Fix ticket delete test issues
This commit is contained in:
Ivan Diaz
parent
11c4401bfc
commit
099dd5a5a0
|
|
@ -42,11 +42,17 @@ class DeleteController extends Controller {
|
||||||
public function handler() {
|
public function handler() {
|
||||||
$user = Controller::getLoggedUser();
|
$user = Controller::getLoggedUser();
|
||||||
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
|
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
|
||||||
|
$ticketAuthor = $ticket->authorToArray();
|
||||||
|
|
||||||
if(Controller::isStaffLogged() && ($user->level < 3 || $ticket->owner)) {
|
if($ticket->owner) {
|
||||||
throw new Exception(ERRORS::NO_PERMISSION);
|
throw new Exception(ERRORS::NO_PERMISSION);
|
||||||
}
|
}
|
||||||
if(!Controller::isStaffLogged() && (($user->email !== $ticket->author->email) || $ticket->owner) ) {
|
|
||||||
|
if(Controller::isStaffLogged() && $user->level < 3) {
|
||||||
|
throw new Exception(ERRORS::NO_PERMISSION);
|
||||||
|
}
|
||||||
|
|
||||||
|
if(!Controller::isStaffLogged() && ($user->email !== $ticketAuthor['email'] || $ticketAuthor['staff'])) {
|
||||||
throw new Exception(ERRORS::NO_PERMISSION);
|
throw new Exception(ERRORS::NO_PERMISSION);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -35,10 +35,11 @@ class Scripts
|
||||||
raise response['message']
|
raise response['message']
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
def self.deleteStaff(staffid)
|
def self.deleteStaff(staffId)
|
||||||
|
|
||||||
response = request('/staff/delete', {
|
response = request('/staff/delete', {
|
||||||
:staffId => staffid
|
staffId: staffId,
|
||||||
|
csrf_userid: $csrf_userid,
|
||||||
|
csrf_token: $csrf_token
|
||||||
})
|
})
|
||||||
|
|
||||||
if response['status'] === 'fail'
|
if response['status'] === 'fail'
|
||||||
|
|
|
||||||
|
|
@ -31,10 +31,12 @@ describe '/staff/assign-ticket' do
|
||||||
(staff_ticket['ticket_id']).should.equal('1')
|
(staff_ticket['ticket_id']).should.equal('1')
|
||||||
end
|
end
|
||||||
it 'should assign ticket if a staff choose another to assing a ticket ' do
|
it 'should assign ticket if a staff choose another to assing a ticket ' do
|
||||||
|
staffId = $database.getRow('staff','ayra2@opensupports.com','email')['id']
|
||||||
|
|
||||||
ticket = $database.getRow('ticket', 3 , 'id')
|
ticket = $database.getRow('ticket', 3 , 'id')
|
||||||
result = request('/staff/assign-ticket', {
|
result = request('/staff/assign-ticket', {
|
||||||
ticketNumber: ticket['ticket_number'],
|
ticketNumber: ticket['ticket_number'],
|
||||||
staffId:4,
|
staffId: staffId,
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token
|
csrf_token: $csrf_token
|
||||||
})
|
})
|
||||||
|
|
@ -42,10 +44,9 @@ describe '/staff/assign-ticket' do
|
||||||
|
|
||||||
ticket = $database.getRow('ticket', 3 , 'id')
|
ticket = $database.getRow('ticket', 3 , 'id')
|
||||||
|
|
||||||
(ticket['owner_id']).should.equal('4')
|
(ticket['owner_id']).should.equal(staffId)
|
||||||
|
|
||||||
(ticket['unread']).should.equal('1')
|
(ticket['unread']).should.equal('1')
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should fail if ticket is already owned' do
|
it 'should fail if ticket is already owned' do
|
||||||
|
|
|
||||||
|
|
@ -1,28 +1,30 @@
|
||||||
describe'/staff/delete' do
|
describe'/staff/delete' do
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
|
@staffId = $database.getRow('staff','littlelannister@opensupports.com','email')['id']
|
||||||
|
|
||||||
it 'should delete staff member' do
|
it 'should delete staff member' do
|
||||||
result= request('/staff/delete', {
|
