Fix edit ticket comment (#1107)
* Fix edit ticket comment * Add some docs comments * Change some test names
This commit is contained in:
parent
5a1b558a6d
commit
b39e4c2a5f
|
@ -20,7 +20,9 @@ DataValidator::with('CustomValidations', true);
|
|||
*
|
||||
* @apiUse NO_PERMISSION
|
||||
* @apiUse INVALID_CONTENT
|
||||
* @apiUse INVALID_TOKEN
|
||||
* @apiUse INVALID_TICKET
|
||||
* @apiUse INVALID_TICKET_EVENT
|
||||
* @apiUse TICKET_CONTENT_CANNOT_BE_EDITED
|
||||
*
|
||||
* @apiSuccess {Object} data Empty object
|
||||
*
|
||||
|
@ -62,6 +64,14 @@ class EditCommentController extends Controller {
|
|||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
|
||||
if (!$ticketevent->isNull()) {
|
||||
if($user->id !== $ticketevent->authorUserId) {
|
||||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
} else if ($user->id !== $ticket->authorId) {
|
||||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
|
||||
if(Controller::isStaffLogged() && !$user->canManageTicket($ticket)) {
|
||||
throw new RequestException(ERRORS::NO_PERMISSION);
|
||||
}
|
||||
|
@ -70,10 +80,8 @@ class EditCommentController extends Controller {
|
|||
if($ticketevent->type !== "COMMENT" || $ticket->closed || $ticket->getLatestEventOfType("COMMENT")['id'] !== $ticketevent->id) {
|
||||
throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
|
||||
}
|
||||
} else {
|
||||
if(sizeof($ticket->getEventsOfType("COMMENT"))) {
|
||||
throw new RequestException(ERRORS::INVALID_TICKET_EVENT);
|
||||
}
|
||||
} else if(sizeof($ticket->getEventsOfType("COMMENT"))) {
|
||||
throw new RequestException(ERRORS::TICKET_CONTENT_CANNOT_BE_EDITED);
|
||||
}
|
||||
|
||||
if(!$ticketevent->isNull()){
|
||||
|
|
|
@ -323,6 +323,10 @@
|
|||
* @apiDefine INVALID_SUPERVISED_USERS
|
||||
* @apiError {String} INVALID_SUPERVISED_USERS supervised users are invalid
|
||||
*/
|
||||
/**
|
||||
* @apiDefine TICKET_CONTENT_CANNOT_BE_EDITED
|
||||
* @apiError {String} TICKET_CONTENT_CANNOT_BE_EDITED Ticket content cannot be edited because it has comments
|
||||
*/
|
||||
|
||||
class ERRORS {
|
||||
const INVALID_CREDENTIALS = 'INVALID_CREDENTIALS';
|
||||
|
@ -410,4 +414,5 @@ class ERRORS {
|
|||
const REGISTRATION_IS_DESACTIVATED = 'REGISTRATION_IS_DESACTIVATED';
|
||||
const INVALID_SUPERVISED_USERS = 'INVALID_SUPERVISED_USERS';
|
||||
const INVALID_USER_SEARCH_OPTION = 'INVALID_USER_SEARCH_OPTION';
|
||||
const TICKET_CONTENT_CANNOT_BE_EDITED = 'TICKET_CONTENT_CANNOT_BE_EDITED';
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ describe 'Article path' do
|
|||
|
||||
it 'should create article' do
|
||||
result = request('/article/add', {
|
||||
name: 'Some article',
|
||||
title: 'Some article',
|
||||
content: 'This is an article about server management.',
|
||||
topicId: @topic_id,
|
||||
position: 1,
|
||||
|
@ -108,7 +108,7 @@ describe 'Article path' do
|
|||
|
||||
it 'should retrieve all articles' do
|
||||
request('/article/add', {
|
||||
name: 'Some article',
|
||||
title: 'Some article',
|
||||
content: 'This is an article about server management.',
|
||||
topicId: @topic_id,
|
||||
position: 1,
|
||||
|
|
|
@ -205,6 +205,15 @@ describe'system/mandatory-login' do
|
|||
})
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_token: $sessionToken,
|
||||
csrf_userid: $sessionId,
|
||||
ticketNumber: $sessionTicketNumber,
|
||||
ticketEventId: 0,
|
||||
content: 'this is the first edited-comment without login'
|
||||
})
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
result = request('/ticket/comment', {
|
||||
csrf_token: $sessionToken,
|
||||
csrf_userid: $sessionId,
|
||||
|
@ -221,15 +230,6 @@ describe'system/mandatory-login' do
|
|||
})
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_token: $sessionToken,
|
||||
csrf_userid: $sessionId,
|
||||
ticketNumber: $sessionTicketNumber,
|
||||
ticketEventId: 0,
|
||||
content: 'this is the first edited-comment without login'
|
||||
})
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
result = request('/ticket/close', {
|
||||
csrf_token: $sessionToken,
|
||||
csrf_userid: $sessionId,
|
||||
|
|
|
@ -1,12 +1,20 @@
|
|||
describe '/ticket/edit-comment' do
|
||||
Scripts.logout()
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
Scripts.createTicket('ticket made by a staff','content of the ticket made by a staff')
|
||||
|
||||
Scripts.logout()
|
||||
Scripts.login()
|
||||
Scripts.createTicket('ticket made by an user','content of the ticket made by an user')
|
||||
