tests ruby

2019-09-20 16:58:21 -03:00 · 2019-09-20 16:58:21 -03:00 · 844de1e10f
parent c0f1f932c6
commit 844de1e10f
26 changed files with 522 additions and 95 deletions
--- a/server/controllers/staff/edit.php
+++ b/server/controllers/staff/edit.php
@ -59,7 +59,7 @@ class EditStaffController extends Controller {

        if(!$staffId) {
            $this->staffInstance = Controller::getLoggedUser();
-        } else if(Controller::isStaffLogged(3) || ((Controller::isStaffLogged() && Controller::getLoggedUser()->id === $staffId)) ) {
+        } else if(Controller::isStaffLogged(3) || ((Controller::isStaffLogged() && Controller::getLoggedUser()->id == $staffId)) ) {
            $this->staffInstance = Staff::getDataStore($staffId, 'id');

            if($this->staffInstance->isNull()) {
--- a/server/controllers/ticket/change-department.php
+++ b/server/controllers/ticket/change-department.php
@ -56,7 +56,7 @@ class ChangeDepartmentController extends Controller {
            throw new Exception(ERRORS::NO_PERMISSION);
        }

-        if($ticket->owner && $ticket->owner->id !== $user->id && $user->level == 1){
+        if(!$user->canManageTicket($ticket)){
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

--- a/server/controllers/ticket/close.php
+++ b/server/controllers/ticket/close.php
@ -64,7 +64,7 @@ class CloseController extends Controller {
        $user = Controller::getLoggedUser();

        if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() &&
-           !$this->ticket->isAuthor($user)){
+           !$user->canManageTicket($this->ticket)){
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

--- a/server/controllers/ticket/comment.php
+++ b/server/controllers/ticket/comment.php
@ -87,10 +87,8 @@ class CommentController extends Controller {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

-        if(Controller::isStaffLogged()){
-            if(!$user->canManageTicket($this->ticket)) {
-                throw new RequestException(ERRORS::NO_PERMISSION);
-            }
+        if(!$user->canManageTicket($this->ticket)) {
+            throw new RequestException(ERRORS::NO_PERMISSION);
        }

        $this->storeComment();
--- a/server/controllers/ticket/edit-comment.php
+++ b/server/controllers/ticket/edit-comment.php
@ -49,7 +49,7 @@ class EditCommentController extends Controller {
        $ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
        $ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));

-        if(!Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId )){
+        if(!Controller::isStaffLogged() &&  ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

--- a/server/controllers/ticket/get.php
+++ b/server/controllers/ticket/get.php
@ -77,7 +77,7 @@ class TicketGetController extends Controller {
    private function shouldDenyPermission() {
        $user = Controller::getLoggedUser();

-        return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && $this->ticket->author->id !== $user->id)) ||
-               (Controller::isStaffLogged() && (!$user->sharedTicketList->includesId($this->ticket->id) && !$user->sharedDepartmentList->includesId($this->ticket->department->id)));
+        return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && !$user->canManageTicket($this->ticket))) ||
+               (Controller::isStaffLogged() && !$user->canManageTicket($this->ticket));
    }
 }
--- a/server/controllers/ticket/re-open.php
+++ b/server/controllers/ticket/re-open.php
@ -42,14 +42,9 @@ class ReOpenController extends Controller {

    public function handler() {
        $this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
+        $user = Controller::getLoggedUser();

-        if(Controller::isStaffLogged()){
-            $user = Controller::getLoggedUser();
-
-            if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
-        } else if (!$this->ticket->isAuthor($user)) {
-            throw new RequestException(ERRORS::NO_PERMISSION);
-        }
+        if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION);

        $this->markAsUnread();
        $this->addReopenEvent();
--- a/server/controllers/ticket/seen.php
+++ b/server/controllers/ticket/seen.php
@ -44,7 +44,7 @@ class SeenController extends Controller {
        $user = Controller::getLoggedUser();
        $ticket = Ticket::getByTicketNumber($ticketnumber);

-        if(!$ticket->isOwner($user) && !$ticket->isAuthor($user)) {
+        if(!$user->canManageTicket($this->ticket) && !$ticket->isAuthor($user)) {
            throw new RequestException(ERRORS::NO_PERMISSION);
        }

