Fix bugs in change ticket department. (#828)

* fix change department in ticket viewer (FE).

* fix bug change departmet. (BE)

* fix unassigned ticket for any level staff can use it (BE) and add ruby test

* fix ticket department change to un assign ticket correctly (BE) and add ruby test

* fix an error with author id in ticket viewer

* Use get departments for transder in change department params.

* Rename test in change department rb.

client/src/app-components/ticket-viewer.js

@@ -393,7 +393,7 @@ class TicketViewer extends React.Component {
     }
 
     onDepartmentDropdownChanged(event) {
-        AreYouSure.openModal(null, this.changeDepartment.bind(this, event.index));
+        AreYouSure.openModal(null, this.changeDepartment.bind(this, this.getDepartmentsForTransfer()[event.index].id));
     }
 
     onAssignmentChange(event) {
@@ -492,14 +492,20 @@ class TicketViewer extends React.Component {
         });
     }
 
-    changeDepartment(index) {
+    changeDepartment(departmentId) {
+        const {
+            userId,
+            userDepartments,
+            ticket
+        } = this.props;
+
         return API.call({
             path: '/ticket/change-department',
             data: {
-                ticketNumber: this.props.ticket.ticketNumber,
+                ticketNumber: ticket.ticketNumber,
-                departmentId: this.getDepartmentsForTransfer()[index].id
+                departmentId
             }
-        }).then(this.onTicketModification.bind(this));
+        }).then((_.some(userDepartments, {id: departmentId}) || (userId === (ticket.author.id*1))) ? this.onTicketModification.bind(this) : history.goBack());
     }
 
     addTag(tag) {

server/controllers/staff/un-assign-ticket.php

@@ -55,7 +55,7 @@ class UnAssignStaffController extends Controller {
             throw new RequestException(ERRORS::NO_PERMISSION);
         }
 
-        if($owner && ($ticket->isOwner($user) || $user->level > 2)) {
+        if($owner) {
             if(!$ticket->isAuthor($owner)) {
                 $owner->sharedTicketList->remove($ticket);
                 $owner->store();

server/controllers/ticket/change-department.php

@@ -60,6 +60,14 @@ class ChangeDepartmentController extends Controller {
             throw new RequestException(ERRORS::NO_PERMISSION);
         }
 
+        if($ticket->owner && !$ticket->owner->sharedDepartmentList->includesId($department->id)) {
+            $unAssignTicketController = new UnAssignStaffController($user);
+            $unAssignTicketController->validate();
+            $unAssignTicketController->handler();
+        }
+
+        $ticket = Ticket::getByTicketNumber($ticketNumber);
+
         $event = Ticketevent::getEvent(Ticketevent::DEPARTMENT_CHANGED);
         $event->setProperties(array(
             'authorStaff' => $user,
@@ -71,12 +79,6 @@ class ChangeDepartmentController extends Controller {
         $ticket->unread = !$ticket->isAuthor($user);
         $ticket->store();
 
-        if($ticket->owner && !$ticket->owner->sharedDepartmentList->includesId($department->id)) {
-            $unAssignTicketController = new UnAssignStaffController($ticket->owner);
-            $unAssignTicketController->validate();
-            $unAssignTicketController->handler();
-        }
-
         Log::createLog('DEPARTMENT_CHANGED', $ticket->ticketNumber);
 
         Response::respondSuccess();

tests/staff/un-assign-ticket.rb

@@ -10,6 +10,7 @@ describe '/staff/un-assign-ticket' do
 
     it 'should unassign ticket if it is the current owner' do
         ticket = $database.getRow('ticket', 1 , 'id')
+
         result = request('/staff/un-assign-ticket', {
             ticketNumber: ticket['ticket_number'],
             csrf_userid: $csrf_userid,
@@ -28,8 +29,9 @@ describe '/staff/un-assign-ticket' do
         (staff_ticket).should.equal(nil)
     end
 
-    it 'should fail if ticket is not yours and you are a staff level 1' do
+    it 'should unassign ticket if you are a staff level 1' do
         $database.query('update staff set level="1" where id="1";')
+
         ticket = $database.getRow('ticket', 1 , 'id')
 
