From ceb2717bd2ea73bc73409324d61f678910f2247e Mon Sep 17 00:00:00 2001 From: Guillermo Date: Thu, 18 Oct 2018 22:30:06 -0300 Subject: [PATCH 1/2] feature #311 --- client/src/app-components/ticket-viewer.js | 36 +++++++++++-- client/src/app-components/ticket-viewer.scss | 6 +++ client/src/data/languages/br.js | 1 + client/src/data/languages/cn.js | 1 + client/src/data/languages/de.js | 1 + client/src/data/languages/en.js | 1 + client/src/data/languages/es.js | 9 ++-- client/src/data/languages/fr.js | 1 + client/src/data/languages/gr.js | 1 + client/src/data/languages/in.js | 1 + client/src/data/languages/it.js | 1 + client/src/data/languages/jp.js | 1 + client/src/data/languages/nl.js | 1 + client/src/data/languages/pt.js | 1 + client/src/data/languages/ru.js | 1 + client/src/data/languages/tr.js | 1 + server/controllers/ticket.php | 4 +- server/controllers/ticket/delete.php | 57 ++++++++++++++++++++ server/models/Ticket.php | 4 ++ 19 files changed, 121 insertions(+), 8 deletions(-) create mode 100644 server/controllers/ticket/delete.php diff --git a/client/src/app-components/ticket-viewer.js b/client/src/app-components/ticket-viewer.js index 7450ed1a..d3643fb9 100644 --- a/client/src/app-components/ticket-viewer.js +++ b/client/src/app-components/ticket-viewer.js @@ -34,6 +34,7 @@ class TicketViewer extends React.Component { userId: React.PropTypes.number, userStaff: React.PropTypes.bool, userDepartments: React.PropTypes.array, + userLevel: React.PropTypes.number }; static defaultProps = { @@ -77,7 +78,7 @@ class TicketViewer extends React.Component {
{ticket.events && ticket.events.map(this.renderTicketEvent.bind(this))}
- {(!this.props.ticket.closed && (this.props.editable || !this.props.assignmentAllowed)) ? this.renderResponseField() : null} + {(!this.props.ticket.closed && (this.props.editable || !this.props.assignmentAllowed)) ? this.renderResponseField() : (this.showDeleteButton())? : null} ); } @@ -226,7 +227,11 @@ class TicketViewer extends React.Component { {(this.props.allowAttachments) ? : null}
{i18n('RESPOND_TICKET')} - +
+ +
+ {(this.showDeleteButton())? : null} +
{(this.state.commentError) ? this.renderCommentError() : null} @@ -339,6 +344,10 @@ class TicketViewer extends React.Component { event.preventDefault(); AreYouSure.openModal(null, this.closeTicket.bind(this)); } + onDeleteTicketClick(event) { + event.preventDefault(); + AreYouSure.openModal(null, this.deleteTicket.bind(this)); + } reopenTicket() { API.call({ @@ -357,6 +366,14 @@ class TicketViewer extends React.Component { } }).then(this.onTicketModification.bind(this)); } + deleteTicket() { + API.call({ + path: '/ticket/delete', + data: { + ticketNumber: this.props.ticket.ticketNumber + } + }) + } changeDepartment(index) { API.call({ @@ -459,6 +476,18 @@ class TicketViewer extends React.Component { return staffAssignmentItems; } + + showDeleteButton() { + if(!this.props.ticket.owner) { + if(this.props.userLevel == 3) return true; + if(this.props.userId == this.props.ticket.author.id) { + if((this.props.userStaff && this.props.ticket.author.staff) || (!this.props.userStaff && !this.props.ticket.author.staff)){ + return true; + } + } + } + return false; + } } export default connect((store) => { @@ -469,6 +498,7 @@ export default connect((store) => { staffMembers: store.adminData.staffMembers, staffMembersLoaded: store.adminData.staffMembersLoaded, allowAttachments: store.config['allow-attachments'], - userSystemEnabled: store.config['user-system-enabled'] + userSystemEnabled: store.config['user-system-enabled'], + userLevel: store.session.userLevel }; })(TicketViewer); diff --git a/client/src/app-components/ticket-viewer.scss b/client/src/app-components/ticket-viewer.scss index a1b3ac36..37550ff4 100644 --- a/client/src/app-components/ticket-viewer.scss +++ b/client/src/app-components/ticket-viewer.scss @@ -94,6 +94,12 @@ display: flex; justify-content: space-between; align-items: center; +background-color:blue; + &-secondary { + background-color:blue; + display: flex; + justify-content: space-between; + } } } diff --git a/client/src/data/languages/br.js b/client/src/data/languages/br.js index dd90c3cb..d8702d58 100644 --- a/client/src/data/languages/br.js +++ b/client/src/data/languages/br.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Responder', 'RESPOND_TICKET': 'Responder chamado', 'CLOSE_TICKET': 'Fechar ticket', + 'DELETE_TICKET': 'Apagar ticket', 'NO_ATTACHMENT': 'Nenhum anexo', 'STAFF': 'Equipe', 'CUSTOMER': 'Cliente', diff --git a/client/src/data/languages/cn.js b/client/src/data/languages/cn.js index 1927a8f4..1e419142 100644 --- a/client/src/data/languages/cn.js +++ b/client/src/data/languages/cn.js @@ -30,6 +30,7 @@ export default { 'RESPOND': '響應', 'RESPOND_TICKET': '響應故障單', 'CLOSE_TICKET': '關門票', + 'DELETE_TICKET': '删除票证', 'NO_ATTACHMENT': '沒有文件附件', 'STAFF': '員工', 'CUSTOMER': '顧客', diff --git a/client/src/data/languages/de.js b/client/src/data/languages/de.js index bc04b41a..f82747c4 100644 --- a/client/src/data/languages/de.js +++ b/client/src/data/languages/de.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Antworten', 'RESPOND_TICKET': 'Ticket beantworten', 'CLOSE_TICKET': 'Ticket schließen', + 'DELETE_TICKET': 'Ticket löschen', 'NO_ATTACHMENT': 'Keine Dateianlage', 'STAFF': 'Personal', 'CUSTOMER': 'Kunde', diff --git a/client/src/data/languages/en.js b/client/src/data/languages/en.js index fa7cbaef..58df9540 100644 --- a/client/src/data/languages/en.js +++ b/client/src/data/languages/en.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Respond', 'RESPOND_TICKET': 'Respond Ticket', 'CLOSE_TICKET': 'Close ticket', + 'DELETE_TICKET': 'Delete ticket', 'NO_ATTACHMENT': 'No file attachment', 'STAFF': 'Staff', 'CUSTOMER': 'Customer', diff --git a/client/src/data/languages/es.js b/client/src/data/languages/es.js index 957f536f..59addec6 100644 --- a/client/src/data/languages/es.js +++ b/client/src/data/languages/es.js @@ -21,15 +21,16 @@ export default { 'VIEW_ARTICLES': 'Ver Artículos', 'EDIT_PROFILE': 'Editar Perfil', 'CLOSE_SESSION': 'Cerrar sesión', - 'CREATE_TICKET': 'Crear Ticket', - 'TICKET_LIST': 'Lista de Tickets', + 'CREATE_TICKET': 'Crear ticket', + 'TICKET_LIST': 'Lista de tickets', 'SUPPORT_CENTER': 'Centro de Soporte', 'DEPARTMENT': 'Departamento', 'AUTHOR': 'Autor', 'DATE': 'Fecha', 'RESPOND': 'Responder', - 'RESPOND_TICKET': 'Responder Ticket', - 'CLOSE_TICKET': 'Cerrar Ticket', + 'RESPOND_TICKET': 'Responder ticket', + 'CLOSE_TICKET': 'Cerrar ticket', + 'DELETE_TICKET': 'Borrar ticket', 'NO_ATTACHMENT': 'No hay archivo adjunto', 'STAFF': 'Staff', 'CUSTOMER': 'Cliente', diff --git a/client/src/data/languages/fr.js b/client/src/data/languages/fr.js index bfe97276..4b5a7d39 100644 --- a/client/src/data/languages/fr.js +++ b/client/src/data/languages/fr.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Répondre', 'RESPOND_TICKET': 'Répondre au ticket', 'CLOSE_TICKET': 'Fermer ticket', + 'DELETE_TICKET': 'Supprimer le ticket', 'NO_ATTACHMENT': 'Aucune pièce jointe', 'STAFF': 'Administrateur', 'CUSTOMER': 'Client', diff --git a/client/src/data/languages/gr.js b/client/src/data/languages/gr.js index 4c3e89ba..94b2db28 100644 --- a/client/src/data/languages/gr.js +++ b/client/src/data/languages/gr.js @@ -30,6 +30,7 @@ 'RESPOND': 'Απάντηση', 'RESPOND_TICKET': 'Απάντηση Εισιτηρίου', 'CLOSE_TICKET': 'κλειστό εισιτήριο', + 'DELETE_TICKET': 'Διαγραφή εισιτηρίου', 'NO_ATTACHMENT': 'Χωρίς Συνημμένα Αρχεία', 'STAFF': 'Προσωπικό', 'CUSTOMER': 'Πελάτης', diff --git a/client/src/data/languages/in.js b/client/src/data/languages/in.js index bf38b957..7f81cfb1 100644 --- a/client/src/data/languages/in.js +++ b/client/src/data/languages/in.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'प्रतिक्रिया', 'RESPOND_TICKET': 'प्रतिक्रिया टिकट', 'CLOSE_TICKET': 'करीबी टिकट', + 'DELETE_TICKET': 'टिकट हटाएं', 'NO_ATTACHMENT': 'कोई फ़ाइल अनुलग्नक नहीं', 'STAFF': 'कर्मचारी', 'CUSTOMER': 'ग्राहक', diff --git a/client/src/data/languages/it.js b/client/src/data/languages/it.js index 001867b2..caa00841 100644 --- a/client/src/data/languages/it.js +++ b/client/src/data/languages/it.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Rispondi', 'RESPOND_TICKET': 'Rispondi al ticket', 'CLOSE_TICKET': 'Ticket vicino', + 'DELETE_TICKET': 'Elimina ticket', 'NO_ATTACHMENT': 'Nessun file allegato', 'STAFF': 'Staff', 'CUSTOMER': 'Customer', diff --git a/client/src/data/languages/jp.js b/client/src/data/languages/jp.js index 77f35216..1c52c9f1 100644 --- a/client/src/data/languages/jp.js +++ b/client/src/data/languages/jp.js @@ -30,6 +30,7 @@ export default { 'RESPOND': '応答する', 'RESPOND_TICKET': 'チケット応答', 'CLOSE_TICKET': 'クローズチケット', + 'DELETE_TICKET': 'チケットを削除する', 'NO_ATTACHMENT': '添付ファイルがありません', 'STAFF': 'スタッフ', 'CUSTOMER': '顧客', diff --git a/client/src/data/languages/nl.js b/client/src/data/languages/nl.js index df5daa20..e47ab33f 100644 --- a/client/src/data/languages/nl.js +++ b/client/src/data/languages/nl.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Actie', 'RESPOND_TICKET': 'Reageren', 'CLOSE_TICKET': 'Sluit ticket', + 'DELETE_TICKET': 'Ticket verwijderen', 'NO_ATTACHMENT': 'Geen bijlage', 'STAFF': 'Management', 'CUSTOMER': 'Klant', diff --git a/client/src/data/languages/pt.js b/client/src/data/languages/pt.js index f7c338d8..d1db214f 100644 --- a/client/src/data/languages/pt.js +++ b/client/src/data/languages/pt.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Responder', 'RESPOND_TICKET': 'Respond Ticket', 'CLOSE_TICKET': 'Fechar passagem', + 'DELETE_TICKET': 'Apagar ticket', 'NO_ATTACHMENT': 'Nenhum anexo de arquivo', 'STAFF': 'Funcionários', 'CUSTOMER': 'Cliente', diff --git a/client/src/data/languages/ru.js b/client/src/data/languages/ru.js index 1da1eb24..c967a393 100644 --- a/client/src/data/languages/ru.js +++ b/client/src/data/languages/ru.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Отвечать', 'RESPOND_TICKET': 'Ответить билет', 'CLOSE_TICKET': 'закрыть билет', + 'DELETE_TICKET': 'Удалить билет', 'NO_ATTACHMENT': 'Нет вложений файлов', 'STAFF': 'Сотрудники', 'CUSTOMER': 'Клиент', diff --git a/client/src/data/languages/tr.js b/client/src/data/languages/tr.js index 404ff4b4..0a00bf76 100644 --- a/client/src/data/languages/tr.js +++ b/client/src/data/languages/tr.js @@ -30,6 +30,7 @@ export default { 'RESPOND': 'Yanıtla', 'RESPOND_TICKET': 'Bilete Gider', 'CLOSE_TICKET': 'Yakın bilet', + 'DELETE_TICKET': 'Bilet sil', 'NO_ATTACHMENT': 'Dosya eki yok', 'STAFF': 'Personel', 'CUSTOMER': 'Müşteri', diff --git a/server/controllers/ticket.php b/server/controllers/ticket.php index 2c545a1b..2cce64c5 100755 --- a/server/controllers/ticket.php +++ b/server/controllers/ticket.php @@ -12,6 +12,7 @@ include 'ticket/close.php'; include 'ticket/re-open.php'; include 'ticket/change-priority.php'; include 'ticket/seen.php'; +include 'ticket/delete.php'; $ticketControllers = new ControllerGroup(); $ticketControllers->setGroupPath('/ticket'); @@ -29,5 +30,6 @@ $ticketControllers->addController(new CloseController); $ticketControllers->addController(new ReOpenController); $ticketControllers->addController(new ChangePriorityController); $ticketControllers->addController(new SeenController); +$ticketControllers->addController(new DeleteController); -$ticketControllers->finalize(); \ No newline at end of file +$ticketControllers->finalize(); diff --git a/server/controllers/ticket/delete.php b/server/controllers/ticket/delete.php new file mode 100644 index 00000000..64b4b66b --- /dev/null +++ b/server/controllers/ticket/delete.php @@ -0,0 +1,57 @@ + 'user', + 'requestData' => [ + 'ticketNumber' => [ + 'validation' => DataValidator::validTicketNumber(), + 'error' => ERRORS::INVALID_TICKET + ] + ] + ]; + } + + public function handler() { + $user = Controller::getLoggedUser(); + $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); + + if(Controller::isStaffLogged() && (!$user->level ==3 || $ticket->owner)) { + throw new Exception(ERRORS::NO_PERMISSION); + } + if(!Controller::isStaffLogged() && ($user->name !== $ticket->author->name || $ticket->owner) ) { + throw new Exception(ERRORS::NO_PERMISSION); + } + + $ticket->delete(); + + Response::respondSuccess(); + } +} diff --git a/server/models/Ticket.php b/server/models/Ticket.php index 282bd54e..9e7819bf 100755 --- a/server/models/Ticket.php +++ b/server/models/Ticket.php @@ -90,6 +90,10 @@ class Ticket extends DataStore { parent::store(); } + public function delete() { + parent::delete(); + } + public function generateUniqueTicketNumber() { $linearCongruentialGenerator = new LinearCongruentialGenerator(); $ticketQuantity = Ticket::count(); From b8bac44d43a3e1a90f0f3c7f9affae64f7ebcd56 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Mon, 29 Oct 2018 11:32:31 -0300 Subject: [PATCH 2/2] s --- client/src/app-components/ticket-viewer.js | 7 +- client/src/app-components/ticket-viewer.scss | 9 +- server/controllers/ticket/delete.php | 8 +- tests/init.rb | 1 + tests/scripts.rb | 10 ++ tests/staff/get-all.rb | 2 +- tests/staff/get-new-tickets.rb | 2 +- tests/staff/get-tickets.rb | 2 +- tests/system/disable-user-system.rb | 4 +- tests/ticket/delete.rb | 120 +++++++++++++++++++ tests/user/get-users-test.rb | 2 +- 11 files changed, 147 insertions(+), 20 deletions(-) create mode 100644 tests/ticket/delete.rb diff --git a/client/src/app-components/ticket-viewer.js b/client/src/app-components/ticket-viewer.js index d3643fb9..2b6f26dd 100644 --- a/client/src/app-components/ticket-viewer.js +++ b/client/src/app-components/ticket-viewer.js @@ -78,7 +78,7 @@ class TicketViewer extends React.Component {
{ticket.events && ticket.events.map(this.renderTicketEvent.bind(this))}
- {(!this.props.ticket.closed && (this.props.editable || !this.props.assignmentAllowed)) ? this.renderResponseField() : (this.showDeleteButton())? : null} + {(!this.props.ticket.closed && (this.props.editable || !this.props.assignmentAllowed)) ? this.renderResponseField() : (this.showDeleteButton())? : null} ); } @@ -227,10 +227,9 @@ class TicketViewer extends React.Component { {(this.props.allowAttachments) ? : null}
{i18n('RESPOND_TICKET')} -
+
-
- {(this.showDeleteButton())? : null} + {(this.showDeleteButton())? : null}
diff --git a/client/src/app-components/ticket-viewer.scss b/client/src/app-components/ticket-viewer.scss index 37550ff4..17de6a8c 100644 --- a/client/src/app-components/ticket-viewer.scss +++ b/client/src/app-components/ticket-viewer.scss @@ -94,13 +94,10 @@ display: flex; justify-content: space-between; align-items: center; -background-color:blue; - &-secondary { - background-color:blue; - display: flex; - justify-content: space-between; - } } } + &__delete-button { + margin-left: 10px; + } } diff --git a/server/controllers/ticket/delete.php b/server/controllers/ticket/delete.php index 64b4b66b..99f9f0dc 100644 --- a/server/controllers/ticket/delete.php +++ b/server/controllers/ticket/delete.php @@ -20,7 +20,7 @@ DataValidator::with('CustomValidations', true); * @apiUse INVALID_TICKET * * @apiSuccess {Object} data Empty object - * + *ulp d */ class DeleteController extends Controller { @@ -43,13 +43,13 @@ class DeleteController extends Controller { $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber')); - if(Controller::isStaffLogged() && (!$user->level ==3 || $ticket->owner)) { + if(Controller::isStaffLogged() && ($user->level < 3 || $ticket->owner)) { throw new Exception(ERRORS::NO_PERMISSION); } - if(!Controller::isStaffLogged() && ($user->name !== $ticket->author->name || $ticket->owner) ) { + if(!Controller::isStaffLogged() && (($user->email !== $ticket->author->email) || $ticket->owner) ) { throw new Exception(ERRORS::NO_PERMISSION); } - + $ticket->delete(); Response::respondSuccess(); diff --git a/tests/init.rb b/tests/init.rb index 04356833..fb18bdd1 100644 --- a/tests/init.rb +++ b/tests/init.rb @@ -27,6 +27,7 @@ require './ticket/custom-response.rb' require './ticket/change-department.rb' require './ticket/close.rb' require './ticket/re-open.rb' +require './ticket/delete.rb' require './staff/add.rb' require './staff/get.rb' require './staff/edit.rb' diff --git a/tests/scripts.rb b/tests/scripts.rb index 50e0d8cb..8ed25552 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -35,6 +35,16 @@ class Scripts raise response['message'] end end + def self.deleteStaff(staffid) + + response = request('/staff/delete', { + :staffId => staffid + }) + + if response['status'] === 'fail' + raise response['message'] + end + end def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false) request('/user/logout') diff --git a/tests/staff/get-all.rb b/tests/staff/get-all.rb index 6e1070d6..5f3d3267 100644 --- a/tests/staff/get-all.rb +++ b/tests/staff/get-all.rb @@ -20,7 +20,7 @@ describe'/staff/get-all' do (result['data'][0]['departments'][1]['name']).should.equal('Suggestions') (result['data'][0]['departments'][2]['id']).should.equal('3') (result['data'][0]['departments'][2]['name']).should.equal('Tech support') - (result['data'][0]['assignedTickets']).should.equal(4) + (result['data'][0]['assignedTickets']).should.equal(6) (result['data'][0]['closedTickets']).should.equal(0) (result['data'][2]['name']).should.equal('Arya Stark') diff --git a/tests/staff/get-new-tickets.rb b/tests/staff/get-new-tickets.rb index debe36f0..58fbe49b 100644 --- a/tests/staff/get-new-tickets.rb +++ b/tests/staff/get-new-tickets.rb @@ -10,7 +10,7 @@ describe '/staff/get-new-tickets' do }) (result['status']).should.equal('success') - (result['data'].size).should.equal(8) + (result['data'].size).should.equal(11) end end diff --git a/tests/staff/get-tickets.rb b/tests/staff/get-tickets.rb index cd896a6b..af0bce51 100644 --- a/tests/staff/get-tickets.rb +++ b/tests/staff/get-tickets.rb @@ -22,6 +22,6 @@ describe '/staff/get-tickets' do }) (result['status']).should.equal('success') - (result['data'].size).should.equal(3) + (result['data'].size).should.equal(5) end end diff --git a/tests/system/disable-user-system.rb b/tests/system/disable-user-system.rb index e96adb56..3a0013ba 100644 --- a/tests/system/disable-user-system.rb +++ b/tests/system/disable-user-system.rb @@ -19,7 +19,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_id IS NULL AND author_email IS NOT NULL AND author_name IS NOT NULL") - (numberOftickets.num_rows).should.equal(39) + (numberOftickets.num_rows).should.equal(41) request('/user/logout') @@ -127,7 +127,7 @@ describe'system/disable-user-system' do numberOftickets= $database.query("SELECT * FROM ticket WHERE author_email IS NULL AND author_name IS NULL AND author_id IS NOT NULL" ) - (numberOftickets.num_rows).should.equal(40) + (numberOftickets.num_rows).should.equal(42) end diff --git a/tests/ticket/delete.rb b/tests/ticket/delete.rb new file mode 100644 index 00000000..7fee511d --- /dev/null +++ b/tests/ticket/delete.rb @@ -0,0 +1,120 @@ +describe '/ticket/delete' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + Scripts.createTicket('tickettodelete') + Scripts.createTicket('tickettodelete4') + + # it 'should delete ticket if it is not assigned and is logged a staff lvl 3 ' do + # + # + # ticket = $database.getRow('ticket', 'tickettodelete', 'title') + # + # request('/staff/add', { + # csrf_userid: $csrf_userid, + # csrf_token: $csrf_token, + # name: 'Ned Stark', + # password: 'headless', + # email: 'ned@opensupports.com', + # level: 3, + # profilePic: '', + # departments: '[1]' + # }) + # + # request('/user/logout') + # + # Scripts.login('ned@opensupports.com', 'headless', true) + # + # result = request('/ticket/delete', { + # ticketNumber: ticket['ticket_number'], + # csrf_userid: $csrf_userid, + # csrf_token: $csrf_token + # }) + # + # (result['status']).should.equal('success') + # end + + it 'should delete ticket if it is yours and it is not assigned' do + request('/user/logout') + Scripts.createUser('deleter@opensupports.com', 'deleterpassword', 'Delter') + Scripts.login('deleter@opensupports.com', 'deleterpassword') + + Scripts.createTicket('tickettodelete2') + ticket = $database.getRow('ticket', 'tickettodelete2', 'title'); + + result = request('/ticket/delete', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + puts result + (result['status']).should.equal('success') + end + + it 'should not delete ticket if it is assigned' do + request('/user/logout') + Scripts.login('deleter@opensupports.com', 'deleterpassword') + + Scripts.createTicket('tickettodelete3') + ticket = $database.getRow('ticket', 'tickettodelete3', 'title'); + + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + + result = request('/staff/assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + request('/user/logout') + Scripts.login('deleter@opensupports.com', 'deleterpassword') + + result = request('/ticket/delete', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + end + + it 'should not delete ticket if the staff logged is not lvl 3' do + request('/user/logout') + + Scripts.login($staff[:email], $staff[:password], true) + + ticket = $database.getRow('ticket', 'tickettodelete4', 'title'); + + request('/staff/add', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + name: 'Joan Chris', + password: 'theyaregonnafireme', + email: 'uselessstaff@opensupports.com', + level: 2, + profilePic: '', + departments: '[1]' + }) + request('/user/logout') + + Scripts.login('uselessstaff@opensupports.com', 'theyaregonnafireme',true) + + result = request('/ticket/delete', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + + end + + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + staff = $database.getRow('staff', 'headless', 'password') + Scripts.deleteStaff(staff['id']) + + staff = $database.getRow('staff', 'theyaregonnafireme', 'password') + Scripts.deleteStaff(staff['id']) + +end diff --git a/tests/user/get-users-test.rb b/tests/user/get-users-test.rb index a9049dac..b20bbec1 100644 --- a/tests/user/get-users-test.rb +++ b/tests/user/get-users-test.rb @@ -36,7 +36,7 @@ describe '/user/get-users' do }) (result['status']).should.equal('success') - (result['data']['users'].size).should.equal(5) + (result['data']['users'].size).should.equal(6) end it 'should get users with order by tickets and asc' do