Fix edit ticket comment (#1107)

* Fix edit ticket comment

* Add some docs comments

* Change some test names
This commit is contained in:
LautaroCesso 2021-12-02 21:35:37 -03:00 committed by GitHub
parent 5a1b558a6d
commit b39e4c2a5f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 201 additions and 45 deletions

View File

@ -20,7 +20,9 @@ DataValidator::with('CustomValidations', true);
*
* @apiUse NO_PERMISSION
* @apiUse INVALID_CONTENT
* @apiUse INVALID_TOKEN
* @apiUse INVALID_TICKET
* @apiUse INVALID_TICKET_EVENT
* @apiUse TICKET_CONTENT_CANNOT_BE_EDITED
*
* @apiSuccess {Object} data Empty object
*
@ -62,6 +64,14 @@ class EditCommentController extends Controller {
throw new RequestException(ERRORS::NO_PERMISSION);
}
if (!$ticketevent->isNull()) {
if($user->id !== $ticketevent->authorUserId) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
} else if ($user->id !== $ticket->authorId) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
if(Controller::isStaffLogged() && !$user->canManageTicket($ticket)) {
throw new RequestException(ERRORS::NO_PERMISSION);
}
@ -70,10 +80,8 @@ class EditCommentController extends Controller {
if($ticketevent->type !== "COMMENT" || $ticket->closed || $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketevent->id) {
throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
}
} else {
if(sizeof($ticket->getEventsOfType("COMMENT"))) {
throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
}
} else if(sizeof($ticket->getEventsOfType("COMMENT"))) {
throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED);
}
if(!$ticketevent->isNull()){

View File

@ -323,6 +323,10 @@
* @apiDefine INVALID_SUPERVISED_USERS
* @apiError {String} INVALID_SUPERVISED_USERS supervised users are invalid
*/
/**
* @apiDefine TICKET_CONTENT_CANNOT_BE_EDITED
* @apiError {String} TICKET_CONTENT_CANNOT_BE_EDITED Ticket content cannot be edited because it has comments
*/
class ERRORS {
const INVALID_CREDENTIALS = 'INVALID_CREDENTIALS';
@ -410,4 +414,5 @@ class ERRORS {
const REGISTRATION_IS_DESACTIVATED = 'REGISTRATION_IS_DESACTIVATED';
const INVALID_SUPERVISED_USERS = 'INVALID_SUPERVISED_USERS';
const INVALID_USER_SEARCH_OPTION = 'INVALID_USER_SEARCH_OPTION';
const TICKET_CONTENT_CANNOT_BE_EDITED = 'TICKET_CONTENT_CANNOT_BE_EDITED';
}

View File

@ -28,7 +28,7 @@ describe 'Article path' do
it 'should create article' do
result = request('/article/add', {
name: 'Some article',
title: 'Some article',
content: 'This is an article about server management.',
topicId: @topic_id,
position: 1,
@ -108,7 +108,7 @@ describe 'Article path' do
it 'should retrieve all articles' do
request('/article/add', {
name: 'Some article',
title: 'Some article',
content: 'This is an article about server management.',
topicId: @topic_id,
position: 1,

View File

@ -205,6 +205,15 @@ describe'system/mandatory-login' do
})
(result['status']).should.equal('success')
result = request('/ticket/edit-comment', {
csrf_token: $sessionToken,
csrf_userid: $sessionId,
ticketNumber: $sessionTicketNumber,
ticketEventId: 0,
content: 'this is the first edited-comment without login'
})
(result['status']).should.equal('success')
result = request('/ticket/comment', {
csrf_token: $sessionToken,
csrf_userid: $sessionId,
@ -221,15 +230,6 @@ describe'system/mandatory-login' do
})
(result['status']).should.equal('success')
result = request('/ticket/edit-comment', {
csrf_token: $sessionToken,
csrf_userid: $sessionId,
ticketNumber: $sessionTicketNumber,
ticketEventId: 0,
content: 'this is the first edited-comment without login'
})
(result['status']).should.equal('success')
result = request('/ticket/close', {
csrf_token: $sessionToken,
csrf_userid: $sessionId,

