Added tests for taskbar controller.

This commit is contained in:
Martin Edenhofer 2017-09-10 18:19:03 +02:00
parent 6273a7213e
commit d6bae448db
2 changed files with 126 additions and 13 deletions

View file

@ -10,35 +10,36 @@ class TaskbarController < ApplicationController
def show def show
taskbar = Taskbar.find(params[:id]) taskbar = Taskbar.find(params[:id])
access(taskbar) access_to_taskbar(taskbar)
model_show_render_item(taskbar) model_create_render(Taskbar, params)
end end
def create def create
task_user(params)
model_create_render(Taskbar, params) model_create_render(Taskbar, params)
end end
def update def update
taskbar = Taskbar.find(params[:id]) taskbar = Taskbar.find(params[:id])
access(taskbar) access_to_taskbar(taskbar)
taskbar.with_lock do task_user(params)
taskbar.update_attributes!(Taskbar.param_cleanup(params)) model_update_render(Taskbar, params)
end
model_update_render_item(taskbar)
end end
def destroy def destroy
taskbar = Taskbar.find(params[:id]) taskbar = Taskbar.find(params[:id])
access(taskbar) access_to_taskbar(taskbar)
taskbar.with_lock do model_destroy_render(Taskbar, params)
taskbar.destroy
end
model_destroy_render_item()
end end
private private
def access(taskbar) def access_to_taskbar(taskbar)
raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.' if taskbar.user_id != current_user.id raise Exceptions::UnprocessableEntity, 'Not allowed to access this task.' if taskbar.user_id != current_user.id
end end
def task_user(params)
params[:user_id] = current_user.id
end
end end

View file

@ -0,0 +1,112 @@
# encoding: utf-8
require 'test_helper'
class TaskbarsControllerTest < ActionDispatch::IntegrationTest
setup do
# set accept header
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
UserInfo.current_user_id = 1
# create agent
roles = Role.where(name: 'Agent')
groups = Group.all
@agent = User.create_or_update(
login: 'taskbar-agent@example.com',
firstname: 'Taskbar',
lastname: 'Agent',
email: 'taskbar-agent@example.com',
password: 'agentpw',
active: true,
roles: roles,
groups: groups,
)
# create customer without org
roles = Role.where(name: 'Customer')
@customer_without_org = User.create_or_update(
login: 'taskbar-customer1@example.com',
firstname: 'Taskbar',
lastname: 'Customer1',
email: 'taskbar-customer1@example.com',
password: 'customer1pw',
active: true,
roles: roles,
)
end
test 'task ownership' do
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
params = {
user_id: @customer_without_org.id,
client_id: '123',
key: 'Ticket-5',
callback: 'TicketZoom',
state: {
ticket: {
owner_id: @agent.id,
},
article: {},
},
params: {
ticket_id: 5,
shown: true,
},
prio: 3,
notify: false,
active: false,
}
post '/api/v1/taskbar', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(201)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('123', result['client_id'])
assert_equal(@agent.id, result['user_id'])
assert_equal(5, result['params']['ticket_id'])
assert_equal(true, result['params']['shown'])
taskbar_id = result['id']
params[:user_id] = @customer_without_org.id
params[:params] = {
ticket_id: 5,
shown: false,
}
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('123', result['client_id'])
assert_equal(@agent.id, result['user_id'])
assert_equal(5, result['params']['ticket_id'])
assert_equal(false, result['params']['shown'])
# try to access with other user
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-customer1@example.com', 'customer1pw')
params = {
active: true,
}
put "/api/v1/taskbar/#{taskbar_id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not allowed to access this task.', result['error'])
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(422)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert_equal('Not allowed to access this task.', result['error'])
# delete with correct user
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('taskbar-agent@example.com', 'agentpw')
delete "/api/v1/taskbar/#{taskbar_id}", params: {}, headers: @headers.merge('Authorization' => credentials)
assert_response(200)
result = JSON.parse(@response.body)
assert_equal(Hash, result.class)
assert(result.blank?)
end
end