Added tests for taskbar controller.

2017-09-10 18:19:03 +02:00 · 2017-09-10 18:19:03 +02:00 · d6bae448db
commit d6bae448db
parent 6273a7213e
2 changed files with 126 additions and 13 deletions
--- a/app/controllers/taskbar_controller.rb
+++ b/app/controllers/taskbar_controller.rb
@ -10,35 +10,36 @@ class TaskbarController < ApplicationController

  def show
    taskbar = Taskbar.find(params[:id])
-    access(taskbar)
-    model_show_render_item(taskbar)
+    access_to_taskbar(taskbar)
+    model_create_render(Taskbar, params)
  end

  def create
+    task_user(params)
    model_create_render(Taskbar, params)
  end

  def update
    taskbar = Taskbar.find(params[:id])
-    access(taskbar)
-    taskbar.with_lock do
-      taskbar.update_attributes!(Taskbar.param_cleanup(params))
-    end
-    model_update_render_item(taskbar)
+    access_to_taskbar(taskbar)
+    task_user(params)
+    model_update_render(Taskbar, params)
  end

  def destroy
    taskbar = Taskbar.find(params[:id])
-    access(taskbar)
-    taskbar.with_lock do
-      taskbar.destroy
-    end
-    model_destroy_render_item()
+    access_to_taskbar(taskbar)
+    model_destroy_render(Taskbar, params)
  end

  private

-  def access(taskbar)
+  def access_to_taskbar(taskbar)
    raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.' if taskbar.user_id != current_user.id
  end
+
+  def task_user(params)
+    params[:user_id] = current_user.id
+  end
+
 end
--- a/test/controllers/taskbars_controller_test.rb
+++ b/test/controllers/taskbars_controller_test.rb
@ -0,0 +1,112 @@
+# encoding: utf-8
+require 'test_helper'
+
+class TaskbarsControllerTest < ActionDispatch::IntegrationTest
+  setup do
+
+    # set accept header
+    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
+    UserInfo.current_user_id = 1
+
+    # create agent
+    roles = Role.where(name: 'Agent')
+    groups = Group.all
+
+    @agent = User.create_or_update(
+      login: 'taskbar-agent@example.com',
+      firstname: 'Taskbar',
+      lastname: 'Agent',
+      email: 'taskbar-agent@example.com',
+      password: 'agentpw',
+      active: true,
+      roles: roles,
+      groups: groups,
+    )
+
+    # create customer without org
+    roles = Role.where(name: 'Customer')
+    @customer_without_org = User.create_or_update(
+      login: 'taskbar-customer1@example.com',
+      firstname: 'Taskbar',
+      lastname: 'Customer1',
+      email: 'taskbar-customer1@example.com',
+      password: 'customer1pw',
+      active: true,
+      roles: roles,
+    )
+
+  end
+
+  test 'task ownership' do
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
+    params = {
+      user_id: @customer_without_org.id,
+      client_id: '123',
+      key: 'Ticket-5',
+      callback: 'TicketZoom',
+      state: {
+        ticket: {
+          owner_id: @agent.id,
+        },
+        article: {},
+      },
+      params: {
+        ticket_id: 5,
+        shown: true,
+      },
+      prio: 3,
+      notify: false,
+      active: false,
+    }
+
+    post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+    assert_response(201)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal('123', result['client_id'])
+    assert_equal(@agent.id, result['user_id'])
+    assert_equal(5, result['params']['ticket_id'])
+    assert_equal(true, result['params']['shown'])
+
+    taskbar_id = result['id']
+    params[:user_id] = @customer_without_org.id
+    params[:params] = {
+      ticket_id: 5,
+      shown: false,
+    }
+    put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal('123', result['client_id'])
+    assert_equal(@agent.id, result['user_id'])
+    assert_equal(5, result['params']['ticket_id'])
+    assert_equal(false, result['params']['shown'])
+
+    # try to access with other user
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
+    params = {
+      active: true,
+    }
+    put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
+    assert_response(422)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal('Not allowed to access this task.', result['error'])
+
+    delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+    assert_response(422)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal('Not allowed to access this task.', result['error'])
+
+    # delete with correct user
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
+    delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert(result.blank?)
+  end
+
+end