Fixes #3615 - Mentions/Subscribe with read permissions.

This commit is contained in:
Rolf Schmidt 2021-06-17 07:47:53 +00:00 committed by Thorsten Eckel
parent c7ea22abf2
commit bc898f7bea
2 changed files with 25 additions and 1 deletions

View file

@ -63,7 +63,7 @@ class MentionsController < ApplicationController
ensure_mentionable_type!
object = params[:mentionable_type].constantize.find(params[:mentionable_id])
authorize!(object, :update?)
authorize!(object, :agent_read_access?)
object
end

View file

@ -56,6 +56,18 @@ RSpec.describe 'Mention', type: :request, authenticated_as: -> { user } do
it 'updates mention count' do
expect { post '/api/v1/mentions', params: params, as: :json }.to change(Mention, :count).from(0).to(1)
end
describe 'when agent with read permissions' do
before do
user.group_names_access_map = {
ticket1.group.name => 'read',
}
end
it 'updates mention count of read only agent' do
expect { post '/api/v1/mentions', params: params, as: :json }.to change(Mention, :count).from(0).to(1)
end
end
end
describe 'DELETE /api/v1/mentions/:id' do
@ -70,5 +82,17 @@ RSpec.describe 'Mention', type: :request, authenticated_as: -> { user } do
it 'clears mention count' do
expect { delete "/api/v1/mentions/#{mention.id}", params: {}, as: :json }.to change(Mention, :count).from(1).to(0)
end
describe 'when agent with read permissions' do
before do
user.group_names_access_map = {
ticket1.group.name => 'read',
}
end
it 'clears mention count for read only agent' do
expect { delete "/api/v1/mentions/#{mention.id}", params: {}, as: :json }.to change(Mention, :count).from(1).to(0)
end
end
end
end