Fixes #4035 - Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions.

app/assets/javascripts/app/controllers/_ui_element/_application_selector.coffee

@@ -94,10 +94,11 @@ class App.UiElement.ApplicationSelector
             operator: [__('is in working time'), __('is not in working time')]
 
       else
-        for row in App[groupMeta.model].configure_attributes
+        attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
+        configureAttributes = attributesByObject[groupMeta.model] || []
+        for config in configureAttributes
           # ignore passwords and relations
-          if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
-            config = _.clone(row)
+          if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
             if config.tag is 'textarea'
               config.expanding = false
             if config.type is 'email' || config.type is 'tel'

app/assets/javascripts/app/controllers/_ui_element/core_workflow_condition.coffee

@@ -147,13 +147,14 @@ class App.UiElement.core_workflow_condition extends App.UiElement.ApplicationSel
           multiple: true
         }
 
-      for row in App[groupMeta.model].configure_attributes
-        continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], row.tag)
-        continue if groupKey is 'ticket' && _.contains(['number', 'title'], row.name)
+      attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
+      configureAttributes = attributesByObject[groupMeta.model] || []
+      for config in configureAttributes
+        continue if !_.contains(['input', 'textarea', 'richtext', 'multiselect', 'select', 'integer', 'boolean', 'active', 'tree_select', 'autocompletion_ajax'], config.tag)
+        continue if groupKey is 'ticket' && _.contains(['number', 'title'], config.name)
 
         # ignore passwords and relations
-        if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
-          config = _.clone(row)
+        if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
           if config.tag is 'textarea'
             config.expanding = false
           if /^((multi)?select)$/.test(config.tag)

app/assets/javascripts/app/controllers/_ui_element/core_workflow_perform.coffee

@@ -63,14 +63,15 @@ class App.UiElement.core_workflow_perform extends App.UiElement.ApplicationSelec
         elements['custom.module'] = { name: 'module', display: __('Module'), tag: 'select', multiple: true, options: options, null: false, operator: ['execute'] }
         continue
 
-      for row in App[groupMeta.model].configure_attributes
-        continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], row.tag)
-        continue if _.contains(['created_at', 'updated_at'], row.name)
-        continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], row.name)
+      attributesByObject = App.ObjectManagerAttribute.selectorAttributesByObject()
+      configureAttributes = attributesByObject[groupMeta.model] || []
+      for config in configureAttributes
+        continue if !_.contains(['input', 'textarea', 'select', 'multiselect', 'integer', 'boolean', 'tree_select', 'date', 'datetime'], config.tag)
+        continue if _.contains(['created_at', 'updated_at'], config.name)
+        continue if groupKey is 'ticket' && _.contains(['number', 'organization_id', 'title', 'escalation_at', 'first_response_escalation_at', 'update_escalation_at', 'close_escalation_at', 'last_contact_at', 'last_contact_agent_at', 'last_contact_customer_at', 'first_response_at', 'close_at'], config.name)
 
         # ignore passwords and relations
-        if row.type isnt 'password' && row.name.substr(row.name.length-4,4) isnt '_ids' && row.searchable isnt false
-          config = _.clone(row)
+        if config.type isnt 'password' && config.name.substr(config.name.length-4,4) isnt '_ids' && config.searchable isnt false
           if config.tag is 'boolean'
             config.tag = 'select'
           if /^(tree_|multi)?select$/.test(config.tag)

app/assets/javascripts/app/models/object_manager_attribute.coffee

@@ -11,3 +11,30 @@ class App.ObjectManagerAttribute extends App.Model
     { name: 'updated_at', display: __('Updated'),  tag: 'datetime',  readonly: 1 },
     { name: 'position',   display: __('Position'), tag: 'integer', type: 'number', limit: 100, null: true },
   ]
+
+  # This function will return all attributes
+  # based on the frontend model attributes combined
+  # with object manager attributes which are merged like
+  # in app/models/object_manager/element/backend.rb.
+  @selectorAttributesByObject: ->
+    result = {}
+    for row in @all()
+      continue if !row.object
+
+      config     = _.clone(row)
+      config.tag = config.data_type
+      config     = Object.assign({}, config, config.data_option) if config.data_option
+
+      result[config.object] ||= []
+      result[config.object].push(config)
+
+    for object in Object.keys(result)
+      continue if !App[object]
+      continue if !App[object].configure_attributes
+
+      names = _.map(result[object], (row) -> row.name)
+      for row in App[object].configure_attributes
+        continue if _.contains(names, row.name)
+        result[object].push(_.clone(row))
+
+    result

lib/session_helper/collection_object_manager_attribute.rb

@@ -0,0 +1,14 @@
+# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
+
+module SessionHelper::CollectionObjectManagerAttribute
+
+  module_function
+
+  def session(collections, assets, user)
+    return [collections, assets] if !user.permissions?('admin.*')
+
+    collections[ ObjectManager::Attribute.to_app_model ] = ObjectManager::Attribute.list_full
+
+    [collections, assets]
+  end
+end

spec/factories/role.rb

@@ -23,5 +23,9 @@ FactoryBot.define do
     trait :admin do
       permissions { Permission.where(name: 'admin') }
     end
+
+    trait :admin_core_workflow do
+      permissions { Permission.where(name: 'admin.core_workflow') }
+    end
   end
 end

spec/lib/session_helper_spec.rb

@@ -0,0 +1,32 @@
+# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe SessionHelper do
+  describe 'Core Workflow: Does show wrong field list if you only have admin permissions and not ticket.agent permissions #4035' do
+    context 'when user has admin.core_workflow permissions' do
+      let(:core_workflow_role) { create(:role, :admin_core_workflow) }
+      let(:user) { create(:user, role_ids: [core_workflow_role.id]) }
+
+      it 'does provide assets for application selector ui element' do
+        expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_truthy
+      end
+    end
+
+    context 'when user has ticket.agent permissions' do
+      let(:user) { create(:agent) }
+
+      it 'does provide assets for application selector ui element' do
+        expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
+      end
+    end
+
+    context 'when user has customer permissions' do
+      let(:user) { create(:customer) }
+
+      it 'does provide assets for application selector ui element' do
+        expect(described_class.json_hash(user)[:collections][ObjectManager::Attribute.to_app_model]).to be_falsey
+      end
+    end
+  end
+end