result= request('/staff/delete', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token,
|
csrf_token: $csrf_token,
|
||||||
staffId: 3
|
staffId: @staffId
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('success')
|
(result['status']).should.equal('success')
|
||||||
|
|
||||||
row = $database.getRow('staff', 3, 'id')
|
row = $database.getRow('staff', @staffId, 'id')
|
||||||
(row).should.equal(nil)
|
(row).should.equal(nil)
|
||||||
|
|
||||||
row = $database.getRow('department', 1, 'id')
|
row = $database.getRow('department', 1, 'id')
|
||||||
(row['owners']).should.equal('3')
|
(row['owners']).should.equal('3')
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should fail delete if staff member is does not exist' do
|
it 'should fail delete if staff member is does not exist' do
|
||||||
result= request('/staff/delete', {
|
result = request('/staff/delete', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token,
|
csrf_token: $csrf_token,
|
||||||
staffId: 3
|
staffId: @staffId
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('fail')
|
(result['status']).should.equal('fail')
|
||||||
|
|
|
||||||
|
|
@ -3,23 +3,24 @@ describe'/staff/edit' do
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
|
|
||||||
it 'should edit another staff member' do
|
it 'should edit another staff member' do
|
||||||
|
staffId = $database.getRow('staff','tyrion@opensupports.com','email')['id']
|
||||||
result= request('/staff/edit', {
|
result= request('/staff/edit', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token,
|
csrf_token: $csrf_token,
|
||||||
email: 'LittleLannister@opensupports.com',
|
email: 'LittleLannister@opensupports.com',
|
||||||
level: 1,
|
level: 1,
|
||||||
departments: '[1, 2]',
|
departments: '[1, 2]',
|
||||||
staffId: 3
|
staffId: staffId
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('success')
|
(result['status']).should.equal('success')
|
||||||
|
|
||||||
row = $database.getRow('staff', 3, 'id')
|
row = $database.getRow('staff', staffId, 'id')
|
||||||
|
|
||||||
(row['email']).should.equal('littlelannister@opensupports.com')
|
(row['email']).should.equal('littlelannister@opensupports.com')
|
||||||
(row['level']).should.equal('1')
|
(row['level']).should.equal('1')
|
||||||
|
|
||||||
rows = $database.getRow('department_staff', 3, 'staff_id')
|
rows = $database.getRow('department_staff', staffId, 'staff_id')
|
||||||
|
|
||||||
(rows['department_id']).should.equal('1')
|
(rows['department_id']).should.equal('1')
|
||||||
|
|
||||||
|
|
@ -28,7 +29,6 @@ describe'/staff/edit' do
|
||||||
|
|
||||||
row = $database.getRow('department', 2, 'id')
|
row = $database.getRow('department', 2, 'id')
|
||||||
(row['owners']).should.equal('2')
|
(row['owners']).should.equal('2')
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should edit staff member ' do
|
it 'should edit staff member ' do
|
||||||
|
|
@ -43,7 +43,7 @@ describe'/staff/edit' do
|
||||||
departments: '[1]'
|
departments: '[1]'
|
||||||
})
|
})
|
||||||
|
|
||||||
row = $database.getRow('staff', 'Arya Stark', 'name')
|
row = $database.getRow('staff', 'arya@opensupports.com', 'email')
|
||||||
|
|
||||||
result = request('/staff/edit', {
|
result = request('/staff/edit', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
|
|
|
||||||
|
|
@ -3,14 +3,12 @@ describe '/staff/get-new-tickets' do
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
|
|
||||||
it 'should get news tickets' do
|
it 'should get news tickets' do
|
||||||
|
|
||||||
result = request('/staff/get-new-tickets', {
|
result = request('/staff/get-new-tickets', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token
