From e460c99cadb63591b1f154f45e7ff1f7cc0d8c57 Mon Sep 17 00:00:00 2001 From: Martin Edenhofer Date: Thu, 14 Dec 2017 14:19:24 +0100 Subject: [PATCH] Introduced REST expand=true/false/1/0, full=true/false/1/0 and all=true/false/1/0 options. Improved controller tests. @hanneshal --- .gitlab-ci.yml | 6 +- .../javascripts/app/controllers/users.coffee | 4 +- app/controllers/application_controller.rb | 1 + .../has_response_extentions.rb | 31 + .../application_controller/renders_models.rb | 28 +- app/controllers/applications_controller.rb | 2 +- .../online_notifications_controller.rb | 4 +- app/controllers/organizations_controller.rb | 15 +- app/controllers/slas_controller.rb | 2 +- app/controllers/ticket_articles_controller.rb | 20 +- app/controllers/tickets_controller.rb | 40 +- app/controllers/users_controller.rb | 90 +- app/models/application_model/can_assets.rb | 2 +- app/models/ticket/search.rb | 2 +- db/seeds/community_user_resources.rb | 42 +- .../organization_controller_test.rb | 513 ++++++++++ test/controllers/tickets_controller_test.rb | 351 ++++++- test/controllers/user_controller_test.rb | 960 ++++++++++++++++++ test/integration/report_test.rb | 13 +- 19 files changed, 2015 insertions(+), 111 deletions(-) create mode 100644 app/controllers/application_controller/has_response_extentions.rb create mode 100644 test/controllers/organization_controller_test.rb create mode 100644 test/controllers/user_controller_test.rb diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 366486644..2b5140aa4 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -310,7 +310,8 @@ test:integration:es_mysql: - ruby -I test/ test/controllers/search_controller_test.rb - ruby -I test/ test/integration/report_test.rb - ruby -I test/ test/controllers/form_controller_test.rb - - ruby -I test/ test/controllers/user_organization_controller_test.rb + - ruby -I test/ test/controllers/user_controller_test.rb + - ruby -I test/ test/controllers/organization_controller_test.rb - rake db:drop test:integration:es_postgresql: @@ -328,7 +329,8 @@ test:integration:es_postgresql: - ruby -I test/ test/controllers/search_controller_test.rb - ruby -I test/ test/integration/report_test.rb - ruby -I test/ test/controllers/form_controller_test.rb - - ruby -I test/ test/controllers/user_organization_controller_test.rb + - ruby -I test/ test/controllers/user_controller_test.rb + - ruby -I test/ test/controllers/organization_controller_test.rb - rake db:drop test:integration:zendesk_mysql: diff --git a/app/assets/javascripts/app/controllers/users.coffee b/app/assets/javascripts/app/controllers/users.coffee index 07b893a58..27b464580 100644 --- a/app/assets/javascripts/app/controllers/users.coffee +++ b/app/assets/javascripts/app/controllers/users.coffee @@ -145,7 +145,7 @@ class Index extends App.ControllerSubContent query: @query limit: 140 role_ids: role_ids - full: 1 + full: true processData: true, success: (data, status, xhr) => App.Collection.loadAssets(data.assets) @@ -167,7 +167,7 @@ class Index extends App.ControllerSubContent data: limit: 50 role_ids: role_ids - full: 1 + full: true processData: true success: (data, status, xhr) => App.Collection.loadAssets(data.assets) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 1d37f3f60..a2a6a6343 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -10,6 +10,7 @@ class ApplicationController < ActionController::Base include ApplicationController::ChecksMaintainance include ApplicationController::RendersModels include ApplicationController::HasUser + include ApplicationController::HasResponseExtentions include ApplicationController::PreventsCsrf include ApplicationController::LogsHttpAccess include ApplicationController::ChecksAccess diff --git a/app/controllers/application_controller/has_response_extentions.rb b/app/controllers/application_controller/has_response_extentions.rb new file mode 100644 index 000000000..284573cb6 --- /dev/null +++ b/app/controllers/application_controller/has_response_extentions.rb @@ -0,0 +1,31 @@ +module ApplicationController::HasResponseExtentions + extend ActiveSupport::Concern + + private + + def response_expand? + return true if params[:expand] == true + return true if params[:expand] == 'true' + return true if params[:expand] == 1 + return true if params[:expand] == '1' + + false + end + + def response_full? + return true if params[:full] == true + return true if params[:full] == 'true' + return true if params[:full] == 1 + return true if params[:full] == '1' + false + end + + def response_all? + return true if params[:all] == true + return true if params[:all] == 'true' + return true if params[:all] == 1 + return true if params[:all] == '1' + false + end + +end diff --git a/app/controllers/application_controller/renders_models.rb b/app/controllers/application_controller/renders_models.rb index 09fd9db7d..d6be04207 100644 --- a/app/controllers/application_controller/renders_models.rb +++ b/app/controllers/application_controller/renders_models.rb @@ -18,11 +18,16 @@ module ApplicationController::RendersModels # set relations generic_object.associations_from_param(params) - if params[:expand] + if response_expand? render json: generic_object.attributes_with_association_names, status: :created return end + if response_full? + render json: generic_object.class.full(generic_object.id), status: :created + return + end + model_create_render_item(generic_object) end @@ -47,11 +52,16 @@ module ApplicationController::RendersModels generic_object.associations_from_param(params) end - if params[:expand] + if response_expand? render json: generic_object.attributes_with_association_names, status: :ok return end + if response_full? + render json: generic_object.class.full(generic_object.id), status: :ok + return + end + model_update_render_item(generic_object) end @@ -71,20 +81,18 @@ module ApplicationController::RendersModels def model_show_render(object, params) - if params[:expand] + if response_expand? generic_object = object.find(params[:id]) render json: generic_object.attributes_with_association_names, status: :ok return end - if params[:full] - generic_object_full = object.full(params[:id]) - render json: generic_object_full, status: :ok + if response_full? + render json: object.full(params[:id]), status: :ok return end - generic_object = object.find(params[:id]) - model_show_render_item(generic_object) + model_show_render_item(object.find(params[:id])) end def model_show_render_item(generic_object) @@ -109,7 +117,7 @@ module ApplicationController::RendersModels object.all.order(id: 'ASC').offset(offset).limit(limit) end - if params[:expand] + if response_expand? list = [] generic_objects.each do |generic_object| list.push generic_object.attributes_with_association_names @@ -118,7 +126,7 @@ module ApplicationController::RendersModels return end - if params[:full] + if response_full? assets = {} item_ids = [] generic_objects.each do |item| diff --git a/app/controllers/applications_controller.rb b/app/controllers/applications_controller.rb index 6cf408d1b..e9f52145c 100644 --- a/app/controllers/applications_controller.rb +++ b/app/controllers/applications_controller.rb @@ -5,7 +5,7 @@ class ApplicationsController < ApplicationController def index all = Doorkeeper::Application.all - if params[:full] + if response_full? assets = {} item_ids = [] all.each do |item| diff --git a/app/controllers/online_notifications_controller.rb b/app/controllers/online_notifications_controller.rb index 3b499453c..a7fd3cf44 100644 --- a/app/controllers/online_notifications_controller.rb +++ b/app/controllers/online_notifications_controller.rb @@ -47,7 +47,7 @@ curl http://localhost/api/v1/online_notifications.json -v -u #{login}:#{password =end def index - if params[:full] + if response_full? render json: OnlineNotification.list_full(current_user, 200) return end @@ -149,7 +149,7 @@ curl http://localhost/api/v1/online_notifications/mark_all_as_read -v -u #{login notifications = OnlineNotification.list(current_user, 200) notifications.each do |notification| if !notification['seen'] - OnlineNotification.seen( id: notification['id'] ) + OnlineNotification.seen(id: notification['id']) end end render json: {}, status: :ok diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb index d42096466..959bc175e 100644 --- a/app/controllers/organizations_controller.rb +++ b/app/controllers/organizations_controller.rb @@ -69,7 +69,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} organizations = Organization.all.order(id: 'ASC').offset(offset).limit(per_page) end - if params[:expand] + if response_expand? list = [] organizations.each do |organization| list.push