diff --git a/server/controllers/staff/un-assign-ticket.php b/server/controllers/staff/un-assign-ticket.php index f9b028df..ac1ee06c 100755 --- a/server/controllers/staff/un-assign-ticket.php +++ b/server/controllers/staff/un-assign-ticket.php @@ -43,10 +43,11 @@ class UnAssignStaffController extends Controller { $ticketNumber = Controller::request('ticketNumber'); $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber($ticketNumber); + $owner = $ticket->owner; - if(($ticket->owner && $ticket->owner->id === $user->id) || $user->level !== 1) { - $user->sharedTicketList->remove($ticket); - $user->store(); + if(($owner && $owner->id === $user->id) || $user->level > 1) { + $owner->sharedTicketList->remove($ticket); + $owner->store(); $ticket->owner = null; $ticket->unread = true; @@ -62,7 +63,6 @@ class UnAssignStaffController extends Controller { Response::respondSuccess(); } else { throw new Exception(ERRORS::NO_PERMISSION); - return; } } } diff --git a/server/controllers/ticket/change-department.php b/server/controllers/ticket/change-department.php index 3453f732..18f83109 100755 --- a/server/controllers/ticket/change-department.php +++ b/server/controllers/ticket/change-department.php @@ -52,14 +52,13 @@ class ChangeDepartmentController extends Controller { $department = Department::getDataStore($departmentId); $user = Controller::getLoggedUser(); - if($ticket->owner && $ticket->owner->id !== $user->id || $user->level === 1){ + if($ticket->owner && $ticket->owner->id !== $user->id && $user->level == 1){ throw new Exception(ERRORS::NO_PERMISSION); - return; } $event = Ticketevent::getEvent(Ticketevent::DEPARTMENT_CHANGED); $event->setProperties(array( - 'authorStaff' => Controller::getLoggedUser(), + 'authorStaff' => $user, 'content' => $department->name, 'date' => Date::getCurrentDate() )); @@ -68,14 +67,7 @@ class ChangeDepartmentController extends Controller { $ticket->unread = true; $ticket->store(); - if(!Controller::getLoggedUser()->sharedDepartmentList->includesId($department->id)) { - Controller::setDataRequester(function ($key) use ($ticketNumber) { - if($key === 'ticketNumber') { - return $ticketNumber; - } - - return null; - }); + if(!$user->sharedDepartmentList->includesId($department->id)) { $unAssignTicketController = new UnAssignStaffController(); $unAssignTicketController->validate(); $unAssignTicketController->handler(); diff --git a/server/controllers/ticket/get.php b/server/controllers/ticket/get.php index c92a141d..ada1167b 100755 --- a/server/controllers/ticket/get.php +++ b/server/controllers/ticket/get.php @@ -18,9 +18,9 @@ DataValidator::with('CustomValidations', true); * @apiUse INVALID_TICKET * @apiUse INVALID_TOKEN * @apiUse NO_PERMISSION - * + * * @apiSuccess {[Ticket](#api-Data_Structures-ObjectTicket)} data Information about the requested ticket. - * + * */ @@ -78,6 +78,6 @@ class TicketGetController extends Controller { $user = Controller::getLoggedUser(); return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && $this->ticket->author->id !== $user->id)) || - (Controller::isStaffLogged() && (($this->ticket->owner && $this->ticket->owner->id !== $user->id) || !$user->sharedDepartmentList->includesId($this->ticket->department->id))); + (Controller::isStaffLogged() && (($this->ticket->owner && $this->ticket->owner->id !== $user->id) && !$user->sharedDepartmentList->includesId($this->ticket->department->id))); } -} \ No newline at end of file +} diff --git a/server/libs/Validator.php b/server/libs/Validator.php index a3c19a98..5ac3fbee 100755 --- a/server/libs/Validator.php +++ b/server/libs/Validator.php @@ -31,15 +31,15 @@ class Validator { $requestDataValue = Controller::request($requestDataKey); $requestDataValidator = $requestDataValidationConfig['validation']; $requestDataValidationErrorMessage = $requestDataValidationConfig['error']; - + $this->validateData($requestDataValue, $requestDataValidator, $requestDataValidationErrorMessage); } } - + private function validateData($value, DataValidator $dataValidator, $error) { if (!