Added tests for taskbar controller.
This commit is contained in:
parent
6273a7213e
commit
d6bae448db
2 changed files with 126 additions and 13 deletions
|
@ -10,35 +10,36 @@ class TaskbarController < ApplicationController
|
|||
|
||||
def show
|
||||
taskbar = Taskbar.find(params[:id])
|
||||
access(taskbar)
|
||||
model_show_render_item(taskbar)
|
||||
access_to_taskbar(taskbar)
|
||||
model_create_render(Taskbar, params)
|
||||
end
|
||||
|
||||
def create
|
||||
task_user(params)
|
||||
model_create_render(Taskbar, params)
|
||||
end
|
||||
|
||||
def update
|
||||
taskbar = Taskbar.find(params[:id])
|
||||
access(taskbar)
|
||||
taskbar.with_lock do
|
||||
taskbar.update_attributes!(Taskbar.param_cleanup(params))
|
||||
end
|
||||
model_update_render_item(taskbar)
|
||||
access_to_taskbar(taskbar)
|
||||
task_user(params)
|
||||
model_update_render(Taskbar, params)
|
||||
end
|
||||
|
||||
def destroy
|
||||
taskbar = Taskbar.find(params[:id])
|
||||
access(taskbar)
|
||||
taskbar.with_lock do
|
||||
taskbar.destroy
|
||||
end
|
||||
model_destroy_render_item()
|
||||
access_to_taskbar(taskbar)
|
||||
model_destroy_render(Taskbar, params)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def access(taskbar)
|
||||
def access_to_taskbar(taskbar)
|
||||
raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.' if taskbar.user_id != current_user.id
|
||||
end
|
||||
|
||||
def task_user(params)
|
||||
params[:user_id] = current_user.id
|
||||
end
|
||||
|
||||
end
|
||||
|
|
112
test/controllers/taskbars_controller_test.rb
Normal file
112
test/controllers/taskbars_controller_test.rb
Normal file
|
@ -0,0 +1,112 @@
|
|||
# encoding: utf-8
|
||||
require 'test_helper'
|
||||
|
||||
class TaskbarsControllerTest < ActionDispatch::IntegrationTest
|
||||
setup do
|
||||
|
||||
# set accept header
|
||||
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
|
||||
UserInfo.current_user_id = 1
|
||||
|
||||
# create agent
|
||||
roles = Role.where(name: 'Agent')
|
||||
groups = Group.all
|
||||
|
||||
@agent = User.create_or_update(
|
||||
login: 'taskbar-agent@example.com',
|
||||
firstname: 'Taskbar',
|
||||
lastname: 'Agent',
|
||||
email: 'taskbar-agent@example.com',
|
||||
password: 'agentpw',
|
||||
active: true,
|
||||
roles: roles,
|
||||
groups: groups,
|
||||
)
|
||||
|
||||
# create customer without org
|
||||
roles = Role.where(name: 'Customer')
|
||||
@customer_without_org = User.create_or_update(
|
||||
login: 'taskbar-customer1@example.com',
|
||||
firstname: 'Taskbar',
|
||||
lastname: 'Customer1',
|
||||
email: 'taskbar-customer1@example.com',
|
||||
password: 'customer1pw',
|
||||
active: true,
|
||||
roles: roles,
|
||||
)
|
||||
|
||||
end
|
||||
|
||||
test 'task ownership' do
|
||||
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
|
||||
params = {
|
||||
user_id: @customer_without_org.id,
|
||||
client_id: '123',
|
||||
key: 'Ticket-5',
|
||||
callback: 'TicketZoom',
|
||||
state: {
|
||||
ticket: {
|
||||
owner_id: @agent.id,
|
||||
},
|
||||
article: {},
|
||||
},
|
||||
params: {
|
||||
ticket_id: 5,
|
||||
shown: true,
|
||||
},
|
||||
prio: 3,
|
||||
notify: false,
|
||||
active: false,
|
||||
}
|
||||
|
||||
post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
|
||||
assert_response(201)
|
||||
result = JSON.parse(@response.body)
|
||||
assert_equal(Hash, result.class)
|
||||
assert_equal('123', result['client_id'])
|
||||
assert_equal(@agent.id, result['user_id'])
|
||||
assert_equal(5, result['params']['ticket_id'])
|
||||
assert_equal(true, result['params']['shown'])
|
||||
|
||||
taskbar_id = result['id']
|
||||
params[:user_id] = @customer_without_org.id
|
||||
params[:params] = {
|
||||
ticket_id: 5,
|
||||
shown: false,
|
||||
}
|
||||
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
|
||||
assert_response(200)
|
||||
result = JSON.parse(@response.body)
|
||||
assert_equal(Hash, result.class)
|
||||
assert_equal('123', result['client_id'])
|
||||
assert_equal(@agent.id, result['user_id'])
|
||||
assert_equal(5, result['params']['ticket_id'])
|
||||
assert_equal(false, result['params']['shown'])
|
||||
|
||||
# try to access with other user
|
||||
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
|
||||
params = {
|
||||
active: true,
|
||||
}
|
||||
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
|
||||
assert_response(422)
|
||||
result = JSON.parse(@response.body)
|
||||
assert_equal(Hash, result.class)
|
||||
assert_equal('Not allowed to access this task.', result['error'])
|
||||
|
||||
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
|
||||
assert_response(422)
|
||||
result = JSON.parse(@response.body)
|
||||
assert_equal(Hash, result.class)
|
||||
assert_equal('Not allowed to access this task.', result['error'])
|
||||
|
||||
# delete with correct user
|
||||
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
|
||||
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
|
||||
assert_response(200)
|
||||
result = JSON.parse(@response.body)
|
||||
assert_equal(Hash, result.class)
|
||||
assert(result.blank?)
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in a new issue