# Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/ require 'rails_helper' RSpec.describe 'Search', type: :request do let(:group) { create(:group) } let!(:admin) do create(:admin, groups: [Group.lookup(name: 'Users'), group]) end let!(:agent) do create(:agent, firstname: 'Search 1234', groups: [Group.lookup(name: 'Users'), group]) end let!(:customer) do create(:customer) end let!(:organization1) do create(:organization, name: 'Rest Org') end let!(:organization2) do create(:organization, name: 'Rest Org #2') end let!(:organization3) do create(:organization, name: 'Rest Org #3') end let!(:organization4) do create(:organization, name: 'Tes.t. Org') end let!(:organization5) do create(:organization, name: 'ABC_D Org') end let!(:customer2) do create(:customer, organization: organization1) end let!(:customer3) do create(:customer, organization: organization1) end let!(:ticket1) do create(:ticket, title: 'test 1234-1', customer: customer, group: group) end let!(:ticket2) do create(:ticket, title: 'test 1234-2', customer: customer2, group: group) end let!(:ticket3) do create(:ticket, title: 'test 1234-2', customer: customer3, group: group) end let!(:article1) do create(:ticket_article, ticket_id: ticket1.id) end let!(:article2) do create(:ticket_article, ticket_id: ticket2.id) end let!(:article3) do create(:ticket_article, ticket_id: ticket3.id) end describe 'request handling', performs_jobs: true, searchindex: true do before do searchindex_model_reload([Ticket, User, Organization]) end it 'does settings index with nobody' do params = { query: 'test 1234', limit: 2, } post '/api/v1/search/ticket', params: params, as: :json expect(response).to have_http_status(:forbidden) expect(json_response).to be_a(Hash) expect(json_response).not_to be_blank expect(json_response['error']).to eq('Authentication required') post '/api/v1/search/user', params: params, as: :json expect(response).to have_http_status(:forbidden) expect(json_response).to be_a(Hash) expect(json_response).not_to be_blank expect(json_response['error']).to eq('Authentication required') post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:forbidden) expect(json_response).to be_a(Hash) expect(json_response).not_to be_blank expect(json_response['error']).to eq('Authentication required') end it 'does settings index with admin' do params = { query: '1234*', limit: 1, } authenticated_as(admin) post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('User') expect(json_response['result'][1]['id']).to eq(agent.id) expect(json_response['result'][2]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]['type']).to eq('Ticket') expect(json_response['result'][2]['id']).to eq(ticket1.id) expect(json_response['result'][3]['type']).to eq('User') expect(json_response['result'][3]['id']).to eq(agent.id) expect(json_response['result'][4]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/ticket', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]['type']).to eq('Ticket') expect(json_response['result'][2]['id']).to eq(ticket1.id) expect(json_response['result'][3]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/user', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response['result'][0]['type']).to eq('User') expect(json_response['result'][0]['id']).to eq(agent.id) expect(json_response['result'][1]).to be_falsey end it 'does settings index with agent' do params = { query: '1234*', limit: 1, } authenticated_as(agent) post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('User') expect(json_response['result'][1]['id']).to eq(agent.id) expect(json_response['result'][2]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]['type']).to eq('Ticket') expect(json_response['result'][2]['id']).to eq(ticket1.id) expect(json_response['result'][3]['type']).to eq('User') expect(json_response['result'][3]['id']).to eq(agent.id) expect(json_response['result'][4]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/ticket', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]['type']).to eq('Ticket') expect(json_response['result'][2]['id']).to eq(ticket1.id) expect(json_response['result'][3]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/user', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response['result'][0]['type']).to eq('User') expect(json_response['result'][0]['id']).to eq(agent.id) expect(json_response['result'][1]).to be_falsey end it 'does settings index with customer 1' do params = { query: '1234*', limit: 10, } authenticated_as(customer) post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket1.id) expect(json_response['result'][1]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/ticket', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket1.id) expect(json_response['result'][1]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/user', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response['result'][0]).to be_falsey end it 'does settings index with customer 2' do params = { query: '1234*', limit: 10, } authenticated_as(customer2) post '/api/v1/search', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/ticket', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['result'][0]['type']).to eq('Ticket') expect(json_response['result'][0]['id']).to eq(ticket3.id) expect(json_response['result'][1]['type']).to eq('Ticket') expect(json_response['result'][1]['id']).to eq(ticket2.id) expect(json_response['result'][2]).to be_falsey params = { query: '1234*', limit: 10, } post '/api/v1/search/user', params: params, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response['result'][0]).to be_falsey end # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form it 'does searching for organization with a dot in its name' do authenticated_as(agent) get '/api/v1/search/organization?query=tes.', as: :json expect(response).to have_http_status(:ok) expect(json_response['result'].size).to eq(1) expect(json_response['result'][0]['type']).to eq('Organization') target_id = json_response['result'][0]['id'] expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org') end # Search query H& should correctly match H&M it 'does searching for organization with _ in its name' do authenticated_as(agent) get '/api/v1/search/organization?query=abc_', as: :json expect(response).to have_http_status(:ok) expect(json_response['result'].size).to eq(1) expect(json_response['result'][0]['type']).to eq('Organization') target_id = json_response['result'][0]['id'] expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org') end it 'does find the ticket by group name even if the group name changes' do authenticated_as(agent) post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && group.name:ultrasupport" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket']).to be_falsey expect(group).not_to eq('ultrasupport') group.update(name: 'ultrasupport') perform_enqueued_jobs SearchIndexBackend.refresh post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && group.name:ultrasupport" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy end it 'does find the ticket by state name even if the state name changes' do authenticated_as(agent) post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && state.name:ultrastate" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket']).to be_falsey expect(ticket1.state.name).not_to eq('ultrastate') ticket1.state.update(name: 'ultrastate') perform_enqueued_jobs SearchIndexBackend.refresh post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && state.name:ultrastate" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy end it 'does find the ticket by priority name even if the priority name changes' do authenticated_as(agent) post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && priority.name:ultrapriority" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket']).to be_falsey expect(ticket1.priority.name).not_to eq('ultrapriority') ticket1.priority.update(name: 'ultrapriority') perform_enqueued_jobs SearchIndexBackend.refresh post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && priority.name:ultrapriority" }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy end it 'does find the ticket by the checklist name', current_user_id: 1 do authenticated_as(agent) ticket1.create_checklist! name: 'chcklst name' perform_enqueued_jobs SearchIndexBackend.refresh post '/api/v1/search/Ticket', params: { query: 'chcklst' }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy end it 'does find the ticket by a checklist entry', current_user_id: 1 do authenticated_as(agent) ticket1.create_checklist! ticket1.checklist.items.create! text: 'checklist entry' perform_enqueued_jobs SearchIndexBackend.refresh post '/api/v1/search/Ticket', params: { query: 'checklist entry' }, as: :json expect(response).to have_http_status(:ok) expect(json_response).to be_a(Hash) expect(json_response).to be_truthy expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy end end describe 'Assign user to multiple organizations #1573' do shared_examples 'search for organization ids' do context 'when customer with multi organizations', authenticated_as: :customer do context 'with multi organizations' do let(:customer) { create(:customer, organization: organizations[0], organizations: organizations[1..2]) } let(:organizations) { create_list(:organization, 5) } it 'does not return organizations which are not allowed' do params = { query: 'TestOrganization', limit: 10, } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end it 'does not return organizations which are not allowed when overwritten' do params = { query: 'TestOrganization', limit: 10, ids: organizations.map(&:id) } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end end context 'with single organization' do let(:customer) { create(:customer, organization: organizations[0]) } let(:organizations) { create_list(:organization, 5) } it 'does not return organizations which are not allowed' do params = { query: 'TestOrganization', limit: 10, } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end it 'does not return organizations which are not allowed when overwritten' do params = { query: 'TestOrganization', limit: 10, ids: organizations.map(&:id) } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end end context 'with no organization' do let(:customer) do organizations create(:customer) end let(:organizations) { create_list(:organization, 5) } it 'does not return organizations which are not allowed' do params = { query: 'TestOrganization', limit: 10, } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).not_to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end it 'does not return organizations which are not allowed when overwritten' do params = { query: 'TestOrganization', limit: 10, ids: organizations.map(&:id) } post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).not_to include({ 'id' => organizations[0].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' }) end end end it 'does return all organizations' do params = { query: 'Rest', limit: 10, } authenticated_as(admin) post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organization1.id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organization2.id, 'type' => 'Organization' }) expect(json_response['result']).to include({ 'id' => organization3.id, 'type' => 'Organization' }) end it 'does return organization specific ids' do params = { query: 'Rest', ids: [organization1.id], limit: 10, } authenticated_as(admin) post '/api/v1/search/Organization', params: params, as: :json expect(json_response['result']).to include({ 'id' => organization1.id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organization2.id, 'type' => 'Organization' }) expect(json_response['result']).not_to include({ 'id' => organization3.id, 'type' => 'Organization' }) end end context 'with elasticsearch', searchindex: true do before do searchindex_model_reload([Ticket, User, Organization]) end include_examples 'search for organization ids' end context 'with db only', searchindex: false do before do Setting.set('es_url', nil) end include_examples 'search for organization ids' end end end