Fix ticket delete test issues

This commit is contained in:
Ivan Diaz 2018-10-29 19:32:03 -03:00
parent 11c4401bfc
commit 099dd5a5a0
9 changed files with 78 additions and 75 deletions

View File

@ -42,11 +42,17 @@ class DeleteController extends Controller {
public function handler() {
$user = Controller::getLoggedUser();
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
$ticketAuthor = $ticket->authorToArray();
if(Controller::isStaffLogged() && ($user->level < 3 || $ticket->owner)) {
if($ticket->owner) {
throw new Exception(ERRORS::NO_PERMISSION);
}
if(!Controller::isStaffLogged() && (($user->email !== $ticket->author->email) || $ticket->owner) ) {
if(Controller::isStaffLogged() && $user->level < 3) {
throw new Exception(ERRORS::NO_PERMISSION);
}
if(!Controller::isStaffLogged() && ($user->email !== $ticketAuthor['email'] || $ticketAuthor['staff'])) {
throw new Exception(ERRORS::NO_PERMISSION);
}

View File

@ -35,10 +35,11 @@ class Scripts
raise response['message']
end
end
def self.deleteStaff(staffid)
def self.deleteStaff(staffId)
response = request('/staff/delete', {
:staffId => staffid
staffId: staffId,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
if response['status'] === 'fail'

View File

@ -31,10 +31,12 @@ describe '/staff/assign-ticket' do
(staff_ticket['ticket_id']).should.equal('1')
end
it 'should assign ticket if a staff choose another to assing a ticket ' do
staffId = $database.getRow('staff','ayra2@opensupports.com','email')['id']
ticket = $database.getRow('ticket', 3 , 'id')
result = request('/staff/assign-ticket', {
ticketNumber: ticket['ticket_number'],
staffId:4,
staffId: staffId,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
@ -42,10 +44,9 @@ describe '/staff/assign-ticket' do
ticket = $database.getRow('ticket', 3 , 'id')
(ticket['owner_id']).should.equal('4')
(ticket['owner_id']).should.equal(staffId)
(ticket['unread']).should.equal('1')
end
it 'should fail if ticket is already owned' do

View File

@ -1,28 +1,30 @@
describe'/staff/delete' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
@staffId = $database.getRow('staff','littlelannister@opensupports.com','email')['id']
it 'should delete staff member' do
result= request('/staff/delete', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
staffId: 3
staffId: @staffId
})
(result['status']).should.equal('success')
row = $database.getRow('staff', 3, 'id')
row = $database.getRow('staff', @staffId, 'id')
(row).should.equal(nil)
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
end
it 'should fail delete if staff member is does not exist' do
result = request('/staff/delete', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
staffId: 3
staffId: @staffId
})
(result['status']).should.equal('fail')

View File

@ -3,23 +3,24 @@ describe'/staff/edit' do
Scripts.login($staff[:email], $staff[:password], true)
it 'should edit another staff member' do
staffId = $database.getRow('staff','tyrion@opensupports.com','email')['id']
result= request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
email: 'LittleLannister@opensupports.com',
level: 1,
departments: '[1, 2]',
staffId: 3
staffId: staffId
})
(result['status']).should.equal('success')
row = $database.getRow('staff', 3, 'id')
row = $database.getRow('staff', staffId, 'id')
(row['email']).should.equal('littlelannister@opensupports.com')
(row['level']).should.equal('1')
rows = $database.getRow('department_staff', 3, 'staff_id')
rows = $database.getRow('department_staff', staffId, 'staff_id')
(rows['department_id']).should.equal('1')
@ -28,7 +29,6 @@ describe'/staff/edit' do
row = $database.getRow('department', 2, 'id')
(row['owners']).should.equal('2')
end
it 'should edit staff member ' do
@ -43,7 +43,7 @@ describe'/staff/edit' do
departments: '[1]'
})
row = $database.getRow('staff', 'Arya Stark', 'name')
row = $database.getRow('staff', 'arya@opensupports.com', 'email')
result = request('/staff/edit', {
csrf_userid: $csrf_userid,

View File

@ -3,14 +3,12 @@ describe '/staff/get-new-tickets' do
Scripts.login($staff[:email], $staff[:password], true)
it 'should get news tickets' do
result = request('/staff/get-new-tickets', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
(result['data'].size).should.equal(11)
(result['data'].size).should.equal(9)
end
end

