159 lines
7 KiB
Ruby
159 lines
7 KiB
Ruby
# Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe 'Ticket Article Attachments', type: :request, authenticated_as: -> { agent } do
|
|
|
|
let(:group) { create(:group) }
|
|
|
|
let(:agent) do
|
|
create(:agent, groups: [Group.lookup(name: 'Users'), group])
|
|
end
|
|
|
|
describe 'request handling' do
|
|
context 'with attachment urls' do
|
|
let(:ticket1) { create(:ticket, group: group) }
|
|
let(:article1) { create(:ticket_article, ticket: ticket1) }
|
|
let(:ticket2) { create(:ticket, group: group) }
|
|
let(:article2) { create(:ticket_article, ticket: ticket2) }
|
|
|
|
let(:store_file_content_type) { 'text/plain' }
|
|
let!(:store_file) do
|
|
Store.add(
|
|
object: 'Ticket::Article',
|
|
o_id: article1.id,
|
|
data: 'some content',
|
|
filename: 'some_file.txt',
|
|
preferences: {
|
|
'Content-Type' => store_file_content_type,
|
|
},
|
|
created_by_id: 1,
|
|
)
|
|
end
|
|
|
|
context 'with one article attachment' do
|
|
it 'does test different attachment urls' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:ok)
|
|
expect('some content').to eq(response.body)
|
|
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:forbidden)
|
|
expect(response.body).to match(%r{403: Forbidden})
|
|
end
|
|
end
|
|
|
|
context 'with attachment from merged ticket' do
|
|
before do
|
|
ticket1.merge_to(
|
|
ticket_id: ticket2.id,
|
|
user_id: 1,
|
|
)
|
|
end
|
|
|
|
it 'does test attachment url after ticket merge' do
|
|
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article1.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:ok)
|
|
expect('some content').to eq(response.body)
|
|
|
|
get "/api/v1/ticket_attachment/#{ticket2.id}/#{article2.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:forbidden)
|
|
expect(response.body).to match(%r{403: Forbidden})
|
|
|
|
# allow access via merged ticket id also
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:ok)
|
|
expect('some content').to eq(response.body)
|
|
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article2.id}/#{store_file.id}", params: {}
|
|
expect(response).to have_http_status(:forbidden)
|
|
expect(response.body).to match(%r{403: Forbidden})
|
|
end
|
|
end
|
|
|
|
context 'with different file content types' do
|
|
context 'without allowed inline file content type' do
|
|
it 'disposition can not be inline' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
|
|
expect(response.headers['Content-Disposition']).to include('attachment')
|
|
end
|
|
|
|
it 'content-type is correct' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
|
|
expect(response.headers['Content-Type']).to include('text/plain')
|
|
end
|
|
end
|
|
|
|
context 'with binary file content type' do
|
|
let(:store_file_content_type) { 'image/svg+xml' }
|
|
|
|
it 'disposition can not be inline' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
|
|
expect(response.headers['Content-Disposition']).to include('attachment')
|
|
end
|
|
|
|
it 'content-type was forced to active storage binary content type' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
|
|
expect(response.headers['Content-Type']).to include('application/octet-stream')
|
|
end
|
|
end
|
|
|
|
context 'with allowed inline file content type' do
|
|
let(:store_file_content_type) { 'application/pdf' }
|
|
|
|
it 'disposition is inline' do
|
|
get "/api/v1/ticket_attachment/#{ticket1.id}/#{article1.id}/#{store_file.id}?disposition=inline", params: {}
|
|
expect(response.headers['Content-Disposition']).to include('inline')
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'when attachment actions are used' do
|
|
it 'does test attachments for split' do
|
|
email_file_path = Rails.root.join('test/data/mail/mail024.box')
|
|
email_raw_string = File.read(email_file_path)
|
|
ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
|
|
|
|
get '/api/v1/ticket_split', params: { form_id: '1234-2', ticket_id: ticket_p.id, article_id: article_p.id }, as: :json
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json_response['assets']).to be_truthy
|
|
expect(json_response['attachments']).to be_a_kind_of(Array)
|
|
expect(json_response['attachments'].count).to eq(1)
|
|
expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
|
|
|
|
end
|
|
|
|
it 'does test attachments for forward' do
|
|
email_file_path = Rails.root.join('test/data/mail/mail008.box')
|
|
email_raw_string = File.read(email_file_path)
|
|
_ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
|
|
|
|
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: {}, as: :json
|
|
expect(response).to have_http_status(:unprocessable_entity)
|
|
expect(json_response).to be_a_kind_of(Hash)
|
|
expect(json_response['error']).to eq("Need 'form_id' to add attachments to new form.")
|
|
|
|
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-1' }, as: :json
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json_response['attachments']).to be_a_kind_of(Array)
|
|
expect(json_response['attachments']).to be_blank
|
|
|
|
email_file_path = Rails.root.join('test/data/mail/mail024.box')
|
|
email_raw_string = File.read(email_file_path)
|
|
_ticket_p, article_p, _user_p = Channel::EmailParser.new.process({}, email_raw_string)
|
|
|
|
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json_response['attachments']).to be_a_kind_of(Array)
|
|
expect(json_response['attachments'].count).to eq(1)
|
|
expect(json_response['attachments'][0]['filename']).to eq('rulesets-report.csv')
|
|
|
|
post "/api/v1/ticket_attachment_upload_clone_by_article/#{article_p.id}", params: { form_id: '1234-2' }, as: :json
|
|
expect(response).to have_http_status(:ok)
|
|
expect(json_response['attachments']).to be_a_kind_of(Array)
|
|
expect(json_response['attachments']).to be_blank
|
|
end
|
|
end
|
|
end
|
|
end
|