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
|
||||
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user')
|
||||
Scripts.createTicket('ticket made by a user','content of the ticket made by a user')
|
||||
|
||||
it 'should change content of the ticket if the author user tries it' do
|
||||
def getTicketEventsCommentsQuery(ticketId)
|
||||
return "SELECT * FROM `ticketevent` WHERE `type` = 'COMMENT' AND `ticket_id` = #{ticketId} ORDER BY `ticketevent`.`id` ASC;"
|
||||
end
|
||||
|
||||
ticket = $database.getRow('ticket', 'ticket made by a user', 'title')
|
||||
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
|
||||
|
||||
it 'should success if author is right and ticket has no comment' do
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
|
@ -14,16 +22,25 @@ describe '/ticket/edit-comment' do
|
|||
ticketNumber: ticket['ticket_number']
|
||||
})
|
||||
|
||||
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(0)
|
||||
ticket = $database.getRow('ticket', 'ticket made by a user', 'title')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(ticket['content']).should.equal('content edited by the user')
|
||||
end
|
||||
|
||||
it 'should change the content of a comment if the user is the author' do
|
||||
it 'should success if author is right and its the last comment' do
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(0)
|
||||
|
||||
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user')
|
||||
ticketevent = $database.getRow('ticketevent', 'com ment of a user', 'content')
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
tickets_comments.to_a.last['content'].should.equal('com ment of a user')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
|
@ -31,54 +48,119 @@ describe '/ticket/edit-comment' do
|
|||
ticketEventId: ticketevent['id']
|
||||
})
|
||||
|
||||
ticketevent = $database.getRow('ticketevent', 'comment edited by the user', 'content')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(ticketevent['content']).should.equal('comment edited by the user')
|
||||
end
|
||||
(result['status']).should.equal('success')
|
||||
|
||||
it 'should change the content of a comment and the content of the ticket if the admin is logged' do
|
||||
Scripts.logout()
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
ticketevent = $database.getRow('ticketevent', 'comment edited by the user', 'content')
|
||||
tickets_comments.to_a.last['content'].should.equal('comment edited by the user')
|
||||
|
||||
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 2')
|
||||
ticketevent = $database.getRow('ticketevent', 'com ment of a user 2', 'content')
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(2)
|
||||
tickets_comments.to_a.last['content'].should.equal('com ment of a user 2')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'comment edited by a staff',
|
||||
content: 'comment edited by the user 2',
|
||||
ticketEventId: ticketevent['id']
|
||||
})
|
||||
|
||||
ticketevent = $database.getRow('ticketevent', 'comment edited by a staff', 'content')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(2)
|
||||
tickets_comments.to_a.last['content'].should.equal('comment edited by the user 2')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(ticketevent['content']).should.equal('comment edited by a staff')
|
||||
|
||||
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 3')
|
||||
ticketevent = $database.getRow('ticketevent', 'com ment of a user 3', 'content')
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(3)
|
||||
tickets_comments.to_a.last['content'].should.equal('com ment of a user 3')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'content edited by a staff',
|
||||
content: 'comment edited by the user 3',
|
||||
ticketEventId: ticketevent['id']
|
||||
})
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(3)
|
||||
tickets_comments.to_a.last['content'].should.equal('comment edited by the user 3')
|
||||
|
||||
ticketevent = tickets_comments.to_a.last
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
end
|
||||
|
||||
it 'should fail if author is right but ticket has other commets below' do
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(3)
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'content edited by the user',
|
||||
ticketNumber: ticket['ticket_number']
|
||||
})
|
||||
|
||||
ticket = $database.getRow('ticket', ticket['ticket_number'], 'ticket_number')
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('TICKET_CONTENT_CANNOT_BE_EDITED')
