SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

require 'rails_helper'

RSpec.describe DataPrivacyTask, type: :model do
  describe 'validations' do
    it 'uses DataPrivacyTaskValidator' do
      expect_any_instance_of(Validations::DataPrivacyTaskValidator).to receive(:validate)

      create(:data_privacy_task)
    end
  end

  describe '#perform', aggregate_failures: true do
    let(:task) { create(:data_privacy_task, deletable: deletable) }

    context 'when deletable is already deleted' do
      let(:organization) { create(:organization, name: 'test') }
      let(:deletable)    { create(:customer, organization: organization) }

      it 'sets no error message when user is already deleted' do
        task
        deletable.destroy
        task.perform
        expect(task.reload.state).to eq('completed')
      end
    end

    context 'when deleting a user' do
      let(:deletable) { create(:agent) }

      it 'deletes the user' do
        task.perform

        expect(User).not_to exist(deletable.id)
      end

      context 'when user belongs to an organization' do
        let(:organization) { create(:organization) }

        before { organization.members << deletable }

        it 'deletes the user only' do
          task.perform

          expect(User).not_to exist(deletable.id)
          expect(Organization).to exist(organization.id)
        end

        context 'when organization shall be deleted' do
          before do
            task.preferences[:delete_organization] = 'true'
            task.save!
          end

          it 'deletes the user and organization' do
            task.perform

            expect(User).not_to exist(deletable.id)
            expect(Organization).not_to exist(organization.id)
          end

          context 'when organization has more members' do
            let(:other_agent) { create(:agent) }

            before { organization.members << other_agent }

            it 'deletes the original user only' do
              task.perform

              expect(User).not_to exist(deletable.id)
              expect(Organization).to exist(organization.id)
              expect(User).to exist(other_agent.id)
            end
          end

          context 'when a secondary organization exists' do
            let(:other_organization) { create(:organization) }

            before { other_organization.secondary_members << deletable }

            it 'deletes the original user and main organization only' do
              task.perform

              expect(User).not_to exist(deletable.id)
              expect(Organization).not_to exist(organization.id)
              expect(Organization).to exist(other_organization.id)
            end
          end
        end
      end
    end

    context 'when deleting a ticket' do
      let(:deletable) { create(:ticket) }

      it 'deletes the ticket' do
        task.perform
        expect(Ticket).not_to exist(deletable.id)
      end

      context 'when ticket has a customer that belongs to an organization' do
        let(:customer)     { create(:customer) }
        let(:organization) { create(:organization) }

        before do
          organization.members << customer
          deletable.update!(
            customer_id:     customer.id,
            organization_id: organization.id,
          )
        end

        it 'deletes the ticket only' do
          task.perform

          expect(Ticket).not_to exist(deletable.id)
          expect(User).to exist(customer.id)
          expect(Organization).to exist(organization.id)
        end
      end
    end
  end

  describe '#prepare_deletion_preview' do

    let(:organization) { create(:organization, name: 'Zammad GmbH') }
    let(:user) { create(:customer, firstname: 'Nicole', lastname: 'Braun', organization: organization, email: 'secret@example.com') }
    let(:task) { create(:data_privacy_task, deletable: user) }

    context 'when storing user data' do

      let(:pseudonymous_data) do
        {
          'firstname'    => 'N*e',
          'lastname'     => 'B*n',
          'email'        => 's*t@e*e.com',
          'organization' => 'Z*d G*H',
        }
      end

      it 'creates pseudonymous representation' do
        expect(task[:preferences][:user]).to eq(pseudonymous_data)
      end
    end

    context 'when User is owner of Tickets' do

      let(:owner_tickets) { create_list(:ticket, 3, owner: user) }

      before { owner_tickets }

      it 'stores the numbers' do
        expect(task[:preferences][:owner_tickets]).to eq(owner_tickets.reverse.map(&:number))
      end

      context 'when a lot of tickets exist' do
        before do
          stub_const('DataPrivacyTask::MAX_PREVIEW_TICKETS', 5)
        end

        let(:owner_tickets) { create_list(:ticket, 6, owner: user) }

        it 'stores maximum amount', :aggregate_failures do
          expect(task[:preferences][:owner_tickets].size).to be(5)
          expect(task[:preferences][:owner_tickets_count]).to be(6)
        end
      end
    end

    context 'when User is a customer of Tickets' do

      let(:customer_tickets) { create_list(:ticket, 3, customer: user) }

      before { customer_tickets }

      it 'stores the numbers' do
        expect(task[:preferences][:customer_tickets]).to eq(customer_tickets.reverse.map(&:number))
      end

      context 'when a lot of tickets exist' do
        before do
          stub_const('DataPrivacyTask::MAX_PREVIEW_TICKETS', 5)
        end

        let(:customer_tickets) { create_list(:ticket, 6, customer: user) }

        it 'stores the maximum amount', :aggregate_failures do
          expect(task[:preferences][:customer_tickets].size).to be(5)
          expect(task[:preferences][:customer_tickets_count]).to be(6)
        end
      end
    end

    context 'when deletable is a ticket' do
      let(:ticket)          { create(:ticket, title: 'Doomed ticket') }
      let(:task)            { create(:data_privacy_task, deletable: ticket) }
      let(:deleted_tickets) { [ticket.number] }

      let(:pseudonymous_data) do
        {
          'title' => 'D*d t*t',
        }
      end

      it 'creates pseudonymous representation' do
        expect(task[:preferences][:ticket]).to eq(pseudonymous_data)
      end

      it 'remembers deleted ticket number', :aggregate_failures do
        expect(task[:preferences][:customer_tickets]).to eq(deleted_tickets)
        expect(task[:preferences][:customer_tickets_count]).to eq(1)
      end
    end
  end

  describe '.cleanup' do
    let(:task) { create(:data_privacy_task) }

    it 'does not delete new tasks' do
      task
      described_class.cleanup
      expect { task.reload }.not_to raise_error
    end

    it 'does delete old tasks' do
      travel_to 13.months.ago
      task
      travel_back
      described_class.cleanup
      expect { task.reload }.to raise_error(ActiveRecord::RecordNotFound)
    end

    it 'does make sure that the cleanup returns truthy value for scheduler' do
      expect(described_class.cleanup).to be(true)
    end
  end
end