|
csrf_token: $csrf_token
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('success')
|
(result['status']).should.equal('success')
|
||||||
(result['data'].size).should.equal(11)
|
(result['data'].size).should.equal(9)
|
||||||
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -16,10 +16,11 @@ describe '/staff/get/' do
|
||||||
(result['data']['sendEmailOnNewTicket']).should.equal('1')
|
(result['data']['sendEmailOnNewTicket']).should.equal('1')
|
||||||
end
|
end
|
||||||
it 'should return staff member data with staff Id' do
|
it 'should return staff member data with staff Id' do
|
||||||
|
staff = $database.getRow('staff','tyrion@opensupports.com','email')
|
||||||
result = request('/staff/get', {
|
result = request('/staff/get', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token,
|
csrf_token: $csrf_token,
|
||||||
staffId: 3
|
staffId: staff['id']
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('success')
|
(result['status']).should.equal('success')
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,7 @@ describe'system/disable-user-system' do
|
||||||
|
|
||||||
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
|
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
|
||||||
|
|
||||||
(numberOftickets.num_rows).should.equal(41)
|
(numberOftickets.num_rows).should.equal(40)
|
||||||
|
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
|
|
||||||
|
|
@ -127,7 +127,7 @@ describe'system/disable-user-system' do
|
||||||
|
|
||||||
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
|
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
|
||||||
|
|
||||||
(numberOftickets.num_rows).should.equal(42)
|
(numberOftickets.num_rows).should.equal(41)
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,52 +1,46 @@
|
||||||
describe '/ticket/delete' do
|
describe '/ticket/delete' do
|
||||||
|
|
||||||
|
it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
Scripts.createTicket('tickettodelete')
|
Scripts.createTicket('ticket_to_delete')
|
||||||
Scripts.createTicket('tickettodelete4')
|
ticket = $database.getRow('ticket', 'ticket_to_delete', 'title')
|
||||||
|
|
||||||
# it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do
|
request('/staff/add', {
|
||||||
#
|
csrf_userid: $csrf_userid,
|
||||||
#
|
csrf_token: $csrf_token,
|
||||||
# ticket = $database.getRow('ticket', 'tickettodelete', 'title')
|
name: 'Ned Stark',
|
||||||
#
|
password: 'headless',
|
||||||
# request('/staff/add', {
|
email: 'ned@opensupports.com',
|
||||||
# csrf_userid: $csrf_userid,
|
level: 3,
|
||||||
# csrf_token: $csrf_token,
|
profilePic: '',
|
||||||
# name: 'Ned Stark',
|
departments: '[1]'
|
||||||
# password: 'headless',
|
})
|
||||||
# email: 'ned@opensupports.com',
|
|
||||||
# level: 3,
|
|
||||||
# profilePic: '',
|
|
||||||
# departments: '[1]'
|
|
||||||
# })
|
|
||||||
#
|
|
||||||
# request('/user/logout')
|
|
||||||
#
|
|
||||||
# Scripts.login('ned@opensupports.com', 'headless', true)
|
|
||||||
#
|
|
||||||
# result = request('/ticket/delete', {
|
|
||||||
# ticketNumber: ticket['ticket_number'],
|
|
||||||
# csrf_userid: $csrf_userid,
|
|
||||||
# csrf_token: $csrf_token
|
|
||||||
# })
|
|
||||||
#
|
|
||||||
# (result['status']).should.equal('success')
|
|
||||||
# end
|
|
||||||
|
|
||||||
it 'should delete ticket if it is yours and it is not assigned' do
|
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter')
|
Scripts.login('ned@opensupports.com', 'headless', true)
|
||||||
Scripts.login('deleter@opensupports.com', 'deleterpassword')
|
|
||||||
|
|
||||||
