From d8913eec6d27f548664713d9f2be9527c6da9d1e Mon Sep 17 00:00:00 2001
From: Martin Edenhofer <me@edenhofer.de>
Date: Wed, 21 Sep 2016 19:42:47 +0200
Subject: [PATCH] Fixed random order of objects in index controller, added
 order_by id.

---
 app/controllers/application_controller.rb     |  4 +-
 app/controllers/organizations_controller.rb   |  4 +-
 app/controllers/tickets_controller.rb         |  2 +-
 app/controllers/users_controller.rb           |  4 +-
 test/controllers/tickets_controller_test.rb   | 80 +++++++++++++++++++
 .../user_organization_controller_test.rb      | 36 +++++++++
 6 files changed, 123 insertions(+), 7 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 148e70548..c62ffcb98 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -603,9 +603,9 @@ class ApplicationController < ActionController::Base
     end
 
     generic_objects = if offset > 0
-                        object.limit(params[:per_page]).offset(offset).limit(limit)
+                        object.limit(params[:per_page]).order(id: 'ASC').offset(offset).limit(limit)
                       else
-                        object.all.offset(offset).limit(limit)
+                        object.all.order(id: 'ASC').offset(offset).limit(limit)
                       end
 
     if params[:expand]
diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index 47864343f..c0f5adaa5 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -63,10 +63,10 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password}
     organizations = []
     if !current_user.permissions?('admin.organization') && !current_user.permissions?('ticket.agent')
       if current_user.organization_id
-        organizations = Organization.where(id: current_user.organization_id).offset(offset).limit(per_page)
+        organizations = Organization.where(id: current_user.organization_id).order(id: 'ASC').offset(offset).limit(per_page)
       end
     else
-      organizations = Organization.all.offset(offset).limit(per_page)
+      organizations = Organization.all.order(id: 'ASC').offset(offset).limit(per_page)
     end
 
     if params[:expand]
diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb
index 3056c37fd..c01589275 100644
--- a/app/controllers/tickets_controller.rb
+++ b/app/controllers/tickets_controller.rb
@@ -18,7 +18,7 @@ class TicketsController < ApplicationController
     end
 
     access_condition = Ticket.access_condition(current_user)
-    tickets = Ticket.where(access_condition).offset(offset).limit(per_page)
+    tickets = Ticket.where(access_condition).order(id: 'ASC').offset(offset).limit(per_page)
 
     if params[:expand]
       list = []
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 21760a54c..2083bb6d2 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -26,9 +26,9 @@ class UsersController < ApplicationController
 
     # only allow customer to fetch him self
     users = if !current_user.permissions?('admin.user') && !current_user.permissions?('ticket.agent')
-              User.where(id: current_user.id).offset(offset).limit(per_page)
+              User.where(id: current_user.id).order(id: 'ASC').offset(offset).limit(per_page)
             else
-              User.all.offset(offset).limit(per_page)
+              User.all.order(id: 'ASC').offset(offset).limit(per_page)
             end
 
     if params[:expand]
diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb
index a1750fd86..ac7fa1a5a 100644
--- a/test/controllers/tickets_controller_test.rb
+++ b/test/controllers/tickets_controller_test.rb
@@ -460,6 +460,86 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest
     assert_response(200)
   end
 
