tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-31 01:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #739 from guillegiu/master

Browse Source 
Custom Validation and Ruby test - Get authors path
This commit is contained in:
Guillermo Giuliana 2020-03-03 17:01:48 -03:00 committed by GitHub
commit 33bf2c42dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 120 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
server/controllers/ticket/get-authors.php
View File

@ -35,11 +35,11 @@ class GetAuthorsController extends Controller {
'permission' => 'staff_1', 'permission' => 'staff_1',
'requestData' => [ 'requestData' => [
'query' => [ 'query' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()), 'validation' => DataValidator::oneOf(DataValidator::stringType(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY 'error' => ERRORS::INVALID_QUERY
], ],
'blackList' => [ 'blackList' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType(),DataValidator::arrayType()), 'validation' => DataValidator::oneOf(DataValidator::validAuthorsBlackList(),DataValidator::nullType()),
'error' => ERRORS::INVALID_BLACK_LIST 'error' => ERRORS::INVALID_BLACK_LIST
] ]
] ]
@ -49,25 +49,25 @@ class GetAuthorsController extends Controller {
public function handler() { public function handler() {
$query = Controller::request('query'); $query = Controller::request('query');
$idAuthorsQuery = "SELECT id,name,level FROM staff " . $this->GenerateAuthorsIdQuery($query) . " LIMIT 10"; $authorsQuery = "SELECT id,name,level FROM staff " . $this->generateAuthorsIdQuery($query) . " LIMIT 10";
$authorsIdList = RedBean::getAll($idAuthorsQuery, [':query' => "%" .$query . "%",':query2' => $query . "%"] ); $authorsMatch = RedBean::getAll($authorsQuery, [':query' => "%" .$query . "%",':queryAtBeginning' => $query . "%"] );
$authorsList = []; $authors = [];
foreach($authorsIdList as $item) { foreach($authorsMatch as $authorMatch) {
if($item['level'] >=1 && $item['level'] <= 3){ if($authorMatch['level'] >=1 && $authorMatch['level'] <= 3){
$author = Staff::getDataStore($item['id']*1); $author = Staff::getDataStore($authorMatch['id']*1);
} else { } else {
$author = User::getDataStore($item['id']*1); $author = User::getDataStore($authorMatch['id']*1);
} }
array_push($authorsList, $author->toArray()); array_push($authors, $author->toArray());
} }
Response::respondSuccess([ Response::respondSuccess([
'authors' => $authorsList 'authors' => $authors
]); ]);
} }
public function generateAuthorsIdQuery($query) { public function generateAuthorsIdQuery($query) {
if ($query){ if ($query){
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :query2) THEN 1 ELSE 2 END ASC "; return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :queryAtBeginning) THEN 1 ELSE 2 END ASC ";
} else { } else {
return "WHERE 1=1 ". $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE 1=1". $this->generateUserBlackListQuery() ." ORDER BY id"; return "WHERE 1=1 ". $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE 1=1". $this->generateUserBlackListQuery() ." ORDER BY id";
} }

7
server/controllers/ticket/search.php
View File

@ -134,9 +134,8 @@ class SearchController extends Controller {
$query = $this->getSQLQuery($inputs); $query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs); $queryWithOrder = $this->getSQLQueryWithOrder($inputs);
//throw new Exception($queryWithOrder); $totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%" ])[0]['COUNT(*)']; $ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%"]);
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%"]);
$ticketList = []; $ticketList = [];
foreach ($ticketIdList as $item) { foreach ($ticketIdList as $item) {
$ticket = Ticket::getDataStore($item['id']); $ticket = Ticket::getDataStore($item['id']);
@ -411,7 +410,7 @@ class SearchController extends Controller {
if($querysearch !== null){ if($querysearch !== null){
$ticketeventOrder = ( $ticketEventTableExists ? " WHEN (ticketevent.content LIKE :query) THEN 5 " : ""); $ticketeventOrder = ( $ticketEventTableExists ? " WHEN (ticketevent.content LIKE :query) THEN 5 " : "");
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :query2) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, "; $order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :queryAtBeginning) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
} }
} }

20
server/libs/validations/validAuthorsBlackList.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class ValidAuthorsBlackList extends AbstractRule {
public function validate($blackList) {
if(is_array(json_decode($blackList))){
foreach (json_decode($blackList) as $item) {
if(!$item->id || !$item->staff) return false;
if($item->staff != 0 && $item->staff != 1) return false;
if(!is_numeric($item->id)) return false;
}
return true;
}
return false;
}
}

1
tests/init.rb
View File

@ -72,6 +72,7 @@ require './ticket/delete-tag.rb'
require './ticket/edit-comment.rb' require './ticket/edit-comment.rb'
require './ticket/edit-title.rb' require './ticket/edit-title.rb'
require './system/custom-fields.rb' require './system/custom-fields.rb'
require './ticket/get-authors.rb'
require './system/disable-user-system.rb' require './system/disable-user-system.rb'
require './ticket/search.rb' require './ticket/search.rb'
# require './system/get-stats.rb' # require './system/get-stats.rb'

84
tests/ticket/get-authors.rb Normal file
View File

@ -0,0 +1,84 @@
describe '/ticket/get-authors/' do
it 'should fail if a user is loged' do
request('/user/logout')
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if blackList is invalid' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser(email = 'eemilia@jobs.com', password = 'custompassword', name = 'eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':2,'id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':'level two','id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':1,'id':'four'}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
end
it 'should return the correct authors' do
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(2)
(result['data']['authors'][0]['name']).should.equal('Emilia Clarke')
(result['data']['authors'][1]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia',
blackList: '[{"staff":1,"id":1}]'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(1)
(result['data']['authors'][0]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: '',
})
(result['status']).should.equal('success')
end
end