Scripts.createTicket('tickettodelete2')
|
|
||||||
ticket = $database.getRow('ticket', 'tickettodelete2', 'title');
|
|
||||||
|
|
||||||
result = request('/ticket/delete', {
|
result = request('/ticket/delete', {
|
||||||
ticketNumber: ticket['ticket_number'],
|
ticketNumber: ticket['ticket_number'],
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
csrf_token: $csrf_token
|
csrf_token: $csrf_token
|
||||||
})
|
})
|
||||||
puts result
|
|
||||||
|
(result['status']).should.equal('success')
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should delete ticket if it is yours and it is not assigned' do
|
||||||
|
request('/user/logout')
|
||||||
|
Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter')
|
||||||
|
Scripts.login('deleter@opensupports.com', 'deleterpassword')
|
||||||
|
|
||||||
|
Scripts.createTicket('ticket_to_delete_2')
|
||||||
|
ticket = $database.getRow('ticket', 'ticket_to_delete_2', 'title');
|
||||||
|
result = request('/ticket/delete', {
|
||||||
|
ticketNumber: ticket['ticket_number'],
|
||||||
|
csrf_userid: $csrf_userid,
|
||||||
|
csrf_token: $csrf_token
|
||||||
|
})
|
||||||
(result['status']).should.equal('success')
|
(result['status']).should.equal('success')
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
@ -54,8 +48,8 @@ describe '/ticket/delete' do
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.login('deleter@opensupports.com', 'deleterpassword')
|
Scripts.login('deleter@opensupports.com', 'deleterpassword')
|
||||||
|
|
||||||
Scripts.createTicket('tickettodelete3')
|
Scripts.createTicket('ticket_to_delete_3')
|
||||||
ticket = $database.getRow('ticket', 'tickettodelete3', 'title');
|
ticket = $database.getRow('ticket', 'ticket_to_delete_3', 'title');
|
||||||
|
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
|
|
@ -76,14 +70,15 @@ describe '/ticket/delete' do
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('fail')
|
(result['status']).should.equal('fail')
|
||||||
|
(result['message']).should.equal('NO_PERMISSION')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'should not delete ticket if the staff logged is not lvl 3' do
|
it 'should not delete ticket if the staff logged is not lvl 3' do
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
|
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
|
Scripts.createTicket('ticket_to_delete_4')
|
||||||
|
|
||||||
ticket = $database.getRow('ticket', 'tickettodelete4', 'title');
|
ticket = $database.getRow('ticket', 'ticket_to_delete_4', 'title');
|
||||||
|
|
||||||
request('/staff/add', {
|
request('/staff/add', {
|
||||||
csrf_userid: $csrf_userid,
|
csrf_userid: $csrf_userid,
|
||||||
|
|
@ -106,15 +101,14 @@ describe '/ticket/delete' do
|
||||||
})
|
})
|
||||||
|
|
||||||
(result['status']).should.equal('fail')
|
(result['status']).should.equal('fail')
|
||||||
|
(result['message']).should.equal('NO_PERMISSION')
|
||||||
end
|
|
||||||
|
|
||||||
request('/user/logout')
|
request('/user/logout')
|
||||||
Scripts.login($staff[:email], $staff[:password], true)
|
Scripts.login($staff[:email], $staff[:password], true)
|
||||||
staff = $database.getRow('staff', 'headless', 'password')
|
staff = $database.getRow('staff', 'ned@opensupports.com', 'email')
|
||||||
Scripts.deleteStaff(staff['id'])
|
Scripts.deleteStaff(staff['id'])
|
||||||
|
|
||||||
staff = $database.getRow('staff', 'theyaregonnafireme', 'password')
|
staff = $database.getRow('staff', 'uselessstaff@opensupports.com', 'email')
|
||||||
Scripts.deleteStaff(staff['id'])
|
Scripts.deleteStaff(staff['id'])
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue