tyler.durden/opensupports
1
0
Fork 0
mirror of https://github.com/opensupports/opensupports.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

tests ruby

Browse Source
This commit is contained in:
Guillermo 2019-09-20 16:58:21 -03:00
parent c0f1f932c6
commit 844de1e10f
26 changed files with 522 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/controllers/staff/edit.php
View File

@ -59,7 +59,7 @@ class EditStaffController extends Controller {
if(!$staffId) {
$this->staffInstance = Controller::getLoggedUser();
} else if(Controller::isStaffLogged(3) || ((Controller::isStaffLogged() && Controller::getLoggedUser()->id === $staffId)) ) {
} else if(Controller::isStaffLogged(3) || ((Controller::isStaffLogged() && Controller::getLoggedUser()->id == $staffId)) ) {
$this->staffInstance = Staff::getDataStore($staffId, 'id');
if($this->staffInstance->isNull()) {

2
server/controllers/ticket/change-department.php
View File

@ -56,7 +56,7 @@ class ChangeDepartmentController extends Controller {
throw new Exception(ERRORS::NO_PERMISSION);
}
if($ticket->owner && $ticket->owner->id !== $user->id && $user->level == 1){
if(!$user->canManageTicket($ticket)){
throw new RequestException(ERRORS::NO_PERMISSION);
}

2
server/controllers/ticket/close.php
View File

@ -64,7 +64,7 @@ class CloseController extends Controller {
$user = Controller::getLoggedUser();
if(!Controller::isStaffLogged() && Controller::isUserSystemEnabled() &&
!$this->ticket->isAuthor($user)){
!$user->canManageTicket($this->ticket)){
throw new RequestException(ERRORS::NO_PERMISSION);
}

2
server/controllers/ticket/comment.php
View File

@ -87,11 +87,9 @@ class CommentController extends Controller {
throw new RequestException(ERRORS::NO_PERMISSION);
}
if(Controller::isStaffLogged()){
if(!$user->canManageTicket($this->ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
}
$this->storeComment();

2
server/controllers/ticket/edit-comment.php
View File

@ -49,7 +49,7 @@ class EditCommentController extends Controller {
$ticketevent = Ticketevent::getTicketEvent(Controller::request('ticketEventId'));
$ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
if(!Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId )){
if(!Controller::isStaffLogged() && ($user->id !== $ticketevent->authorUserId && $user->id !== $ticket->authorId ) ){
throw new RequestException(ERRORS::NO_PERMISSION);
}

4
server/controllers/ticket/get.php
View File

@ -77,7 +77,7 @@ class TicketGetController extends Controller {
private function shouldDenyPermission() {
$user = Controller::getLoggedUser();
return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && $this->ticket->author->id !== $user->id)) ||
(Controller::isStaffLogged() && (!$user->sharedTicketList->includesId($this->ticket->id) && !$user->sharedDepartmentList->includesId($this->ticket->department->id)));
return (!Controller::isStaffLogged() && (Controller::isUserSystemEnabled() && !$user->canManageTicket($this->ticket))) ||
(Controller::isStaffLogged() && !$user->canManageTicket($this->ticket));
}
}

5
server/controllers/ticket/re-open.php
View File

@ -42,14 +42,9 @@ class ReOpenController extends Controller {
public function handler() {
$this->ticket = Ticket::getByTicketNumber(Controller::request('ticketNumber'));
if(Controller::isStaffLogged()){
$user = Controller::getLoggedUser();
if (!$user->canManageTicket($this->ticket)) throw new RequestException(ERRORS::NO_PERMISSION);
} else if (!$this->ticket->isAuthor($user)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
$this->markAsUnread();
$this->addReopenEvent();

2
server/controllers/ticket/seen.php
View File

@ -44,7 +44,7 @@ class SeenController extends Controller {
$user = Controller::getLoggedUser();
$ticket = Ticket::getByTicketNumber($ticketnumber);
if(!$ticket->isOwner($user) && !$ticket->isAuthor($user)) {
if(!$user->canManageTicket($this->ticket) && !$ticket->isAuthor($user)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}

2
server/models/Staff.php
View File

@ -50,7 +50,7 @@ class Staff extends DataStore {
}
public function canManageTicket(Ticket $ticket){
return $this->sharedDepartmentList->includesId($ticket->departmentId);
return $this->sharedDepartmentList->includesId($ticket->departmentId) || $this->id === $ticket->author_staff_id;
}
public function toArray() {

