diff --git a/client/gulp/config.js b/client/gulp/config.js index 86e35dc7..2525122c 100644 --- a/client/gulp/config.js +++ b/client/gulp/config.js @@ -2,7 +2,7 @@ module.exports = { - 'serverport': 3000, + 'serverport': 3006, 'scripts': { 'src': './src/*.js', diff --git a/server/controllers/staff/un-assign-ticket.php b/server/controllers/staff/un-assign-ticket.php index 0443059b..f9b028df 100755 --- a/server/controllers/staff/un-assign-ticket.php +++ b/server/controllers/staff/un-assign-ticket.php @@ -44,7 +44,7 @@ class UnAssignStaffController extends Controller { $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber($ticketNumber); - if($ticket->owner && $ticket->owner->id === $user->id || $user->level !== 1) { + if(($ticket->owner && $ticket->owner->id === $user->id) || $user->level !== 1) { $user->sharedTicketList->remove($ticket); $user->store(); diff --git a/tests/scripts.rb b/tests/scripts.rb index 0e2d911e..67842beb 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -16,6 +16,26 @@ class Scripts }) end + def self.createStaff(email, password, name, level='1') + departments = request('/system/get-settings', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + })['departments'] + departments = departments.collect { |x| x.id } + + response = request('/staff/add', { + :name => name, + :email => email, + :password => password, + :level => level, + :departments => departments.to_string + }) + + if response['status'] === 'fail' + raise response['message'] + end + end + def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false) request('/user/logout') response = request('/user/login', { diff --git a/tests/staff/un-assign-ticket.rb b/tests/staff/un-assign-ticket.rb index b8b379af..65d7a0f5 100644 --- a/tests/staff/un-assign-ticket.rb +++ b/tests/staff/un-assign-ticket.rb @@ -7,8 +7,21 @@ describe '/staff/un-assign-ticket' do #it 'should fail if staff is not assign to the ticket'do #end + it 'should fail if ticket is not yours and you are a staff level 1' do + $database.query('update staff set level="1" where id="1";') + ticket = $database.getRow('ticket', 1 , 'id') + result = request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) - it 'should un assign ticket if everything is okey' do + (result['status']).should.equal('fail') + (result['message']).should.equal('NO_PERMISSION') + $database.query('update staff set level="3" where id="1";') + end + + it 'should unassign ticket if it is the current owner' do ticket = $database.getRow('ticket', 1 , 'id') result = request('/staff/un-assign-ticket', { ticketNumber: ticket['ticket_number'], @@ -28,4 +41,34 @@ describe '/staff/un-assign-ticket' do (staff_ticket).should.equal(nil) end + it 'should unassign ticket if you are a staff level 3' do + Scripts.createStaff('staff_level_1', 'password', 'maxi') + Scripts.logout() + Scripts.login('staff_level_1',) + ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + Scripts.logout() + Scripts.login($staff[:email], $staff[:password], true) + result = request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + ticket = $database.getRow('ticket', 1 , 'id') + + (ticket['owner_id']).should.equal(nil) + (ticket['unread']).should.equal('1') + + staff_ticket = $database.getRow('staff_ticket', 1 , 'id') + + (staff_ticket).should.equal(nil) + end + end diff --git a/tests/system/get-stats.rb b/tests/system/get-stats.rb index 19fe0054..9df68e90 100644 --- a/tests/system/get-stats.rb +++ b/tests/system/get-stats.rb @@ -13,62 +13,62 @@ describe'/system/get-stats' do #day 1 for i in 0..5 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..0 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..1 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..8 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") end for i in 0..4 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") end #day 2 for i in 0..7 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..9 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..10 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") end for i in 0..2 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") end #day 3 for i in 0..0 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..1 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..4 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..7 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..3 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") end for i in 0..7 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") end @result = request('/system/get-stats', {