Enhancement: Reflect current_user in ticket_customer lookup.

This commit is contained in:
Thorsten Eckel 2020-02-13 12:53:09 +01:00
parent 1cbb139476
commit b0c4c0cb3f
4 changed files with 70 additions and 5 deletions

View file

@ -14,7 +14,9 @@
# Configuration parameters: CountComments, ExcludedMethods.
# ExcludedMethods: refine
Metrics/BlockLength:
Max: 1987
Max: 1653
Exclude:
- 'spec/requests/ticket_spec.rb'
# Offense count: 16
RSpec/AnyInstance:

View file

@ -284,6 +284,7 @@ class TicketsController < ApplicationController
# return result
result = Ticket::ScreenOptions.list_by_customer(
current_user: current_user,
customer_id: params[:customer_id],
limit: 15,
)

View file

@ -180,11 +180,16 @@ returns
state_id_list_open = Ticket::State.by_category(:open).pluck(:id)
state_id_list_closed = Ticket::State.by_category(:closed).pluck(:id)
# open tickets by customer
access_condition = Ticket.access_condition(data[:current_user], 'read')
# get tickets
tickets_open = Ticket.where(
customer_id: data[:customer_id],
state_id: state_id_list_open
).limit(data[:limit] || 15).order(created_at: :desc)
)
.where(access_condition)
.limit(data[:limit] || 15).order(created_at: :desc)
assets = {}
ticket_ids_open = []
tickets_open.each do |ticket|
@ -195,7 +200,9 @@ returns
tickets_closed = Ticket.where(
customer_id: data[:customer_id],
state_id: state_id_list_closed
).limit(data[:limit] || 15).order(created_at: :desc)
)
.where(access_condition)
.limit(data[:limit] || 15).order(created_at: :desc)
ticket_ids_closed = []
tickets_closed.each do |ticket|
ticket_ids_closed.push ticket.id

View file

@ -2154,4 +2154,59 @@ RSpec.describe 'Ticket', type: :request do
end
end
end
describe 'GET /api/v1/ticket_customer' do
subject(:ticket) { create(:ticket, customer: customer_authorized) }
let(:organization_authorized) { create(:organization) }
let(:customer_authorized) { create(:customer_user, organization: organization_authorized) }
let(:organization_unauthorized) { create(:organization) }
let(:customer_unauthorized) { create(:customer_user, organization: organization_unauthorized) }
let(:agent) { create(:agent_user, groups: [ticket.group]) }
describe 'listing information' do
before do
ticket
end
shared_examples 'has access' do
it 'succeeds' do
get '/api/v1/ticket_customer',
params: { customer_id: customer_authorized.id },
as: :json
expect(json_response['ticket_ids_open']).to include(ticket.id)
expect(json_response['ticket_ids_closed']).to be_blank
end
end
shared_examples 'has no access' do
it 'fails' do
get '/api/v1/ticket_customer',
params: { customer_id: customer_authorized.id },
as: :json
expect(json_response['ticket_ids_open']).to be_blank
expect(json_response['ticket_ids_closed']).to be_blank
expect(json_response['assets']).to be_blank
end
end
context 'as agent', authenticated_as: -> { agent } do
include_examples 'has access'
end
context 'as authorized customer', authenticated_as: -> { customer_authorized } do
include_examples 'has access'
end
context 'as unauthorized customer', authenticated_as: -> { customer_unauthorized } do
include_examples 'has no access'
end
end
end
end