+  test '02.05 ticket pagination' do
+    title = "ticket pagination #{rand(999_999_999)}"
+    tickets = []
+    (1..20).each { |count|
+      ticket = Ticket.create!(
+        title: "#{title} - #{count}",
+        group: Group.lookup(name: 'Users'),
+        customer_id: @customer_without_org.id,
+        state: Ticket::State.lookup(name: 'new'),
+        priority: Ticket::Priority.lookup(name: '2 normal'),
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+      Ticket::Article.create!(
+        type: Ticket::Article::Type.lookup(name: 'note'),
+        sender: Ticket::Article::Sender.lookup(name: 'Customer'),
+        from: 'sender',
+        subject: 'subject',
+        body: 'some body',
+        ticket_id: ticket.id,
+        updated_by_id: 1,
+        created_by_id: 1,
+      )
+      tickets.push ticket
+      sleep 1
+    }
+
+    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
+    get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal(tickets[19].id, result['tickets'][0])
+    assert_equal(tickets[0].id, result['tickets'][19])
+    assert_equal(20, result['tickets_count'])
+
+    get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal(tickets[19].id, result['tickets'][0])
+    assert_equal(tickets[10].id, result['tickets'][9])
+    assert_equal(10, result['tickets_count'])
+
+    get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal(tickets[19].id, result['tickets'][0])
+    assert_equal(tickets[15].id, result['tickets'][4])
+    assert_equal(5, result['tickets_count'])
+
+    get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Hash, result.class)
+    assert_equal(tickets[14].id, result['tickets'][0])
+    assert_equal(tickets[10].id, result['tickets'][4])
+    assert_equal(5, result['tickets_count'])
+
+    get '/api/v1/tickets?limit=40&page=1&per_page=5', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    tickets = Ticket.order(:id).limit(5)
+    assert_equal(tickets[0].id, result[0]['id'])
+    assert_equal(tickets[4].id, result[4]['id'])
+    assert_equal(5, result.count)
+
+    get '/api/v1/tickets?limit=40&page=2&per_page=5', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    tickets = Ticket.order(:id).limit(10)
+    assert_equal(tickets[5].id, result[0]['id'])
+    assert_equal(tickets[9].id, result[4]['id'])
+    assert_equal(5, result.count)
+
+  end
+
   test '03.01 ticket create with customer minimal' do
     credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
     params = {
diff --git a/test/controllers/user_organization_controller_test.rb b/test/controllers/user_organization_controller_test.rb
index 23f81c6c1..9d4725b22 100644
--- a/test/controllers/user_organization_controller_test.rb
+++ b/test/controllers/user_organization_controller_test.rb
@@ -321,6 +321,24 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     assert_equal(result.class, Array)
     assert(result.length >= 3)
 
+    get '/api/v1/users?limit=40&page=1&per_page=2', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    users = User.order(:id).limit(2)
+    assert_equal(users[0].id, result[0]['id'])
+    assert_equal(users[1].id, result[1]['id'])
+    assert_equal(2, result.count)
+
+    get '/api/v1/users?limit=40&page=2&per_page=2', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    users = User.order(:id).limit(4)
+    assert_equal(users[2].id, result[0]['id'])
+    assert_equal(users[3].id, result[1]['id'])
+    assert_equal(2, result.count)
+
     # create user with admin role
     firstname = "First test#{rand(999_999_999)}"
     role = Role.lookup(name: 'Admin')
@@ -468,6 +486,24 @@ class UserOrganizationControllerTest < ActionDispatch::IntegrationTest
     assert_equal(result.class, Array)
     assert(result.length >= 3)
 
+    get '/api/v1/organizations?limit=40&page=1&per_page=2', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    organizations = Organization.order(:id).limit(2)
+    assert_equal(organizations[0].id, result[0]['id'])
+    assert_equal(organizations[1].id, result[1]['id'])
+    assert_equal(2, result.count)
+
+    get '/api/v1/organizations?limit=40&page=2&per_page=2', {}, @headers.merge('Authorization' => credentials)
+    assert_response(200)
+    result = JSON.parse(@response.body)
+    assert_equal(Array, result.class)
+    organizations = Organization.order(:id).limit(4)
+    assert_equal(organizations[2].id, result[0]['id'])
+    assert_equal(organizations[3].id, result[1]['id'])
+    assert_equal(2, result.count)
+
     # show/:id
     get "/api/v1/organizations/#{@organization.id}", {}, @headers.merge('Authorization' => credentials)
     assert_response(200)