opensupports/tests/user/edit-supervised-list.rb

describe '/staff/supervisor-user-list' do
    Scripts.logout()
    
    Scripts.createUser('supervisor@opensupports.com', 'passwordOfSupervisor', 'Supervisor Guy')
    Scripts.createUser('usersupervised1@opensupports.com', 'usersupervised1', 'supervised Guy1')
    Scripts.createUser('usersupervised2@opensupports.com', 'usersupervised2', 'supervised Guy2')
    Scripts.createUser('usersupervised3@opensupports.com', 'usersupervised3', 'supervised Guy3')
    
    Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
    Scripts.createTicket('titlecreateadbySUpervisor','contentoftitlecreateadbySUpervisor',1)
    Scripts.logout()

    Scripts.login('usersupervised1@opensupports.com', 'usersupervised1')
    Scripts.createTicket('titlecreateadbyusersupervised1','contentoftitlecreateadbyusersupervised1',3)
    Scripts.logout()

    Scripts.login('usersupervised2@opensupports.com', 'usersupervised2')
    Scripts.createTicket('titlecreateadbyusersupervised2','contentoftitlecreateadbyusersupervised2',1)
    Scripts.logout()

    Scripts.login('usersupervised3@opensupports.com', 'usersupervised3')
    Scripts.createTicket('titlecreateadbyusersupervised3','contentoftitlecreateadbyusersupervised3',1)
    Scripts.logout()

    supervisor = $database.getRow('user', 'supervisor@opensupports.com', 'email')
    user1 = $database.getRow('user', 'usersupervised1@opensupports.com', 'email')
    user2 = $database.getRow('user', 'usersupervised2@opensupports.com', 'email')
    user3 = $database.getRow('user', 'usersupervised3@opensupports.com', 'email')

    ticketsupervisor = $database.getRow('ticket', 'titlecreateadbySUpervisor', 'title')
    ticketuser1 = $database.getRow('ticket', 'titlecreateadbyusersupervised1', 'title')
    ticketuser2 = $database.getRow('ticket', 'titlecreateadbyusersupervised2', 'title')
    ticketuser3 = $database.getRow('ticket', 'titlecreateadbyusersupervised3', 'title')
    it'should fail if a no-staff tryes to make the request'do
        Scripts.logout()
        Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
        
        result = request('/user/edit-supervised-list', {
            userIdList: "[30,31,32]",
            userId: supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('NO_PERMISSION')
        
    end

    it 'should fail if userIdList is wrong' do
        Scripts.logout()
        Scripts.login($staff[:email], $staff[:password], true)
        
        result = request('/user/edit-supervised-list', {
            userIdList: "1",
            userId: supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('INVALID_LIST')

        result = request('/user/edit-supervised-list', {
            userIdList: "array",
            userId: supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('INVALID_LIST')

        result = request('/user/edit-supervised-list', {
            userIdList: "[30,31,32,666666]",
            userId: supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('INVALID_LIST')
    end

    it'should fail if userId is wrong'do
        Scripts.logout()
        Scripts.login($staff[:email], $staff[:password], true)
        
        result = request('/user/edit-supervised-list', {
            userIdList: "[30,31,32]",
            userId:  666,
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('INVALID_USER')
    end

    it'should fail if supervisor is included in user-id-List'do
        Scripts.logout()
        Scripts.login($staff[:email], $staff[:password], true)
        
        result = request('/user/edit-supervised-list', {
            userIdList: "[30,31,29]",
            userId:  supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('fail')
        (result['message']).should.equal('SUPERVISOR_CAN_NOT_SUPERVISE_HIMSELF')
    end
    
    it'should create supervisor user'do
        Scripts.logout()
        Scripts.login($staff[:email], $staff[:password], true)
        
        result = request('/user/edit-supervised-list', {
            userIdList: "[31,32,33]",
            userId:  supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        
        (result['status']).should.equal('success')
        
    end

    it 'should allow supervisor to access tickets from supervisated users' do
        Scripts.logout()
        Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')
        result = request('/ticket/get', {
            ticketNumber: ticketsupervisor['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')

        result = request('/ticket/get', {
            ticketNumber: ticketuser1['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')

        result = request('/ticket/get', {
            ticketNumber: ticketuser2['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')

        result = request('/ticket/get', {
            ticketNumber: ticketuser3['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')
        
    end
    it 'should allow supervisor see only the new user list' do
        Scripts.logout()
        Scripts.login($staff[:email], $staff[:password], true)
        
        request('/user/edit-supervised-list', {
            userIdList: "[31]",
            userId:  supervisor['id'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        

        Scripts.logout()
        Scripts.login('supervisor@opensupports.com', 'passwordOfSupervisor')

        result = request('/ticket/get', {
            ticketNumber: ticketsupervisor['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')

        result = request('/ticket/get', {
            ticketNumber: ticketuser1['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('success')

        result = request('/ticket/get', {
            ticketNumber: ticketuser2['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('fail')

        result = request('/ticket/get', {
            ticketNumber: ticketuser3['ticket_number'],
            csrf_userid: $csrf_userid,
            csrf_token: $csrf_token
        })
        (result['status']).should.equal('fail')
    end
end