mention_spec.rb 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Mention', aggregate_failures: true, authenticated_as: :user, type: :request do
  4. let(:ticket) { create(:ticket) }
  5. let(:other_ticket) { create(:ticket) }
  6. let(:user) { create(:agent_and_customer, groups: [ticket.group]) }
  7. let(:other_user) { create(:agent_and_customer, groups: [ticket.group]) }
  8. let(:mention) { create(:mention, mentionable: ticket, user: user) }
  9. describe 'GET /api/v1/mentions' do
  10. before { mention }
  11. context 'when user has agent access to mentionable' do
  12. it 'returns mentions' do
  13. get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
  14. expect(response).to have_http_status(:ok)
  15. expect(json_response['mentions'].count).to eq(1)
  16. end
  17. it 'returns mentions for another user who has access', authenticated_as: :other_user do
  18. get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
  19. expect(response).to have_http_status(:ok)
  20. expect(json_response['mentions'].count).to eq(1)
  21. end
  22. it 'returns empty list for object without mentions' do
  23. user.user_groups.create! group: other_ticket.group, access: 'read'
  24. get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: other_ticket.id }, as: :json
  25. expect(response).to have_http_status(:ok)
  26. expect(json_response['mentions']).to be_blank
  27. end
  28. context 'when requesting full response' do
  29. it 'returns related assets' do
  30. get '/api/v1/mentions?full=1', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
  31. expect(json_response['assets']).to include_assets_of mention, user, ticket
  32. end
  33. it 'returns mentions IDs' do
  34. get '/api/v1/mentions?full=1', params: { mentionable_type: 'Ticket', mentionable_id: ticket.id }, as: :json
  35. expect(json_response['record_ids']).to match_array mention.id
  36. end
  37. end
  38. end
  39. context 'when user has no access to mentionable' do
  40. it 'returns authorization error' do
  41. get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: other_ticket.id }, as: :json
  42. expect(response).to have_http_status(:forbidden)
  43. end
  44. end
  45. context 'when invalid mentionable is given' do
  46. it 'fails if non-existant ticket given' do
  47. get '/api/v1/mentions', params: { mentionable_type: 'Ticket', mentionable_id: 0 }, as: :json
  48. expect(response).to have_http_status(:forbidden)
  49. end
  50. it 'fails if non-ticket given' do
  51. get '/api/v1/mentions', params: { mentionable_type: 'NonTicket', mentionable_id: ticket.id }, as: :json
  52. expect(response).to have_http_status(:unprocessable_entity)
  53. expect(json_response['error']).to eq("The parameter 'mentionable_type' is invalid.")
  54. end
  55. end
  56. end
  57. describe 'POST /api/v1/mentions' do
  58. let(:params) do
  59. {
  60. mentionable_type: 'Ticket',
  61. mentionable_id: other_ticket.id
  62. }
  63. end
  64. context 'when user has agent access' do
  65. before do
  66. user.group_names_access_map = {
  67. other_ticket.group.name => 'read',
  68. }
  69. end
  70. it 'subscribes to a given ticket' do
  71. expect { post '/api/v1/mentions', params: params, as: :json }
  72. .to change { other_ticket.mentions.reload.count }.to(1)
  73. expect(response).to have_http_status(:created)
  74. end
  75. it 'silently handles subscribing to item already subscribed to' do
  76. create(:mention, mentionable: other_ticket, user: user)
  77. expect { post '/api/v1/mentions', params: params, as: :json }
  78. .not_to change { other_ticket.mentions.reload.count }
  79. expect(response).to have_http_status(:created)
  80. end
  81. end
  82. context 'when user has no access' do
  83. it 'fails' do
  84. post '/api/v1/mentions', params: params, as: :json
  85. expect(response).to have_http_status(:forbidden)
  86. end
  87. end
  88. end
  89. describe 'DELETE /api/v1/mentions/:id' do
  90. before { mention }
  91. context 'when user has agent access' do
  92. it 'deletes mention' do
  93. expect { delete "/api/v1/mentions/#{mention.id}", as: :json }
  94. .to change { ticket.mentions.reload.count }.by(-1)
  95. expect(response).to have_http_status(:ok)
  96. end
  97. it 'fails to delete mention that is no longer present' do
  98. mention.destroy!
  99. delete "/api/v1/mentions/#{mention.id}", as: :json
  100. expect(response).to have_http_status(:forbidden)
  101. end
  102. it 'does not allow to delete mention of another user' do
  103. create(:mention, mentionable: ticket, user: other_user)
  104. other_mention = Mention.last
  105. delete "/api/v1/mentions/#{other_mention.id}", as: :json
  106. expect(response).to have_http_status(:forbidden)
  107. end
  108. end
  109. context 'when user has no access' do
  110. before do
  111. user.user_groups.first.destroy!
  112. end
  113. it 'fails deleting non existant mention' do
  114. delete '/api/v1/mentions/0', as: :json
  115. expect(response).to have_http_status(:forbidden)
  116. end
  117. it 'allows to delete mention on object user no longer has access to' do
  118. expect { delete "/api/v1/mentions/#{mention.id}", as: :json }
  119. .to change { ticket.mentions.reload.count }.to(0)
  120. expect(response).to have_http_status(:ok)
  121. end
  122. end
  123. end
  124. end