123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe 'Assets', db_strategy: :reset, type: :system do
- let(:organization) { create(:organization, note: 'hello') }
- let(:customer) { create(:customer, organization: organization, note: 'hello', last_login: Time.zone.now, login_failed: 1) }
- let(:agent) do
- user = create(:agent, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1)
- create(:twitter_authorization, user: user)
- user
- end
- let(:admin) { create(:admin, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1) }
- let(:ticket) { create(:ticket, owner: agent, group: Group.find_by(name: 'Users'), customer: customer, created_by: admin) }
- let(:agent_groups) { create_list(:group, 3) }
- before do
- agent_groups
- Setting.set('customer_ticket_create_group_ids', [Group.first.id])
- end
- context 'groups' do
- before do
- visit '/'
- end
- def group_note
- page.execute_script('return App.Group.first().note')
- end
- def group_name_last
- page.execute_script('return App.Group.first().name_last')
- end
- describe 'when customer', authenticated_as: :customer do
- it 'can not access group details' do
- expect(group_note).to be_nil
- end
- it 'can access name_last attribute (#4981)' do
- expect(group_name_last).not_to be_nil
- end
- end
- describe 'when agent', authenticated_as: :agent do
- it 'can access group details' do
- expect(group_note).not_to be_nil
- end
- end
- describe 'when admin', authenticated_as: :admin do
- it 'can access group details' do
- expect(group_note).not_to be_nil
- end
- end
- end
- context 'organizations' do
- def organization_note
- page.execute_script("return App.Organization.find(#{organization.id}).note")
- end
- before do
- visit "#ticket/zoom/#{ticket.id}"
- end
- describe 'when customer', authenticated_as: :customer do
- it 'can not access organization details' do
- expect(organization_note).to be_nil
- end
- end
- describe 'when agent', authenticated_as: :agent do
- it 'can access organization details' do
- expect(organization_note).not_to be_nil
- end
- end
- describe 'when admin', authenticated_as: :admin do
- it 'can access organization details' do
- expect(organization_note).not_to be_nil
- end
- end
- end
- context 'roles' do
- def role_name
- page.execute_script('return App.Role.first().name')
- end
- before do
- visit "#ticket/zoom/#{ticket.id}"
- end
- describe 'when customer', authenticated_as: :customer do
- it 'can not access role details' do
- expect(role_name).to eq('Role_1')
- end
- end
- describe 'when agent', authenticated_as: :agent do
- it 'can access role details' do
- expect(role_name).not_to eq('Role_1')
- end
- end
- describe 'when admin', authenticated_as: :admin do
- it 'can access role details' do
- expect(role_name).not_to eq('Role_1')
- end
- end
- end
- context 'users' do
- def customer_email
- page.execute_script("return App.User.find(#{customer.id}).email")
- end
- def customer_note
- page.execute_script("return App.User.find(#{customer.id}).note")
- end
- def customer_available_group_count
- page.execute_script('return App.Group.all().length')
- end
- def owner_firstname
- page.execute_script("return App.User.find(#{agent.id}).firstname")
- end
- def owner_accounts
- page.execute_script("return App.User.find(#{agent.id}).accounts")
- end
- def owner_details
- [
- page.execute_script("return App.User.find(#{agent.id}).last_login"),
- page.execute_script("return App.User.find(#{agent.id}).login_failed"),
- page.execute_script("return App.User.find(#{agent.id}).email"),
- page.execute_script("return App.User.find(#{agent.id}).note"),
- ].compact
- end
- before do
- visit "#ticket/zoom/#{ticket.id}"
- end
- describe 'when customer', authenticated_as: :customer do
- it 'can access customer email' do
- expect(customer_email).not_to be_nil
- end
- it 'can not access customer note' do
- expect(customer_note).to be_nil
- end
- it 'can not access owner details' do
- expect(owner_details).to be_empty
- end
- it 'can access owner firstname' do
- expect(owner_firstname).not_to be_nil
- end
- it 'can access not owner owner accounts' do
- expect(owner_accounts).to be_nil
- end
- context 'when groups are restricted' do
- it 'can not access agent groups' do
- expect(customer_available_group_count).to eq(1)
- end
- context 'when there are old tickets for the customer', authenticated_as: :authenticate do
- def authenticate
- create(:ticket, group: agent_groups.first, customer: customer)
- customer
- end
- it 'can access one of the agent groups' do
- expect(customer_available_group_count).to eq(2)
- end
- end
- end
- end
- describe 'when agent', authenticated_as: :agent do
- it 'can access customer email' do
- expect(customer_email).not_to be_nil
- end
- it 'can access customer note' do
- expect(customer_note).not_to be_nil
- end
- it 'can access owner details' do
- expect(owner_details).not_to be_empty
- end
- it 'can access owner firstname' do
- expect(owner_firstname).not_to be_nil
- end
- it 'can access owner owner accounts' do
- expect(owner_accounts).not_to be_nil
- end
- end
- describe 'when admin', authenticated_as: :admin do
- it 'can access customer email' do
- expect(customer_email).not_to be_nil
- end
- it 'can access customer note' do
- expect(customer_note).not_to be_nil
- end
- it 'can access owner details' do
- expect(owner_details).not_to be_empty
- end
- it 'can access owner firstname' do
- expect(owner_firstname).not_to be_nil
- end
- it 'can access owner owner accounts' do
- expect(owner_accounts).not_to be_nil
- end
- end
- end
- end
|