trabajo-afectivo/spec/policies/ticket_policy_spec.rb

# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

describe TicketPolicy do
  subject { described_class.new(user, record) }

  let(:record) { create(:ticket) }

  context 'when given ticket’s owner' do
    let(:user) { record.owner }

    it { is_expected.to forbid_actions(%i[show full]) }

    context 'when owner has ticket.agent permission' do

      let(:user) do
        create(:agent, groups: [record.group]).tap do |user|
          record.update!(owner: user)
        end
      end

      it { is_expected.to permit_actions(%i[show full]) }
    end
  end

  context 'when given user that is agent and customer' do
    let(:user) { create(:agent_and_customer, groups: [record.group]) }

    it { is_expected.to permit_actions(%i[show full]) }
  end

  context 'when given a user that is neither owner nor customer' do
    let(:user) { create(:agent) }

    it { is_expected.to forbid_actions(%i[show full]) }

    context 'but the user is an agent with full access to ticket’s group' do
      before { user.group_names_access_map = { record.group.name => 'full' } }

      it { is_expected.to permit_actions(%i[show full]) }
    end

    context 'but the user is a customer from the same organization as ticket’s customer' do
      let(:record) { create(:ticket, customer: customer) }
      let(:customer) { create(:customer, organization: create(:organization)) }
      let(:user) { create(:customer, organization: customer.organization) }

      context 'and organization.shared is true (default)' do

        it { is_expected.to permit_actions(%i[show full]) }
      end

      context 'but organization.shared is false' do
        before { customer.organization.update(shared: false) }

        it { is_expected.to forbid_actions(%i[show full]) }
      end
    end

    context 'when user is admin with group access' do
      let(:user) { create(:user, roles: Role.where(name: %w[Admin])) }

      it { is_expected.to forbid_actions(%i[show full]) }
    end
  end

  context 'when user is agent' do

    context 'when owner has ticket.agent permission' do

      let(:user) do
        create(:agent, groups: [record.group]).tap do |user|
          record.update!(owner: user)
        end
      end

      it { is_expected.to permit_actions(%i[show full]) }
    end

  end
end