From d6bae448db39156d1185600f81adf20b3d3aadd7 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Sun, 10 Sep 2017 18:19:03 +0200 Subject: [PATCH] Added tests for taskbar controller. --- app/controllers/taskbar_controller.rb | 27 ++--- test/controllers/taskbars_controller_test.rb | 112 +++++++++++++++++++ 2 files changed, 126 insertions(+), 13 deletions(-) create mode 100644 test/controllers/taskbars_controller_test.rb diff --git a/app/controllers/taskbar_controller.rb b/app/controllers/taskbar_controller.rb index ade959ade..31af46b2c 100644 --- a/app/controllers/taskbar_controller.rb +++ b/app/controllers/taskbar_controller.rb @@ -10,35 +10,36 @@ class TaskbarController < ApplicationController def show taskbar = Taskbar.find(params[:id]) - access(taskbar) - model_show_render_item(taskbar) + access_to_taskbar(taskbar) + model_create_render(Taskbar, params) end def create + task_user(params) model_create_render(Taskbar, params) end def update taskbar = Taskbar.find(params[:id]) - access(taskbar) - taskbar.with_lock do - taskbar.update_attributes!(Taskbar.param_cleanup(params)) - end - model_update_render_item(taskbar) + access_to_taskbar(taskbar) + task_user(params) + model_update_render(Taskbar, params) end def destroy taskbar = Taskbar.find(params[:id]) - access(taskbar) - taskbar.with_lock do - taskbar.destroy - end - model_destroy_render_item() + access_to_taskbar(taskbar) + model_destroy_render(Taskbar, params) end private - def access(taskbar) + def access_to_taskbar(taskbar) raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.' if taskbar.user_id != current_user.id end + + def task_user(params) + params[:user_id] = current_user.id + end + end diff --git a/test/controllers/taskbars_controller_test.rb b/test/controllers/taskbars_controller_test.rb new file mode 100644 index 000000000..9c3697669 --- /dev/null +++ b/test/controllers/taskbars_controller_test.rb @@ -0,0 +1,112 @@ +# encoding: utf-8 +require 'test_helper' + +class TaskbarsControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + UserInfo.current_user_id = 1 + + # create agent + roles = Role.where(name: 'Agent') + groups = Group.all + + @agent = User.create_or_update( + login: 'taskbar-agent@example.com', + firstname: 'Taskbar', + lastname: 'Agent', + email: 'taskbar-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where(name: 'Customer') + @customer_without_org = User.create_or_update( + login: 'taskbar-customer1@example.com', + firstname: 'Taskbar', + lastname: 'Customer1', + email: 'taskbar-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + end + + test 'task ownership' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw') + params = { + user_id: @customer_without_org.id, + client_id: '123', + key: 'Ticket-5', + callback: 'TicketZoom', + state: { + ticket: { + owner_id: @agent.id, + }, + article: {}, + }, + params: { + ticket_id: 5, + shown: true, + }, + prio: 3, + notify: false, + active: false, + } + + post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('123', result['client_id']) + assert_equal(@agent.id, result['user_id']) + assert_equal(5, result['params']['ticket_id']) + assert_equal(true, result['params']['shown']) + + taskbar_id = result['id'] + params[:user_id] = @customer_without_org.id + params[:params] = { + ticket_id: 5, + shown: false, + } + put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('123', result['client_id']) + assert_equal(@agent.id, result['user_id']) + assert_equal(5, result['params']['ticket_id']) + assert_equal(false, result['params']['shown']) + + # try to access with other user + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw') + params = { + active: true, + } + put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(422) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('Not allowed to access this task.', result['error']) + + delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(422) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal('Not allowed to access this task.', result['error']) + + # delete with correct user + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw') + delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert(result.blank?) + end + +end