organization.attributes_with_association_names @@ -78,7 +78,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} return end - if params[:full] + if response_full? assets = {} item_ids = [] organizations.each do |item| @@ -91,6 +91,7 @@ curl http://localhost/api/v1/organizations -v -u #{login}:#{password} }, status: :ok return end + list = [] organizations.each do |organization| list.push organization.attributes_with_association_ids @@ -126,15 +127,15 @@ curl http://localhost/api/v1/organizations/#{id} -v -u #{login}:#{password} raise Exceptions::NotAuthorized if params[:id].to_i != current_user.organization_id end - if params[:expand] + if response_expand? organization = Organization.find(params[:id]).attributes_with_association_names render json: organization, status: :ok return end - if params[:full] + if response_full? full = Organization.full(params[:id]) - render json: full + render json: full, status: :ok return end @@ -259,7 +260,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co organization_all = organization_all[offset, params[:per_page].to_i] || [] end - if params[:expand] + if response_expand? list = [] organization_all.each do |organization| list.push organization.attributes_with_association_names @@ -281,7 +282,7 @@ curl http://localhost/api/v1/organization/{id} -v -u #{login}:#{password} -H "Co return end - if params[:full] + if response_full? organization_ids = [] assets = {} organization_all.each do |organization| diff --git a/app/controllers/slas_controller.rb b/app/controllers/slas_controller.rb index 574738ee5..09df65ff6 100644 --- a/app/controllers/slas_controller.rb +++ b/app/controllers/slas_controller.rb @@ -48,7 +48,7 @@ curl http://localhost/api/v1/slas.json -v -u #{login}:#{password} def index - if params[:full] + if response_full? # calendars assets = {} diff --git a/app/controllers/ticket_articles_controller.rb b/app/controllers/ticket_articles_controller.rb index cf4e5c98d..786748a5c 100644 --- a/app/controllers/ticket_articles_controller.rb +++ b/app/controllers/ticket_articles_controller.rb @@ -17,13 +17,13 @@ class TicketArticlesController < ApplicationController article = Ticket::Article.find(params[:id]) access!(article, 'read') - if params[:expand] + if response_expand? result = article.attributes_with_association_names render json: result, status: :ok return end - if params[:full] + if response_full? full = Ticket::Article.full(params[:id]) render json: full return @@ -39,7 +39,7 @@ class TicketArticlesController < ApplicationController articles = [] - if params[:expand] + if response_expand? ticket.articles.each do |article| # ignore internal article if customer is requesting @@ -52,7 +52,7 @@ class TicketArticlesController < ApplicationController return end - if params[:full] + if response_full? assets = {} record_ids = [] ticket.articles.each do |article| @@ -66,7 +66,7 @@ class TicketArticlesController < ApplicationController render json: { record_ids: record_ids, assets: assets, - } + }, status: :ok return end @@ -76,7 +76,7 @@ class TicketArticlesController < ApplicationController next if article.internal == true && current_user.permissions?('ticket.customer') articles.push article.attributes_with_association_names end - render json: articles + render json: articles, status: :ok end # POST /articles @@ -85,13 +85,13 @@ class TicketArticlesController < ApplicationController access!(ticket, 'create') article = article_create(ticket, params) - if params[:expand] + if response_expand? result = article.attributes_with_association_names render json: result, status: :created return end - if params[:full] + if response_full? full = Ticket::Article.full(params[:id]) render json: full, status: :created return @@ -114,13 +114,13 @@ class TicketArticlesController < ApplicationController article.update!(clean_params) - if params[:expand] + if response_expand? result = article.attributes_with_association_names render json: result, status: :ok return end - if params[:full] + if response_full? full = Ticket::Article.full(params[:id]) render json: full, status: :ok return diff --git a/app/controllers/tickets_controller.rb b/app/controllers/tickets_controller.rb index df8b29ae1..01703bc91 100644 --- a/app/controllers/tickets_controller.rb +++ b/app/controllers/tickets_controller.rb @@ -24,7 +24,7 @@ class TicketsController < ApplicationController access_condition = Ticket.access_condition(current_user, 'read') tickets = Ticket.where(access_condition).order(id: 'ASC').offset(offset).limit(per_page) - if params[:expand] + if response_expand? list = [] tickets.each do |ticket| list.push ticket.attributes_with_association_names @@ -33,7 +33,7 @@ class TicketsController < ApplicationController return end - if params[:full] + if response_full? assets = {} item_ids = [] tickets.each do |item| @@ -55,19 +55,19 @@ class TicketsController < ApplicationController ticket = Ticket.find(params[:id]) access!(ticket, 'read') - if params[:expand] + if response_expand? result = ticket.attributes_with_association_names render json: result, status: :ok return end - if params[:full] + if response_full? full = Ticket.full(params[:id]) render json: full return end - if params[:all] + if response_all? render json: ticket_all(ticket) return end @@ -163,18 +163,24 @@ class TicketsController < ApplicationController end end - if params[:expand] + if response_expand? result = ticket.reload.attributes_with_association_names render json: result, status: :created return end - if params[:all] - render json: ticket_all(ticket.reload) + if response_full? + full = Ticket.full(ticket.id) + render json: full, status: :created return end - render json: ticket.reload, status: :created + if response_all? + render json: ticket_all(ticket.reload), status: :created + return + end + + render json: ticket.reload.attributes_with_association_ids, status: :created end # PUT /api/v1/tickets/1 @@ -199,18 +205,24 @@ class TicketsController < ApplicationController end end - if params[:expand] + if response_expand? result = ticket.reload.attributes_with_association_names render json: result, status: :ok return end - if params[:all] - render json: ticket_all(ticket.reload) + if response_full? + full = Ticket.full(params[:id]) + render json: full, status: :ok return end - render json: ticket.reload, status: :ok + if response_all? + render json: ticket_all(ticket.reload), status: :ok + return + end + + render json: ticket.reload.attributes_with_association_ids, status: :ok end # DELETE /api/v1/tickets/1 @@ -410,7 +422,7 @@ class TicketsController < ApplicationController tickets = tickets[offset, params[:per_page].to_i] || [] end - if params[:expand] + if response_expand? list = [] tickets.each do |ticket| list.push ticket.attributes_with_association_names diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index c356a51ce..687a14f22 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -32,7 +32,7 @@ class UsersController < ApplicationController User.all.order(id: 'ASC').offset(offset).limit(per_page) end - if params[:expand] + if response_expand? list = [] users.each do |user| list.push user.attributes_with_association_names @@ -41,7 +41,7 @@ class UsersController < ApplicationController return end - if params[:full] + if response_full? assets = {} item_ids = [] users.each do |item| @@ -78,18 +78,24 @@ class UsersController < ApplicationController user = User.find(params[:id]) access!(user, 'read') - if params[:expand] + if response_expand? result = user.attributes_with_association_names - elsif params[:full] - result = { - id: params[:id], - assets: user.assets({}), - } - else - result = user.attributes_with_association_ids result.delete('password') + render json: result + return end + if response_full? + result = { + id: user.id, + assets: user.assets({}), + } + render json: result + return + end + + result = user.attributes_with_association_ids + result.delete('password') render json: result end @@ -198,7 +204,7 @@ class UsersController < ApplicationController end # send inviteation if needed / only if session exists - if params[:invite] && current_user + if params[:invite].present? && current_user token = Token.create(action: 'PasswordReset', user_id: user.id) NotificationFactory::Mailer.notification( template: 'user_invite', @@ -212,7 +218,7 @@ class UsersController < ApplicationController end # send email verify - if params[:signup] && !current_user + if params[:signup].present? && !current_user result = User.signup_new_token(user) NotificationFactory::Mailer.notification( template: 'signup', @@ -221,15 +227,25 @@ class UsersController < ApplicationController ) end - if params[:expand] - user = User.find(user.id).attributes_with_association_names + if response_expand? + user = user.reload.attributes_with_association_names + user.delete('password') render json: user, status: :created return end - user_new = User.find(user.id).attributes_with_association_ids - user_new.delete('password') - render json: user_new, status: :created + if response_full? + result = { + id: user.id, + assets: user.assets({}), + } + render json: result, status: :created + return + end + + user = user.reload.attributes_with_association_ids + user.delete('password') + render json: user, status: :created end # @path [PUT] /users/{id} @@ -269,18 +285,27 @@ class UsersController < ApplicationController if current_user.permissions?