Fixes #4695 - Calendar feed stops working if access to API via basic auth is disabled.

Co-authored-by: Florian Liebe <fl@zammad.com>

app/assets/javascripts/app/controllers/_profile/calendar_subscriptions.coffee

@@ -32,6 +32,7 @@ class ProfileCalendarSubscriptions extends App.ControllerSubContent
       baseurl: window.location.origin
       preferences: @preferences
       translationTable: @translationTable
+      api_access: App.Config.get('api_password_access')
 
   showLink: (e) ->
     $(e.currentTarget).next().removeClass('is-hidden')

app/assets/javascripts/app/views/profile/calendar_subscriptions.jst.eco

@@ -8,6 +8,10 @@
 
   <p><%- @T('See your tickets from within your favorite calendar by adding the following URL to your calendar app.') %></p>
 
+<% if !@api_access: %>
+  <div class="alert alert--warning" role="alert"><%- @T('REST API access using the username/email address and password is currently disabled. Please contact your administrator.') %></div>
+<% end %>
+
   <label for="calendar-subscription-url"><%- @T('URL') %></label>
   <form class="form--flexibleWidth">
     <div class="form-group">

app/frontend/shared/types/config.ts

@@ -2,6 +2,7 @@ export interface ConfigList {
   api_path: string
   'active_storage.web_image_content_types': string[]
   'auth_saml_credentials.display_name'?: string
+  api_password_access?: boolean | null
   api_token_access?: boolean | null
   auth_facebook?: boolean | null
   auth_github?: boolean | null

db/migrate/20230817130057_update_api_password_access_frontend.rb

@@ -0,0 +1,10 @@
+# Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
+
+class UpdateApiPasswordAccessFrontend < ActiveRecord::Migration[6.1]
+  def change
+    # return if it's a new setup
+    return if !Setting.exists?(name: 'system_init_done')
+
+    Setting.find_by(name: 'api_password_access').update(frontend: true)
+  end
+end

db/seeds/settings.rb

@@ -3304,7 +3304,7 @@ Setting.create_if_not_exists(
   preferences: {
     permission: ['admin.api'],
   },
-  frontend:    false
+  frontend:    true
 )
 
 Setting.create_if_not_exists(

i18n/zammad.pot

@@ -9021,6 +9021,10 @@ msgstr ""
 msgid "Queue already exists!"
 msgstr ""
 
+#: app/assets/javascripts/app/views/profile/calendar_subscriptions.jst.eco
+msgid "REST API access using the username/email address and password is currently disabled. Please contact your administrator."
+msgstr ""
+
 #: app/assets/javascripts/app/controllers/ticket_zoom/article_view.coffee
 #: app/frontend/apps/mobile/pages/ticket/components/TicketDetailView/ArticleMetadataDialog.vue
 msgid "Raw"

spec/db/migrate/update_api_password_access_frontend_spec.rb

@@ -0,0 +1,13 @@
+# Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe UpdateApiPasswordAccessFrontend, type: :db_migration do
+  before do
+    migrate
+  end
+
+  it 'does update the setting' do
+    expect(Setting.find_by(name: 'api_password_access')[:frontend]).to be(true)
+  end
+end

spec/system/profile/calendar_spec.rb

@@ -0,0 +1,31 @@
+# Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
+
+require 'rails_helper'
+
+RSpec.describe 'Profile > Calendar', type: :system do
+  before do
+    visit 'profile/calendar_subscriptions'
+  end
+
+  context 'when api enabled', authenticated_as: :authenticate do
+    def authenticate
+      Setting.set('api_password_access', true)
+      true
+    end
+
+    it 'does not show any warning about the API access' do
+      expect(page).to have_no_text('REST API access using the username/email address and password is currently disabled. Please contact your administrator.')
+    end
+  end
+
+  context 'when api disabled', authenticated_as: :authenticate do
+    def authenticate
+      Setting.set('api_password_access', false)
+      true
+    end
+
+    it 'does show warning about the API access' do
+      expect(page).to have_text('REST API access using the username/email address and password is currently disabled. Please contact your administrator.')
+    end
+  end
+end