123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe 'Mention', aggregate_failures: true, authenticated_as: :user, type: :request do
- let(:ticket) { create(:ticket) }
- let(:other_ticket) { create(:ticket) }
- let(:user) { create(:agent_and_customer, groups: [ticket.group]) }
- let(:other_user) { create(:agent_and_customer, groups: [ticket.group]) }
- let(:mention) { create(:mention, mentionable: ticket, user: user) }
- describe 'GET /api/v1/mentions' do
- before { mention }
- context 'when user has agent access to mentionable' do
- it 'returns mentions' do
- get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response['mentions'].count).to eq(1)
- end
- it 'returns mentions for another user who has access', authenticated_as: :other_user do
- get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response['mentions'].count).to eq(1)
- end
- it 'returns empty list for object without mentions' do
- user.user_groups.create! group: other_ticket.group, access: 'read'
- get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: other_ticket.id }, as: :json
- expect(response).to have_http_status(:ok)
- expect(json_response['mentions']).to be_blank
- end
- context 'when requesting full response' do
- it 'returns related assets' do
- get '/api/v1/mentions?full=1', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
- expect(json_response['assets']).to include_assets_of mention, user, ticket
- end
- it 'returns mentions IDs' do
- get '/api/v1/mentions?full=1', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
- expect(json_response['record_ids']).to match_array mention.id
- end
- end
- end
- context 'when user has no access to mentionable' do
- it 'returns authorization error' do
- get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: other_ticket.id }, as: :json
- expect(response).to have_http_status(:forbidden)
- end
- end
- context 'when invalid mentionable is given' do
- it 'fails if non-existant ticket given' do
- get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: 0 }, as: :json
- expect(response).to have_http_status(:forbidden)
- end
- it 'fails if non-ticket given' do
- get '/api/v1/mentions', params: { mentionable_type: 'NonTicket', mentionable_id: ticket.id }, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- expect(json_response['error']).to eq("The parameter 'mentionable_type' is invalid.")
- end
- end
- end
- describe 'POST /api/v1/mentions' do
- let(:params) do
- {
- mentionable_type: 'Ticket',
- mentionable_id: other_ticket.id
- }
- end
- context 'when user has agent access' do
- before do
- user.group_names_access_map = {
- other_ticket.group.name => 'read',
- }
- end
- it 'subscribes to a given ticket' do
- expect { post '/api/v1/mentions', params: params, as: :json }
- .to change { other_ticket.mentions.reload.count }.to(1)
- expect(response).to have_http_status(:created)
- end
- it 'silently handles subscribing to item already subscribed to' do
- create(:mention, mentionable: other_ticket, user: user)
- expect { post '/api/v1/mentions', params: params, as: :json }
- .not_to change { other_ticket.mentions.reload.count }
- expect(response).to have_http_status(:created)
- end
- end
- context 'when user has no access' do
- it 'fails' do
- post '/api/v1/mentions', params: params, as: :json
- expect(response).to have_http_status(:forbidden)
- end
- end
- end
- describe 'DELETE /api/v1/mentions/:id' do
- before { mention }
- context 'when user has agent access' do
- it 'deletes mention' do
- expect { delete "/api/v1/mentions/#{mention.id}", as: :json }
- .to change { ticket.mentions.reload.count }.by(-1)
- expect(response).to have_http_status(:ok)
- end
- it 'fails to delete mention that is no longer present' do
- mention.destroy!
- delete "/api/v1/mentions/#{mention.id}", as: :json
- expect(response).to have_http_status(:forbidden)
- end
- it 'does not allow to delete mention of another user' do
- create(:mention, mentionable: ticket, user: other_user)
- other_mention = Mention.last
- delete "/api/v1/mentions/#{other_mention.id}", as: :json
- expect(response).to have_http_status(:forbidden)
- end
- end
- context 'when user has no access' do
- before do
- user.user_groups.first.destroy!
- end
- it 'fails deleting non existant mention' do
- delete '/api/v1/mentions/0', as: :json
- expect(response).to have_http_status(:forbidden)
- end
- it 'allows to delete mention on object user no longer has access to' do
- expect { delete "/api/v1/mentions/#{mention.id}", as: :json }
- .to change { ticket.mentions.reload.count }.to(0)
- expect(response).to have_http_status(:ok)
- end
- end
- end
- end
|