4
server/models/User.php
View File

@ -43,6 +43,10 @@ class User extends DataStore {
return parent::getDataStore($value, $property);
}
public function canManageTicket(Ticket $ticket){
return $ticket->isAuthor($this);
}
public function toArray() {
return [
'email' => $this->email,

4
tests/staff/add.rb
View File

@ -24,7 +24,7 @@ describe'/staff/add' do
(row['level']).should.equal('2')
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('ADD_STAFF')
@ -46,6 +46,6 @@ describe'/staff/add' do
(result['message']).should.equal('ALREADY_A_STAFF')
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
end
end

4
tests/staff/delete.rb
View File

@ -16,7 +16,7 @@ describe'/staff/delete' do
(row).should.equal(nil)
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
end
@ -31,6 +31,6 @@ describe'/staff/delete' do
(result['message']).should.equal('INVALID_STAFF')
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
end
end

34
tests/staff/edit.rb
View File

@ -25,20 +25,20 @@ describe'/staff/edit' do
(rows['department_id']).should.equal('1')
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
row = $database.getRow('department', 2, 'id')
(row['owners']).should.equal('2')
(row['owners']).should.equal('3')
end
it 'should edit staff member ' do
it 'should edit own data staff' do
request('/staff/add', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Arya Stark',
password: 'starkpassword',
email: 'arya@opensupports.com',
level: 2,
level: 1,
profilePic: '',
departments: '[1]'
})
@ -51,7 +51,8 @@ describe'/staff/edit' do
staffId: row['id'],
email: 'ayra2@opensupports.com',
departments: '[1, 2, 3]',
sendEmailOnNewTicket: 1
sendEmailOnNewTicket: 1,
level: 2
})
(result['status']).should.equal('success')
@ -63,10 +64,10 @@ describe'/staff/edit' do
(row['send_email_on_new_ticket']).should.equal('0')
row = $database.getRow('department', 1, 'id')
(row['owners']).should.equal('4')
(row['owners']).should.equal('5')
row = $database.getRow('department', 2, 'id')
(row['owners']).should.equal('3')
(row['owners']).should.equal('4')
row = $database.getRow('department', 3, 'id')
(row['owners']).should.equal('2')
@ -82,4 +83,23 @@ describe'/staff/edit' do
row = $database.getRow('staff', 'Arya Stark', 'name')
(row['send_email_on_new_ticket']).should.equal('1')
end
it 'should fail if is not staff logged' do
request('/user/logout')
result = request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
staffId: 1,
email: 'stafffalse@opensupports.com',
departments: '[1, 2]',
sendEmailOnNewTicket: 1
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
end
end

4
tests/staff/get-all-tickets.rb
View File

@ -46,7 +46,7 @@ describe 'Retrieve all tickets' do
})
(response['status']).should.equal('success')
(response['data']['pages']).should.equal(4)
(response['data']['pages']).should.equal(5)
(response['data']['tickets'].size).should.equal(10)
(response['data']['tickets'][0]['title']).should.equal('Quisque egestas ipsum')
(response['data']['tickets'][1]['title']).should.equal('placerat id velit')
@ -68,7 +68,7 @@ describe 'Retrieve all tickets' do
})
(response['status']).should.equal('success')
(response['data']['pages']).should.equal(4)
(response['data']['pages']).should.equal(5)
(response['data']['tickets'].size).should.equal(10)
(response['data']['tickets'][0]['title']).should.equal('quis vulputate lectus feugiat eu')
(response['data']['tickets'][1]['title']).should.equal('Fusce venenatis iaculis commodo')

4
tests/staff/get-all.rb
View File

@ -20,8 +20,8 @@ describe'/staff/get-all' do
(result['data'][0]['departments'][1]['name']).should.equal('useless private deapartment')
(result['data'][0]['departments'][2]['id']).should.equal('3')
(result['data'][0]['departments'][2]['name']).should.equal('Suggestions')
(result['data'][0]['assignedTickets']).should.equal(6)
(result['data'][0]['closedTickets']).should.equal(0)
(result['data'][0]['assignedTickets']).should.equal(10)
(result['data'][0]['closedTickets']).should.equal(1)
(result['data'][2]['name']).should.equal('Arya Stark')
(result['data'][2]['email']).should.equal('ayra2@opensupports.com')

2
tests/staff/get-new-tickets.rb
View File

@ -10,6 +10,6 @@ describe '/staff/get-new-tickets' do
})
(result['status']).should.equal('success')
(result['data']['tickets'].size).should.equal(8)
(result['data']['tickets'].size).should.equal(10)
end
end

