tyler.durden
/
opensupports
mirror of https://github.com/opensupports/opensupports.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removes /staff/add path, updates tests accordingly, and adds log when a staff member is invited

This commit is contained in:
Maxi Redigonda 2019-10-31 16:13:04 -03:00
parent afa76ce059
commit 87e2984fa4
8 changed files with 76 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
server/controllers/staff/add.php
View File

@ -1,131 +0,0 @@
<?php
use Respect\Validation\Validator as DataValidator;
DataValidator::with('CustomValidations', true);
/**
* @api {post} /staff/add Add staff
* @apiVersion 4.5.0
*
* @apiName Add staff
*
* @apiGroup Staff
*
* @apiDescription This path adds a new staff member.
*
* @apiPermission staff3
*
* @apiParam {String} name The name of the new staff member.
* @apiParam {String} email The email of the new staff member.
* @apiParam {String} password The password of the new staff member.
* @apiParam {Number} level The level of the new staff member.
* @apiParam {String} profilePic The profile pic of the new staff member.
* @apiParam {Number[]} departments The departments that will have assigned the new staff member.
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_NAME
* @apiUse INVALID_EMAIL
* @apiUse INVALID_PASSWORD
* @apiUse INVALID_LEVEL
* @apiUse ALREADY_A_STAFF
*
* @apiSuccess {Object} data Staff info object
* @apiSuccess {Number} data.id Staff id
*
*/
class AddStaffController extends Controller {
const PATH = '/add';
const METHOD = 'POST';
private $name;
private $email;
private $password;
private $profilePic;
private $level;
private $departments;
public function validations() {
return [
'permission' => 'staff_3',
'requestData' => [
'name' => [
'validation' => DataValidator::length(2, 55),
'error' => ERRORS::INVALID_NAME
],
'email' => [
'validation' => DataValidator::email(),
'error' => ERRORS::INVALID_EMAIL
],
'password' => [
'validation' => DataValidator::length(5, 200),
'error' => ERRORS::INVALID_PASSWORD
],
'level' => [
'validation' => DataValidator::between(1, 3, true),
'error' => ERRORS::INVALID_LEVEL
]
]
];
}
public function handler() {
$this->storeRequestData();
$staff = new Staff();
$staffRow = Staff::getDataStore($this->email, 'email');
if($staffRow->isNull()) {
$staff->setProperties([
'name'=> $this->name,
'email' => $this->email,
'password'=> Hashing::hashPassword($this->password),
'profilePic' => $this->profilePic,
'level' => $this->level,
'sharedDepartmentList' => $this->getDepartmentList()
]);
$this->addOwner();
Log::createLog('ADD_STAFF', $this->name);
Response::respondSuccess([
'id' => $staff->store()
]);
return;
}
throw new RequestException(ERRORS::ALREADY_A_STAFF);
}
public function storeRequestData() {
$this->name = Controller::request('name');
$this->email = Controller::request('email');
$this->password = Controller::request('password');
$this->profilePic = Controller::request('profilePic');
$this->level = Controller::request('level');
$this->departments = Controller::request('departments');
}
public function getDepartmentList() {
$listDepartments = new DataStoreList();
$departmentIds = json_decode($this->departments);
foreach($departmentIds as $id) {
$department = Department::getDataStore($id);
$listDepartments->add($department);
}
return $listDepartments;
}
public function addOwner() {
$departmentIds = json_decode($this->departments);
foreach($departmentIds as $id) {
$departmentRow = Department::getDataStore($id);
$departmentRow->owners++;
$departmentRow->store();
}
}
}

2
server/controllers/staff/invite.php
View File

@ -99,7 +99,7 @@ class InviteStaffController extends Controller {
'id' => $staff->store()
]);
// TODO: Log::createLog('ADD_STAFF', $this->name);
Log::createLog('INVITE', $this->name);
}
public function storeRequestData() {

2
tests/init.rb
View File

@ -33,7 +33,7 @@ require './ticket/change-department.rb'
require './ticket/close.rb'
require './ticket/re-open.rb'
require './ticket/delete.rb'
require './staff/add.rb'
require './staff/invite.rb'
require './staff/get.rb'
require './staff/edit.rb'
require './staff/delete.rb'

17
tests/scripts.rb
View File

@ -16,25 +16,33 @@ class Scripts
})
end
def self.createStaff(email, password, name, level='1')
def self.createStaff(email, password, name, level='1') # WARNING: NOT USED ANYWHERE
departments = request('/system/get-settings', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token
})['data']['departments']
departments = departments.collect { |x| x.id }
response = request('/staff/add', {
response = request('/staff/invite', {
:name => name,
:email => email,
:password => password,
:level => level,
:departments => departments.to_string
})
recoverpassword = $database.getRow('recoverpassword', email, 'email')
response = request('/user/recover-password', {
email: email,
password: password,
token: recoverpassword['token']
})
if response['status'] === 'fail'
raise response['message']
end
end
def self.deleteStaff(staffId)
response = request('/staff/delete', {
staffId: staffId,
@ -106,6 +114,7 @@ class Scripts
description: description
})
end
def self.createTag(name, color)
request('/ticket/create-tag', {
csrf_userid: $csrf_userid,
@ -114,6 +123,7 @@ class Scripts
color: color
})
end
def self.assignTicket(ticketnumber)
request('/staff/assign-ticket', {
ticketNumber: ticketnumber,
@ -121,6 +131,7 @@ class Scripts
csrf_token: $csrf_token
})
end
def self.commentTicket(ticketnumber,content)
request('/ticket/comment', {
content: content,

