Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Browse Source

Maintenance: Improved article view for agent customer.

Rolf Schmidt 4 years ago
parent
28944de180
commit
cf5a5e3960
4 changed files with 19 additions and 2 deletions
Split View Show Diff Stats
  1. 2 2
      app/policies/ticket/article_policy.rb
  2. 4 0
      app/policies/ticket_policy.rb
  3. 4 0
      spec/factories/role.rb
  4. 9 0
      spec/policies/ticket/article_policy_spec.rb

+ 2 - 2
app/policies/ticket/article_policy.rb
View File 

@@ -55,9 +55,9 @@ class Ticket::ArticlePolicy < ApplicationPolicy
 
   end
 
 
   def access?(query)
 
-    return false if record.internal == true && !user.permissions?('ticket.agent')
 
-
 
     ticket = Ticket.lookup(id: record.ticket_id)
 
+    return false if record.internal == true && !TicketPolicy.new(user, ticket).agent_read_access?
 
+
 
     Pundit.authorize(user, ticket, query)
 
   end
 
 end

+ 4 - 0
app/policies/ticket_policy.rb
View File 

@@ -41,6 +41,10 @@ class TicketPolicy < ApplicationPolicy
 
     raise Exceptions::UnprocessableEntity, 'Cannot follow-up on a closed ticket. Please create a new ticket.'
 
   end
 
 
+  def agent_read_access?
 
+    agent_access?('read')
 
+  end
 
+
 
   private
 
 
   def access?(access)

+ 4 - 0
spec/factories/role.rb
View File 

@@ -8,6 +8,10 @@ FactoryBot.define do
 
       permissions { Permission.where(name: 'ticket.agent') }
 
     end
 
 
+    trait :customer do
 
+      permissions { Permission.where(name: 'ticket.customer') }
 
+    end
 
+
 
     trait :admin do
 
       permissions { Permission.where(name: 'admin') }
 
     end

+ 9 - 0
spec/policies/ticket/article_policy_spec.rb
View File 

@@ -29,6 +29,15 @@ describe Ticket::ArticlePolicy do
 
       it { is_expected.to permit_actions(%i[show]) }
 
     end
 
 
+    context 'when agent and customer but no agent group access' do
 
+      let(:user) do
 
+        customer_role = create(:role, :customer)
 
+        create(:agent_and_customer, roles: [customer_role])
 
+      end
 
+
 
+      it { is_expected.not_to permit_actions(%i[show]) }
 
+    end
 
+
 
     context 'when customer' do
 
       let(:user) { ticket_customer }