$dataValidator->validate($value)) { throw new ValidationException($error); } } -} \ No newline at end of file +} diff --git a/tests/scripts.rb b/tests/scripts.rb index 67842beb..0c0d70be 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -52,6 +52,10 @@ class Scripts response['data'] end + def self.logout() + request('/user/logout') + end + def self.createTicket(title = 'Winter is coming') result = request('/ticket/create', { title: title, diff --git a/tests/staff/assign-ticket.rb b/tests/staff/assign-ticket.rb index 7baaa09c..9b53ef9a 100644 --- a/tests/staff/assign-ticket.rb +++ b/tests/staff/assign-ticket.rb @@ -24,7 +24,7 @@ describe '/staff/assign-ticket' do (ticket['unread']).should.equal('1') - staff_ticket = $database.getRow('staff_ticket', 1 , 'id') + staff_ticket = $database.getRow('staff_ticket', 1 , 'ticket_id') (staff_ticket['staff_id']).should.equal('1') @@ -44,4 +44,4 @@ describe '/staff/assign-ticket' do (result['message']).should.equal('TICKET_ALREADY_ASSIGNED') end -end \ No newline at end of file +end diff --git a/tests/staff/edit.rb b/tests/staff/edit.rb index 94b1fb1b..b1c46f08 100644 --- a/tests/staff/edit.rb +++ b/tests/staff/edit.rb @@ -42,26 +42,44 @@ describe'/staff/edit' do profilePic: '', departments: '[1]' }) - request('/user/logout') - Scripts.login('arya@opensupports.com', 'starkpassword', true) + + row = $database.getRow('staff', 'Arya Stark', 'name') result = request('/staff/edit', { csrf_userid: $csrf_userid, csrf_token: $csrf_token, - email: 'newwstaff@opensupports.com', + staffId: row['id'], + email: 'ayra2@opensupports.com', + departments: '[1, 2, 3]', sendEmailOnNewTicket: 1 }) (result['status']).should.equal('success') - row = $database.getRow('staff', $csrf_userid, 'id') + row = $database.getRow('staff', 'Arya Stark', 'name') - (row['email']).should.equal('newwstaff@opensupports.com') + (row['email']).should.equal('ayra2@opensupports.com') (row['level']).should.equal('2') - (row['send_email_on_new_ticket']).should.equal('1') + (row['send_email_on_new_ticket']).should.equal('0') row = $database.getRow('department', 1, 'id') (row['owners']).should.equal('4') + row = $database.getRow('department', 2, 'id') + (row['owners']).should.equal('3') + + row = $database.getRow('department', 3, 'id') + (row['owners']).should.equal('2') + + Scripts.logout() + Scripts.login('ayra2@opensupports.com', 'starkpassword', true) + result = request('/staff/edit', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + sendEmailOnNewTicket: 1 + }) + (result['status']).should.equal('success') + row = $database.getRow('staff', 'Arya Stark', 'name') + (row['send_email_on_new_ticket']).should.equal('1') end -end \ No newline at end of file +end diff --git a/tests/staff/get-all.rb b/tests/staff/get-all.rb index 3f4708a6..07f76825 100644 --- a/tests/staff/get-all.rb +++ b/tests/staff/get-all.rb @@ -24,7 +24,7 @@ describe'/staff/get-all' do (result['data'][0]['closedTickets']).should.equal(0) (result['data'][2]['name']).should.equal('Arya Stark') - (result['data'][2]['email']).should.equal('newwstaff@opensupports.com') + (result['data'][2]['email']).should.equal('ayra2@opensupports.com') (result['data'][2]['profilePic']).should.equal('') (result['data'][2]['level']).should.equal('2') (result['data'][2]['departments'][0]['id']).should.equal('1') @@ -32,4 +32,4 @@ describe'/staff/get-all' do (result['data'][2]['assignedTickets']).should.equal(0) (result['data'][2]['closedTickets']).should.equal(0) end -end \ No newline at end of file +end diff --git a/tests/staff/un-assign-ticket.rb b/tests/staff/un-assign-ticket.rb index 65d7a0f5..4685d7ae 100644 --- a/tests/staff/un-assign-ticket.rb +++ b/tests/staff/un-assign-ticket.rb @@ -1,5 +1,5 @@ describe '/staff/un-assign-ticket' do - request('/user/logout') + Scripts.logout() Scripts.login($staff[:email], $staff[:password], true) #TODO: Create a staff without the ticket @@ -7,19 +7,6 @@ describe '/staff/un-assign-ticket' do #it 'should fail if staff is not assign to the ticket'do #end - it 'should fail if ticket is not yours and you are a staff level 1' do - $database.query('update staff set level="1" where id="1";') - ticket = $database.getRow('ticket', 1 , 'id') - result = request('/staff/un-assign-ticket', { - ticketNumber: ticket['ticket_number'], - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('NO_PERMISSION') - $database.query('update staff set level="3" where id="1";') - end it 'should unassign ticket if it is the current owner' do ticket = $database.getRow('ticket', 1 , 'id') @@ -41,16 +28,38 @@ describe '/staff/un-assign-ticket' do (staff_ticket).should.equal(nil) end - it 'should unassign ticket if you are a staff level 3' do - Scripts.createStaff('staff_level_1', 'password', 'maxi') - Scripts.logout() - Scripts.login('staff_level_1',) - ticket = $database.getRow('ticket', 1 , 'id') - request('/staff/assign-ticket', { + it 'should fail if ticket is not yours and you are a staff level 1' do + $database.query('update staff set level="1" where id="1";') + ticket = $database.getRow('ticket', 1 , 'id') + + Scripts.logout() + Scripts.login('ayra2@opensupports.com', 'starkpassword', true) + + result = request('/staff/assign-ticket', { ticketNumber: ticket['ticket_number'], csrf_userid: $csrf_userid, csrf_token: $csrf_token - }) + }) + (result['status']).should.equal('success') + + ticket = $database.getRow('ticket', 1 , 'id') + + Scripts.logout() + Scripts.login($staff[:email], $staff[:password], true) + + result = request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('NO_PERMISSION') + $database.query('update staff set level="3" where id="1";') + end + + it 'should unassign ticket if you are a staff level 3' do + ticket = $database.getRow('ticket', 1 , 'id') Scripts.logout() Scripts.login($staff[:email], $staff[:password], true) result = request('/staff/un-assign-ticket', { diff --git a/tests/ticket/change-department.rb b/tests/ticket/change-department.rb index 4db3f6fd..f8c02c12 100644 --- a/tests/ticket/change-department.rb +++ b/tests/ticket/change-department.rb @@ -21,6 +21,11 @@ describe '/ticket/change-department' do it 'should change department if everything is okey' do ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) result = request('/ticket/change-department', { ticketNumber: ticket['ticket_number'], @@ -34,8 +39,43 @@ describe '/ticket/change-department' do ticket = $database.getRow('ticket', 1 , 'id') (ticket['unread']).should.equal('1') (ticket['department_id']).should.equal('2') + (ticket['owner_id']).should.equal('1') lastLog = $database.getLastRow('log') (lastLog['type']).should.equal('DEPARTMENT_CHANGED') end + + it 'should unassing ticket if staff does not server new department' do + ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/edit', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + departments: '[1, 2]', + staffId: 1 + }) + + result = request('/ticket/change-department', { + ticketNumber: ticket['ticket_number'], + departmentId: 3, + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + ticket = $database.getRow('ticket', 1 , 'id') + (ticket['unread']).should.equal('1') + (ticket['department_id']).should.equal('3') + (ticket['owner_id']).should.equal(nil) + + lastLog = $database.getLastRow('log') + (lastLog['type']).should.equal('DEPARTMENT_CHANGED') + + request('/staff/edit', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token, + departments: '[1, 2, 3]', + staffId: 1 + }) + end end