11
tests/staff/edit.rb
View File

@ -32,17 +32,24 @@ describe'/staff/edit' do
end
it 'should edit own data staff' do
request('/staff/add', {
request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Arya Stark',
password: 'starkpassword',
email: 'arya@opensupports.com',
level: 1,
profilePic: '',
departments: '[1]'
})
recoverpassword = $database.getRow('recoverpassword', 'arya@opensupports.com', 'email')
request('/user/recover-password', {
email: 'arya@opensupports.com',
password: 'starkpassword',
token: recoverpassword['token']
})
row = $database.getRow('staff', 'arya@opensupports.com', 'email')
result = request('/staff/edit', {

20
tests/staff/add.rb → tests/staff/invite.rb
View File

@ -1,21 +1,28 @@
describe'/staff/add' do
describe'/staff/invite' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
it 'should add staff member' do
result= request('/staff/add', {
result = request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Tyrion Lannister',
email: 'tyrion@opensupports.com',
password: 'testpassword',
level: 2,
profilePic: '',
departments: '[1]'
})
(result['status']).should.equal('success')
recoverpassword = $database.getRow('recoverpassword', 'tyrion@opensupports.com', 'email')
request('/user/recover-password', {
email: 'tyrion@opensupports.com',
password: 'testpassword',
token: recoverpassword['token']
})
row = $database.getRow('staff', result['data']['id'], 'id')
(row['name']).should.equal('Tyrion Lannister')
@ -27,16 +34,15 @@ describe'/staff/add' do
(row['owners']).should.equal('4')
lastLog = $database.getLastRow('log')
(lastLog['type']).should.equal('ADD_STAFF')
(lastLog['type']).should.equal('INVITE')
end
it 'should fail if staff member is alrady a staff' do
result= request('/staff/add', {
result = request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Tyrion Lannister',
email: 'tyrion@opensupports.com',
password: 'testpassword',
level: 2,
profilePic: '',
departments: '[1]'

14
tests/ticket/comment.rb
View File

@ -182,18 +182,28 @@ describe '/ticket/comment/' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
request('/staff/add', {
result = request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Jorah mormont',
email: 'jorah@opensupports.com',
password: 'testpassword',
level: 2,
profilePic: '',
departments: '[1]'
})
(result['status'].should.equal('success'))
request('/user/logout')
recoverpassword = $database.getRow('recoverpassword', 'jorah@opensupports.com', 'email')
request('/user/recover-password', {
email: 'jorah@opensupports.com',
password: 'testpassword',
token: recoverpassword['token']
})
Scripts.login('jorah@opensupports.com', 'testpassword', true)
result = request('/ticket/comment', {
content: 'some comment content',

37
tests/ticket/delete.rb
View File

@ -6,17 +6,24 @@ describe '/ticket/delete' do
Scripts.createTicket('ticket_to_delete')
ticket = $database.getRow('ticket', 'ticket_to_delete', 'title')
request('/staff/add', {
request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Ned Stark',
password: 'headless',
email: 'ned@opensupports.com',
level: 3,
profilePic: '',
departments: '[1]'
})
recoverpassword = $database.getRow('recoverpassword', 'ned@opensupports.com', 'email')
request('/user/recover-password', {
email: 'ned@opensupports.com',
password: 'headless',
token: recoverpassword['token']
})
request('/user/logout')
Scripts.login('ned@opensupports.com', 'headless', true)
@ -80,16 +87,24 @@ describe '/ticket/delete' do
ticket = $database.getRow('ticket', 'ticket_to_delete_4', 'title');
request('/staff/add', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Joan Chris',
password: 'theyaregonnafireme',
email: 'uselessstaff@opensupports.com',
level: 2,
profilePic: '',
departments: '[1]'
request('/staff/invite', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
name: 'Joan Chris',
email: 'uselessstaff@opensupports.com',
level: 2,
profilePic: '',
departments: '[1]'
})
recoverpassword = $database.getRow('recoverpassword', 'uselessstaff@opensupports.com', 'email')
request('/user/recover-password', {
email: 'uselessstaff@opensupports.com',
password: 'theyaregonnafireme',
token: recoverpassword['token']
})
request('/user/logout')
Scripts.login('uselessstaff@opensupports.com', 'theyaregonnafireme',true)