(['admin.user', 'ticket.agent']) && (params[:organization_ids] || params[:organizations]) user.associations_from_param(organization_ids: params[:organization_ids], organizations: params[:organizations]) end - - if params[:expand] - user = User.find(user.id).attributes_with_association_names - render json: user, status: :ok - return - end end - # get new data - user_new = User.find(user.id).attributes_with_association_ids - user_new.delete('password') - render json: user_new, status: :ok + if response_expand? + user = user.reload.attributes_with_association_names + user.delete('password') + render json: user, status: :ok + return + end + + if response_full? + result = { + id: user.id, + assets: user.assets({}), + } + render json: result, status: :ok + return + end + + user = user.reload.attributes_with_association_ids + user.delete('password') + render json: user, status: :ok end # @path [DELETE] /users/{id} @@ -311,13 +336,14 @@ class UsersController < ApplicationController # @response_message 401 Invalid session. def me - if params[:expand] + if response_expand? user = current_user.attributes_with_association_names + user.delete('password') render json: user, status: :ok return end - if params[:full] + if response_full? full = User.full(current_user.id) render json: full return @@ -387,7 +413,7 @@ class UsersController < ApplicationController user_all = user_all[offset, params[:per_page].to_i] || [] end - if params[:expand] + if response_expand? list = [] user_all.each do |user| list.push user.attributes_with_association_names @@ -413,7 +439,7 @@ class UsersController < ApplicationController return end - if params[:full] + if response_full? user_ids = [] assets = {} user_all.each do |user| @@ -467,7 +493,7 @@ class UsersController < ApplicationController end # build result list - if !params[:full] + if !response_full? users = [] user_all.each do |user| realname = user.firstname.to_s + ' ' + user.lastname.to_s diff --git a/app/models/application_model/can_assets.rb b/app/models/application_model/can_assets.rb index 42f2fee84..e0e084a31 100644 --- a/app/models/application_model/can_assets.rb +++ b/app/models/application_model/can_assets.rb @@ -109,7 +109,7 @@ return object and assets object = find(id) assets = object.assets({}) { - id: id, + id: object.id, assets: assets, } end diff --git a/app/models/ticket/search.rb b/app/models/ticket/search.rb index b6d91e64a..ef8f487dc 100644 --- a/app/models/ticket/search.rb +++ b/app/models/ticket/search.rb @@ -94,7 +94,7 @@ returns limit = params[:limit] || 12 current_user = params[:current_user] full = false - if params[:full] || !params.key?(:full) + if params[:full] == true || params[:full] == 'true' || !params.key?(:full) full = true end diff --git a/db/seeds/community_user_resources.rb b/db/seeds/community_user_resources.rb index a8c4aff12..12e467557 100644 --- a/db/seeds/community_user_resources.rb +++ b/db/seeds/community_user_resources.rb @@ -16,29 +16,31 @@ user_community = User.create_or_update( UserInfo.current_user_id = user_community.id -ticket = Ticket.create!( - group_id: Group.find_by(name: 'Users').id, - customer_id: User.find_by(login: 'nicole.braun@zammad.org').id, - title: 'Welcome to Zammad!', -) -Ticket::Article.create!( - ticket_id: ticket.id, - type_id: Ticket::Article::Type.find_by(name: 'phone').id, - sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id, - from: 'Zammad Feedback ', - body: 'Welcome! +if Ticket.count.zero? + ticket = Ticket.create!( + group_id: Group.find_by(name: 'Users').id, + customer_id: User.find_by(login: 'nicole.braun@zammad.org').id, + title: 'Welcome to Zammad!', + ) + Ticket::Article.create!( + ticket_id: ticket.id, + type_id: Ticket::Article::Type.find_by(name: 'phone').id, + sender_id: Ticket::Article::Sender.find_by(name: 'Customer').id, + from: 'Zammad Feedback ', + body: 'Welcome! -Thank you for choosing Zammad. + Thank you for choosing Zammad. -You will find updates and patches at https://zammad.org/. Online -documentation is available at https://zammad.org/documentation. Get -involved (discussions, contributing, ...) at https://zammad.org/participate. + You will find updates and patches at https://zammad.org/. Online + documentation is available at https://zammad.org/documentation. Get + involved (discussions, contributing, ...) at https://zammad.org/participate. -Regards, + Regards, -Your Zammad Team -', - internal: false, -) + Your Zammad Team + ', + internal: false, + ) +end UserInfo.current_user_id = 1 diff --git a/test/controllers/organization_controller_test.rb b/test/controllers/organization_controller_test.rb new file mode 100644 index 000000000..1ba5f2849 --- /dev/null +++ b/test/controllers/organization_controller_test.rb @@ -0,0 +1,513 @@ + +require 'test_helper' +require 'rake' + +class OrganizationControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + + # create agent + roles = Role.where(name: %w[Admin Agent]) + groups = Group.all + + UserInfo.current_user_id = 1 + + @backup_admin = User.create_or_update( + login: 'backup-admin', + firstname: 'Backup', + lastname: 'Agent', + email: 'backup-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + @admin = User.create_or_update( + login: 'rest-admin', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + # create agent + roles = Role.where(name: 'Agent') + @agent = User.create_or_update( + login: 'rest-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where(name: 'Customer') + @customer_without_org = User.create_or_update( + login: 'rest-customer1@example.com', + firstname: 'Rest', + lastname: 'Customer1', + email: 'rest-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + # create orgs + @organization = Organization.create_or_update( + name: 'Rest Org', + ) + @organization2 = Organization.create_or_update( + name: 'Rest Org #2', + ) + @organization3 = Organization.create_or_update( + name: 'Rest Org #3', + ) + + # create customer with org + @customer_with_org = User.create_or_update( + login: 'rest-customer2@example.com', + firstname: 'Rest', + lastname: 'Customer2', + email: 'rest-customer2@example.com', + password: 'customer2pw', + active: true, + roles: roles, + organization_id: @organization.id, + ) + + # configure es + if ENV['ES_URL'].present? + #fail "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'" + Setting.set('es_url', ENV['ES_URL']) + + # Setting.set('es_url', 'http://127.0.0.1:9200') + # Setting.set('es_index', 'estest.local_zammad') + # Setting.set('es_user', 'elasticsearch') + # Setting.set('es_password', 'zammad') + + if ENV['ES_INDEX_RAND'].present? + ENV['ES_INDEX'] = "es_index_#{rand(999_999_999)}" + end + if ENV['ES_INDEX'].blank? + raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'" + end + Setting.set('es_index', ENV['ES_INDEX']) + + travel 1.minute + + # drop/create indexes + Rake::Task.clear + Zammad::Application.load_tasks + #Rake::Task["searchindex:drop"].execute + #Rake::Task["searchindex:create"].execute + Rake::Task['searchindex:rebuild'].execute + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + + UserInfo.current_user_id = nil + end + + test 'organization index with agent' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') + + # index + get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result[0]['member_ids'].class, Array) + assert(result.length >= 3) + + get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + organizations = Organization.order(:id).limit(2) + assert_equal(organizations[0].id, result[0]['id']) + assert_equal(organizations[0].member_ids, result[0]['member_ids']) + assert_equal(organizations[1].id, result[1]['id']) + assert_equal(organizations[1].member_ids, result[1]['member_ids']) + assert_equal(2, result.count) + + get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + organizations = Organization.order(:id).limit(4) + assert_equal(organizations[2].id, result[0]['id']) + assert_equal(organizations[2].member_ids, result[0]['member_ids']) + assert_equal(organizations[3].id, result[1]['id']) + assert_equal(organizations[3].member_ids, result[1]['member_ids']) + + assert_equal(2, result.count) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['member_ids'].class, Array) + assert_not(result['members']) + assert_equal(result['name'], 'Rest Org') + + get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['member_ids'].class, Array) + assert_not(result['members']) + assert_equal(result['name'], 'Rest Org #2') + + # search as agent + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal('Zammad Foundation', result[0]['name']) + assert(result[0]['member_ids']) + assert_not(result[0]['members']) + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal('Zammad Foundation', result[0]['name']) + assert(result[0]['member_ids']) + assert(result[0]['members']) + + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal('Zammad Foundation', result[0]['label']) + assert_equal('Zammad Foundation', result[0]['value']) + assert_not(result[0]['member_ids']) + assert_not(result[0]['members']) + end + + test 'organization index with customer1' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') + + # index + get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 0) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_nil(result['name']) + + get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_nil(result['name']) + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + end + + test 'organization index with customer2' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') + + # index + get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['name'], 'Rest Org') + + get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_nil(result['name']) + + # search + Scheduler.worker(true) + get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + end + + test '04.01 organization show and response format' do + organization = Organization.create_or_update( + name: 'Rest Org NEW', + members: [@customer_without_org], + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(organization.id, result['id']) + assert_equal(organization.name, result['name']) + assert_not(result['members']) + assert_equal([@customer_without_org.id], result['member_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(organization.id, result['id']) + assert_equal(organization.name, result['name']) + assert(result['members']) + assert_equal([@customer_without_org.id], result['member_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(organization.id, result['id']) + assert_equal(organization.name, result['name']) + assert_not(result['members']) + assert_equal([@customer_without_org.id], result['member_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(organization.id, result['id']) + assert(result['assets']) + assert(result['assets']['Organization']) + assert(result['assets']['Organization'][organization.id.to_s]) + assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) + assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) + assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) + assert_not(result['assets']['Organization'][organization.id.to_s]['members']) + + get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(organization.id, result['id']) + assert_equal(organization.name, result['name']) + assert_not(result['members']) + assert_equal([@customer_without_org.id], result['member_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + end + + test '04.02 organization index and response format' do + organization = Organization.create_or_update( + name: 'Rest Org NEW', + members: [@customer_without_org], + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(organization.id, result.last['id']) + assert_equal(organization.name, result.last['name']) + assert_not(result.last['members']) + assert_equal(organization.member_ids, result.last['member_ids']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(organization.id, result.last['id']) + assert_equal(organization.name, result.last['name']) + assert_equal(organization.member_ids, result.last['member_ids']) + assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(organization.id, result.last['id']) + assert_equal(organization.name, result.last['name']) + assert_not(result.last['members']) + assert_equal(organization.member_ids, result.last['member_ids']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(Array, result['record_ids'].class) + assert_equal(1, result['record_ids'][0]) + assert_equal(organization.id, result['record_ids'].last) + assert(result['assets']) + assert(result['assets']['Organization']) + assert(result['assets']['Organization'][organization.id.to_s]) + assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) + assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) + assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) + assert_not(result['assets']['Organization'][organization.id.to_s]['members']) + + get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(organization.id, result.last['id']) + assert_equal(organization.name, result.last['name']) + assert_not(result.last['members']) + assert_equal(organization.member_ids, result.last['member_ids']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + end + + test '04.03 ticket create and response format' do + params = { + name: 'Rest Org NEW', + members: [@customer_without_org.login], + } + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert_equal(organization.name, result['name']) + assert_equal(organization.member_ids, result['member_ids']) + assert_not(result['members']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params[:name] = 'Rest Org NEW #2' + post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert_equal(organization.name, result['name']) + assert_equal(organization.member_ids, result['member_ids']) + assert_equal(organization.members.pluck(:login), result['members']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params[:name] = 'Rest Org NEW #3' + post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert(result['assets']) + assert(result['assets']['Organization']) + assert(result['assets']['Organization'][organization.id.to_s]) + assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) + assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) + assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) + assert_not(result['assets']['Organization'][organization.id.to_s]['members']) + + end + + test '04.04 ticket update and response formats' do + organization = Organization.create_or_update( + name: 'Rest Org NEW', + members: [@customer_without_org], + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + params = { + name: 'a update name #1', + } + put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert_equal(params[:name], result['name']) + assert_equal(organization.member_ids, result['member_ids']) + assert_not(result['members']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params = { + name: 'a update name #2', + } + put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert_equal(params[:name], result['name']) + assert_equal(organization.member_ids, result['member_ids']) + assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params = { + name: 'a update name #3', + } + put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + organization = Organization.find(result['id']) + assert(result['assets']) + assert(result['assets']['Organization']) + assert(result['assets']['Organization'][organization.id.to_s]) + assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) + assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name']) + assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) + assert_not(result['assets']['Organization'][organization.id.to_s]['members']) + + end + +end diff --git a/test/controllers/tickets_controller_test.rb b/test/controllers/tickets_controller_test.rb index aaf571fab..4d4ad6dce 100644 --- a/test/controllers/tickets_controller_test.rb +++ b/test/controllers/tickets_controller_test.rb @@ -47,7 +47,7 @@ class TicketsControllerTest < ActionDispatch::IntegrationTest active: true, roles: roles, ) - + UserInfo.current_user_id = nil end test '01.01 ticket create with agent - missing group' do @@ -1107,4 +1107,353 @@ AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO assert_equal('Not authorized (admin permission required)!', result['error']) end + test '04.01 ticket show and response format' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = Ticket.create!