| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135 |
- # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe Gql::Queries::Ticket::Attachments, authenticated_as: :user, type: :graphql do
- let(:query) do
- <<~QUERY
- query ticketAttachments($ticketId: ID!) {
- ticketAttachments(ticketId: $ticketId) {
- id
- internalId
- name
- size
- type
- preferences
- }
- }
- QUERY
- end
- let(:ticket) { create(:ticket) }
- let(:cid) { "#{SecureRandom.uuid}@zammad.example.com" }
- let(:articles) do
- create_list(:ticket_article, 2, ticket: ticket, content_type: 'text/html', body: "<img src=\"cid:#{cid}\"> some text") do |article, _i|
- create(
- :store,
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'fake',
- filename: 'inline_image.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => "<#{cid}>",
- 'Content-Disposition' => 'inline',
- }
- )
- create(
- :store,
- object: 'Ticket::Article',
- o_id: article.id,
- data: 'fake',
- filename: 'attached_image.jpg',
- preferences: {
- 'Content-Type' => 'image/jpeg',
- 'Mime-Type' => 'image/jpeg',
- 'Content-ID' => "<#{cid}.not.referenced>",
- }
- )
- end
- end
- let(:variables) { { ticketId: gql.id(ticket) } }
- context 'when an agent is fetching ticket attachments' do
- let(:user) { create(:agent, groups: [ticket.group]) }
- before do
- articles
- gql.execute(query, variables: variables)
- end
- it 'returns the ticket attachments' do
- expect(gql.result.data).to include(hash_including(
- 'id' => gql.id(articles.first.attachments.last),
- 'internalId' => articles.first.attachments.last.id,
- 'name' => 'attached_image.jpg',
- ))
- end
- context 'when the ticket is in a group the agent is not a member of' do
- let(:user) { create(:agent, groups: []) }
- it 'returns an error' do
- expect(gql.result.error_type).to eq(Exceptions::Forbidden)
- end
- end
- end
- context 'when a customer is fetching ticket attachments' do
- let(:user) { create(:customer) }
- context 'when no access to the ticket' do
- before do
- articles
- gql.execute(query, variables: variables)
- end
- it 'returns an error' do
- expect(gql.result.error_type).to eq(Exceptions::Forbidden)
- end
- end
- context 'when access to the ticket' do
- context 'when all articles are public' do
- before do
- ticket.update!(customer: user)
- articles.each { |article| article.update!(internal: false) }
- gql.execute(query, variables: variables)
- end
- it 'returns the ticket attachments' do
- expect(gql.result.data).to include(hash_including(
- 'id' => gql.id(articles.first.attachments.last),
- 'internalId' => articles.first.attachments.last.id,
- 'name' => 'attached_image.jpg',
- ))
- end
- end
- context 'when some articles are internal' do
- before do
- ticket.update!(customer: user)
- articles.each { |article| article.update!(internal: true) }
- gql.execute(query, variables: variables)
- end
- it 'returns the ticket attachments (empty)' do
- expect(gql.result.data).to eq([])
- end
- end
- end
- end
- context 'when not authenticated' do
- let(:user) { nil }
- before do
- gql.execute(query, variables: variables)
- end
- it_behaves_like 'graphql responds with error if unauthenticated'
- end
- end
|