View File

@ -1,12 +1,20 @@
describe '/ticket/edit-comment' do
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createTicket('ticket made by a staff','content of the ticket made by a staff')
Scripts.logout()
Scripts.login()
Scripts.createTicket('ticket made by an user','content of the ticket made by an user')
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user')
Scripts.createTicket('ticket made by a user','content of the ticket made by a user')
it 'should change content of the ticket if the author user tries it' do
def getTicketEventsCommentsQuery(ticketId)
return "SELECT * FROM `ticketevent` WHERE `type` = 'COMMENT' AND `ticket_id` = #{ticketId} ORDER BY `ticketevent`.`id` ASC;"
end
ticket = $database.getRow('ticket', 'ticket made by a user', 'title')
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
it 'should success if author is right and ticket has no comment' do
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -14,16 +22,25 @@ describe '/ticket/edit-comment' do
ticketNumber: ticket['ticket_number']
})
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(0)
ticket = $database.getRow('ticket', 'ticket made by a user', 'title')
(result['status']).should.equal('success')
(ticket['content']).should.equal('content edited by the user')
end
it 'should change the content of a comment if the user is the author' do
it 'should success if author is right and its the last comment' do
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(0)
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user')
ticketevent = $database.getRow('ticketevent', 'com ment of a user', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(1)
tickets_comments.to_a.last['content'].should.equal('com ment of a user')
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
@ -31,54 +48,119 @@ describe '/ticket/edit-comment' do
ticketEventId: ticketevent['id']
})
ticketevent = $database.getRow('ticketevent', 'comment edited by the user', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(1)
(result['status']).should.equal('success')
(ticketevent['content']).should.equal('comment edited by the user')
end
(result['status']).should.equal('success')
it 'should change the content of a comment and the content of the ticket if the admin is logged' do
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticketevent = $database.getRow('ticketevent', 'comment edited by the user', 'content')
tickets_comments.to_a.last['content'].should.equal('comment edited by the user')
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 2')
ticketevent = $database.getRow('ticketevent', 'com ment of a user 2', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(2)
tickets_comments.to_a.last['content'].should.equal('com ment of a user 2')
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'comment edited by a staff',
content: 'comment edited by the user 2',
ticketEventId: ticketevent['id']
})
ticketevent = $database.getRow('ticketevent', 'comment edited by a staff', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(2)
tickets_comments.to_a.last['content'].should.equal('comment edited by the user 2')
(result['status']).should.equal('success')
(ticketevent['content']).should.equal('comment edited by a staff')
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 3')
ticketevent = $database.getRow('ticketevent', 'com ment of a user 3', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(3)
tickets_comments.to_a.last['content'].should.equal('com ment of a user 3')
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'content edited by a staff',
content: 'comment edited by the user 3',
ticketEventId: ticketevent['id']
})
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(3)
tickets_comments.to_a.last['content'].should.equal('comment edited by the user 3')
ticketevent = tickets_comments.to_a.last
(result['status']).should.equal('success')
end
it 'should fail if author is right but ticket has other commets below' do
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(3)
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'content edited by the user',
ticketNumber: ticket['ticket_number']
})
ticket = $database.getRow('ticket', ticket['ticket_number'], 'ticket_number')
(result['status']).should.equal('fail')
(result['message']).should.equal('TICKET_CONTENT_CANNOT_BE_EDITED')
(result['status']).should.equal('success')
(ticket['content']).should.equal('content edited by a staff')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(3)
ticket_comment3 = tickets_comments.to_a.last
Scripts.logout()
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 4')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
tickets_comments.size.should.equal(4)
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'this is not the last comment of the ticket',
ticketEventId: ticket_comment3['id']
})
(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_TICKET_EVENT')
end
it 'should not change the content of a comment if the user is not the author' do
it 'should fail if ticket has no comments but author is wrong' do
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'this is not my ticket',
ticketNumber: ticket2['ticket_number']
})
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(0)
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
(result['status']).should.equal('fail')
(ticket2['content']).should.equal('content of the ticket made by a staff')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if ticket has comment and author is wrong' do
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(0)
Scripts.assignTicket(ticket['ticket_number'])
Scripts.commentTicket(ticket['ticket_number'],'this is a new comment of a staff member')
Scripts.commentTicket(ticket2['ticket_number'],'com ment of a staff')
ticketevent = $database.getRow('ticketevent', 'this is a new comment of a staff member', 'content')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(1)
tickets_comments.to_a.last['content'].should.equal('com ment of a staff')
Scripts.logout()
Scripts.login()
@ -86,11 +168,72 @@ describe '/ticket/edit-comment' do
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'comment edited by an user',
ticketEventId: ticketevent['id']
content: 'this is not my ticket',
ticketNumber: ticket2['ticket_number']
})
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(1)
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
(result['status']).should.equal('fail')
(ticket2['content']).should.equal('content of the ticket made by a staff')
(result['message']).should.equal('NO_PERMISSION')
end
it 'should fail if author is wrong but comment is the last' do
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(1)
ticket_comment = tickets_comments.to_a.last
ticket_comment['content'].should.equal('com ment of a staff')
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'this comment it is not mine',
ticketEventId: ticket_comment['id']
})
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(1)
ticket_comment = tickets_comments.to_a.last
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
ticket_comment['content'].should.equal('com ment of a staff')
end
it 'should fail if the author and comment are wrong' do
Scripts.logout()
Scripts.login($staff[:email], $staff[:password], true)
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(1)
first_comment = tickets_comments.to_a.last
Scripts.commentTicket(ticket2['ticket_number'],'com ment of a staff 2')
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
tickets_comments.size.should.equal(2)
last_comment = tickets_comments.to_a.last
last_comment['content'].should.equal('com ment of a staff 2')
Scripts.logout()
Scripts.login()
result = request('/ticket/edit-comment', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
content: 'this comment it is not mine and is not the last',
ticketEventId: first_comment['id']
})
(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')
last_comment['content'].should.equal('com ment of a staff 2')
end
end