From d26d511ebd6b4667c08d7d54eef8756cf00fdf68 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Wed, 28 Feb 2018 02:43:34 -0300 Subject: [PATCH 1/3] fix bug #115 --- server/controllers/staff/assign-ticket.php | 2 +- server/controllers/ticket/change-department.php | 16 +++++++++++++--- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/server/controllers/staff/assign-ticket.php b/server/controllers/staff/assign-ticket.php index a72b6218..77cfd415 100755 --- a/server/controllers/staff/assign-ticket.php +++ b/server/controllers/staff/assign-ticket.php @@ -20,7 +20,7 @@ DataValidator::with('CustomValidations', true); * @apiUse INVALID_TICKET * @apiUse TICKET_ALREADY_ASSIGNED * @apiUse INVALID_DEPARTMENT - * + * * @apiSuccess {Object} data Empty object * */ diff --git a/server/controllers/ticket/change-department.php b/server/controllers/ticket/change-department.php index 5cea221d..8685b3be 100755 --- a/server/controllers/ticket/change-department.php +++ b/server/controllers/ticket/change-department.php @@ -66,11 +66,21 @@ class ChangeDepartmentController extends Controller { $ticket->addEvent($event); $ticket->department = $department; $ticket->unread = true; - if(!Controller::getLoggedUser()->sharedDepartmentList->includesId($department->id)) { - $ticket->owner = null; - } $ticket->store(); + if(!Controller::getLoggedUser()->sharedDepartmentList->includesId($department->id)) { + Controller::setDataRequester(function ($key) use ($ticketNumber) { + if($key === 'ticketNumber') { + return $ticketNumber; + } + + return null; + }); + $unAssignTicketController = new UnAssignStaffController(); + $unAssignTicketController->validate(); + $unAssignTicketController->handler(); + } + Log::createLog('DEPARTMENT_CHANGED', $ticket->ticketNumber); Response::respondSuccess(); From 30fdb384f3c2063aabddca663ed2ccad7e6c0bf2 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Fri, 9 Mar 2018 15:17:28 -0300 Subject: [PATCH 2/3] fix bug 115/166 --- server/controllers/staff/assign-ticket.php | 4 ++-- server/controllers/staff/un-assign-ticket.php | 12 ++++++------ server/controllers/system/edit-settings.php | 4 ++++ server/controllers/ticket/change-department.php | 4 ++-- server/data/ERRORS.php | 1 + tests/staff/un-assign-ticket.rb | 13 +------------ tests/system/edit-settings.rb | 16 +++++++++++++++- 7 files changed, 31 insertions(+), 23 deletions(-) diff --git a/server/controllers/staff/assign-ticket.php b/server/controllers/staff/assign-ticket.php index 77cfd415..93af3332 100755 --- a/server/controllers/staff/assign-ticket.php +++ b/server/controllers/staff/assign-ticket.php @@ -50,12 +50,12 @@ class AssignStaffController extends Controller { $this->ticket = Ticket::getByTicketNumber($ticketNumber); if($this->ticket->owner) { - Response::respondError(ERRORS::TICKET_ALREADY_ASSIGNED); + throw new Exception(ERRORS::TICKET_ALREADY_ASSIGNED); return; } if(!$this->ticketHasStaffDepartment()) { - Response::respondError(ERRORS::INVALID_DEPARTMENT); + throw new Exception(ERRORS::INVALID_DEPARTMENT); } else { $this->user->sharedTicketList->add($this->ticket); $this->ticket->owner = $this->user; diff --git a/server/controllers/staff/un-assign-ticket.php b/server/controllers/staff/un-assign-ticket.php index 48fe6dc6..0443059b 100755 --- a/server/controllers/staff/un-assign-ticket.php +++ b/server/controllers/staff/un-assign-ticket.php @@ -44,25 +44,25 @@ class UnAssignStaffController extends Controller { $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber($ticketNumber); - if($ticket->owner && $ticket->owner->id == $user->id) { + if($ticket->owner && $ticket->owner->id === $user->id || $user->level !== 1) { $user->sharedTicketList->remove($ticket); $user->store(); - + $ticket->owner = null; $ticket->unread = true; - + $event = Ticketevent::getEvent(Ticketevent::UN_ASSIGN); $event->setProperties(array( 'authorStaff' => $user, 'date' => Date::getCurrentDate() )); - + $ticket->addEvent($event); $ticket->store(); Response::respondSuccess(); } else { - Response::respondError(ERRORS::NO_PERMISSION); + throw new Exception(ERRORS::NO_PERMISSION); return; } } -} \ No newline at end of file +} diff --git a/server/controllers/system/edit-settings.php b/server/controllers/system/edit-settings.php index dfdf7352..bb56fdf4 100755 --- a/server/controllers/system/edit-settings.php +++ b/server/controllers/system/edit-settings.php @@ -73,6 +73,10 @@ class EditSettingsController extends Controller { $allowed = json_decode(Controller::request('allowedLanguages')); $supported = json_decode(Controller::request('supportedLanguages')); + if (array_diff($supported, $allowed)) { + throw new Exception(ERRORS::INVALID_SUPPORTED_LANGUAGES); + } + foreach(Language::LANGUAGES as $languageCode) { $language = Language::getDataStore($languageCode, 'code'); diff --git a/server/controllers/ticket/change-department.php b/server/controllers/ticket/change-department.php index 8685b3be..3453f732 100755 --- a/server/controllers/ticket/change-department.php +++ b/server/controllers/ticket/change-department.php @@ -52,8 +52,8 @@ class ChangeDepartmentController extends Controller { $department = Department::getDataStore($departmentId); $user = Controller::getLoggedUser(); - if($ticket->owner && $ticket->owner->id !== $user->id){ - Response::respondError(ERRORS::NO_PERMISSION); + if($ticket->owner && $ticket->owner->id !== $user->id || $user->level === 1){ + throw new Exception(ERRORS::NO_PERMISSION); return; } diff --git a/server/data/ERRORS.php b/server/data/ERRORS.php index 032fd3e4..1ce5c219 100755 --- a/server/data/ERRORS.php +++ b/server/data/ERRORS.php @@ -194,6 +194,7 @@ class ERRORS { const INVALID_CAPTCHA = 'INVALID_CAPTCHA'; const INVALID_TICKET_EVENT = 'INVALID_TICKET_EVENT'; const INVALID_LANGUAGE = 'INVALID_LANGUAGE'; + const INVALID_SUPPORTED_LANGUAGES = 'INVALID_SUPPORTED_LANGUAGES'; const TICKET_ALREADY_ASSIGNED = 'TICKET_ALREADY_ASSIGNED'; const INVALID_PRIORITY = 'INVALID_PRIORITY'; const INVALID_PAGE = 'INVALID_PAGE'; diff --git a/tests/staff/un-assign-ticket.rb b/tests/staff/un-assign-ticket.rb index d0f5fc71..b8b379af 100644 --- a/tests/staff/un-assign-ticket.rb +++ b/tests/staff/un-assign-ticket.rb @@ -28,15 +28,4 @@ describe '/staff/un-assign-ticket' do (staff_ticket).should.equal(nil) end - it 'should fail if ticket is not yours' do - ticket = $database.getRow('ticket', 1 , 'id') - result = request('/staff/un-assign-ticket', { - ticketNumber: ticket['ticket_number'], - csrf_userid: $csrf_userid, - csrf_token: $csrf_token - }) - - (result['status']).should.equal('fail') - (result['message']).should.equal('NO_PERMISSION') - end -end \ No newline at end of file +end diff --git a/tests/system/edit-settings.rb b/tests/system/edit-settings.rb index f39395b7..73684b26 100644 --- a/tests/system/edit-settings.rb +++ b/tests/system/edit-settings.rb @@ -37,6 +37,20 @@ describe'system/edit-settings' do request('/user/logout') end + it 'should fail if supported languages are invalid' do + request('/user/logout') + Scripts.login($staff[:email], $staff[:password], true) + + result= request('/system/edit-settings', { + "csrf_userid" => $csrf_userid, + "csrf_token" => $csrf_token, + "supportedLanguages" => '["en", "pt", "jp", "ru", "de"]', + "allowedLanguages" => '["en", "pt", "jp", "ru"]' + }) + + (result['status']).should.equal('fail') + (result['message']).should.equal('INVALID_SUPPORTED_LANGUAGES') + end it 'should change allowed and supported languages' do request('/user/logout') Scripts.login($staff[:email], $staff[:password], true) @@ -45,7 +59,7 @@ describe'system/edit-settings' do "csrf_userid" => $csrf_userid, "csrf_token" => $csrf_token, "supportedLanguages" => '["en", "pt", "jp", "ru"]', - "allowedLanguages" => '["en","pt", "jp", "ru", "de"]' + "allowedLanguages" => '["en", "pt", "jp", "ru", "de"]' }) (result['status']).should.equal('success') From 4ea1b925a9796198bb859d6069ba768b31c52728 Mon Sep 17 00:00:00 2001 From: Guillermo Date: Mon, 12 Mar 2018 19:31:54 -0300 Subject: [PATCH 3/3] wip --- client/gulp/config.js | 2 +- server/controllers/staff/un-assign-ticket.php | 2 +- tests/scripts.rb | 20 +++++++++ tests/staff/un-assign-ticket.rb | 45 ++++++++++++++++++- tests/system/get-stats.rb | 36 +++++++-------- 5 files changed, 84 insertions(+), 21 deletions(-) diff --git a/client/gulp/config.js b/client/gulp/config.js index 86e35dc7..2525122c 100644 --- a/client/gulp/config.js +++ b/client/gulp/config.js @@ -2,7 +2,7 @@ module.exports = { - 'serverport': 3000, + 'serverport': 3006, 'scripts': { 'src': './src/*.js', diff --git a/server/controllers/staff/un-assign-ticket.php b/server/controllers/staff/un-assign-ticket.php index 0443059b..f9b028df 100755 --- a/server/controllers/staff/un-assign-ticket.php +++ b/server/controllers/staff/un-assign-ticket.php @@ -44,7 +44,7 @@ class UnAssignStaffController extends Controller { $user = Controller::getLoggedUser(); $ticket = Ticket::getByTicketNumber($ticketNumber); - if($ticket->owner && $ticket->owner->id === $user->id || $user->level !== 1) { + if(($ticket->owner && $ticket->owner->id === $user->id) || $user->level !== 1) { $user->sharedTicketList->remove($ticket); $user->store(); diff --git a/tests/scripts.rb b/tests/scripts.rb index 0e2d911e..67842beb 100644 --- a/tests/scripts.rb +++ b/tests/scripts.rb @@ -16,6 +16,26 @@ class Scripts }) end + def self.createStaff(email, password, name, level='1') + departments = request('/system/get-settings', { + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + })['departments'] + departments = departments.collect { |x| x.id } + + response = request('/staff/add', { + :name => name, + :email => email, + :password => password, + :level => level, + :departments => departments.to_string + }) + + if response['status'] === 'fail' + raise response['message'] + end + end + def self.login(email = 'steve@jobs.com', password = 'custompassword', staff = false) request('/user/logout') response = request('/user/login', { diff --git a/tests/staff/un-assign-ticket.rb b/tests/staff/un-assign-ticket.rb index b8b379af..65d7a0f5 100644 --- a/tests/staff/un-assign-ticket.rb +++ b/tests/staff/un-assign-ticket.rb @@ -7,8 +7,21 @@ describe '/staff/un-assign-ticket' do #it 'should fail if staff is not assign to the ticket'do #end + it 'should fail if ticket is not yours and you are a staff level 1' do + $database.query('update staff set level="1" where id="1";') + ticket = $database.getRow('ticket', 1 , 'id') + result = request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) - it 'should un assign ticket if everything is okey' do + (result['status']).should.equal('fail') + (result['message']).should.equal('NO_PERMISSION') + $database.query('update staff set level="3" where id="1";') + end + + it 'should unassign ticket if it is the current owner' do ticket = $database.getRow('ticket', 1 , 'id') result = request('/staff/un-assign-ticket', { ticketNumber: ticket['ticket_number'], @@ -28,4 +41,34 @@ describe '/staff/un-assign-ticket' do (staff_ticket).should.equal(nil) end + it 'should unassign ticket if you are a staff level 3' do + Scripts.createStaff('staff_level_1', 'password', 'maxi') + Scripts.logout() + Scripts.login('staff_level_1',) + ticket = $database.getRow('ticket', 1 , 'id') + request('/staff/assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + Scripts.logout() + Scripts.login($staff[:email], $staff[:password], true) + result = request('/staff/un-assign-ticket', { + ticketNumber: ticket['ticket_number'], + csrf_userid: $csrf_userid, + csrf_token: $csrf_token + }) + + (result['status']).should.equal('success') + + ticket = $database.getRow('ticket', 1 , 'id') + + (ticket['owner_id']).should.equal(nil) + (ticket['unread']).should.equal('1') + + staff_ticket = $database.getRow('staff_ticket', 1 , 'id') + + (staff_ticket).should.equal(nil) + end + end diff --git a/tests/system/get-stats.rb b/tests/system/get-stats.rb index 19fe0054..9df68e90 100644 --- a/tests/system/get-stats.rb +++ b/tests/system/get-stats.rb @@ -13,62 +13,62 @@ describe'/system/get-stats' do #day 1 for i in 0..5 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..0 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..1 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday3 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday3 + ", NULL, NULL, NULL);") end for i in 0..8 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") end for i in 0..4 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday3 + ", NULL, NULL, 1);") end #day 2 for i in 0..7 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..9 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..2 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday2 + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday2 + ", NULL, NULL, NULL);") end for i in 0..10 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") end for i in 0..2 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday2 + ", NULL, NULL, 1);") end #day 3 for i in 0..0 - $database.query("INSERT INTO log VALUES('', 'SIGNUP', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'SIGNUP', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..1 - $database.query("INSERT INTO log VALUES('', 'CREATE_TICKET', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CREATE_TICKET', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..4 - $database.query("INSERT INTO log VALUES('', 'CLOSE', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'CLOSE', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..7 - $database.query("INSERT INTO log VALUES('', 'COMMENT', NULL, " + yesterday + ", NULL, NULL, NULL);") + $database.query("INSERT INTO log VALUES(NULL, 'COMMENT', NULL, " + yesterday + ", NULL, NULL, NULL);") end for i in 0..3 - $database.query("INSERT INTO ticketevent VALUES('', 'CLOSE', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'CLOSE', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") end for i in 0..7 - $database.query("INSERT INTO ticketevent VALUES('', 'ASSIGN', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") + $database.query("INSERT INTO ticketevent VALUES(NULL, 'ASSIGN', NULL, NULL, " + yesterday + ", NULL, NULL, 1);") end @result = request('/system/get-stats', {