Enhancement: Reflect current_user in ticket_customer lookup.
This commit is contained in:
parent
1cbb139476
commit
b0c4c0cb3f
4 changed files with 70 additions and 5 deletions
|
@ -14,7 +14,9 @@
|
||||||
# Configuration parameters: CountComments, ExcludedMethods.
|
# Configuration parameters: CountComments, ExcludedMethods.
|
||||||
# ExcludedMethods: refine
|
# ExcludedMethods: refine
|
||||||
Metrics/BlockLength:
|
Metrics/BlockLength:
|
||||||
Max: 1987
|
Max: 1653
|
||||||
|
Exclude:
|
||||||
|
- 'spec/requests/ticket_spec.rb'
|
||||||
|
|
||||||
# Offense count: 16
|
# Offense count: 16
|
||||||
RSpec/AnyInstance:
|
RSpec/AnyInstance:
|
||||||
|
|
|
@ -284,6 +284,7 @@ class TicketsController < ApplicationController
|
||||||
|
|
||||||
# return result
|
# return result
|
||||||
result = Ticket::ScreenOptions.list_by_customer(
|
result = Ticket::ScreenOptions.list_by_customer(
|
||||||
|
current_user: current_user,
|
||||||
customer_id: params[:customer_id],
|
customer_id: params[:customer_id],
|
||||||
limit: 15,
|
limit: 15,
|
||||||
)
|
)
|
||||||
|
|
|
@ -180,11 +180,16 @@ returns
|
||||||
state_id_list_open = Ticket::State.by_category(:open).pluck(:id)
|
state_id_list_open = Ticket::State.by_category(:open).pluck(:id)
|
||||||
state_id_list_closed = Ticket::State.by_category(:closed).pluck(:id)
|
state_id_list_closed = Ticket::State.by_category(:closed).pluck(:id)
|
||||||
|
|
||||||
|
# open tickets by customer
|
||||||
|
access_condition = Ticket.access_condition(data[:current_user], 'read')
|
||||||
|
|
||||||
# get tickets
|
# get tickets
|
||||||
tickets_open = Ticket.where(
|
tickets_open = Ticket.where(
|
||||||
customer_id: data[:customer_id],
|
customer_id: data[:customer_id],
|
||||||
state_id: state_id_list_open
|
state_id: state_id_list_open
|
||||||
).limit(data[:limit] || 15).order(created_at: :desc)
|
)
|
||||||
|
.where(access_condition)
|
||||||
|
.limit(data[:limit] || 15).order(created_at: :desc)
|
||||||
assets = {}
|
assets = {}
|
||||||
ticket_ids_open = []
|
ticket_ids_open = []
|
||||||
tickets_open.each do |ticket|
|
tickets_open.each do |ticket|
|
||||||
|
@ -195,7 +200,9 @@ returns
|
||||||
tickets_closed = Ticket.where(
|
tickets_closed = Ticket.where(
|
||||||
customer_id: data[:customer_id],
|
customer_id: data[:customer_id],
|
||||||
state_id: state_id_list_closed
|
state_id: state_id_list_closed
|
||||||
).limit(data[:limit] || 15).order(created_at: :desc)
|
)
|
||||||
|
.where(access_condition)
|
||||||
|
.limit(data[:limit] || 15).order(created_at: :desc)
|
||||||
ticket_ids_closed = []
|
ticket_ids_closed = []
|
||||||
tickets_closed.each do |ticket|
|
tickets_closed.each do |ticket|
|
||||||
ticket_ids_closed.push ticket.id
|
ticket_ids_closed.push ticket.id
|
||||||
|
|
|
@ -2154,4 +2154,59 @@ RSpec.describe 'Ticket', type: :request do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'GET /api/v1/ticket_customer' do
|
||||||
|
|
||||||
|
subject(:ticket) { create(:ticket, customer: customer_authorized) }
|
||||||
|
|
||||||
|
let(:organization_authorized) { create(:organization) }
|
||||||
|
let(:customer_authorized) { create(:customer_user, organization: organization_authorized) }
|
||||||
|
|
||||||
|
let(:organization_unauthorized) { create(:organization) }
|
||||||
|
let(:customer_unauthorized) { create(:customer_user, organization: organization_unauthorized) }
|
||||||
|
|
||||||
|
let(:agent) { create(:agent_user, groups: [ticket.group]) }
|
||||||
|
|
||||||
|
describe 'listing information' do
|
||||||
|
|
||||||
|
before do
|
||||||
|
ticket
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'has access' do
|
||||||
|
it 'succeeds' do
|
||||||
|
get '/api/v1/ticket_customer',
|
||||||
|
params: { customer_id: customer_authorized.id },
|
||||||
|
as: :json
|
||||||
|
|
||||||
|
expect(json_response['ticket_ids_open']).to include(ticket.id)
|
||||||
|
expect(json_response['ticket_ids_closed']).to be_blank
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
shared_examples 'has no access' do
|
||||||
|
it 'fails' do
|
||||||
|
get '/api/v1/ticket_customer',
|
||||||
|
params: { customer_id: customer_authorized.id },
|
||||||
|
as: :json
|
||||||
|
|
||||||
|
expect(json_response['ticket_ids_open']).to be_blank
|
||||||
|
expect(json_response['ticket_ids_closed']).to be_blank
|
||||||
|
expect(json_response['assets']).to be_blank
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as agent', authenticated_as: -> { agent } do
|
||||||
|
include_examples 'has access'
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as authorized customer', authenticated_as: -> { customer_authorized } do
|
||||||
|
include_examples 'has access'
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'as unauthorized customer', authenticated_as: -> { customer_unauthorized } do
|
||||||
|
include_examples 'has no access'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue