tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #739 from guillegiu/master 

Custom Validation and Ruby test - Get authors path
This commit is contained in:
Guillermo Giuliana 2020-03-03 17:01:48 -03:00 committed by GitHub
parent bd5db08ba5 5b75e5d732
commit 33bf2c42dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 120 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
server/controllers/ticket/get-authors.php
View File

@ -35,11 +35,11 @@ class GetAuthorsController extends Controller {
'permission' => 'staff_1',
'requestData' => [
'query' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()),
'validation' => DataValidator::oneOf(DataValidator::stringType(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY
],
'blackList' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType(),DataValidator::arrayType()),
'validation' => DataValidator::oneOf(DataValidator::validAuthorsBlackList(),DataValidator::nullType()),
'error' => ERRORS::INVALID_BLACK_LIST
]
]
@ -49,25 +49,25 @@ class GetAuthorsController extends Controller {
public function handler() {
$query = Controller::request('query');
$idAuthorsQuery = "SELECT id,name,level FROM staff " . $this->GenerateAuthorsIdQuery($query) . " LIMIT 10";
$authorsIdList = RedBean::getAll($idAuthorsQuery, [':query' => "%" .$query . "%",':query2' => $query . "%"] );
$authorsList = [];
$authorsQuery = "SELECT id,name,level FROM staff " . $this->generateAuthorsIdQuery($query) . " LIMIT 10";
$authorsMatch = RedBean::getAll($authorsQuery, [':query' => "%" .$query . "%",':queryAtBeginning' => $query . "%"] );
$authors = [];
foreach($authorsIdList as $item) {
if($item['level'] >=1 && $item['level'] <= 3){
$author = Staff::getDataStore($item['id']*1);
foreach($authorsMatch as $authorMatch) {
if($authorMatch['level'] >=1 && $authorMatch['level'] <= 3){
$author = Staff::getDataStore($authorMatch['id']*1);
} else {
$author = User::getDataStore($item['id']*1);
$author = User::getDataStore($authorMatch['id']*1);
}
array_push($authorsList, $author->toArray());
array_push($authors, $author->toArray());
}
Response::respondSuccess([
'authors' => $authorsList
'authors' => $authors
]);
}
public function generateAuthorsIdQuery($query) {
if ($query){
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :query2) THEN 1 ELSE 2 END ASC ";
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :queryAtBeginning) THEN 1 ELSE 2 END ASC ";
} else {
return "WHERE 1=1 ". $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE 1=1". $this->generateUserBlackListQuery() ." ORDER BY id";
}

7
server/controllers/ticket/search.php
View File

@ -134,9 +134,8 @@ class SearchController extends Controller {
$query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs);
//throw new Exception($queryWithOrder);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%"]);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%"]);
$ticketList = [];
foreach ($ticketIdList as $item) {
$ticket = Ticket::getDataStore($item['id']);
@ -411,7 +410,7 @@ class SearchController extends Controller {
if($querysearch !== null){
$ticketeventOrder = ( $ticketEventTableExists ? " WHEN (ticketevent.content LIKE :query) THEN 5 " : "");
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :query2) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :queryAtBeginning) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
}
}

20
server/libs/validations/validAuthorsBlackList.php Normal file
View File

@ -0,0 +1,20 @@
<?php
namespace CustomValidations;
use Respect\Validation\Rules\AbstractRule;
class ValidAuthorsBlackList extends AbstractRule {
public function validate($blackList) {
if(is_array(json_decode($blackList))){
foreach (json_decode($blackList) as $item) {
if(!$item->id || !$item->staff) return false;
if($item->staff != 0 && $item->staff != 1) return false;
if(!is_numeric($item->id)) return false;
}
return true;
}
return false;
}
}

1
tests/init.rb
View File

@ -72,6 +72,7 @@ require './ticket/delete-tag.rb'
require './ticket/edit-comment.rb'
require './ticket/edit-title.rb'
require './system/custom-fields.rb'
require './ticket/get-authors.rb'
require './system/disable-user-system.rb'
require './ticket/search.rb'
# require './system/get-stats.rb'

84
tests/ticket/get-authors.rb Normal file
View File

@ -0,0 +1,84 @@
describe '/ticket/get-authors/' do
it 'should fail if a user is loged' do
request('/user/logout')
Scripts.login('tyrion@opensupports.com', 'tyrionl')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world'
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if blackList is invalid' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser(email = 'eemilia@jobs.com', password = 'custompassword', name = 'eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':2,'id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':'level two','id':2}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':1,'id':'four'}]
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
end
it 'should return the correct authors' do
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(2)
(result['data']['authors'][0]['name']).should.equal('Emilia Clarke')
(result['data']['authors'][1]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia',
blackList: '[{"staff":1,"id":1}]'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(1)
(result['data']['authors'][0]['name']).should.equal('eemilia')
result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: '',
})
(result['status']).should.equal('success')
end
end