -I test/ test/integration/report_test.rb
- ruby -I test/ test/controllers/form_controller_test.rb
- - ruby -I test/ test/controllers/user_controller_test.rb
- - ruby -I test/ test/controllers/organization_controller_test.rb
+ - ruby -I test/ test/controllers/users_controller_test.rb
+ - ruby -I test/ test/controllers/organizations_controller_test.rb
- rake db:drop
test:integration:zendesk_mysql:
diff --git a/app/models/organization/search.rb b/app/models/organization/search.rb
index ab0310414..dd117492b 100644
--- a/app/models/organization/search.rb
+++ b/app/models/organization/search.rb
@@ -72,10 +72,10 @@ returns
current_user = params[:current_user]
# check sort
- sort_by = search_get_sort_by(params, 'name')
+ sort_by = search_get_sort_by(params, 'updated_at')
# check order
- order_by = search_get_order_by(params, 'asc')
+ order_by = search_get_order_by(params, 'desc')
# enable search only for agents and admins
return [] if !search_preferences(current_user)
@@ -92,8 +92,8 @@ returns
return organizations
end
- order_select_sql = search_get_order_select_sql(sort_by, order_by, 'organizations.name')
- order_sql = search_get_order_sql(sort_by, order_by, 'organizations.name ASC')
+ order_select_sql = search_get_order_select_sql(sort_by, order_by, 'organizations.updated_at')
+ order_sql = search_get_order_sql(sort_by, order_by, 'organizations.updated_at ASC')
# fallback do sql query
# - stip out * we already search for *query* -
@@ -110,7 +110,7 @@ returns
return organizations if organizations.length > 3
# if only a few organizations are found, search for names of users
- organizations_by_user = Organization.select('DISTINCT(organizations.id), ' + order_select_sql)
+ organizations_by_user = Organization.select("DISTINCT(organizations.id), #{order_select_sql}")
.joins('LEFT OUTER JOIN users ON users.organization_id = organizations.id')
.where(User.or_cis(%i[firstname lastname email], "%#{query}%"))
.order(order_sql)
diff --git a/app/models/ticket/search.rb b/app/models/ticket/search.rb
index 7c50ec97d..7de4ad7d7 100644
--- a/app/models/ticket/search.rb
+++ b/app/models/ticket/search.rb
@@ -120,7 +120,7 @@ returns
end
# check sort
- sort_by = search_get_sort_by(params, 'created_at')
+ sort_by = search_get_sort_by(params, 'updated_at')
# check order
order_by = search_get_order_by(params, 'desc')
@@ -177,11 +177,11 @@ returns
# do query
# - stip out * we already search for *query* -
- order_select_sql = search_get_order_select_sql(sort_by, order_by, 'tickets.created_at')
- order_sql = search_get_order_sql(sort_by, order_by, 'tickets.created_at DESC')
+ order_select_sql = search_get_order_select_sql(sort_by, order_by, 'tickets.updated_at')
+ order_sql = search_get_order_sql(sort_by, order_by, 'tickets.updated_at DESC')
if query
query.delete! '*'
- tickets_all = Ticket.select('DISTINCT(tickets.id), ' + order_select_sql)
+ tickets_all = Ticket.select("DISTINCT(tickets.id), #{order_select_sql}")
.where(access_condition)
.where('(tickets.title LIKE ? OR tickets.number LIKE ? OR ticket_articles.body LIKE ? OR ticket_articles.from LIKE ? OR ticket_articles.to LIKE ? OR ticket_articles.subject LIKE ?)', "%#{query}%", "%#{query}%", "%#{query}%", "%#{query}%", "%#{query}%", "%#{query}%" )
.joins(:articles)
@@ -190,7 +190,7 @@ returns
.limit(limit)
else
query_condition, bind_condition, tables = selector2sql(condition)
- tickets_all = Ticket.select('DISTINCT(tickets.id), ' + order_select_sql)
+ tickets_all = Ticket.select("DISTINCT(tickets.id), #{order_select_sql}")
.joins(tables)
.where(access_condition)
.where(query_condition, *bind_condition)
diff --git a/lib/search_index_backend.rb b/lib/search_index_backend.rb
index f5b30b1ec..626e0d198 100644
--- a/lib/search_index_backend.rb
+++ b/lib/search_index_backend.rb
@@ -407,7 +407,7 @@ return search result
if result.blank?
result.push(
- created_at: {
+ updated_at: {
order: 'desc',
},
)
diff --git a/test/controllers/calendars_controller_test.rb b/test/controllers/calendars_controller_test.rb
new file mode 100644
index 000000000..4f1938a96
--- /dev/null
+++ b/test/controllers/calendars_controller_test.rb
@@ -0,0 +1,90 @@
+
+require 'test_helper'
+
+class CalendarsControllerTest < ActionDispatch::IntegrationTest
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+ @admin = User.create!(
+ login: 'calendar-admin',
+ firstname: 'Packages',
+ lastname: 'Admin',
+ email: 'calendar-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ end
+
+ test '01 calendar index with nobody' do
+
+ get '/api/v1/calendars', params: {}, headers: @headers
+ assert_response(401)
+
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal('authentication failed', result['error'])
+
+ get '/api/v1/calendars_init', params: {}, headers: @headers
+ assert_response(401)
+
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test '02 calendar index with admin' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('calendar-admin@example.com', 'adminpw')
+
+ # index
+ get '/api/v1/calendars', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert(result)
+ assert_equal(1, result.count)
+
+ get '/api/v1/calendars?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert(result)
+ assert_equal(1, result.count)
+
+ get '/api/v1/calendars?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert(result)
+ assert(result['record_ids'])
+ assert_equal(1, result['record_ids'].count)
+ assert(result['assets'])
+ assert(result['assets'].present?)