View File

@ -16,10 +16,11 @@ describe '/staff/get/' do
(result['data']['sendEmailOnNewTicket']).should.equal('1')
end
it 'should return staff member data with staff Id' do
staff = $database.getRow('staff','tyrion@opensupports.com','email')
result = request('/staff/get', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
staffId: 3
staffId: staff['id']
})
(result['status']).should.equal('success')

View File

@ -19,7 +19,7 @@ describe'system/disable-user-system' do
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL")
(numberOftickets.num_rows).should.equal(41)
(numberOftickets.num_rows).should.equal(40)
request('/user/logout')
@ -127,7 +127,7 @@ describe'system/disable-user-system' do
numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" )
(numberOftickets.num_rows).should.equal(42)
(numberOftickets.num_rows).should.equal(41)
end

View File

@ -1,52 +1,46 @@
describe '/ticket/delete' do
it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('tickettodelete')
Scripts.createTicket('tickettodelete4')
Scripts.createTicket('ticket_to_delete')
ticket = $database.getRow('ticket', 'ticket_to_delete', 'title')
# it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do
#
#
# ticket = $database.getRow('ticket', 'tickettodelete', 'title')
#
# request('/staff/add', {
# csrf_userid: $csrf_userid,
# csrf_token: $csrf_token,
# name: 'Ned Stark',
# password: 'headless',
# email: 'ned@opensupports.com',
# level: 3,
# profilePic: '',
# departments: '[1]'
# })
#
# request('/user/logout')
#
# Scripts.login('ned@opensupports.com', 'headless', true)
#
# result = request('/ticket/delete', {
# ticketNumber: ticket['ticket_number'],
# csrf_userid: $csrf_userid,
# csrf_token: $csrf_token
# })
#
# (result['status']).should.equal('success')
# end
request('/staff/add', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Ned Stark',
password: 'headless',
email: 'ned@opensupports.com',
level: 3,
profilePic: '',
departments: '[1]'
})
it 'should delete ticket if it is yours and it is not assigned' do
request('/user/logout')
Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter')
Scripts.login('deleter@opensupports.com', 'deleterpassword')
Scripts.createTicket('tickettodelete2')
ticket = $database.getRow('ticket', 'tickettodelete2', 'title');
Scripts.login('ned@opensupports.com', 'headless', true)
result = request('/ticket/delete', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
puts result
(result['status']).should.equal('success')
end
it 'should delete ticket if it is yours and it is not assigned' do
request('/user/logout')
Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter')
Scripts.login('deleter@opensupports.com', 'deleterpassword')
Scripts.createTicket('ticket_to_delete_2')
ticket = $database.getRow('ticket', 'ticket_to_delete_2', 'title');
result = request('/ticket/delete', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
end
@ -54,8 +48,8 @@ describe '/ticket/delete' do
request('/user/logout')
Scripts.login('deleter@opensupports.com', 'deleterpassword')
Scripts.createTicket('tickettodelete3')
ticket = $database.getRow('ticket', 'tickettodelete3', 'title');
Scripts.createTicket('ticket_to_delete_3')
ticket = $database.getRow('ticket', 'ticket_to_delete_3', 'title');
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
@ -76,14 +70,15 @@ describe '/ticket/delete' do
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should not delete ticket if the staff logged is not lvl 3' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticket_to_delete_4')
ticket = $database.getRow('ticket', 'tickettodelete4', 'title');
ticket = $database.getRow('ticket', 'ticket_to_delete_4', 'title');
request('/staff/add', {
csrf_userid: $csrf_userid,
@ -106,15 +101,14 @@ describe '/ticket/delete' do
})
(result['status']).should.equal('fail')
end
(result['message']).should.equal('NO_PERMISSION')
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
staff = $database.getRow('staff', 'headless', 'password')
staff = $database.getRow('staff', 'ned@opensupports.com', 'email')
Scripts.deleteStaff(staff['id'])
staff = $database.getRow('staff', 'theyaregonnafireme', 'password')
staff = $database.getRow('staff', 'uselessstaff@opensupports.com', 'email')
Scripts.deleteStaff(staff['id'])
end
end