require 'test_helper' class OrganizationControllerTest < ActionDispatch::IntegrationTest include SearchindexHelper setup do # set accept header @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' } # create agent roles = Role.where(name: %w[Admin Agent]) groups = Group.all UserInfo.current_user_id = 1 @admin = User.create!( login: 'rest-admin', firstname: 'Rest', lastname: 'Agent', email: 'rest-admin@example.com', password: 'adminpw', active: true, roles: roles, groups: groups, ) # create agent roles = Role.where(name: 'Agent') @agent = User.create!( login: 'rest-agent@example.com', firstname: 'Rest', lastname: 'Agent', email: 'rest-agent@example.com', password: 'agentpw', active: true, roles: roles, groups: groups, ) # create customer without org roles = Role.where(name: 'Customer') @customer_without_org = User.create!( login: 'rest-customer1@example.com', firstname: 'Rest', lastname: 'Customer1', email: 'rest-customer1@example.com', password: 'customer1pw', active: true, roles: roles, ) # create orgs @organization = Organization.create!( name: 'Rest Org', ) @organization2 = Organization.create!( name: 'Rest Org #2', ) @organization3 = Organization.create!( name: 'Rest Org #3', ) # create customer with org @customer_with_org = User.create!( login: 'rest-customer2@example.com', firstname: 'Rest', lastname: 'Customer2', email: 'rest-customer2@example.com', password: 'customer2pw', active: true, roles: roles, organization_id: @organization.id, ) configure_elasticsearch do travel 1.minute rebuild_searchindex # execute background jobs Scheduler.worker(true) sleep 6 end UserInfo.current_user_id = nil end test 'organization index with agent' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw') # index get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert_equal(result[0]['member_ids'].class, Array) assert(result.length >= 3) get '/api/v1/organizations?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) organizations = Organization.order(:id).limit(2) assert_equal(organizations[0].id, result[0]['id']) assert_equal(organizations[0].member_ids, result[0]['member_ids']) assert_equal(organizations[1].id, result[1]['id']) assert_equal(organizations[1].member_ids, result[1]['member_ids']) assert_equal(2, result.count) get '/api/v1/organizations?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) organizations = Organization.order(:id).limit(4) assert_equal(organizations[2].id, result[0]['id']) assert_equal(organizations[2].member_ids, result[0]['member_ids']) assert_equal(organizations[3].id, result[1]['id']) assert_equal(organizations[3].member_ids, result[1]['member_ids']) assert_equal(2, result.count) # show/:id get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal(result['member_ids'].class, Array) assert_not(result['members']) assert_equal(result['name'], 'Rest Org') get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal(result['member_ids'].class, Array) assert_not(result['members']) assert_equal(result['name'], 'Rest Org #2') # search as agent Scheduler.worker(true) get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal('Zammad Foundation', result[0]['name']) assert(result[0]['member_ids']) assert_not(result[0]['members']) get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal('Zammad Foundation', result[0]['name']) assert(result[0]['member_ids']) assert(result[0]['members']) get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal('Zammad Foundation', result[0]['label']) assert_equal('Zammad Foundation', result[0]['value']) assert_not(result[0]['member_ids']) assert_not(result[0]['members']) end test 'organization index with customer1' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') # index get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert_equal(result.length, 0) # show/:id get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_nil(result['name']) get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_nil(result['name']) # search Scheduler.worker(true) get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(401) end test 'organization index with customer2' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw') # index get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Array) assert_equal(result.length, 1) # show/:id get "/api/v1/organizations/#{@organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_equal(result['name'], 'Rest Org') get "/api/v1/organizations/#{@organization2.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(401) result = JSON.parse(@response.body) assert_equal(result.class, Hash) assert_nil(result['name']) # search Scheduler.worker(true) get "/api/v1/organizations/search?query=#{CGI.escape('Zammad')}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(401) end test '04.01 organization show and response format' do organization = Organization.create!( name: 'Rest Org NEW', members: [@customer_without_org], updated_by_id: @admin.id, created_by_id: @admin.id, ) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') get "/api/v1/organizations/#{organization.id}", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(organization.id, result['id']) assert_equal(organization.name, result['name']) assert_not(result['members']) assert_equal([@customer_without_org.id], result['member_ids']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) get "/api/v1/organizations/#{organization.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(organization.id, result['id']) assert_equal(organization.name, result['name']) assert(result['members']) assert_equal([@customer_without_org.id], result['member_ids']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) get "/api/v1/organizations/#{organization.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(organization.id, result['id']) assert_equal(organization.name, result['name']) assert_not(result['members']) assert_equal([@customer_without_org.id], result['member_ids']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) get "/api/v1/organizations/#{organization.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(organization.id, result['id']) assert(result['assets']) assert(result['assets']['Organization']) assert(result['assets']['Organization'][organization.id.to_s]) assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) assert_not(result['assets']['Organization'][organization.id.to_s]['members']) get "/api/v1/organizations/#{organization.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(organization.id, result['id']) assert_equal(organization.name, result['name']) assert_not(result['members']) assert_equal([@customer_without_org.id], result['member_ids']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) end test '04.02 organization index and response format' do organization = Organization.create!( name: 'Rest Org NEW', members: [@customer_without_org], updated_by_id: @admin.id, created_by_id: @admin.id, ) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') get '/api/v1/organizations', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal(Hash, result[0].class) assert_equal(organization.id, result.last['id']) assert_equal(organization.name, result.last['name']) assert_not(result.last['members']) assert_equal(organization.member_ids, result.last['member_ids']) assert_equal(@admin.id, result.last['updated_by_id']) assert_equal(@admin.id, result.last['created_by_id']) get '/api/v1/organizations?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal(Hash, result[0].class) assert_equal(organization.id, result.last['id']) assert_equal(organization.name, result.last['name']) assert_equal(organization.member_ids, result.last['member_ids']) assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) assert_equal(@admin.id, result.last['updated_by_id']) assert_equal(@admin.id, result.last['created_by_id']) get '/api/v1/organizations?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal(Hash, result[0].class) assert_equal(organization.id, result.last['id']) assert_equal(organization.name, result.last['name']) assert_not(result.last['members']) assert_equal(organization.member_ids, result.last['member_ids']) assert_equal(@admin.id, result.last['updated_by_id']) assert_equal(@admin.id, result.last['created_by_id']) get '/api/v1/organizations?full=true', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(Array, result['record_ids'].class) assert_equal(1, result['record_ids'][0]) assert_equal(organization.id, result['record_ids'].last) assert(result['assets']) assert(result['assets']['Organization']) assert(result['assets']['Organization'][organization.id.to_s]) assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) assert_not(result['assets']['Organization'][organization.id.to_s]['members']) get '/api/v1/organizations?full=false', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Array, result.class) assert_equal(Hash, result[0].class) assert_equal(organization.id, result.last['id']) assert_equal(organization.name, result.last['name']) assert_not(result.last['members']) assert_equal(organization.member_ids, result.last['member_ids']) assert_equal(@admin.id, result.last['updated_by_id']) assert_equal(@admin.id, result.last['created_by_id']) end test '04.03 ticket create and response format' do params = { name: 'Rest Org NEW', members: [@customer_without_org.login], } credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') post '/api/v1/organizations', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(201) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert_equal(organization.name, result['name']) assert_equal(organization.member_ids, result['member_ids']) assert_not(result['members']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) params[:name] = 'Rest Org NEW #2' post '/api/v1/organizations?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(201) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert_equal(organization.name, result['name']) assert_equal(organization.member_ids, result['member_ids']) assert_equal(organization.members.pluck(:login), result['members']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) params[:name] = 'Rest Org NEW #3' post '/api/v1/organizations?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(201) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert(result['assets']) assert(result['assets']['Organization']) assert(result['assets']['Organization'][organization.id.to_s]) assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) assert_equal(organization.name, result['assets']['Organization'][organization.id.to_s]['name']) assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) assert_not(result['assets']['Organization'][organization.id.to_s]['members']) end test '04.04 ticket update and response formats' do organization = Organization.create!