+
+ # index
+ get '/api/v1/calendars_init', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert(result['record_ids'])
+ assert(result['ical_feeds'])
+ assert_equal('Denmark', result['ical_feeds']['http://www.google.com/calendar/ical/da.danish%23holiday%40group.v.calendar.google.com/public/basic.ics'])
+ assert_equal('Austria', result['ical_feeds']['http://www.google.com/calendar/ical/de.austrian%23holiday%40group.v.calendar.google.com/public/basic.ics'])
+ assert(result['timezones'])
+ assert_equal(2, result['timezones']['Africa/Johannesburg'])
+ assert_equal(-8, result['timezones']['America/Sitka'])
+ assert(result['assets'])
+
+ end
+
+end
diff --git a/test/controllers/organizations_controller_test.rb b/test/controllers/organizations_controller_test.rb
new file mode 100644
index 000000000..fa18d9f99
--- /dev/null
+++ b/test/controllers/organizations_controller_test.rb
@@ -0,0 +1,638 @@
+require 'test_helper'
+
+class OrganizationsControllerTest < ActionDispatch::IntegrationTest
+ include SearchindexHelper
+
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+
+ @admin = User.create!(
+ login: 'rest-admin',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create agent
+ roles = Role.where(name: 'Agent')
+ @agent = User.create!(
+ login: 'rest-agent@example.com',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-agent@example.com',
+ password: 'agentpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create customer without org
+ roles = Role.where(name: 'Customer')
+ @customer_without_org = User.create!(
+ login: 'rest-customer1@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer1',
+ email: 'rest-customer1@example.com',
+ password: 'customer1pw',
+ active: true,
+ roles: roles,
+ )
+
+ # create orgs
+ @organization = Organization.create!(
+ name: 'Rest Org #1',
+ note: 'Rest Org A',
+ created_at: '2018-02-05 17:42:00',
+ updated_at: '2018-02-05 20:42:00',
+ )
+ @organization2 = Organization.create!(
+ name: 'Rest Org #2',
+ note: 'Rest Org B',
+ created_at: '2018-02-05 18:42:00',
+ updated_at: '2018-02-05 18:42:00',
+ )
+ @organization3 = Organization.create!(
+ name: 'Rest Org #3',
+ note: 'Rest Org C',
+ created_at: '2018-02-05 19:42:00',
+ updated_at: '2018-02-05 19:42:00',
+ )
+
+ # create customer with org
+ @customer_with_org = User.create!(
+ login: 'rest-customer2@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer2',
+ email: 'rest-customer2@example.com',
+ password: 'customer2pw',
+ active: true,
+ roles: roles,
+ organization_id: @organization.id,
+ )
+
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+
+ UserInfo.current_user_id = nil
+ end
+
+ test 'organization index with agent' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result[0]['member_ids'].class, Array)
+ assert(result.length >= 3)
+
+ get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ organizations = Organization.order(:id).limit(2)
+ assert_equal(organizations[0].id, result[0]['id'])
+ assert_equal(organizations[0].member_ids, result[0]['member_ids'])
+ assert_equal(organizations[1].id, result[1]['id'])
+ assert_equal(organizations[1].member_ids, result[1]['member_ids'])
+ assert_equal(2, result.count)
+
+ get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ organizations = Organization.order(:id).limit(4)
+ assert_equal(organizations[2].id, result[0]['id'])
+ assert_equal(organizations[2].member_ids, result[0]['member_ids'])
+ assert_equal(organizations[3].id, result[1]['id'])
+ assert_equal(organizations[3].member_ids, result[1]['member_ids'])
+
+ assert_equal(2, result.count)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['member_ids'].class, Array)
+ assert_not(result['members'])
+ assert_equal(result['name'], 'Rest Org #1')
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['member_ids'].class, Array)
+ assert_not(result['members'])
+ assert_equal(result['name'], 'Rest Org #2')
+
+ # search as agent
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['name'])
+ assert(result[0]['member_ids'])
+ assert_not(result[0]['members'])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['name'])
+ assert(result[0]['member_ids'])
+ assert(result[0]['members'])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['label'])
+ assert_equal('Zammad Foundation', result[0]['value'])
+ assert_not(result[0]['member_ids'])
+ assert_not(result[0]['members'])
+ end
+
+ test 'organization index with customer1' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 0)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'organization index with customer2' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['name'], 'Rest Org #1')
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'organization search sortable' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ result.collect! { |v| v['id'] }
+ assert_equal(Array, result.class)
+ assert_equal([ @organization.id, @organization3.id, @organization2.id ], result)
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ result.collect! { |v| v['id'] }
+ assert_equal(Array, result.class)
+ assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ result.collect! { |v| v['id'] }
+ assert_equal(Array, result.class)
+ assert_equal([ @organization.id, @organization2.id, @organization3.id ], result)
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: 'note', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ result.collect! { |v| v['id'] }
+ assert_equal(Array, result.class)
+ assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Rest Org')}", params: { sort_by: %w[note created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ result.collect! { |v| v['id'] }
+ assert_equal(Array, result.class)
+ assert_equal([ @organization3.id, @organization2.id, @organization.id ], result)
+ end
+
+ test '04.01 organization show and response format' do
+ organization = Organization.create!(
+ name: 'Rest Org NEW',
+ members: [@customer_without_org],
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+ get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(organization.id, result['id'])
+ assert_equal(organization.name, result['name'])
+ assert_not(result['members'])
+ assert_equal([@customer_without_org.id], result['member_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(organization.id, result['id'])
+ assert_equal(organization.name, result['name'])
+ assert(result['members'])
+ assert_equal([@customer_without_org.id], result['member_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(organization.id, result['id'])
+ assert_equal(organization.name, result['name'])
+ assert_not(result['members'])
+ assert_equal([@customer_without_org.id], result['member_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+
+ assert_equal(Hash, result.class)
+ assert_equal(organization.id, result['id'])
+ assert(result['assets'])
+ assert(result['assets']['Organization'])
+ assert(result['assets']['Organization'][organization.id.to_s])
+ assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
+ assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
+ assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
+ assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
+
+ get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(organization.id, result['id'])
+ assert_equal(organization.name, result['name'])
+ assert_not(result['members'])
+ assert_equal([@customer_without_org.id], result['member_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+ end
+
+ test '04.02 organization index and response format' do
+ organization = Organization.create!(
+ name: 'Rest Org NEW',
+ members: [@customer_without_org],
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(organization.id, result.last['id'])
+ assert_equal(organization.name, result.last['name'])
+ assert_not(result.last['members'])
+ assert_equal(organization.member_ids, result.last['member_ids'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(organization.id, result.last['id'])
+ assert_equal(organization.name, result.last['name'])
+ assert_equal(organization.member_ids, result.last['member_ids'])
+ assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(organization.id, result.last['id'])
+ assert_equal(organization.name, result.last['name'])
+ assert_not(result.last['members'])
+ assert_equal(organization.member_ids, result.last['member_ids'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+
+ assert_equal(Hash, result.class)
+ assert_equal(Array, result['record_ids'].class)
+ assert_equal(1, result['record_ids'][0])
+ assert_equal(organization.id, result['record_ids'].last)
+ assert(result['assets'])
+ assert(result['assets']['Organization'])
+ assert(result['assets']['Organization'][organization.id.to_s])
+ assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
+ assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
+ assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
+ assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
+
+ get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(organization.id, result.last['id'])
+ assert_equal(organization.name, result.last['name'])
+ assert_not(result.last['members'])
+ assert_equal(organization.member_ids, result.last['member_ids'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+ end
+
+ test '04.03 ticket create and response format' do
+ params = {
+ name: 'Rest Org NEW',
+ members: [@customer_without_org.login],
+ }
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert_equal(organization.name, result['name'])
+ assert_equal(organization.member_ids, result['member_ids'])
+ assert_not(result['members'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params[:name] = 'Rest Org NEW #2'
+ post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert_equal(organization.name, result['name'])
+ assert_equal(organization.member_ids, result['member_ids'])
+ assert_equal(organization.members.pluck(:login), result['members'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params[:name] = 'Rest Org NEW #3'
+ post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert(result['assets'])
+ assert(result['assets']['Organization'])
+ assert(result['assets']['Organization'][organization.id.to_s])
+ assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
+ assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name'])
+ assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
+ assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
+
+ end
+
+ test '04.04 ticket update and response formats' do
+ organization = Organization.create!(
+ name: 'Rest Org NEW',
+ members: [@customer_without_org],
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ params = {
+ name: 'a update name #1',
+ }
+ put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert_equal(params[:name], result['name'])
+ assert_equal(organization.member_ids, result['member_ids'])
+ assert_not(result['members'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params = {
+ name: 'a update name #2',
+ }
+ put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert_equal(params[:name], result['name'])
+ assert_equal(organization.member_ids, result['member_ids'])
+ assert_equal(organization.members.pluck(:login), [@customer_without_org.login])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params = {
+ name: 'a update name #3',
+ }
+ put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ organization = Organization.find(result['id'])
+ assert(result['assets'])
+ assert(result['assets']['Organization'])
+ assert(result['assets']['Organization'][organization.id.to_s])
+ assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id'])
+ assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name'])
+ assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids'])
+ assert_not(result['assets']['Organization'][organization.id.to_s]['members'])
+
+ end
+
+ test '05.01 csv example - customer no access' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('Not authorized (user)!', result['error'])
+ end
+
+ test '05.02 csv example - admin access' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+
+ rows = CSV.parse(@response.body)
+ header = rows.shift
+
+ assert_equal('id', header[0])
+ assert_equal('name', header[1])
+ assert_equal('shared', header[2])
+ assert_equal('domain', header[3])
+ assert_equal('domain_assignment', header[4])
+ assert_equal('active', header[5])
+ assert_equal('note', header[6])
+ assert(header.include?('members'))
+ end
+
+ test '05.03 csv import - admin access' do
+
+ UserInfo.current_user_id = 1
+ customer1 = User.create!(
+ login: 'customer1-members@example.com',
+ firstname: 'Member',
+ lastname: 'Customer',
+ email: 'customer1-members@example.com',
+ password: 'customerpw',
+ active: true,
+ )
+ customer2 = User.create!(
+ login: 'customer2-members@example.com',
+ firstname: 'Member',
+ lastname: 'Customer',
+ email: 'customer2-members@example.com',
+ password: 'customerpw',
+ active: true,
+ )
+ UserInfo.current_user_id = nil
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ # invalid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('failed', result['result'])
+ assert_equal(2, result['errors'].count)
+ assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0])
+ assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1])
+
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ assert_nil(Organization.find_by(name: 'organization-member-import1'))
+ assert_nil(Organization.find_by(name: 'organization-member-import2'))
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(false, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ organization1 = Organization.find_by(name: 'organization-member-import1')
+ assert(organization1)
+ assert_equal(organization1.name, 'organization-member-import1')
+ assert_equal(organization1.members.count, 1)
+ assert_equal(organization1.members.first.login, customer1.login)
+ assert_equal(organization1.active, true)
+ organization2 = Organization.find_by(name: 'organization-member-import2')
+ assert(organization2)
+ assert_equal(organization2.name, 'organization-member-import2')
+ assert_equal(organization2.members.count, 1)
+ assert_equal(organization2.members.first.login, customer2.login)
+ assert_equal(organization2.active, false)
+
+ end
+
+end
diff --git a/test/controllers/slas_controller_test.rb b/test/controllers/slas_controller_test.rb
new file mode 100644
index 000000000..591e85a3c
--- /dev/null
+++ b/test/controllers/slas_controller_test.rb
@@ -0,0 +1,70 @@
+
+require 'test_helper'
+
+class SlasControllerTest < ActionDispatch::IntegrationTest
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+ @admin = User.create!(
+ login: 'sla-admin',
+ firstname: 'Packages',
+ lastname: 'Admin',
+ email: 'sla-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ end
+
+ test '01 sla index with nobody' do
+
+ get '/api/v1/slas', params: {}, headers: @headers
+ assert_response(401)
+
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal('authentication failed', result['error'])
+
+ end
+
+ test '02 sla index with admin' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('sla-admin@example.com', 'adminpw')
+
+ get '/api/v1/slas', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert(result)
+ assert_equal(0, result.count)
+
+ get '/api/v1/slas?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert(result)
+ assert_equal(0, result.count)
+
+ get '/api/v1/slas?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert(result)
+ assert(result['record_ids'])
+ assert(result['record_ids'].blank?)
+ assert(result['assets'])
+ assert(result['assets']['Calendar'].present?)
+ assert(result['assets'].present?)
+
+ end
+
+end
diff --git a/test/controllers/text_modules_controller_test.rb b/test/controllers/text_modules_controller_test.rb
new file mode 100644
index 000000000..429eea41f
--- /dev/null
+++ b/test/controllers/text_modules_controller_test.rb
@@ -0,0 +1,160 @@
+
+require 'test_helper'
+require 'rake'
+
+class TextModulesControllerTest < ActionDispatch::IntegrationTest
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+
+ @admin = User.create!(
+ login: 'rest-admin',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create agent
+ roles = Role.where(name: 'Agent')
+ @agent = User.create!(
+ login: 'rest-agent@example.com',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-agent@example.com',
+ password: 'agentpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create customer without org
+ roles = Role.where(name: 'Customer')
+ @customer_without_org = User.create!(
+ login: 'rest-customer1@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer1',
+ email: 'rest-customer1@example.com',
+ password: 'customer1pw',
+ active: true,
+ roles: roles,
+ )
+
+ # create customer
+ @customer_with_org = User.create!(
+ login: 'rest-customer2@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer2',
+ email: 'rest-customer2@example.com',
+ password: 'customer2pw',
+ active: true,
+ roles: roles,
+ )
+
+ UserInfo.current_user_id = nil
+ end
+
+ test '05.01 csv example - customer no access' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('Not authorized (user)!', result['error'])
+ end
+
+ test '05.02 csv example - admin access' do
+ TextModule.load('en-en')
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ get '/api/v1/text_modules/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ rows = CSV.parse(@response.body)
+ header = rows.shift
+
+ assert_equal('id', header[0])
+ assert_equal('name', header[1])
+ assert_equal('keywords', header[2])
+ assert_equal('content', header[3])
+ assert_equal('note', header[4])
+ assert_equal('active', header[5])
+ assert_not(header.include?('organization'))
+ assert_not(header.include?('priority'))
+ assert_not(header.include?('state'))
+ assert_not(header.include?('owner'))
+ assert_not(header.include?('customer'))
+ end
+
+ test '05.03 csv import - admin access' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ # invalid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('failed', result['result'])
+ assert_equal(2, result['errors'].count)
+ assert_equal("Line 1: unknown attribute 'keywords2' for TextModule.", result['errors'][0])
+ assert_equal("Line 2: unknown attribute 'keywords2' for TextModule.", result['errors'][1])
+
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/text_modules/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ assert_nil(TextModule.find_by(name: 'some name1'))
+ assert_nil(TextModule.find_by(name: 'some name2'))
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'text_module_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/text_modules/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(false, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ text_module1 = TextModule.find_by(name: 'some name1')
+ assert(text_module1)
+ assert_equal(text_module1.name, 'some name1')
+ assert_equal(text_module1.keywords, 'keyword1')
+ assert_equal(text_module1.content, 'some
content1')
+ assert_equal(text_module1.active, true)
+ text_module2 = TextModule.find_by(name: 'some name2')
+ assert(text_module2)
+ assert_equal(text_module2.name, 'some name2')
+ assert_equal(text_module2.keywords, 'keyword2')
+ assert_equal(text_module2.content, 'some content
test123')
+ assert_equal(text_module2.active, true)
+
+ end
+
+end
diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb
index 051a716cb..bbd13cd42 100644
--- a/test/controllers/tickets_controller_test.rb
+++ b/test/controllers/tickets_controller_test.rb
@@ -2136,6 +2136,8 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
+ created_at: '2018-02-05 17:42:00',
+ updated_at: '2018-02-05 20:42:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -2150,14 +2152,14 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
created_by_id: 1,
)
- travel 2.seconds
-
ticket2 = Ticket.create!(
title: "#{title} B",
group: Group.lookup(name: 'Users'),
customer_id: @customer_without_org.id,
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '3 hoch'),
+ created_at: '2018-02-05 19:42:00',
+ updated_at: '2018-02-05 19:42:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -2177,7 +2179,7 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
- assert_equal([ticket2.id, ticket1.id], result['tickets'])
+ assert_equal([ticket1.id, ticket2.id], result['tickets'])
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
diff --git a/test/controllers/users_controller_test.rb b/test/controllers/users_controller_test.rb
new file mode 100644
index 000000000..2c627314d
--- /dev/null
+++ b/test/controllers/users_controller_test.rb
@@ -0,0 +1,1146 @@
+require 'test_helper'
+
+class UsersControllerTest < ActionDispatch::IntegrationTest
+ include SearchindexHelper
+
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+
+ @backup_admin = User.create!(
+ login: 'backup-admin',
+ firstname: 'Backup',
+ lastname: 'Agent',
+ email: 'backup-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ @admin = User.create!(
+ login: 'rest-admin',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create agent
+ roles = Role.where(name: 'Agent')
+ @agent = User.create!(
+ login: 'rest-agent@example.com',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-agent@example.com',
+ password: 'agentpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create customer without org
+ roles = Role.where(name: 'Customer')
+ @customer_without_org = User.create!(
+ login: 'rest-customer1@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer1',
+ email: 'rest-customer1@example.com',
+ password: 'customer1pw',
+ active: true,
+ roles: roles,
+ )
+
+ # create orgs
+ @organization = Organization.create!(
+ name: 'Rest Org',
+ )
+ @organization2 = Organization.create!(
+ name: 'Rest Org #2',
+ )
+ @organization3 = Organization.create!(
+ name: 'Rest Org #3',
+ )
+
+ # create customer with org
+ @customer_with_org = User.create!(
+ login: 'rest-customer2@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer2',
+ email: 'rest-customer2@example.com',
+ password: 'customer2pw',
+ active: true,
+ roles: roles,
+ organization_id: @organization.id,
+ )
+
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+
+ UserInfo.current_user_id = nil
+ end
+
+ test 'user create tests - no user' do
+
+ post '/api/v1/signshow', params: {}, headers: @headers
+
+ # create user with disabled feature
+ Setting.set('user_create_account', false)
+ token = @response.headers['CSRF-TOKEN']
+
+ # token based on form
+ params = { email: 'some_new_customer@example.com', authenticity_token: token }
+ post '/api/v1/users', params: params.to_json, headers: @headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Feature not enabled!', result['error'])
+
+ # token based on headers
+ headers = @headers.merge('X-CSRF-Token' => token)
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Feature not enabled!', result['error'])
+
+ Setting.set('user_create_account', true)
+
+ # no signup param with enabled feature
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Only signup with not authenticate user possible!', result['error'])
+
+ # already existing user with enabled feature
+ params = { email: 'rest-customer1@example.com', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Email address is already used for other user.', result['error'])
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Attribute \'email\' required!', result['error'])
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Attribute \'email\' required!', result['error'])
+
+ # create user with enabled feature (take customer role)
+ params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ assert_equal('Me First', result['firstname'])
+ assert_equal('Me Last', result['lastname'])
+ assert_equal('new_here@example.com', result['login'])
+ assert_equal('new_here@example.com', result['email'])
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # create user with admin role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # create user with agent role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # no user (because of no session)
+ get '/api/v1/users', params: {}, headers: headers