|
||||
|
||||
(result['status']).should.equal('success')
|
||||
(ticket['content']).should.equal('content edited by a staff')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(3)
|
||||
ticket_comment3 = tickets_comments.to_a.last
|
||||
|
||||
Scripts.logout()
|
||||
Scripts.commentTicket(ticket['ticket_number'],'com ment of a user 4')
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket['id']))
|
||||
tickets_comments.size.should.equal(4)
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'this is not the last comment of the ticket',
|
||||
ticketEventId: ticket_comment3['id']
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('INVALID_TICKET_EVENT')
|
||||
end
|
||||
|
||||
it 'should not change the content of a comment if the user is not the author' do
|
||||
it 'should fail if ticket has no comments but author is wrong' do
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'this is not my ticket',
|
||||
ticketNumber: ticket2['ticket_number']
|
||||
})
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(0)
|
||||
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(ticket2['content']).should.equal('content of the ticket made by a staff')
|
||||
(result['message']).should.equal('NO_PERMISSION')
|
||||
end
|
||||
|
||||
it 'should fail if ticket has comment and author is wrong' do
|
||||
Scripts.logout()
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
ticket = $database.getRow('ticket', 'ticket made by an user', 'title')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(0)
|
||||
|
||||
Scripts.assignTicket(ticket['ticket_number'])
|
||||
Scripts.commentTicket(ticket['ticket_number'],'this is a new comment of a staff member')
|
||||
Scripts.commentTicket(ticket2['ticket_number'],'com ment of a staff')
|
||||
|
||||
ticketevent = $database.getRow('ticketevent', 'this is a new comment of a staff member', 'content')
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
tickets_comments.to_a.last['content'].should.equal('com ment of a staff')
|
||||
|
||||
Scripts.logout()
|
||||
Scripts.login()
|
||||
|
@ -86,11 +168,72 @@ describe '/ticket/edit-comment' do
|
|||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'comment edited by an user',
|
||||
ticketEventId: ticketevent['id']
|
||||
content: 'this is not my ticket',
|
||||
ticketNumber: ticket2['ticket_number']
|
||||
})
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
ticket2 = $database.getRow('ticket', 'ticket made by a staff', 'title')
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(ticket2['content']).should.equal('content of the ticket made by a staff')
|
||||
(result['message']).should.equal('NO_PERMISSION')
|
||||
end
|
||||
|
||||
|
||||
it 'should fail if author is wrong but comment is the last' do
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
|
||||
ticket_comment = tickets_comments.to_a.last
|
||||
|
||||
ticket_comment['content'].should.equal('com ment of a staff')
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'this comment it is not mine',
|
||||
ticketEventId: ticket_comment['id']
|
||||
})
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
|
||||
ticket_comment = tickets_comments.to_a.last
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('NO_PERMISSION')
|
||||
ticket_comment['content'].should.equal('com ment of a staff')
|
||||
end
|
||||
|
||||
it 'should fail if the author and comment are wrong' do
|
||||
Scripts.logout()
|
||||
Scripts.login($staff[:email], $staff[:password], true)
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(1)
|
||||
first_comment = tickets_comments.to_a.last
|
||||
|
||||
Scripts.commentTicket(ticket2['ticket_number'],'com ment of a staff 2')
|
||||
|
||||
tickets_comments = $database.query(getTicketEventsCommentsQuery(ticket2['id']))
|
||||
tickets_comments.size.should.equal(2)
|
||||
last_comment = tickets_comments.to_a.last
|
||||
last_comment['content'].should.equal('com ment of a staff 2')
|
||||
|
||||
Scripts.logout()
|
||||
Scripts.login()
|
||||
|
||||
result = request('/ticket/edit-comment', {
|
||||
csrf_userid: $csrf_userid,
|
||||
csrf_token: $csrf_token,
|
||||
content: 'this comment it is not mine and is not the last',
|
||||
ticketEventId: first_comment['id']
|
||||
})
|
||||
|
||||
(result['status']).should.equal('fail')
|
||||
(result['message']).should.equal('NO_PERMISSION')
|
||||
last_comment['content'].should.equal('com ment of a staff 2')
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue