Fix bugs in change ticket department. (#828)

* fix change department in ticket viewer (FE). * fix bug change departmet. (BE) * fix unassigned ticket for any level staff can use it (BE) and add ruby test * fix ticket department change to un assign ticket correctly (BE) and add ruby test * fix an error with author id in ticket viewer * Use get departments for transder in change department params. * Rename test in change department rb.
2020-07-21 11:04:24 -03:00 · 2020-07-21 11:04:24 -03:00 · 03df5725f7
parent 9634fdfeb0
commit 03df5725f7
5 changed files with 219 additions and 15 deletions
--- a/client/src/app-components/ticket-viewer.js
+++ b/client/src/app-components/ticket-viewer.js
@ -393,7 +393,7 @@ class TicketViewer extends React.Component {
    }

    onDepartmentDropdownChanged(event) {
-        AreYouSure.openModal(null, this.changeDepartment.bind(this, event.index));
+        AreYouSure.openModal(null, this.changeDepartment.bind(this, this.getDepartmentsForTransfer()[event.index].id));
    }

    onAssignmentChange(event) {
@ -492,14 +492,20 @@ class TicketViewer extends React.Component {
        });
    }

-    changeDepartment(index) {
+    changeDepartment(departmentId) {
+        const {
+            userId,
+            userDepartments,
+            ticket
+        } = this.props;
+
        return API.call({
            path: '/ticket/change-department',
            data: {
-                ticketNumber: this.props.ticket.ticketNumber,
-                departmentId: this.getDepartmentsForTransfer()[index].id
+                ticketNumber: ticket.ticketNumber,
+                departmentId
            }
-        }).then(this.onTicketModification.bind(this));
+        }).then((_.some(userDepartments, {id: departmentId}) || (userId === (ticket.author.id*1))) ? this.onTicketModification.bind(this) : history.goBack());
    }

    addTag(tag) {
--- a/server/controllers/staff/un-assign-ticket.php
+++ b/server/controllers/staff/un-assign-ticket.php
@ -55,7 +55,7 @@ class UnAssignStaffController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

-        if($owner && ($ticket->isOwner($user) || $user->level > 2)) {
+        if($owner) {
            if(!$ticket->isAuthor($owner)) {
                $owner->sharedTicketList->remove($ticket);
                $owner->store();
--- a/server/controllers/ticket/change-department.php
+++ b/server/controllers/ticket/change-department.php
@ -60,6 +60,14 @@ class ChangeDepartmentController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

+        if($ticket->owner && !$ticket->owner->sharedDepartmentList->includesId($department->id)) {
+            $unAssignTicketController = new UnAssignStaffController($user);
+            $unAssignTicketController->validate();
+            $unAssignTicketController->handler();
+        }
+
+        $ticket = Ticket::getByTicketNumber($ticketNumber);
+
        $event = Ticketevent::getEvent(Ticketevent::DEPARTMENT_CHANGED);
        $event->setProperties(array(
            'authorStaff' => $user,
@ -71,12 +79,6 @@ class ChangeDepartmentController extends Controller {
        $ticket->unread = !$ticket->isAuthor($user);
        $ticket->store();

-        if($ticket->owner && !$ticket->owner->sharedDepartmentList->includesId($department->id)) {
-            $unAssignTicketController = new UnAssignStaffController($ticket->owner);
-            $unAssignTicketController->validate();
-            $unAssignTicketController->handler();
-        }
-
        Log::createLog('DEPARTMENT_CHANGED', $ticket->ticketNumber);

        Response::respondSuccess();
--- a/tests/staff/un-assign-ticket.rb
+++ b/tests/staff/un-assign-ticket.rb
@ -10,6 +10,7 @@ describe '/staff/un-assign-ticket' do

    it 'should unassign ticket if it is the current owner' do
        ticket = $database.getRow('ticket', 1 , 'id')
+
        result = request('/staff/un-assign-ticket', {
            ticketNumber: ticket['ticket_number'],
            csrf_userid: $csrf_userid,
@ -28,8 +29,9 @@ describe '/staff/un-assign-ticket' do
        (staff_ticket).should.equal(nil)
    end

-    it 'should fail if ticket is not yours and you are a staff level 1' do
+    it 'should unassign ticket if you are a staff level 1' do
        $database.query('update staff set level="1" where id="1";')
+
        ticket = $database.getRow('ticket', 1 , 'id')

        Scripts.logout()
@ -40,6 +42,7 @@ describe '/staff/un-assign-ticket' do
          csrf_userid: $csrf_userid,
          csrf_token: $csrf_token
        })
+
        (result['status']).should.equal('success')

        ticket = $database.getRow('ticket', 1 , 'id')
@ -53,15 +56,59 @@ describe '/staff/un-assign-ticket' do
            csrf_token: $csrf_token
        })

-        (result['status']).should.equal('fail')
-        (result['message']).should.equal('NO_PERMISSION')
+        (result['status']).should.equal('success')
+
+        $database.query('update staff set level="3" where id="1";')
+    end
+
+    it 'should unassign ticket if you are a staff level 2' do
+        $database.query('update staff set level="2" where id="1";')
+
+        ticket = $database.getRow('ticket', 1 , 'id')
+
+        Scripts.logout()
+        Scripts.login('ayra2@opensupports.com', 'starkpassword', true)
+
+        result = request('/staff/assign-ticket', {
+          ticketNumber: ticket['ticket_number'],
+          csrf_userid: $csrf_userid,
+          csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 1 , 'id')
+
+        Scripts.logout()
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/un-assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
        $database.query('update staff set level="3" where id="1";')
    end

    it 'should unassign ticket if you are a staff level 3' do
      ticket = $database.getRow('ticket', 1 , 'id')
+
      Scripts.logout()
      Scripts.login($staff[:email], $staff[:password], true)
+
+      result = request('/staff/assign-ticket', {
+        ticketNumber: ticket['ticket_number'],
+        csrf_userid: $csrf_userid,
+        csrf_token: $csrf_token
+      })
+
+      (result['status']).should.equal('success')
+
+      ticket = $database.getRow('ticket', 1 , 'id')
+
      result = request('/staff/un-assign-ticket', {
          ticketNumber: ticket['ticket_number'],
          csrf_userid: $csrf_userid,
--- a/tests/ticket/change-department.rb
+++ b/tests/ticket/change-department.rb
@ -103,4 +103,153 @@ describe '/ticket/change-department' do
            staffId: 1
        })
    end
+    it 'should not unassing ticket if owner has the new ticket department and staff does not have it' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+        (result['status']).should.equal('success')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Jon Snow',
+            email: 'jon_snow@opensupports.com',
+            level: 2,
+            profilePic: '',
+            departments: '[1, 3]'
+        })
+
+        (result['status']).should.equal('success')
+
+        Scripts.createTicket('title of the ticket to change department', 'this is the content of the ticket to change department', 1)
+
+        staffId = $database.getRow('staff','jon_snow@opensupports.com','email')['id']
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/staff/assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            staffId: staffId,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/ticket/change-department', {
+            ticketNumber: ticket['ticket_number'],
+            departmentId: 3,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/staff/un-assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/ticket/delete', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+
+        staff = $database.getRow('staff', 'jon_snow@opensupports.com', 'email')
+        Scripts.deleteStaff(staff['id'])
+    end
+    it 'should unassing ticket if owner has not the new ticket department' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+        (result['status']).should.equal('success')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Oberyn',
+            email: 'Oberyn_martel@opensupports.com',
+            level: 2,
+            profilePic: '',
+            departments: '[1, 2]'
+        })
+
+        (result['status']).should.equal('success')
+
+        Scripts.createTicket('title of the ticket to change department', 'this is the content of the ticket to change department', 1)
+
+        staffId = $database.getRow('staff','Oberyn_martel@opensupports.com','email')['id']
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/staff/assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            staffId: staffId,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/ticket/change-department', {
+            ticketNumber: ticket['ticket_number'],
+            departmentId: 3,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/ticket/delete', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+
+        staff = $database.getRow('staff', 'Oberyn_martel@opensupports.com', 'email')
+
+        Scripts.deleteStaff(staff['id'])
+    end
 end