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: headers
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - not existing user' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - username auth, wrong pw' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - email auth, wrong pw' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - username auth' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ end
+
+ test 'auth tests - email auth' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ end
+
+ test 'user index and create with admin' do
+
+ # email auth
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-admin@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Array)
+ assert(result.length >= 3)
+
+ # show/:id
+ get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-agent@example.com')
+
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_admin_by_admin@example.com', result['login'])
+ assert_equal('new_admin_by_admin@example.com', result['email'])
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_agent_by_admin1@example.com', result['login'])
+ assert_equal('new_agent_by_admin1@example.com', result['email'])
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_agent_by_admin2@example.com', result['login'])
+ assert_equal('new_agent_by_admin2@example.com', result['email'])
+ assert_equal('Agent', result['firstname'])
+ assert_equal('First', result['lastname'])
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Email address is already used for other user.', result['error'])
+
+ # missing required attributes
+ params = { note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
+
+ # invalid email
+ params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Invalid email', result['error'])
+
+ # with valid attributes
+ params = { firstname: 'newfirstname123', note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert(result['login'].start_with?('auto-'))
+ assert_equal('', result['email'])
+ assert_equal('newfirstname123', result['firstname'])
+ assert_equal('', result['lastname'])
+ end
+
+ test 'user index and create with agent' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-agent@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Array)
+ assert(result.length >= 3)
+
+ get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ users = User.order(:id).limit(2)
+ assert_equal(users[0].id, result[0]['id'])
+ assert_equal(users[1].id, result[1]['id'])
+ assert_equal(2, result.count)
+
+ get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ users = User.order(:id).limit(4)
+ assert_equal(users[2].id, result[0]['id'])
+ assert_equal(users[3].id, result[1]['id'])
+ assert_equal(2, result.count)
+
+ # create user with admin role
+ firstname = "First test#{rand(999_999_999)}"
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_admin_by_agent@example.com', result_user1['login'])
+ assert_equal('new_admin_by_agent@example.com', result_user1['email'])
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_agent_by_agent@example.com', result_user1['login'])
+ assert_equal('new_agent_by_agent@example.com', result_user1['email'])
+
+ # create user with customer role
+ role = Role.lookup(name: 'Customer')
+ params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_customer_by_agent@example.com', result_user1['login'])
+ assert_equal('new_customer_by_agent@example.com', result_user1['email'])
+
+ # search as agent
+ Scheduler.worker(true)
+ sleep 2 # let es time to come ready
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname}", result[0]['firstname'])
+ assert_equal('Customer Last', result[0]['lastname'])
+ assert(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname}", result[0]['firstname'])
+ assert_equal('Customer Last', result[0]['lastname'])
+ assert(result[0]['role_ids'])
+ assert(result[0]['roles'])
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal('new_customer_by_agent@example.com', result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ role = Role.find_by(name: 'Agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(0, result.count)
+
+ role = Role.find_by(name: 'Customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ permission = Permission.find_by(name: 'ticket.agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(0, result.count)
+
+ permission = Permission.find_by(name: 'ticket.customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+ end
+
+ test 'user index and create with customer1' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert(result['error'])
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'user index with customer2' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-customer2@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer2@example.com')
+
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert(result['error'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test '04.01 users show and response format' do
+ roles = Role.where(name: 'Customer')
+ organization = Organization.first
+ user = User.create!(
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ roles: roles,
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+ get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(user.id, result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_not(result['organization'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_not(result['password'])
+ assert_equal(user.role_ids, result['role_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(user.id, result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_equal(user.organization.name, result['organization'])
+ assert_equal(user.role_ids, result['role_ids'])
+ assert_not(result['password'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(user.id, result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_not(result['organization'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_not(result['password'])
+ assert_equal(user.role_ids, result['role_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+
+ assert_equal(Hash, result.class)
+ assert_equal(user.id, result['id'])
+ assert(result['assets'])
+ assert(result['assets']['User'])
+ assert(result['assets']['User'][user.id.to_s])
+ assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
+ assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
+ assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
+ assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids'])
+
+ get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+ assert_equal(user.id, result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_not(result['organization'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_not(result['password'])
+ assert_equal(user.role_ids, result['role_ids'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+ end
+
+ test '04.02 user index and response format' do
+ roles = Role.where(name: 'Customer')
+ organization = Organization.first
+ user = User.create!(
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ roles: roles,
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(user.id, result.last['id'])
+ assert_equal(user.lastname, result.last['lastname'])
+ assert_not(result.last['organization'])
+ assert_equal(user.role_ids, result.last['role_ids'])
+ assert_equal(user.organization_id, result.last['organization_id'])
+ assert_not(result.last['password'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(user.id, result.last['id'])
+ assert_equal(user.lastname, result.last['lastname'])
+ assert_equal(user.organization_id, result.last['organization_id'])
+ assert_equal(user.organization.name, result.last['organization'])
+ assert_not(result.last['password'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(user.id, result.last['id'])
+ assert_equal(user.lastname, result.last['lastname'])
+ assert_not(result.last['organization'])
+ assert_equal(user.role_ids, result.last['role_ids'])
+ assert_equal(user.organization_id, result.last['organization_id'])
+ assert_not(result.last['password'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+
+ get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+
+ assert_equal(Hash, result.class)
+ assert_equal(Array, result['record_ids'].class)
+ assert_equal(1, result['record_ids'][0])
+ assert_equal(user.id, result['record_ids'].last)
+ assert(result['assets'])
+ assert(result['assets']['User'])
+ assert(result['assets']['User'][user.id.to_s])
+ assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
+ assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
+ assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
+ assert_not(result['assets']['User'][user.id.to_s]['password'])
+
+ get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(Hash, result[0].class)
+ assert_equal(user.id, result.last['id'])
+ assert_equal(user.lastname, result.last['lastname'])
+ assert_not(result.last['organization'])
+ assert_equal(user.role_ids, result.last['role_ids'])
+ assert_equal(user.organization_id, result.last['organization_id'])
+ assert_not(result.last['password'])
+ assert_equal(@admin.id, result.last['updated_by_id'])
+ assert_equal(@admin.id, result.last['created_by_id'])
+ end
+
+ test '04.03 ticket create and response format' do
+ organization = Organization.first
+ params = {
+ firstname: 'newfirstname123',
+ note: 'some note',
+ organization: organization.name,
+ }
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_not(result['organization'])
+ assert_not(result['password'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert_equal(user.firstname, result['firstname'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_equal(user.organization.name, result['organization'])
+ assert_not(result['password'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert(result['assets'])
+ assert(result['assets']['User'])
+ assert(result['assets']['User'][user.id.to_s])
+ assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
+ assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
+ assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
+ assert_not(result['assets']['User'][user.id.to_s]['password'])
+
+ assert(result['assets']['User'][@admin.id.to_s])
+ assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
+ assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
+ assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
+ assert_not(result['assets']['User'][@admin.id.to_s]['password'])
+
+ end
+
+ test '04.04 ticket update and response formats' do
+ roles = Role.where(name: 'Customer')
+ organization = Organization.first
+ user = User.create!(
+ login: 'rest-customer3@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer3',
+ email: 'rest-customer3@example.com',
+ password: 'customer3pw',
+ active: true,
+ organization: organization,
+ roles: roles,
+ updated_by_id: @admin.id,
+ created_by_id: @admin.id,
+ )
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ params = {
+ firstname: 'a update firstname #1',
+ }
+ put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert_equal(user.lastname, result['lastname'])
+ assert_equal(params[:firstname], result['firstname'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_not(result['organization'])
+ assert_not(result['password'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params = {
+ firstname: 'a update firstname #2',
+ }
+ put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert_equal(user.lastname, result['lastname'])
+ assert_equal(params[:firstname], result['firstname'])
+ assert_equal(user.organization_id, result['organization_id'])
+ assert_equal(user.organization.name, result['organization'])
+ assert_not(result['password'])
+ assert_equal(@admin.id, result['updated_by_id'])
+ assert_equal(@admin.id, result['created_by_id'])
+
+ params = {
+ firstname: 'a update firstname #3',
+ }
+ put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ user = User.find(result['id'])
+ assert(result['assets'])
+ assert(result['assets']['User'])
+ assert(result['assets']['User'][user.id.to_s])
+ assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
+ assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname'])
+ assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
+ assert_not(result['assets']['User'][user.id.to_s]['password'])
+
+ assert(result['assets']['User'][@admin.id.to_s])
+ assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
+ assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
+ assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
+ assert_not(result['assets']['User'][@admin.id.to_s]['password'])
+
+ end
+
+ test '05.01 csv example - customer no access' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('Not authorized (user)!', result['error'])
+ end
+
+ test '05.02 csv example - admin access' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+
+ rows = CSV.parse(@response.body)
+ header = rows.shift
+
+ assert_equal('id', header[0])
+ assert_equal('login', header[1])
+ assert_equal('firstname', header[2])
+ assert_equal('lastname', header[3])
+ assert_equal('email', header[4])
+ assert(header.include?('organization'))
+ end
+
+ test '05.03 csv import - admin access' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ # invalid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('failed', result['result'])
+ assert_equal(2, result['errors'].count)
+ assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0])
+ assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1])
+
+ # valid file try
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(true, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ assert_nil(User.find_by(login: 'user-simple-import1'))
+ assert_nil(User.find_by(login: 'user-simple-import2'))
+
+ # valid file
+ csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
+ csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
+ post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Hash, result.class)
+
+ assert_equal(false, result['try'])
+ assert_equal(2, result['records'].count)
+ assert_equal('success', result['result'])
+
+ user1 = User.find_by(login: 'user-simple-import1')
+ assert(user1)
+ assert_equal(user1.login, 'user-simple-import1')
+ assert_equal(user1.firstname, 'firstname-simple-import1')
+ assert_equal(user1.lastname, 'lastname-simple-import1')
+ assert_equal(user1.email, 'user-simple-import1@example.com')
+ assert_equal(user1.active, true)
+ user2 = User.find_by(login: 'user-simple-import2')
+ assert(user2)
+ assert_equal(user2.login, 'user-simple-import2')
+ assert_equal(user2.firstname, 'firstname-simple-import2')
+ assert_equal(user2.lastname, 'lastname-simple-import2')
+ assert_equal(user2.email, 'user-simple-import2@example.com')
+ assert_equal(user2.active, false)
+
+ user1.destroy!
+ user2.destroy!
+ end
+
+ test 'user search sortable' do
+ firstname = "user_search_sortable #{rand(999_999_999)}"
+
+ roles = Role.where(name: 'Customer')
+ user1 = User.create_or_update(
+ login: 'rest-user_search_sortableA@example.com',
+ firstname: "#{firstname} A",
+ lastname: 'user_search_sortableA',
+ email: 'rest-user_search_sortableA@example.com',
+ password: 'user_search_sortableA',
+ active: true,
+ roles: roles,
+ organization_id: @organization.id,
+ out_of_office: false,
+ created_at: '2016-02-05 17:42:00',
+ updated_at: '2016-02-05 20:42:00',
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+ user2 = User.create_or_update(
+ login: 'rest-user_search_sortableB@example.com',
+ firstname: "#{firstname} B",
+ lastname: 'user_search_sortableB',
+ email: 'rest-user_search_sortableB@example.com',
+ password: 'user_search_sortableB',
+ active: true,
+ roles: roles,
+ organization_id: @organization.id,
+ out_of_office_start_at: '2016-02-06 19:42:00',
+ out_of_office_end_at: '2016-02-07 19:42:00',
+ out_of_office_replacement_id: 1,
+ out_of_office: true,
+ created_at: '2016-02-05 19:42:00',
+ updated_at: '2016-02-05 19:42:00',
+ updated_by_id: 1,
+ created_by_id: 1,
+ )
+ Scheduler.worker(true)
+ sleep 2 # let es time to come ready
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user1.id, user2.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user1.id, user2.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user1.id, user2.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user2.id, user1.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user2.id, user1.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user2.id, user1.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user1.id, user2.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user2.id, user1.id], result)
+
+ get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ result.collect! { |v| v['id'] }
+ assert_equal([user1.id, user2.id], result)
+ end
+
+end
diff --git a/test/controllers/users_organization_controller_test.rb b/test/controllers/users_organization_controller_test.rb
new file mode 100644
index 000000000..17b8aa0c6
--- /dev/null
+++ b/test/controllers/users_organization_controller_test.rb
@@ -0,0 +1,773 @@
+require 'test_helper'