( name: 'Rest Org NEW', members: [@customer_without_org], updated_by_id: @admin.id, created_by_id: @admin.id, ) credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') params = { name: 'a update name #1', } put "/api/v1/organizations/#{organization.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert_equal(params[:name], result['name']) assert_equal(organization.member_ids, result['member_ids']) assert_not(result['members']) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) params = { name: 'a update name #2', } put "/api/v1/organizations/#{organization.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert_equal(params[:name], result['name']) assert_equal(organization.member_ids, result['member_ids']) assert_equal(organization.members.pluck(:login), [@customer_without_org.login]) assert_equal(@admin.id, result['updated_by_id']) assert_equal(@admin.id, result['created_by_id']) params = { name: 'a update name #3', } put "/api/v1/organizations/#{organization.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials) assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) organization = Organization.find(result['id']) assert(result['assets']) assert(result['assets']['Organization']) assert(result['assets']['Organization'][organization.id.to_s]) assert_equal(organization.id, result['assets']['Organization'][organization.id.to_s]['id']) assert_equal(params[:name], result['assets']['Organization'][organization.id.to_s]['name']) assert_equal(organization.member_ids, result['assets']['Organization'][organization.id.to_s]['member_ids']) assert_not(result['assets']['Organization'][organization.id.to_s]['members']) end test '05.01 csv example - customer no access' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw') get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(401) result = JSON.parse(@response.body) assert_equal('Not authorized (user)!', result['error']) end test '05.02 csv example - admin access' do credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') get '/api/v1/organizations/import_example', params: {}, headers: @headers.merge('Authorization' => credentials) assert_response(200) rows = CSV.parse(@response.body) header = rows.shift assert_equal('id', header[0]) assert_equal('name', header[1]) assert_equal('shared', header[2]) assert_equal('domain', header[3]) assert_equal('domain_assignment', header[4]) assert_equal('active', header[5]) assert_equal('note', header[6]) assert(header.include?('members')) end test '05.03 csv import - admin access' do UserInfo.current_user_id = 1 customer1 = User.create!( login: 'customer1-members@example.com', firstname: 'Member', lastname: 'Customer', email: 'customer1-members@example.com', password: 'customerpw', active: true, ) customer2 = User.create!( login: 'customer2-members@example.com', firstname: 'Member', lastname: 'Customer', email: 'customer2-members@example.com', password: 'customerpw', active: true, ) UserInfo.current_user_id = nil credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw') # invalid file csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple_col_not_existing.csv') csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(true, result['try']) assert_equal(2, result['records'].count) assert_equal('failed', result['result']) assert_equal(2, result['errors'].count) assert_equal("Line 1: unknown attribute 'name2' for Organization.", result['errors'][0]) assert_equal("Line 2: unknown attribute 'name2' for Organization.", result['errors'][1]) # valid file try csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') post '/api/v1/organizations/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(true, result['try']) assert_equal(2, result['records'].count) assert_equal('success', result['result']) assert_nil(Organization.find_by(name: 'organization-member-import1')) assert_nil(Organization.find_by(name: 'organization-member-import2')) # valid file csv_file_path = Rails.root.join('test', 'data', 'csv', 'organization_simple.csv') csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv') post '/api/v1/organizations/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials } assert_response(200) result = JSON.parse(@response.body) assert_equal(Hash, result.class) assert_equal(false, result['try']) assert_equal(2, result['records'].count) assert_equal('success', result['result']) organization1 = Organization.find_by(name: 'organization-member-import1') assert(organization1) assert_equal(organization1.name, 'organization-member-import1') assert_equal(organization1.members.count, 1) assert_equal(organization1.members.first.login, customer1.login) assert_equal(organization1.active, true) organization2 = Organization.find_by(name: 'organization-member-import2') assert(organization2) assert_equal(organization2.name, 'organization-member-import2') assert_equal(organization2.members.count, 1) assert_equal(organization2.members.first.login, customer2.login) assert_equal(organization2.active, false) end end