( + title: title, + group: Group.lookup(name: 'Users'), + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: @agent.id, + created_by_id: @agent.id, + ) + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + get "/api/v1/tickets/#{ticket.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(ticket.id, result['id']) + assert_equal(ticket.title, result['title']) + assert_not(result['group']) + assert_not(result['priority']) + assert_not(result['owner']) + assert_equal(ticket.customer_id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + get "/api/v1/tickets/#{ticket.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(ticket.id, result['id']) + assert_equal(ticket.title, result['title']) + assert_equal(ticket.customer_id, result['customer_id']) + assert_equal(ticket.group.name, result['group']) + assert_equal(ticket.priority.name, result['priority']) + assert_equal(ticket.owner.login, result['owner']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + get "/api/v1/tickets/#{ticket.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(ticket.id, result['id']) + assert_equal(ticket.title, result['title']) + assert_not(result['group']) + assert_not(result['priority']) + assert_not(result['owner']) + assert_equal(ticket.customer_id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + get "/api/v1/tickets/#{ticket.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(ticket.id, result['id']) + assert(result['assets']) + assert(result['assets']['Ticket']) + assert(result['assets']['Ticket'][ticket.id.to_s]) + assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) + assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title']) + assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@agent.id.to_s]) + assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) + assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) + assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@customer_without_org.id.to_s]) + assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) + assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) + assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) + + get "/api/v1/tickets/#{ticket.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(ticket.id, result['id']) + assert_equal(ticket.title, result['title']) + assert_not(result['group']) + assert_not(result['priority']) + assert_not(result['owner']) + assert_equal(ticket.customer_id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + end + + test '04.02 ticket index and response format' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = Ticket.create!( + title: title, + group: Group.lookup(name: 'Users'), + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: @agent.id, + created_by_id: @agent.id, + ) + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + get '/api/v1/tickets', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(1, result[0]['id']) + assert_equal(ticket.id, result[1]['id']) + assert_equal(ticket.title, result[1]['title']) + assert_not(result[1]['group']) + assert_not(result[1]['priority']) + assert_not(result[1]['owner']) + assert_equal(ticket.customer_id, result[1]['customer_id']) + assert_equal(@agent.id, result[1]['updated_by_id']) + assert_equal(@agent.id, result[1]['created_by_id']) + + get '/api/v1/tickets?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(1, result[0]['id']) + assert_equal(ticket.id, result[1]['id']) + assert_equal(ticket.title, result[1]['title']) + assert_equal(ticket.customer_id, result[1]['customer_id']) + assert_equal(ticket.group.name, result[1]['group']) + assert_equal(ticket.priority.name, result[1]['priority']) + assert_equal(ticket.owner.login, result[1]['owner']) + assert_equal(@agent.id, result[1]['updated_by_id']) + assert_equal(@agent.id, result[1]['created_by_id']) + + get '/api/v1/tickets?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(1, result[0]['id']) + assert_equal(ticket.id, result[1]['id']) + assert_equal(ticket.title, result[1]['title']) + assert_not(result[1]['group']) + assert_not(result[1]['priority']) + assert_not(result[1]['owner']) + assert_equal(ticket.customer_id, result[1]['customer_id']) + assert_equal(@agent.id, result[1]['updated_by_id']) + assert_equal(@agent.id, result[1]['created_by_id']) + + get '/api/v1/tickets?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(Array, result['record_ids'].class) + assert_equal(1, result['record_ids'][0]) + assert_equal(ticket.id, result['record_ids'][1]) + assert(result['assets']) + assert(result['assets']['Ticket']) + assert(result['assets']['Ticket'][ticket.id.to_s]) + assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) + assert_equal(ticket.title, result['assets']['Ticket'][ticket.id.to_s]['title']) + assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@agent.id.to_s]) + assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) + assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) + assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@customer_without_org.id.to_s]) + assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) + assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) + assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) + + get '/api/v1/tickets?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(1, result[0]['id']) + assert_equal(ticket.id, result[1]['id']) + assert_equal(ticket.title, result[1]['title']) + assert_not(result[1]['group']) + assert_not(result[1]['priority']) + assert_not(result[1]['owner']) + assert_equal(ticket.customer_id, result[1]['customer_id']) + assert_equal(@agent.id, result[1]['updated_by_id']) + assert_equal(@agent.id, result[1]['created_by_id']) + end + + test '04.03 ticket create and response format' do + title = "ticket testagent#{rand(999_999_999)}" + params = { + title: title, + group: 'Users', + customer_id: @customer_without_org.id, + state: 'new', + priority: '2 normal', + article: { + body: 'some test 123', + }, + } + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + + post '/api/v1/tickets', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert_equal(ticket.state_id, result['state_id']) + assert_not(result['state']) + assert_equal(ticket.priority_id, result['priority_id']) + assert_not(result['priority']) + assert_equal(ticket.group_id, result['group_id']) + assert_not(result['group']) + assert_equal(title, result['title']) + assert_equal(@customer_without_org.id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + post '/api/v1/tickets?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert_equal(ticket.state_id, result['state_id']) + assert_equal(ticket.state.name, result['state']) + assert_equal(ticket.priority_id, result['priority_id']) + assert_equal(ticket.priority.name, result['priority']) + assert_equal(ticket.group_id, result['group_id']) + assert_equal(ticket.group.name, result['group']) + assert_equal(title, result['title']) + assert_equal(@customer_without_org.id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + post '/api/v1/tickets?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert(result['assets']) + assert(result['assets']['Ticket']) + assert(result['assets']['Ticket'][ticket.id.to_s]) + assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) + assert_equal(title, result['assets']['Ticket'][ticket.id.to_s]['title']) + assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@agent.id.to_s]) + assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) + assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) + assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@customer_without_org.id.to_s]) + assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) + assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) + assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) + + end + + test '04.04 ticket update and response formats' do + title = "ticket testagent#{rand(999_999_999)}" + ticket = Ticket.create!( + title: title, + group: Group.lookup(name: 'Users'), + customer_id: @customer_without_org.id, + state: Ticket::State.lookup(name: 'new'), + priority: Ticket::Priority.lookup(name: '2 normal'), + updated_by_id: @agent.id, + created_by_id: @agent.id, + ) + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw') + + params = { + title: 'a update ticket #1', + } + put "/api/v1/tickets/#{ticket.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert_equal(ticket.state_id, result['state_id']) + assert_not(result['state']) + assert_equal(ticket.priority_id, result['priority_id']) + assert_not(result['priority']) + assert_equal(ticket.group_id, result['group_id']) + assert_not(result['group']) + assert_equal('a update ticket #1', result['title']) + assert_equal(@customer_without_org.id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + params = { + title: 'a update ticket #2', + } + put "/api/v1/tickets/#{ticket.