diff --git a/app/controllers/form_controller.rb b/app/controllers/form_controller.rb index 9e1328748..30b6476f0 100644 --- a/app/controllers/form_controller.rb +++ b/app/controllers/form_controller.rb @@ -241,7 +241,7 @@ class FormController < ApplicationController def enabled? return true if params[:test] && current_user && current_user.permissions?('admin.channel_formular') - return true if Setting.get('form_ticket_create') + return true if Setting.get('form_ticket_create') && Setting.get('customer_ticket_create') response_access_deny false end diff --git a/test/controllers/form_controller_test.rb b/test/controllers/form_controller_test.rb index 8aacf1157..cefcb5cca 100644 --- a/test/controllers/form_controller_test.rb +++ b/test/controllers/form_controller_test.rb @@ -244,4 +244,29 @@ class FormControllerTest < ActionDispatch::IntegrationTest assert(result['error']) end + test '06 - customer_ticket_create false disables form' do + Setting.set('form_ticket_create', true) + Setting.set('customer_ticket_create', false) + + fingerprint = SecureRandom.hex(40) + + post '/api/v1/form_config', params: { fingerprint: fingerprint }.to_json, headers: @headers + + result = JSON.parse(@response.body) + token = result['token'] + params = { + fingerprint: fingerprint, + token: token, + name: 'Bob Smith', + email: 'discard@znuny.com', + title: 'test', + body: 'hello' + } + + post '/api/v1/form_submit', params: params.to_json, headers: @headers + + assert_response(401) + end + + end