         Scripts.logout()
@@ -40,6 +42,7 @@ describe '/staff/un-assign-ticket' do
           csrf_userid: $csrf_userid,
           csrf_token: $csrf_token
         })
+
         (result['status']).should.equal('success')
 
         ticket = $database.getRow('ticket', 1 , 'id')
@@ -53,15 +56,59 @@ describe '/staff/un-assign-ticket' do
             csrf_token: $csrf_token
         })
 
-        (result['status']).should.equal('fail')
+        (result['status']).should.equal('success')
-        (result['message']).should.equal('NO_PERMISSION')
+
+        $database.query('update staff set level="3" where id="1";')
+    end
+
+    it 'should unassign ticket if you are a staff level 2' do
+        $database.query('update staff set level="2" where id="1";')
+
+        ticket = $database.getRow('ticket', 1 , 'id')
+
+        Scripts.logout()
+        Scripts.login('ayra2@opensupports.com', 'starkpassword', true)
+
+        result = request('/staff/assign-ticket', {
+          ticketNumber: ticket['ticket_number'],
+          csrf_userid: $csrf_userid,
+          csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 1 , 'id')
+
+        Scripts.logout()
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/un-assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
         $database.query('update staff set level="3" where id="1";')
     end
 
     it 'should unassign ticket if you are a staff level 3' do
       ticket = $database.getRow('ticket', 1 , 'id')
+
       Scripts.logout()
       Scripts.login($staff[:email], $staff[:password], true)
+
+      result = request('/staff/assign-ticket', {
+        ticketNumber: ticket['ticket_number'],
+        csrf_userid: $csrf_userid,
+        csrf_token: $csrf_token
+      })
+
+      (result['status']).should.equal('success')
+
+      ticket = $database.getRow('ticket', 1 , 'id')
+
       result = request('/staff/un-assign-ticket', {
           ticketNumber: ticket['ticket_number'],
           csrf_userid: $csrf_userid,

tests/ticket/change-department.rb

@@ -103,4 +103,153 @@ describe '/ticket/change-department' do
             staffId: 1
         })
     end
+    it 'should not unassing ticket if owner has the new ticket department and staff does not have it' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+        (result['status']).should.equal('success')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Jon Snow',
+            email: 'jon_snow@opensupports.com',
+            level: 2,
+            profilePic: '',
+            departments: '[1, 3]'
+        })
+
+        (result['status']).should.equal('success')
+
+        Scripts.createTicket('title of the ticket to change department', 'this is the content of the ticket to change department', 1)
+
+        staffId = $database.getRow('staff','jon_snow@opensupports.com','email')['id']
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/staff/assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            staffId: staffId,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/ticket/change-department', {
+            ticketNumber: ticket['ticket_number'],
+            departmentId: 3,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/staff/un-assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/ticket/delete', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+
+        staff = $database.getRow('staff', 'jon_snow@opensupports.com', 'email')
+        Scripts.deleteStaff(staff['id'])
+    end
+    it 'should unassing ticket if owner has not the new ticket department' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        result = request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+        (result['status']).should.equal('success')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Oberyn',
+            email: 'Oberyn_martel@opensupports.com',
+            level: 2,
+            profilePic: '',
+            departments: '[1, 2]'
+        })
+
+        (result['status']).should.equal('success')
+
+        Scripts.createTicket('title of the ticket to change department', 'this is the content of the ticket to change department', 1)
+
+        staffId = $database.getRow('staff','Oberyn_martel@opensupports.com','email')['id']
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/staff/assign-ticket', {
+            ticketNumber: ticket['ticket_number'],
+            staffId: staffId,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(staffId)
+
+        result = request('/ticket/change-department', {
+            ticketNumber: ticket['ticket_number'],
+            departmentId: 3,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'title of the ticket to change department', 'title')
+
+        (ticket['owner_id']).should.equal(nil)
+
+        result = request('/ticket/delete', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+
+        staff = $database.getRow('staff', 'Oberyn_martel@opensupports.com', 'email')
+
+        Scripts.deleteStaff(staff['id'])
+    end
 end