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert_equal(ticket.state_id, result['state_id']) + assert_equal(ticket.state.name, result['state']) + assert_equal(ticket.priority_id, result['priority_id']) + assert_equal(ticket.priority.name, result['priority']) + assert_equal(ticket.group_id, result['group_id']) + assert_equal(ticket.group.name, result['group']) + assert_equal('a update ticket #2', result['title']) + assert_equal(@customer_without_org.id, result['customer_id']) + assert_equal(@agent.id, result['updated_by_id']) + assert_equal(@agent.id, result['created_by_id']) + + params = { + title: 'a update ticket #3', + } + put "/api/v1/tickets/#{ticket.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + ticket = Ticket.find(result['id']) + assert(result['assets']) + assert(result['assets']['Ticket']) + assert(result['assets']['Ticket'][ticket.id.to_s]) + assert_equal(ticket.id, result['assets']['Ticket'][ticket.id.to_s]['id']) + assert_equal('a update ticket #3', result['assets']['Ticket'][ticket.id.to_s]['title']) + assert_equal(ticket.customer_id, result['assets']['Ticket'][ticket.id.to_s]['customer_id']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@agent.id.to_s]) + assert_equal(@agent.id, result['assets']['User'][@agent.id.to_s]['id']) + assert_equal(@agent.firstname, result['assets']['User'][@agent.id.to_s]['firstname']) + assert_equal(@agent.lastname, result['assets']['User'][@agent.id.to_s]['lastname']) + + assert(result['assets']['User']) + assert(result['assets']['User'][@customer_without_org.id.to_s]) + assert_equal(@customer_without_org.id, result['assets']['User'][@customer_without_org.id.to_s]['id']) + assert_equal(@customer_without_org.firstname, result['assets']['User'][@customer_without_org.id.to_s]['firstname']) + assert_equal(@customer_without_org.lastname, result['assets']['User'][@customer_without_org.id.to_s]['lastname']) + + end + end diff --git a/test/controllers/user_controller_test.rb b/test/controllers/user_controller_test.rb new file mode 100644 index 000000000..1ff94a176 --- /dev/null +++ b/test/controllers/user_controller_test.rb @@ -0,0 +1,960 @@ + +require 'test_helper' +require 'rake' + +class UserControllerTest < ActionDispatch::IntegrationTest + setup do + + # set accept header + @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } + + # create agent + roles = Role.where(name: %w[Admin Agent]) + groups = Group.all + + UserInfo.current_user_id = 1 + + @backup_admin = User.create_or_update( + login: 'backup-admin', + firstname: 'Backup', + lastname: 'Agent', + email: 'backup-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + @admin = User.create_or_update( + login: 'rest-admin', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-admin@example.com', + password: 'adminpw', + active: true, + roles: roles, + groups: groups, + ) + + # create agent + roles = Role.where(name: 'Agent') + @agent = User.create_or_update( + login: 'rest-agent@example.com', + firstname: 'Rest', + lastname: 'Agent', + email: 'rest-agent@example.com', + password: 'agentpw', + active: true, + roles: roles, + groups: groups, + ) + + # create customer without org + roles = Role.where(name: 'Customer') + @customer_without_org = User.create_or_update( + login: 'rest-customer1@example.com', + firstname: 'Rest', + lastname: 'Customer1', + email: 'rest-customer1@example.com', + password: 'customer1pw', + active: true, + roles: roles, + ) + + # create orgs + @organization = Organization.create_or_update( + name: 'Rest Org', + ) + @organization2 = Organization.create_or_update( + name: 'Rest Org #2', + ) + @organization3 = Organization.create_or_update( + name: 'Rest Org #3', + ) + + # create customer with org + @customer_with_org = User.create_or_update( + login: 'rest-customer2@example.com', + firstname: 'Rest', + lastname: 'Customer2', + email: 'rest-customer2@example.com', + password: 'customer2pw', + active: true, + roles: roles, + organization_id: @organization.id, + ) + + # configure es + if ENV['ES_URL'].present? + #fail "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'" + Setting.set('es_url', ENV['ES_URL']) + + # Setting.set('es_url', 'http://127.0.0.1:9200') + # Setting.set('es_index', 'estest.local_zammad') + # Setting.set('es_user', 'elasticsearch') + # Setting.set('es_password', 'zammad') + + if ENV['ES_INDEX_RAND'].present? + ENV['ES_INDEX'] = "es_index_#{rand(999_999_999)}" + end + if ENV['ES_INDEX'].blank? + raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'" + end + Setting.set('es_index', ENV['ES_INDEX']) + + travel 1.minute + + # drop/create indexes + Rake::Task.clear + Zammad::Application.load_tasks + #Rake::Task["searchindex:drop"].execute + #Rake::Task["searchindex:create"].execute + Rake::Task['searchindex:rebuild'].execute + + # execute background jobs + Scheduler.worker(true) + + sleep 6 + end + UserInfo.current_user_id = nil + + end + + test 'user create tests - no user' do + + post '/api/v1/signshow', params: {}, headers: @headers + + # create user with disabled feature + Setting.set('user_create_account', false) + token = @response.headers['CSRF-TOKEN'] + + # token based on form + params = { email: 'some_new_customer@example.com', authenticity_token: token } + post '/api/v1/users', params: params.to_json, headers: @headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Feature not enabled!', result['error']) + + # token based on headers + headers = @headers.merge('X-CSRF-Token' => token) + params = { email: 'some_new_customer@example.com' } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Feature not enabled!', result['error']) + + Setting.set('user_create_account', true) + + # no signup param with enabled feature + params = { email: 'some_new_customer@example.com' } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Only signup with not authenticate user possible!', result['error']) + + # already existing user with enabled feature + params = { email: 'rest-customer1@example.com', signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Email address is already used for other user.', result['error']) + + # email missing with enabled feature + params = { firstname: 'some firstname', signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Attribute \'email\' required!', result['error']) + + # email missing with enabled feature + params = { firstname: 'some firstname', signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(422) + result = JSON.parse(@response.body) + assert(result['error']) + assert_equal('Attribute \'email\' required!', result['error']) + + # create user with enabled feature (take customer role) + params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + + assert_equal('Me First', result['firstname']) + assert_equal('Me Last', result['lastname']) + assert_equal('new_here@example.com', result['login']) + assert_equal('new_here@example.com', result['email']) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + + # create user with admin role (not allowed for signup, take customer role) + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + + # create user with agent role (not allowed for signup, take customer role) + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true } + post '/api/v1/users', params: params.to_json, headers: headers + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + + # no user (because of no session) + get '/api/v1/users', params: {}, headers: headers + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + + # me + get '/api/v1/users/me', params: {}, headers: headers + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - not existing user' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw') + + # me + get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - username auth, wrong pw' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing') + + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - email auth, wrong pw' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing') + + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal('authentication failed', result['error']) + end + + test 'auth tests - username auth' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw') + + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + end + + test 'auth tests - email auth' do + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + end + + test 'user index and create with admin' do + + # email auth + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + # me + get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-admin@example.com') + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Array) + assert(result.length >= 3) + + # show/:id + get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-agent@example.com') + + get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer1@example.com') + + # create user with admin role + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert_not(user.role?('Customer')) + assert_equal('new_admin_by_admin@example.com', result['login']) + assert_equal('new_admin_by_admin@example.com', result['email']) + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert(user.role?('Agent')) + assert_not(user.role?('Customer')) + assert_equal('new_agent_by_admin1@example.com', result['login']) + assert_equal('new_agent_by_admin1@example.com', result['email']) + + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert(user.role?('Agent')) + assert_not(user.role?('Customer')) + assert_equal('new_agent_by_admin2@example.com', result['login']) + assert_equal('new_agent_by_admin2@example.com', result['email']) + assert_equal('Agent', result['firstname']) + assert_equal('First', result['lastname']) + + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(422) + result = JSON.parse(@response.body) + assert(result) + assert_equal('Email address is already used for other user.', result['error']) + + # missing required attributes + params = { note: 'some note' } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(422) + result = JSON.parse(@response.body) + assert(result) + assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error']) + + # invalid email + params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(422) + result = JSON.parse(@response.body) + assert(result) + assert_equal('Invalid email', result['error']) + + # with valid attributes + params = { firstname: 'newfirstname123', note: 'some note' } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert(result) + user = User.find(result['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + assert(result['login'].start_with?('auto-')) + assert_equal('', result['email']) + assert_equal('newfirstname123', result['firstname']) + assert_equal('', result['lastname']) + end + + test 'user index and create with agent' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') + + # me + get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-agent@example.com') + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result.class, Array) + assert(result.length >= 3) + + get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + users = User.order(:id).limit(2) + assert_equal(users[0].id, result[0]['id']) + assert_equal(users[1].id, result[1]['id']) + assert_equal(2, result.count) + + get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + users = User.order(:id).limit(4) + assert_equal(users[2].id, result[0]['id']) + assert_equal(users[3].id, result[1]['id']) + assert_equal(2, result.count) + + # create user with admin role + firstname = "First test#{rand(999_999_999)}" + role = Role.lookup(name: 'Admin') + params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result_user1 = JSON.parse(@response.body) + assert(result_user1) + user = User.find(result_user1['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + assert_equal('new_admin_by_agent@example.com', result_user1['login']) + assert_equal('new_admin_by_agent@example.com', result_user1['email']) + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result_user1 = JSON.parse(@response.body) + assert(result_user1) + user = User.find(result_user1['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + assert_equal('new_agent_by_agent@example.com', result_user1['login']) + assert_equal('new_agent_by_agent@example.com', result_user1['email']) + + # create user with customer role + role = Role.lookup(name: 'Customer') + params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result_user1 = JSON.parse(@response.body) + assert(result_user1) + user = User.find(result_user1['id']) + assert_not(user.role?('Admin')) + assert_not(user.role?('Agent')) + assert(user.role?('Customer')) + assert_equal('new_customer_by_agent@example.com', result_user1['login']) + assert_equal('new_customer_by_agent@example.com', result_user1['email']) + + # search as agent + Scheduler.worker(true) + sleep 2 # let es time to come ready + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + + assert_equal(result_user1['id'], result[0]['id']) + assert_equal("Customer#{firstname}", result[0]['firstname']) + assert_equal('Customer Last', result[0]['lastname']) + assert(result[0]['role_ids']) + assert_not(result[0]['roles']) + + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(result_user1['id'], result[0]['id']) + assert_equal("Customer#{firstname}", result[0]['firstname']) + assert_equal('Customer Last', result[0]['lastname']) + assert(result[0]['role_ids']) + assert(result[0]['roles']) + + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(result_user1['id'], result[0]['id']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) + assert_not(result[0]['role_ids']) + assert_not(result[0]['roles']) + + role = Role.find_by(name: 'Agent') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(0, result.count) + + role = Role.find_by(name: 'Customer') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(result_user1['id'], result[0]['id']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) + assert_not(result[0]['role_ids']) + assert_not(result[0]['roles']) + + permission = Permission.find_by(name: 'ticket.agent') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(0, result.count) + + permission = Permission.find_by(name: 'ticket.customer') + get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(result_user1['id'], result[0]['id']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['label']) + assert_equal("Customer#{firstname} Customer Last ", result[0]['value']) + assert_not(result[0]['role_ids']) + assert_not(result[0]['roles']) + end + + test 'user index and create with customer1' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') + + # me + get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-customer1@example.com') + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer1@example.com') + + get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert(result['error']) + + # create user with admin role + role = Role.lookup(name: 'Admin') + params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + + # create user with agent role + role = Role.lookup(name: 'Agent') + params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] } + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + + # search + Scheduler.worker(true) + get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + end + + test 'user index with customer2' do + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') + + # me + get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert(result) + assert_equal(result['email'], 'rest-customer2@example.com') + + # index + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Array) + assert_equal(result.length, 1) + + # show/:id + get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert_equal(result['email'], 'rest-customer2@example.com') + + get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + result = JSON.parse(@response.body) + assert_equal(result.class, Hash) + assert(result['error']) + + # search + Scheduler.worker(true) + get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(401) + end + + test '04.01 users show and response format' do + roles = Role.where(name: 'Customer') + organization = Organization.first + user = User.create!( + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + roles: roles, + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(user.id, result['id']) + assert_equal(user.firstname, result['firstname']) + assert_not(result['organization']) + assert_equal(user.organization_id, result['organization_id']) + assert_not(result['password']) + assert_equal(user.role_ids, result['role_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(user.id, result['id']) + assert_equal(user.firstname, result['firstname']) + assert_equal(user.organization_id, result['organization_id']) + assert_equal(user.organization.name, result['organization']) + assert_equal(user.role_ids, result['role_ids']) + assert_not(result['password']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(user.id, result['id']) + assert_equal(user.firstname, result['firstname']) + assert_not(result['organization']) + assert_equal(user.organization_id, result['organization_id']) + assert_not(result['password']) + assert_equal(user.role_ids, result['role_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(user.id, result['id']) + assert(result['assets']) + assert(result['assets']['User']) + assert(result['assets']['User'][user.id.to_s]) + assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) + assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) + assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) + assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids']) + + get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + assert_equal(user.id, result['id']) + assert_equal(user.firstname, result['firstname']) + assert_not(result['organization']) + assert_equal(user.organization_id, result['organization_id']) + assert_not(result['password']) + assert_equal(user.role_ids, result['role_ids']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + end + + test '04.02 user index and response format' do + roles = Role.where(name: 'Customer') + organization = Organization.first + user = User.create!( + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + roles: roles, + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(user.id, result.last['id']) + assert_equal(user.lastname, result.last['lastname']) + assert_not(result.last['organization']) + assert_equal(user.role_ids, result.last['role_ids']) + assert_equal(user.organization_id, result.last['organization_id']) + assert_not(result.last['password']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(user.id, result.last['id']) + assert_equal(user.lastname, result.last['lastname']) + assert_equal(user.organization_id, result.last['organization_id']) + assert_equal(user.organization.name, result.last['organization']) + assert_not(result.last['password']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(user.id, result.last['id']) + assert_equal(user.lastname, result.last['lastname']) + assert_not(result.last['organization']) + assert_equal(user.role_ids, result.last['role_ids']) + assert_equal(user.organization_id, result.last['organization_id']) + assert_not(result.last['password']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + + get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + + assert_equal(Hash, result.class) + assert_equal(Array, result['record_ids'].class) + assert_equal(1, result['record_ids'][0]) + assert_equal(user.id, result['record_ids'].last) + assert(result['assets']) + assert(result['assets']['User']) + assert(result['assets']['User'][user.id.to_s]) + assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) + assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) + assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id']) + assert_not(result['assets']['User'][user.id.to_s]['password']) + + get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Array, result.class) + assert_equal(Hash, result[0].class) + assert_equal(user.id, result.last['id']) + assert_equal(user.lastname, result.last['lastname']) + assert_not(result.last['organization']) + assert_equal(user.role_ids, result.last['role_ids']) + assert_equal(user.organization_id, result.last['organization_id']) + assert_not(result.last['password']) + assert_equal(@admin.id, result.last['updated_by_id']) + assert_equal(@admin.id, result.last['created_by_id']) + end + + test '04.03 ticket create and response format' do + organization = Organization.first + params = { + firstname: 'newfirstname123', + note: 'some note', + organization: organization.name, + } + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert_equal(user.firstname, result['firstname']) + assert_equal(user.organization_id, result['organization_id']) + assert_not(result['organization']) + assert_not(result['password']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert_equal(user.firstname, result['firstname']) + assert_equal(user.organization_id, result['organization_id']) + assert_equal(user.organization.name, result['organization']) + assert_not(result['password']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(201) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert(result['assets']) + assert(result['assets']['User']) + assert(result['assets']['User'][user.id.to_s]) + assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) + assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname']) + assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) + assert_not(result['assets']['User'][user.id.to_s]['password']) + + assert(result['assets']['User'][@admin.id.to_s]) + assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) + assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) + assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) + assert_not(result['assets']['User'][@admin.id.to_s]['password']) + + end + + test '04.04 ticket update and response formats' do + roles = Role.where(name: 'Customer') + organization = Organization.first + user = User.create!( + login: 'rest-customer3@example.com', + firstname: 'Rest', + lastname: 'Customer3', + email: 'rest-customer3@example.com', + password: 'customer3pw', + active: true, + organization: organization, + roles: roles, + updated_by_id: @admin.id, + created_by_id: @admin.id, + ) + + credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') + + params = { + firstname: 'a update firstname #1', + } + put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert_equal(user.lastname, result['lastname']) + assert_equal(params[:firstname], result['firstname']) + assert_equal(user.organization_id, result['organization_id']) + assert_not(result['organization']) + assert_not(result['password']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params = { + firstname: 'a update firstname #2', + } + put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert_equal(user.lastname, result['lastname']) + assert_equal(params[:firstname], result['firstname']) + assert_equal(user.organization_id, result['organization_id']) + assert_equal(user.organization.name, result['organization']) + assert_not(result['password']) + assert_equal(@admin.id, result['updated_by_id']) + assert_equal(@admin.id, result['created_by_id']) + + params = { + firstname: 'a update firstname #3', + } + put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) + assert_response(200) + result = JSON.parse(@response.body) + assert_equal(Hash, result.class) + + user = User.find(result['id']) + assert(result['assets']) + assert(result['assets']['User']) + assert(result['assets']['User'][user.id.to_s]) + assert_equal(user.id, result['assets']['User'][user.id.to_s]['id']) + assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname']) + assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname']) + assert_not(result['assets']['User'][user.id.to_s]['password']) + + assert(result['assets']['User'][@admin.id.to_s]) + assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id']) + assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname']) + assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname']) + assert_not(result['assets']['User'][@admin.id.to_s]['password']) + + end + +end diff --git a/test/integration/report_test.rb b/test/integration/report_test.rb index b4f300459..7c27b5f85 100644 --- a/test/integration/report_test.rb +++ b/test/integration/report_test.rb @@ -136,8 +136,8 @@ class ReportTest < ActiveSupport::TestCase state: Ticket::State.lookup(name: 'closed'), priority: Ticket::Priority.lookup(name: '2 normal'), close_at: '2015-10-28 11:30:00 UTC', - created_at: '2015-10-28 10:30:00 UTC', - updated_at: '2015-10-28 10:30:00 UTC', + created_at: '2015-10-28 10:30:01 UTC', + updated_at: '2015-10-28 10:30:01 UTC', updated_by_id: 1, created_by_id: 1, ) @@ -151,8 +151,8 @@ class ReportTest < ActiveSupport::TestCase internal: false, sender: Ticket::Article::Sender.where(name: 'Customer').first, type: Ticket::Article::Type.where(name: 'email').first, - created_at: '2015-10-28 10:30:00 UTC', - updated_at: '2015-10-28 10:30:00 UTC', + created_at: '2015-10-28 10:30:01 UTC', + updated_at: '2015-10-28 10:30:01 UTC', updated_by_id: 1, created_by_id: 1, ) @@ -735,12 +735,11 @@ class ReportTest < ActiveSupport::TestCase params: { field: 'created_at' }, ) assert(result) - assert_equal(@ticket7.id, result[:ticket_ids][0].to_i) assert_equal(@ticket6.id, result[:ticket_ids][1].to_i) assert_equal(@ticket5.id, result[:ticket_ids][2].to_i) - assert_equal(@ticket3.id, result[:ticket_ids][3].to_i) - assert_equal(@ticket4.id, result[:ticket_ids][4].to_i) + assert_equal(@ticket4.id, result[:ticket_ids][3].to_i) + assert_equal(@ticket3.id, result[:ticket_ids][4].to_i) assert_equal(@ticket2.id, result[:ticket_ids][5].to_i) assert_equal(@ticket1.id, result[:ticket_ids][6].to_i) assert_nil(result[:ticket_ids][7])