assets_spec.rb 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Assets', db_strategy: :reset, type: :system do
  4. let(:organization) { create(:organization, note: 'hello') }
  5. let(:customer) { create(:customer, organization: organization, note: 'hello', last_login: Time.zone.now, login_failed: 1) }
  6. let(:agent) do
  7. user = create(:agent, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1)
  8. create(:twitter_authorization, user: user)
  9. user
  10. end
  11. let(:admin) { create(:admin, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1) }
  12. let(:ticket) { create(:ticket, owner: agent, group: Group.find_by(name: 'Users'), customer: customer, created_by: admin) }
  13. let(:agent_groups) { create_list(:group, 3) }
  14. before do
  15. agent_groups
  16. Setting.set('customer_ticket_create_group_ids', [Group.first.id])
  17. end
  18. context 'groups' do
  19. before do
  20. visit '/'
  21. end
  22. def group_note
  23. page.execute_script('return App.Group.first().note')
  24. end
  25. def group_name_last
  26. page.execute_script('return App.Group.first().name_last')
  27. end
  28. describe 'when customer', authenticated_as: :customer do
  29. it 'can not access group details' do
  30. expect(group_note).to be_nil
  31. end
  32. it 'can access name_last attribute (#4981)' do
  33. expect(group_name_last).not_to be_nil
  34. end
  35. end
  36. describe 'when agent', authenticated_as: :agent do
  37. it 'can access group details' do
  38. expect(group_note).not_to be_nil
  39. end
  40. end
  41. describe 'when admin', authenticated_as: :admin do
  42. it 'can access group details' do
  43. expect(group_note).not_to be_nil
  44. end
  45. end
  46. end
  47. context 'organizations' do
  48. def organization_note
  49. page.execute_script("return App.Organization.find(#{organization.id}).note")
  50. end
  51. before do
  52. visit "#ticket/zoom/#{ticket.id}"
  53. end
  54. describe 'when customer', authenticated_as: :customer do
  55. it 'can not access organization details' do
  56. expect(organization_note).to be_nil
  57. end
  58. end
  59. describe 'when agent', authenticated_as: :agent do
  60. it 'can access organization details' do
  61. expect(organization_note).not_to be_nil
  62. end
  63. end
  64. describe 'when admin', authenticated_as: :admin do
  65. it 'can access organization details' do
  66. expect(organization_note).not_to be_nil
  67. end
  68. end
  69. end
  70. context 'roles' do
  71. def role_name
  72. page.execute_script('return App.Role.first().name')
  73. end
  74. before do
  75. visit "#ticket/zoom/#{ticket.id}"
  76. end
  77. describe 'when customer', authenticated_as: :customer do
  78. it 'can not access role details' do
  79. expect(role_name).to eq('Role_1')
  80. end
  81. end
  82. describe 'when agent', authenticated_as: :agent do
  83. it 'can access role details' do
  84. expect(role_name).not_to eq('Role_1')
  85. end
  86. end
  87. describe 'when admin', authenticated_as: :admin do
  88. it 'can access role details' do
  89. expect(role_name).not_to eq('Role_1')
  90. end
  91. end
  92. end
  93. context 'users' do
  94. def customer_email
  95. page.execute_script("return App.User.find(#{customer.id}).email")
  96. end
  97. def customer_note
  98. page.execute_script("return App.User.find(#{customer.id}).note")
  99. end
  100. def customer_available_group_count
  101. page.execute_script('return App.Group.all().length')
  102. end
  103. def owner_firstname
  104. page.execute_script("return App.User.find(#{agent.id}).firstname")
  105. end
  106. def owner_accounts
  107. page.execute_script("return App.User.find(#{agent.id}).accounts")
  108. end
  109. def owner_details
  110. [
  111. page.execute_script("return App.User.find(#{agent.id}).last_login"),
  112. page.execute_script("return App.User.find(#{agent.id}).login_failed"),
  113. page.execute_script("return App.User.find(#{agent.id}).email"),
  114. page.execute_script("return App.User.find(#{agent.id}).note"),
  115. ].compact
  116. end
  117. before do
  118. visit "#ticket/zoom/#{ticket.id}"
  119. end
  120. describe 'when customer', authenticated_as: :customer do
  121. it 'can access customer email' do
  122. expect(customer_email).not_to be_nil
  123. end
  124. it 'can not access customer note' do
  125. expect(customer_note).to be_nil
  126. end
  127. it 'can not access owner details' do
  128. expect(owner_details).to be_empty
  129. end
  130. it 'can access owner firstname' do
  131. expect(owner_firstname).not_to be_nil
  132. end
  133. it 'can access not owner owner accounts' do
  134. expect(owner_accounts).to be_nil
  135. end
  136. context 'when groups are restricted' do
  137. it 'can not access agent groups' do
  138. expect(customer_available_group_count).to eq(1)
  139. end
  140. context 'when there are old tickets for the customer', authenticated_as: :authenticate do
  141. def authenticate
  142. create(:ticket, group: agent_groups.first, customer: customer)
  143. customer
  144. end
  145. it 'can access one of the agent groups' do
  146. expect(customer_available_group_count).to eq(2)
  147. end
  148. end
  149. end
  150. end
  151. describe 'when agent', authenticated_as: :agent do
  152. it 'can access customer email' do
  153. expect(customer_email).not_to be_nil
  154. end
  155. it 'can access customer note' do
  156. expect(customer_note).not_to be_nil
  157. end
  158. it 'can access owner details' do
  159. expect(owner_details).not_to be_empty
  160. end
  161. it 'can access owner firstname' do
  162. expect(owner_firstname).not_to be_nil
  163. end
  164. it 'can access owner owner accounts' do
  165. expect(owner_accounts).not_to be_nil
  166. end
  167. end
  168. describe 'when admin', authenticated_as: :admin do
  169. it 'can access customer email' do
  170. expect(customer_email).not_to be_nil
  171. end
  172. it 'can access customer note' do
  173. expect(customer_note).not_to be_nil
  174. end
  175. it 'can access owner details' do
  176. expect(owner_details).not_to be_empty
  177. end
  178. it 'can access owner firstname' do
  179. expect(owner_firstname).not_to be_nil
  180. end
  181. it 'can access owner owner accounts' do
  182. expect(owner_accounts).not_to be_nil
  183. end
  184. end
  185. end
  186. end