+
+class UsersOrganizationControllerTest < ActionDispatch::IntegrationTest
+ include SearchindexHelper
+
+ setup do
+
+ # set accept header
+ @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+
+ # create agent
+ roles = Role.where(name: %w[Admin Agent])
+ groups = Group.all
+
+ UserInfo.current_user_id = 1
+
+ @backup_admin = User.create!(
+ login: 'backup-admin',
+ firstname: 'Backup',
+ lastname: 'Agent',
+ email: 'backup-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ @admin = User.create!(
+ login: 'rest-admin',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-admin@example.com',
+ password: 'adminpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create agent
+ roles = Role.where(name: 'Agent')
+ @agent = User.create!(
+ login: 'rest-agent@example.com',
+ firstname: 'Rest',
+ lastname: 'Agent',
+ email: 'rest-agent@example.com',
+ password: 'agentpw',
+ active: true,
+ roles: roles,
+ groups: groups,
+ )
+
+ # create customer without org
+ roles = Role.where(name: 'Customer')
+ @customer_without_org = User.create!(
+ login: 'rest-customer1@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer1',
+ email: 'rest-customer1@example.com',
+ password: 'customer1pw',
+ active: true,
+ roles: roles,
+ )
+
+ # create orgs
+ @organization = Organization.create!(
+ name: 'Rest Org',
+ note: 'Rest Org A',
+ )
+ @organization2 = Organization.create!(
+ name: 'Rest Org #2',
+ note: 'Rest Org B',
+ )
+ @organization3 = Organization.create!(
+ name: 'Rest Org #3',
+ note: 'Rest Org C',
+ )
+
+ # create customer with org
+ @customer_with_org = User.create!(
+ login: 'rest-customer2@example.com',
+ firstname: 'Rest',
+ lastname: 'Customer2',
+ email: 'rest-customer2@example.com',
+ password: 'customer2pw',
+ active: true,
+ roles: roles,
+ organization_id: @organization.id,
+ )
+
+ configure_elasticsearch do
+
+ travel 1.minute
+
+ rebuild_searchindex
+
+ # execute background jobs
+ Scheduler.worker(true)
+
+ sleep 6
+ end
+ end
+
+ test 'user create tests - no user' do
+
+ post '/api/v1/signshow', params: {}, headers: @headers
+
+ # create user with disabled feature
+ Setting.set('user_create_account', false)
+ token = @response.headers['CSRF-TOKEN']
+
+ # token based on form
+ params = { email: 'some_new_customer@example.com', authenticity_token: token }
+ post '/api/v1/users', params: params.to_json, headers: @headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Feature not enabled!', result['error'])
+
+ # token based on headers
+ headers = @headers.merge('X-CSRF-Token' => token)
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Feature not enabled!', result['error'])
+
+ Setting.set('user_create_account', true)
+
+ # no signup param with enabled feature
+ params = { email: 'some_new_customer@example.com' }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Only signup with not authenticate user possible!', result['error'])
+
+ # already existing user with enabled feature
+ params = { email: 'rest-customer1@example.com', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Email address is already used for other user.', result['error'])
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Attribute \'email\' required!', result['error'])
+
+ # email missing with enabled feature
+ params = { firstname: 'some firstname', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result['error'])
+ assert_equal('Attribute \'email\' required!', result['error'])
+
+ # create user with enabled feature (take customer role)
+ params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ assert_equal('Me First', result['firstname'])
+ assert_equal('Me Last', result['lastname'])
+ assert_equal('new_here@example.com', result['login'])
+ assert_equal('new_here@example.com', result['email'])
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # create user with admin role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # create user with agent role (not allowed for signup, take customer role)
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
+ post '/api/v1/users', params: params.to_json, headers: headers
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+
+ # no user (because of no session)
+ get '/api/v1/users', params: {}, headers: headers
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: headers
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - not existing user' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - username auth, wrong pw' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - email auth, wrong pw' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal('authentication failed', result['error'])
+ end
+
+ test 'auth tests - username auth' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ end
+
+ test 'auth tests - email auth' do
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ end
+
+ test 'user index and create with admin' do
+
+ # email auth
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-admin@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Array)
+ assert(result.length >= 3)
+
+ # show/:id
+ get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-agent@example.com')
+
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_admin_by_admin@example.com', result['login'])
+ assert_equal('new_admin_by_admin@example.com', result['email'])
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_agent_by_admin1@example.com', result['login'])
+ assert_equal('new_agent_by_admin1@example.com', result['email'])
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert(user.role?('Agent'))
+ assert_not(user.role?('Customer'))
+ assert_equal('new_agent_by_admin2@example.com', result['login'])
+ assert_equal('new_agent_by_admin2@example.com', result['email'])
+ assert_equal('Agent', result['firstname'])
+ assert_equal('First', result['lastname'])
+
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Email address is already used for other user.', result['error'])
+
+ # missing required attributes
+ params = { note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
+
+ # invalid email
+ params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(422)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal('Invalid email', result['error'])
+
+ # with valid attributes
+ params = { firstname: 'newfirstname123', note: 'some note' }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result = JSON.parse(@response.body)
+ assert(result)
+ user = User.find(result['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert(result['login'].start_with?('auto-'))
+ assert_equal('', result['email'])
+ assert_equal('newfirstname123', result['firstname'])
+ assert_equal('', result['lastname'])
+ end
+
+ test 'user index and create with agent' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-agent@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result.class, Array)
+ assert(result.length >= 3)
+
+ get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ users = User.order(:id).limit(2)
+ assert_equal(users[0].id, result[0]['id'])
+ assert_equal(users[1].id, result[1]['id'])
+ assert_equal(2, result.count)
+
+ get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ users = User.order(:id).limit(4)
+ assert_equal(users[2].id, result[0]['id'])
+ assert_equal(users[3].id, result[1]['id'])
+ assert_equal(2, result.count)
+
+ # create user with admin role
+ firstname = "First test#{rand(999_999_999)}"
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_admin_by_agent@example.com', result_user1['login'])
+ assert_equal('new_admin_by_agent@example.com', result_user1['email'])
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_agent_by_agent@example.com', result_user1['login'])
+ assert_equal('new_agent_by_agent@example.com', result_user1['email'])
+
+ # create user with customer role
+ role = Role.lookup(name: 'Customer')
+ params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(201)
+ result_user1 = JSON.parse(@response.body)
+ assert(result_user1)
+ user = User.find(result_user1['id'])
+ assert_not(user.role?('Admin'))
+ assert_not(user.role?('Agent'))
+ assert(user.role?('Customer'))
+ assert_equal('new_customer_by_agent@example.com', result_user1['login'])
+ assert_equal('new_customer_by_agent@example.com', result_user1['email'])
+
+ # search as agent
+ Scheduler.worker(true)
+ sleep 2 # let es time to come ready
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname}", result[0]['firstname'])
+ assert_equal('Customer Last', result[0]['lastname'])
+ assert(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname}", result[0]['firstname'])
+ assert_equal('Customer Last', result[0]['lastname'])
+ assert(result[0]['role_ids'])
+ assert(result[0]['roles'])
+
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ role = Role.find_by(name: 'Agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(0, result.count)
+
+ role = Role.find_by(name: 'Customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+
+ permission = Permission.find_by(name: 'ticket.agent')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(0, result.count)
+
+ permission = Permission.find_by(name: 'ticket.customer')
+ get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal(result_user1['id'], result[0]['id'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['label'])
+ assert_equal("Customer#{firstname} Customer Last ", result[0]['value'])
+ assert_not(result[0]['role_ids'])
+ assert_not(result[0]['roles'])
+ end
+
+ test 'user index and create with customer1' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer1@example.com')
+
+ get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert(result['error'])
+
+ # create user with admin role
+ role = Role.lookup(name: 'Admin')
+ params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+
+ # create user with agent role
+ role = Role.lookup(name: 'Agent')
+ params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
+ post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'user index with customer2' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
+
+ # me
+ get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert(result)
+ assert_equal(result['email'], 'rest-customer2@example.com')
+
+ # index
+ get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['email'], 'rest-customer2@example.com')
+
+ get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert(result['error'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'organization index with agent' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result[0]['member_ids'].class, Array)
+ assert(result.length >= 3)
+
+ get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ organizations = Organization.order(:id).limit(2)
+ assert_equal(organizations[0].id, result[0]['id'])
+ assert_equal(organizations[0].member_ids, result[0]['member_ids'])
+ assert_equal(organizations[1].id, result[1]['id'])
+ assert_equal(organizations[1].member_ids, result[1]['member_ids'])
+ assert_equal(2, result.count)
+
+ get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ organizations = Organization.order(:id).limit(4)
+ assert_equal(organizations[2].id, result[0]['id'])
+ assert_equal(organizations[2].member_ids, result[0]['member_ids'])
+ assert_equal(organizations[3].id, result[1]['id'])
+ assert_equal(organizations[3].member_ids, result[1]['member_ids'])
+
+ assert_equal(2, result.count)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['member_ids'].class, Array)
+ assert_not(result['members'])
+ assert_equal(result['name'], 'Rest Org')
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['member_ids'].class, Array)
+ assert_not(result['members'])
+ assert_equal(result['name'], 'Rest Org #2')
+
+ # search as agent
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['name'])
+ assert(result[0]['member_ids'])
+ assert_not(result[0]['members'])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['name'])
+ assert(result[0]['member_ids'])
+ assert(result[0]['members'])
+
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(Array, result.class)
+ assert_equal('Zammad Foundation', result[0]['label'])
+ assert_equal('Zammad Foundation', result[0]['value'])
+ assert_not(result[0]['member_ids'])
+ assert_not(result[0]['members'])
+ end
+
+ test 'organization index with customer1' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 0)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+ test 'organization index with customer2' do
+
+ credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
+
+ # index
+ get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Array)
+ assert_equal(result.length, 1)
+
+ # show/:id
+ get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(200)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_equal(result['name'], 'Rest Org')
+
+ get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ result = JSON.parse(@response.body)
+ assert_equal(result.class, Hash)
+ assert_nil(result['name'])
+
+ # search
+ Scheduler.worker(true)
+ get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials)
+ assert_response(401)
+ end
+
+end
diff --git a/test/unit/calendar_subscription_test.rb b/test/unit/calendar_subscription_test.rb
index 36292b148..f79eadd96 100644
--- a/test/unit/calendar_subscription_test.rb
+++ b/test/unit/calendar_subscription_test.rb
@@ -6,13 +6,13 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
# create base
group_default = Group.lookup(name: 'Users')
- group_calendar = Group.create_or_update(
+ group_calendar = Group.create!(
name: 'CalendarSubscription',
updated_by_id: 1,
created_by_id: 1,
)
roles = Role.where(name: 'Agent')
- agent1 = User.create_or_update(
+ agent1 = User.create!(
login: 'ticket-calendar-subscription-agent1@example.com',
firstname: 'Notification',
lastname: 'Agent1',
@@ -25,7 +25,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
updated_by_id: 1,
created_by_id: 1,
)
- agent2 = User.create_or_update(
+ agent2 = User.create!(
login: 'ticket-calendar-subscription-agent2@example.com',
firstname: 'Notification',
lastname: 'Agent2',
@@ -46,7 +46,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
updated_by_id: 1,
created_by_id: 1,
)
- customer1 = User.create_or_update(
+ customer1 = User.create!(
login: 'ticket-calendar-subscription-customer1@example.com',
firstname: 'Notification',
lastname: 'Customer1',
@@ -60,7 +60,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
updated_by_id: 1,
created_by_id: 1,
)
- customer2 = User.create_or_update(
+ customer2 = User.create!(
login: 'ticket-calendar-subscription-customer2@example.com',
firstname: 'Notification',
lastname: 'Customer2',
@@ -85,6 +85,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:37:00',
+ updated_at: '2016-02-05 16:37:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -96,6 +97,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:38:00',
+ updated_at: '2016-02-05 16:38:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -108,6 +110,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
pending_time: '2016-02-07 16:37:00',
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:39:00',
+ updated_at: '2016-02-05 16:39:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -120,6 +123,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
pending_time: '2016-02-07 16:38:00',
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:40:00',
+ updated_at: '2016-02-05 16:40:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -131,6 +135,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:41:00',
+ updated_at: '2016-02-05 16:41:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -144,6 +149,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 16:42:00',
+ updated_at: '2016-02-05 16:42:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -157,6 +163,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:37:00',
+ updated_at: '2016-02-05 17:37:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -168,6 +175,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:38:00',
+ updated_at: '2016-02-05 17:38:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -180,6 +188,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
pending_time: '2016-02-08 16:37:00',
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:39:00',
+ updated_at: '2016-02-05 17:39:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -192,6 +201,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
pending_time: '2016-02-08 16:38:00',
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:40:00',
+ updated_at: '2016-02-05 17:40:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -203,6 +213,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:41:00',
+ updated_at: '2016-02-05 17:41:00',
updated_by_id: 1,
created_by_id: 1,
)
@@ -216,6 +227,7 @@ class CalendarSubscriptionTest < ActiveSupport::TestCase
state: Ticket::State.lookup(name: 'new'),
priority: Ticket::Priority.lookup(name: '2 normal'),
created_at: '2016-02-05 17:42:00',
+ updated_at: '2016-02-05 17:42:00',
updated_by_id: 1,
created_by_id: 1,
)