--- a/server/models/Staff.php
+++ b/server/models/Staff.php
@ -50,7 +50,7 @@ class Staff extends DataStore {
    }

    public function canManageTicket(Ticket $ticket){
-        return $this->sharedDepartmentList->includesId($ticket->departmentId);
+        return $this->sharedDepartmentList->includesId($ticket->departmentId) || $this->id === $ticket->author_staff_id;
    }

    public function toArray() {
--- a/server/models/User.php
+++ b/server/models/User.php
@ -43,6 +43,10 @@ class User extends DataStore {
        return parent::getDataStore($value, $property);
    }

+    public function canManageTicket(Ticket $ticket){
+        return $ticket->isAuthor($this);
+    }
+
    public function toArray() {
        return [
            'email' => $this->email,
--- a/tests/staff/add.rb
+++ b/tests/staff/add.rb
@ -24,7 +24,7 @@ describe'/staff/add' do
        (row['level']).should.equal('2')

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')

        lastLog = $database.getLastRow('log')
        (lastLog['type']).should.equal('ADD_STAFF')
@ -46,6 +46,6 @@ describe'/staff/add' do
        (result['message']).should.equal('ALREADY_A_STAFF')

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')
    end
-end
+end
--- a/tests/staff/delete.rb
+++ b/tests/staff/delete.rb
@ -16,7 +16,7 @@ describe'/staff/delete' do
        (row).should.equal(nil)

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')

    end

@ -31,6 +31,6 @@ describe'/staff/delete' do
        (result['message']).should.equal('INVALID_STAFF')

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')
    end
 end
--- a/tests/staff/edit.rb
+++ b/tests/staff/edit.rb
@ -25,20 +25,20 @@ describe'/staff/edit' do
        (rows['department_id']).should.equal('1')

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')

        row = $database.getRow('department', 2, 'id')
-        (row['owners']).should.equal('2')
+        (row['owners']).should.equal('3')
    end

-    it 'should edit staff member ' do
+    it 'should edit own data staff' do
        request('/staff/add', {
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token,
            name: 'Arya Stark',
            password: 'starkpassword',
            email: 'arya@opensupports.com',
-            level: 2,
+            level: 1,
            profilePic: '',
            departments: '[1]'
        })
@ -51,7 +51,8 @@ describe'/staff/edit' do
            staffId: row['id'],
            email: 'ayra2@opensupports.com',
            departments: '[1, 2, 3]',
-            sendEmailOnNewTicket: 1
+            sendEmailOnNewTicket: 1,
+            level: 2
        })

        (result['status']).should.equal('success')
@ -63,10 +64,10 @@ describe'/staff/edit' do
        (row['send_email_on_new_ticket']).should.equal('0')

        row = $database.getRow('department', 1, 'id')
-        (row['owners']).should.equal('4')
+        (row['owners']).should.equal('5')

        row = $database.getRow('department', 2, 'id')
-        (row['owners']).should.equal('3')
+        (row['owners']).should.equal('4')

        row = $database.getRow('department', 3, 'id')
        (row['owners']).should.equal('2')
@ -82,4 +83,23 @@ describe'/staff/edit' do
        row = $database.getRow('staff', 'Arya Stark', 'name')
        (row['send_email_on_new_ticket']).should.equal('1')
    end
+
+    it 'should fail if is not staff logged' do
+
+        request('/user/logout')
+
+        result = request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            staffId: 1,
+            email:  'stafffalse@opensupports.com',
+            departments: '[1, 2]',
+            sendEmailOnNewTicket: 1
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+
+    end
 end
--- a/tests/staff/get-all-tickets.rb
+++ b/tests/staff/get-all-tickets.rb
@ -46,7 +46,7 @@ describe 'Retrieve all tickets' do
            })

            (response['status']).should.equal('success')
-            (response['data']['pages']).should.equal(4)
+            (response['data']['pages']).should.equal(5)
            (response['data']['tickets'].size).should.equal(10)
            (response['data']['tickets'][0]['title']).should.equal('Quisque egestas ipsum')
            (response['data']['tickets'][1]['title']).should.equal('placerat id velit')
@ -68,7 +68,7 @@ describe 'Retrieve all tickets' do
            })

            (response['status']).should.equal('success')
-            (response['data']['pages']).should.equal(4)
+            (response['data']['pages']).should.equal(5)
            (response['data']['tickets'].size).should.equal(10)
            (response['data']['tickets'][0]['title']).should.equal('quis vulputate lectus feugiat eu')
            (response['data']['tickets'][1]['title']).should.equal('Fusce venenatis iaculis commodo')
@ -96,4 +96,4 @@ describe 'Retrieve all tickets' do
        (response['data']['tickets'].size).should.equal(10)
        (response['data']['tickets'][0]['title']).should.equal('ipsum Aenean maximus quis leo et eleifend')
    end
-end
+end
--- a/tests/staff/get-all.rb
+++ b/tests/staff/get-all.rb
@ -20,8 +20,8 @@ describe'/staff/get-all' do
        (result['data'][0]['departments'][1]['name']).should.equal('useless private deapartment')
        (result['data'][0]['departments'][2]['id']).should.equal('3')
        (result['data'][0]['departments'][2]['name']).should.equal('Suggestions')
-        (result['data'][0]['assignedTickets']).should.equal(6)
-        (result['data'][0]['closedTickets']).should.equal(0)
+        (result['data'][0]['assignedTickets']).should.equal(10)
+        (result['data'][0]['closedTickets']).should.equal(1)

        (result['data'][2]['name']).should.equal('Arya Stark')
        (result['data'][2]['email']).should.equal('ayra2@opensupports.com')
--- a/tests/staff/get-new-tickets.rb
+++ b/tests/staff/get-new-tickets.rb
@ -10,6 +10,6 @@ describe '/staff/get-new-tickets' do
        })

        (result['status']).should.equal('success')
-        (result['data']['tickets'].size).should.equal(8)
+        (result['data']['tickets'].size).should.equal(10)
    end
 end
--- a/tests/staff/get-tickets.rb
+++ b/tests/staff/get-tickets.rb
@ -25,6 +25,6 @@ describe '/staff/get-tickets' do
        })

        (result['status']).should.equal('success')
-        (result['data']['tickets'].size).should.equal(5)
+        (result['data']['tickets'].size).should.equal(9)
    end
 end
--- a/tests/system/add-department.rb
+++ b/tests/system/add-department.rb
@ -29,7 +29,7 @@ describe'system/add-department' do

            (result['status']).should.equal('success')

-            row = $database.getRow('department', 5, 'id')
+            row = $database.getRow('department', 6, 'id')

            (row['name']).should.equal('new department')
            (row['private']).should.equal("0")
--- a/tests/ticket/add-tag.rb
+++ b/tests/ticket/add-tag.rb
@ -30,7 +30,7 @@ describe '/ticket/add-tag' do
        (result['message']).should.equal('INVALID_TICKET')
    end

-    it 'should add a tag' do
+    it 'should add a tag if staff member serves to the deparment of the ticket' do
        result = request('/ticket/add-tag', {
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token,
@ -43,6 +43,58 @@ describe '/ticket/add-tag' do
        (result['status']).should.equal('success')
    end

+    it 'should add tag if staff member does not serve to the department of the ticket but is the author' do
+        Scripts.createTicket('titleofthetickettoaddtags','thisisthecontentofthetickettoaddtags',3)
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+
+        ticket = $database.getRow('ticket', 'thisisthecontentofthetickettoaddtags' , 'content')
+
+        result = request('/ticket/add-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 3,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+    end
+
+    it 'should fail if staff member does not serve to the department of the ticket and he is not the author' do
+        request('/user/logout')
+        Scripts.createUser('pepito@pepito.com', 'pepito12345','pepito')
+        Scripts.login('pepito@pepito.com', 'pepito12345')
+        Scripts.createTicket('title70','contentoftheticket70',3)
+
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+        ticket = $database.getRow('ticket','title70', 'title')
+
+        result = request('/ticket/add-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 2,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end
+
+
+
    it 'should fail if the tag is already attached' do
        result = request('/ticket/add-tag', {
            csrf_userid: $csrf_userid,
--- a/tests/ticket/change-department.rb
+++ b/tests/ticket/change-department.rb
@ -2,6 +2,12 @@ describe '/ticket/change-department' do
    request('/user/logout')
    Scripts.login($staff[:email], $staff[:password], true)

+    Scripts.createTicket('Stafftitle','This ticket was made by an staff',1)
+    request('/user/logout')
+
+    request('/user/logout')
+    Scripts.login($staff[:email], $staff[:password], true)
+
    request('/system/add-department', {
        csrf_userid: $csrf_userid,
        csrf_token: $csrf_token,
@ -12,6 +18,11 @@ describe '/ticket/change-department' do
        csrf_token: $csrf_token,
        name: 'Tech support'
    })
+    request('/system/add-department', {
+        csrf_userid: $csrf_userid,
+        csrf_token: $csrf_token,
+        name: 'Instalation problems'
+    })
    request('/staff/edit', {
        csrf_userid: $csrf_userid,
        csrf_token: $csrf_token,
@ -19,17 +30,15 @@ describe '/ticket/change-department' do
        staffId: 1
    })

-    it 'should change department if everything is okey' do
+    it 'should change department if staff has same department as ticket' do
+
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
        ticket = $database.getRow('ticket', 1 , 'id')
-        request('/staff/assign-ticket', {
-            ticketNumber: ticket['ticket_number'],
-            csrf_userid: $csrf_userid,
-            csrf_token: $csrf_token
-        })

        result = request('/ticket/change-department', {
            ticketNumber: ticket['ticket_number'],
-            departmentId: 3,
+            departmentId: 4,
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
@ -38,11 +47,60 @@ describe '/ticket/change-department' do

        ticket = $database.getRow('ticket', 1 , 'id')
        (ticket['unread']).should.equal('1')
-        (ticket['department_id']).should.equal('3')
-        (ticket['owner_id']).should.equal('1')
+        (ticket['department_id']).should.equal('4')

        lastLog = $database.getLastRow('log')
        (lastLog['type']).should.equal('DEPARTMENT_CHANGED')
    end

+    it 'should unassing ticket if staff does not server new department' do
+
+          ticket = $database.getRow('ticket', 1 , 'id')
+          Scripts.assignTicket(ticket['ticket_number'])
+          request('/staff/edit', {
+              csrf_userid: $csrf_userid,
+              csrf_token: $csrf_token,
+              departments: '[2, 4]',
+              staffId: 1
+          })
+
+          result = request('/ticket/change-department', {
+              ticketNumber: ticket['ticket_number'],
+              departmentId: 3,
+              csrf_userid: $csrf_userid,
+              csrf_token: $csrf_token
+          })
+
+          (result['status']).should.equal('success')
+
+          ticket = $database.getRow('ticket', 1 , 'id')
+          (ticket['unread']).should.equal('1')
+          (ticket['department_id']).should.equal('3')
+          (ticket['owner_id']).should.equal(nil)
+
+          lastLog = $database.getLastRow('log')
+          (lastLog['type']).should.equal('DEPARTMENT_CHANGED')
+
+    end
+    it 'should change department if staff does not have ticket department and is author' do
+
+        ticket = $database.getRow('ticket', 'Stafftitle', 'title')
+
+        result = request('/ticket/change-department', {
+            ticketNumber: ticket['ticket_number'],
+            departmentId: 1,
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+        (ticket['department_id']).should.equal('1')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end
 end
--- a/tests/ticket/close.rb
+++ b/tests/ticket/close.rb
@ -1,61 +1,44 @@
 describe '/ticket/close' do
-    request('/user/logout')
-    Scripts.login($staff[:email], $staff[:password], true)

-    it 'should not close ticket if not assigned' do
-      ticket = $database.getRow('ticket', 1 , 'id')
-      request('/staff/un-assign-ticket', {
-          ticketNumber: ticket['ticket_number'],
-          csrf_userid: $csrf_userid,
-          csrf_token: $csrf_token
-      })
+    it 'should close ticket if staff member has the same department as ticket' do
+        request('/user/logout')
+        Scripts.createUser('closer@os4.com','closer','Closer')
+        Scripts.login('closer@os4.com','closer')
+        Scripts.createTicket('tickettoclose','thecontentoftickettoclose',1)
+        Scripts.createTicket('tickettoclose2','thecontentoftickettoclose2',3)
+        Scripts.createTicket('tickettoclose3','thecontentoftickettoclose3',3)

-      result = request('/ticket/close', {
-          ticketNumber: ticket['ticket_number'],
-          csrf_userid: $csrf_userid,
-          csrf_token: $csrf_token
-      })
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)

-      (result['status']).should.equal('success')
-    end
-
-    it 'should close ticket if you have it assigned' do
-        ticket = $database.getRow('ticket', 1 , 'id')
-
-        request('/staff/assign-ticket', {
-            ticketNumber: ticket['ticket_number'],
-            csrf_userid: $csrf_userid,
-            csrf_token: $csrf_token
-        })
+        ticket = $database.getRow('ticket', 'tickettoclose', 'title')

        result = request('/ticket/close', {
            ticketNumber: ticket['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
+
        })

        (result['status']).should.equal('success')

-        ticket = $database.getRow('ticket', 1 , 'id')
+        ticket = $database.getRow('ticket', 'tickettoclose', 'title')
        (ticket['closed']).should.equal('1')
-        (ticket['unread']).should.equal('1')

        lastLog = $database.getLastRow('log')
        (lastLog['type']).should.equal('CLOSE')
-        request('/staff/un-assign-ticket', {
-            ticketNumber: ticket['ticket_number'],
-            csrf_userid: $csrf_userid,
-            csrf_token: $csrf_token
-        })
    end
+    it 'should close ticket if staff member does not serve to the department of the ticket but he is the author' do

-    it 'should close ticket if you are the author' do
-      request('/user/logout')
-      Scripts.createUser('closer@os4.com','closer','Closer')
-      Scripts.login('closer@os4.com','closer')
-      Scripts.createTicket('tickettoclose')
+      request('/staff/edit', {
+        csrf_userid: $csrf_userid,
+        csrf_token: $csrf_token,
+        departments: '[1, 2]',
+        staffId: 1
+      })
+      Scripts.createTicket('thisisanewticket','thisisthecontentofthenewticket',3)

-      ticket = $database.getRow('ticket', 'tickettoclose', 'title')
+      ticket = $database.getRow('ticket', 'thisisanewticket', 'title')

      result = request('/ticket/close', {
          ticketNumber: ticket['ticket_number'],
@ -71,5 +54,52 @@ describe '/ticket/close' do

      lastLog = $database.getLastRow('log')
      (lastLog['type']).should.equal('CLOSE')
+
+    end
+    it 'should not close ticket if staff does not serve to the department of the ticket and  he is not the author'do
+
+        ticket = $database.getRow('ticket', 'tickettoclose2', 'title')
+
+        result = request('/ticket/close', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+        ticket = $database.getRow('ticket', 'tickettoclose2', 'title')
+        (ticket['closed']).should.equal('0')
+
+        request('/staff/edit', {
+          csrf_userid: $csrf_userid,
+          csrf_token: $csrf_token,
+          departments: '[1, 2, 3]',
+          staffId: 1
+        })
+    end
+    it 'should close ticket if User is the author' do
+        request('/user/logout')
+        Scripts.login('closer@os4.com','closer')
+
+        ticket = $database.getRow('ticket', 'tickettoclose3', 'title')
+
+        result = request('/ticket/close', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'tickettoclose3', 'title')
+        (ticket['closed']).should.equal('1')
+
+        lastLog = $database.getLastRow('log')
+        (lastLog['type']).should.equal('CLOSE')
+
+        request('/user/logout')
    end
 end
--- a/tests/ticket/comment.rb
+++ b/tests/ticket/comment.rb
@ -78,7 +78,7 @@ describe '/ticket/comment/' do
        (lastLog['type']).should.equal('COMMENT')
    end

-    it 'should add comment to ticket created by staff' do
+    it 'should add comment if staff member serves to the same department as the ticket' do
        request('/user/logout')
        Scripts.login($staff[:email], $staff[:password], true)
        result = request('/ticket/comment', {
@ -102,6 +102,69 @@ describe '/ticket/comment/' do

        request('/user/logout')
    end
+    it 'should comment the ticket if staff member does not serve the deparment of the ticket and he is author' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+        Scripts.createTicket('ticketttobecommented', 'tickettobecommentedbytheauthor', 2)
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1]',
+            staffId: 1
+        })
+        ticket = $database.getRow('ticket', 'ticketttobecommented' , 'title')
+
+        result = request('/ticket/comment', {
+            content: 'some comment content jeje',
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'ticketttobecommented' , 'title')
+        comment = $database.getRow('ticketevent', ticket['id'], 'ticket_id')
+        (comment['content']).should.equal('some comment content jeje')
+        (comment['type']).should.equal('COMMENT')
+        (comment['author_staff_id']).should.equal($csrf_userid)
+
+        lastLog = $database.getLastRow('log')
+        (lastLog['type']).should.equal('COMMENT')
+
+    end
+    it 'should not comment the ticket if staff member does not serve to the department of the ticket and he is not the author' do
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[]',
+            staffId: 1
+        })
+
+        request('/user/logout')
+        Scripts.login('commenter@os4.com', 'commenter')
+        Scripts.createTicket('title138','commentofthetitkect138', 1)
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+        ticket = $database.getRow('ticket', 'title138' , 'title')
+
+        result = request('/ticket/comment', {
+            content: 'some comment content jeje',
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+    end

    it 'should fail if user is not the author nor owner' do
        Scripts.createUser('no_commenter@comment.com', 'no_commenter', 'No Commenter')
@ -178,7 +241,7 @@ describe '/ticket/comment/' do
            csrf_token: $csrf_token,
            private: 1
        })
-        puts result['message']
+
        (result['status']).should.equal('success')
        comment = $database.getRow('ticketevent', 'this is a private comment', 'content')
        (comment['private']).should.equal("1")
--- a/tests/ticket/edit-comment.rb
+++ b/tests/ticket/edit-comment.rb
@ -15,7 +15,7 @@ describe '/ticket/edit-comment' do
        })

        ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
-
+        puts result['message']
        (result['status']).should.equal('success')
        (ticket['content']).should.equal('content edited by the user')
    end
@ -69,7 +69,6 @@ describe '/ticket/edit-comment' do
        request('/user/logout')
    end

-
    it 'should not change the content of a comment if the user is not the author' do
        request('/user/logout')
        Scripts.login($staff[:email], $staff[:password], true)
--- a/tests/ticket/get.rb
+++ b/tests/ticket/get.rb
@ -81,4 +81,71 @@ describe '/ticket/get/' do
        (result['data']['events'][0]['type']).should.equal('COMMENT')
        (result['data']['events'][0]['content']).should.equal('some valid comment made')
    end
-end
+    it 'should successfully return the ticket information if staff member serves to the department of the ticket' do
+        request('/user/logout')
+        Scripts.login('cersei@os4.com', 'cersei')
+        Scripts.createTicket('titleofticket87','contentoftheticket87',1)
+        Scripts.createTicket('2titleofticket87','2contentoftheticket87',1)
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        ticket = $database.getRow('ticket','titleofticket87', 'title')
+
+        result = request('/ticket/get', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+        (result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
+        (result['data']['title']).should.equal('titleofticket87')
+        (result['data']['content']).should.equal('contentoftheticket87')
+
+    end
+    it 'should successfully return the ticket information if staff member does not serve to the deparment of the ticket but is author' do
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        Scripts.createTicket('titleoftheticket107','contentoftheticket107',1)
+        ticket = $database.getRow('ticket','titleoftheticket107', 'title')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[]'
+        })
+
+        result = request('/ticket/get', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('success')
+        (result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
+        (result['data']['title']).should.equal('titleoftheticket107')
+        (result['data']['content']).should.equal('contentoftheticket107')
+    end
+
+    it 'should fail if staff member does not serve to the department of the ticket and is not the author' do
+        ticket = $database.getRow('ticket','2titleofticket87', 'title')
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+        
+        result = request('/ticket/get', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end
+end
--- a/tests/ticket/re-open.rb
+++ b/tests/ticket/re-open.rb
@ -2,7 +2,7 @@ describe '/ticket/re-open' do
    request('/user/logout')
    Scripts.login($staff[:email], $staff[:password], true)

-    it 'should re open  a ticket if everything is okey' do
+    it 'should re open  a ticket if staff member has the deparment of the ticket' do
        ticket = $database.getRow('ticket', 1 , 'id')

        result = request('/ticket/re-open', {
@ -21,12 +21,50 @@ describe '/ticket/re-open' do
        (lastLog['type']).should.equal('RE_OPEN')

        request('/user/logout')
+    end
+    it 'Should re-open if staff member does not serve to the department of the ticket and its the author'do
+        Scripts.login($staff[:email], $staff[:password], true)
+        Scripts.createTicket('tickettitle','contentoftheticketthatisgoingtosucces',3)
+
+        ticket = $database.getRow('ticket', 'contentoftheticketthatisgoingtosucces' , 'content')
+
+        Scripts.closeTicket(ticket['ticketNumber'])
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+
+        result = request('/ticket/re-open', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+        (result['status']).should.equal('success')
+
+        ticket = $database.getRow('ticket', 'contentoftheticketthatisgoingtosucces' , 'content')
+        (ticket['closed']).should.equal('0')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end
+
+    it 'Should re-open ticket if the user is author' do
        Scripts.createUser('reopener@os4.com','reopener','Reopener')
        Scripts.login('reopener@os4.com','reopener')
        Scripts.createTicket('tickettoreopen')
+        Scripts.createTicket('tickettuser','this ticket was made by an user',3)
+
+        ticket = $database.getRow('ticket', 'this ticket was made by an user', 'content')
+        Scripts.closeTicket(ticket['ticketNumber'])

        ticket = $database.getRow('ticket', 'tickettoreopen', 'title')
-
        Scripts.closeTicket(ticket['ticketNumber'])

        result = request('/ticket/re-open', {
@ -42,5 +80,36 @@ describe '/ticket/re-open' do

        lastLog = $database.getLastRow('log')
        (lastLog['type']).should.equal('RE_OPEN')
+
+        request('/user/logout')
+    end
+
+    it 'Should fail re-open the ticket if the staff does not serve to the department and he is not the author' do
+
+        Scripts.login($staff[:email], $staff[:password], true)
+        ticket = $database.getRow('ticket', 'this ticket was made by an user' , 'content')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+
+        result = request('/ticket/re-open', {
+            ticketNumber: ticket['ticket_number'],
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('NO_PERMISSION')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
    end
 end
--- a/tests/ticket/remove-tag.rb
+++ b/tests/ticket/remove-tag.rb
@ -29,7 +29,7 @@ describe '/ticket/remove-tag' do
        (result['message']).should.equal('INVALID_TAG')
    end

-    it 'should remove an attached tag' do
+    it 'should remove an attached tag if staff member serves to the department of the ticket' do
        result = request('/ticket/remove-tag', {
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token,
@ -40,7 +40,79 @@ describe '/ticket/remove-tag' do
        (result['status']).should.equal('success')

    end
+    it 'should remove an attached tag if staff member does not serve to department ticket but is author' do
+        Scripts.createTicket('title44','contentoftheticket44',3)
+        ticket = $database.getRow('ticket','title44', 'title')

+        request('/ticket/add-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 1,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+
+        result = request('/ticket/remove-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 1,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('success')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end
+    it 'should fail if staff does not serve to department of the ticket and is not the author' do
+        request('/user/logout')
+        Scripts.login('pepito@pepito.com', 'pepito12345')
+        Scripts.createTicket('title73','contentoftheticket73',3)
+        request('/user/logout')
+        Scripts.login($staff[:email], $staff[:password], true)
+
+        ticket = $database.getRow('ticket','title73', 'title')
+
+        request('/ticket/add-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 1,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2]',
+            staffId: 1
+        })
+
+        result = request('/ticket/remove-tag', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            tagId: 1,
+            ticketNumber: ticket['ticket_number']
+        })
+
+        (result['status']).should.equal('fail')
+
+        request('/staff/edit', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            departments: '[1, 2, 3]',
+            staffId: 1
+        })
+    end

    it 'should fail if the tag is not attached' do
        result = request('/ticket/remove-tag', {