2
tests/staff/get-tickets.rb
View File

@ -25,6 +25,6 @@ describe '/staff/get-tickets' do
})
(result['status']).should.equal('success')
(result['data']['tickets'].size).should.equal(5)
(result['data']['tickets'].size).should.equal(9)
end
end

2
tests/system/add-department.rb
View File

@ -29,7 +29,7 @@ describe'system/add-department' do
(result['status']).should.equal('success')
row = $database.getRow('department', 5, 'id')
row = $database.getRow('department', 6, 'id')
(row['name']).should.equal('new department')
(row['private']).should.equal("0")

54
tests/ticket/add-tag.rb
View File

@ -30,7 +30,7 @@ describe '/ticket/add-tag' do
(result['message']).should.equal('INVALID_TICKET')
end
it 'should add a tag' do
it 'should add a tag if staff member serves to the deparment of the ticket' do
result = request('/ticket/add-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -43,6 +43,58 @@ describe '/ticket/add-tag' do
(result['status']).should.equal('success')
end
it 'should add tag if staff member does not serve to the department of the ticket but is the author' do
Scripts.createTicket('titleofthetickettoaddtags','thisisthecontentofthetickettoaddtags',3)
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
ticket = $database.getRow('ticket', 'thisisthecontentofthetickettoaddtags' , 'content')
result = request('/ticket/add-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 3,
ticketNumber: ticket['ticket_number']
})
(result['status']).should.equal('success')
end
it 'should fail if staff member does not serve to the department of the ticket and he is not the author' do
request('/user/logout')
Scripts.createUser('pepito@pepito.com', 'pepito12345','pepito')
Scripts.login('pepito@pepito.com', 'pepito12345')
Scripts.createTicket('title70','contentoftheticket70',3)
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','title70', 'title')
result = request('/ticket/add-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 2,
ticketNumber: ticket['ticket_number']
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
it 'should fail if the tag is already attached' do
result = request('/ticket/add-tag', {
csrf_userid: $csrf_userid,

66
tests/ticket/change-department.rb
View File

@ -2,6 +2,12 @@ describe '/ticket/change-department' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('Stafftitle','This ticket was made by an staff',1)
request('/user/logout')
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
request('/system/add-department', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -12,6 +18,11 @@ describe '/ticket/change-department' do
csrf_token: $csrf_token,
name: 'Tech support'
})
request('/system/add-department', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Instalation problems'
})
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -19,14 +30,40 @@ describe '/ticket/change-department' do
staffId: 1
})
it 'should change department if everything is okey' do
it 'should change department if staff has same department as ticket' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 1 , 'id')
request('/staff/assign-ticket', {
result = request('/ticket/change-department', {
ticketNumber: ticket['ticket_number'],
departmentId: 4,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 1 , 'id')
(ticket['unread']).should.equal('1')
(ticket['department_id']).should.equal('4')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('DEPARTMENT_CHANGED')
end
it 'should unassing ticket if staff does not server new department' do
ticket = $database.getRow('ticket', 1 , 'id')
Scripts.assignTicket(ticket['ticket_number'])
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[2, 4]',
staffId: 1
})
result = request('/ticket/change-department', {
ticketNumber: ticket['ticket_number'],
departmentId: 3,
@ -39,10 +76,31 @@ describe '/ticket/change-department' do
ticket = $database.getRow('ticket', 1 , 'id')
(ticket['unread']).should.equal('1')
(ticket['department_id']).should.equal('3')
(ticket['owner_id']).should.equal('1')
(ticket['owner_id']).should.equal(nil)
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('DEPARTMENT_CHANGED')
end
end
it 'should change department if staff does not have ticket department and is author' do
ticket = $database.getRow('ticket', 'Stafftitle', 'title')
result = request('/ticket/change-department', {
ticketNumber: ticket['ticket_number'],
departmentId: 1,
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
(ticket['department_id']).should.equal('1')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
end

132
tests/ticket/close.rb
View File

@ -1,59 +1,15 @@
describe '/ticket/close' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should not close ticket if not assigned' do
ticket = $database.getRow('ticket', 1 , 'id')
request('/staff/un-assign-ticket', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
result = request('/ticket/close', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
end
it 'should close ticket if you have it assigned' do
ticket = $database.getRow('ticket', 1 , 'id')
request('/staff/assign-ticket', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
result = request('/ticket/close', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 1 , 'id')
(ticket['closed']).should.equal('1')
(ticket['unread']).should.equal('1')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('CLOSE')
request('/staff/un-assign-ticket', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
end
it 'should close ticket if you are the author' do
it 'should close ticket if staff member has the same department as ticket' do
request('/user/logout')
Scripts.createUser('closer@os4.com','closer','Closer')
Scripts.login('closer@os4.com','closer')
Scripts.createTicket('tickettoclose')
Scripts.createTicket('tickettoclose','thecontentoftickettoclose',1)
Scripts.createTicket('tickettoclose2','thecontentoftickettoclose2',3)
Scripts.createTicket('tickettoclose3','thecontentoftickettoclose3',3)
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'tickettoclose', 'title')
@ -72,4 +28,78 @@ describe '/ticket/close' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('CLOSE')
end
it 'should close ticket if staff member does not serve to the department of the ticket but he is the author' do
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
Scripts.createTicket('thisisanewticket','thisisthecontentofthenewticket',3)
ticket = $database.getRow('ticket', 'thisisanewticket', 'title')
result = request('/ticket/close', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 'tickettoclose', 'title')
(ticket['closed']).should.equal('1')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('CLOSE')
end
it 'should not close ticket if staff does not serve to the department of the ticket and he is not the author'do
ticket = $database.getRow('ticket', 'tickettoclose2', 'title')
result = request('/ticket/close', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
ticket = $database.getRow('ticket', 'tickettoclose2', 'title')
(ticket['closed']).should.equal('0')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
it 'should close ticket if User is the author' do
request('/user/logout')
Scripts.login('closer@os4.com','closer')
ticket = $database.getRow('ticket', 'tickettoclose3', 'title')
result = request('/ticket/close', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 'tickettoclose3', 'title')
(ticket['closed']).should.equal('1')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('CLOSE')
request('/user/logout')
end
end

67
tests/ticket/comment.rb
View File

@ -78,7 +78,7 @@ describe '/ticket/comment/' do
(lastLog['type']).should.equal('COMMENT')
end
it 'should add comment to ticket created by staff' do
it 'should add comment if staff member serves to the same department as the ticket' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/comment', {
@ -102,6 +102,69 @@ describe '/ticket/comment/' do
request('/user/logout')
end
it 'should comment the ticket if staff member does not serve the deparment of the ticket and he is author' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticketttobecommented', 'tickettobecommentedbytheauthor', 2)
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1]',
staffId: 1
})
ticket = $database.getRow('ticket', 'ticketttobecommented' , 'title')
result = request('/ticket/comment', {
content: 'some comment content jeje',
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 'ticketttobecommented' , 'title')
comment = $database.getRow('ticketevent', ticket['id'], 'ticket_id')
(comment['content']).should.equal('some comment content jeje')
(comment['type']).should.equal('COMMENT')
(comment['author_staff_id']).should.equal($csrf_userid)
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('COMMENT')
end
it 'should not comment the ticket if staff member does not serve to the department of the ticket and he is not the author' do
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[]',
staffId: 1
})
request('/user/logout')
Scripts.login('commenter@os4.com', 'commenter')
Scripts.createTicket('title138','commentofthetitkect138', 1)
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'title138' , 'title')
result = request('/ticket/comment', {
content: 'some comment content jeje',
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
end
it 'should fail if user is not the author nor owner' do
Scripts.createUser('no_commenter@comment.com', 'no_commenter', 'No Commenter')
@ -178,7 +241,7 @@ describe '/ticket/comment/' do
csrf_token: $csrf_token,
private: 1
})
puts result['message']
(result['status']).should.equal('success')
comment = $database.getRow('ticketevent', 'this is a private comment', 'content')
(comment['private']).should.equal("1")

3
tests/ticket/edit-comment.rb
View File

@ -15,7 +15,7 @@ describe '/ticket/edit-comment' do
})
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
puts result['message']
(result['status']).should.equal('success')
(ticket['content']).should.equal('content edited by the user')
end
@ -69,7 +69,6 @@ describe '/ticket/edit-comment' do
request('/user/logout')
end
it 'should not change the content of a comment if the user is not the author' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)

67
tests/ticket/get.rb
View File

@ -81,4 +81,71 @@ describe '/ticket/get/' do
(result['data']['events'][0]['type']).should.equal('COMMENT')
(result['data']['events'][0]['content']).should.equal('some valid comment made')
end
it 'should successfully return the ticket information if staff member serves to the department of the ticket' do
request('/user/logout')
Scripts.login('cersei@os4.com', 'cersei')
Scripts.createTicket('titleofticket87','contentoftheticket87',1)
Scripts.createTicket('2titleofticket87','2contentoftheticket87',1)
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','titleofticket87', 'title')
result = request('/ticket/get', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
(result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
(result['data']['title']).should.equal('titleofticket87')
(result['data']['content']).should.equal('contentoftheticket87')
end
it 'should successfully return the ticket information if staff member does not serve to the deparment of the ticket but is author' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('titleoftheticket107','contentoftheticket107',1)
ticket = $database.getRow('ticket','titleoftheticket107', 'title')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[]'
})
result = request('/ticket/get', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
(result['data']['ticketNumber']).should.equal(ticket['ticket_number'])
(result['data']['title']).should.equal('titleoftheticket107')
(result['data']['content']).should.equal('contentoftheticket107')
end
it 'should fail if staff member does not serve to the department of the ticket and is not the author' do
ticket = $database.getRow('ticket','2titleofticket87', 'title')
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
result = request('/ticket/get', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
end

73
tests/ticket/re-open.rb
View File

@ -2,7 +2,7 @@ describe '/ticket/re-open' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should re open a ticket if everything is okey' do
it 'should re open a ticket if staff member has the deparment of the ticket' do
ticket = $database.getRow('ticket', 1 , 'id')
result = request('/ticket/re-open', {
@ -21,12 +21,50 @@ describe '/ticket/re-open' do
(lastLog['type']).should.equal('RE_OPEN')
request('/user/logout')
end
it 'Should re-open if staff member does not serve to the department of the ticket and its the author'do
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('tickettitle','contentoftheticketthatisgoingtosucces',3)
ticket = $database.getRow('ticket', 'contentoftheticketthatisgoingtosucces' , 'content')
Scripts.closeTicket(ticket['ticketNumber'])
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
result = request('/ticket/re-open', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('success')
ticket = $database.getRow('ticket', 'contentoftheticketthatisgoingtosucces' , 'content')
(ticket['closed']).should.equal('0')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
it 'Should re-open ticket if the user is author' do
Scripts.createUser('reopener@os4.com','reopener','Reopener')
Scripts.login('reopener@os4.com','reopener')
Scripts.createTicket('tickettoreopen')
Scripts.createTicket('tickettuser','this ticket was made by an user',3)
ticket = $database.getRow('ticket', 'this ticket was made by an user', 'content')
Scripts.closeTicket(ticket['ticketNumber'])
ticket = $database.getRow('ticket', 'tickettoreopen', 'title')
Scripts.closeTicket(ticket['ticketNumber'])
result = request('/ticket/re-open', {
@ -42,5 +80,36 @@ describe '/ticket/re-open' do
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('RE_OPEN')
request('/user/logout')
end
it 'Should fail re-open the ticket if the staff does not serve to the department and he is not the author' do
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'this ticket was made by an user' , 'content')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
result = request('/ticket/re-open', {
ticketNumber: ticket['ticket_number'],
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
end

74
tests/ticket/remove-tag.rb
View File

@ -29,7 +29,7 @@ describe '/ticket/remove-tag' do
(result['message']).should.equal('INVALID_TAG')
end
it 'should remove an attached tag' do
it 'should remove an attached tag if staff member serves to the department of the ticket' do
result = request('/ticket/remove-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -40,7 +40,79 @@ describe '/ticket/remove-tag' do
(result['status']).should.equal('success')
end
it 'should remove an attached tag if staff member does not serve to department ticket but is author' do
Scripts.createTicket('title44','contentoftheticket44',3)
ticket = $database.getRow('ticket','title44', 'title')
request('/ticket/add-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 1,
ticketNumber: ticket['ticket_number']
})
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
result = request('/ticket/remove-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 1,
ticketNumber: ticket['ticket_number']
})
(result['status']).should.equal('success')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
it 'should fail if staff does not serve to department of the ticket and is not the author' do
request('/user/logout')
Scripts.login('pepito@pepito.com', 'pepito12345')
Scripts.createTicket('title73','contentoftheticket73',3)
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket','title73', 'title')
request('/ticket/add-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 1,
ticketNumber: ticket['ticket_number']
})
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2]',
staffId: 1
})
result = request('/ticket/remove-tag', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
tagId: 1,
ticketNumber: ticket['ticket_number']
})
(result['status']).should.equal('fail')
request('/staff/edit', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
departments: '[1, 2, 3]',
staffId: 1
})
end
it 'should fail if the tag is not attached' do
result = request('/ticket/remove-tag', {