assets_spec.rb 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Assets', db_strategy: :reset, type: :system do
  4. let(:organization) { create(:organization, note: 'hello') }
  5. let(:customer) { create(:customer, organization: organization, note: 'hello', last_login: Time.zone.now, login_failed: 1) }
  6. let(:agent) do
  7. user = create(:agent, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1)
  8. create(:twitter_authorization, user: user)
  9. user
  10. end
  11. let(:admin) { create(:admin, groups: [Group.find_by(name: 'Users')], note: 'hello', last_login: Time.zone.now, login_failed: 1) }
  12. let(:ticket) { create(:ticket, owner: agent, group: Group.find_by(name: 'Users'), customer: customer, created_by: admin) }
  13. context 'groups' do
  14. before do
  15. visit '/'
  16. end
  17. def group_note
  18. page.execute_script('return App.Group.first().note')
  19. end
  20. def group_name_last
  21. page.execute_script('return App.Group.first().name_last')
  22. end
  23. def group_parent_id
  24. page.execute_script('return App.Group.first().parent_id')
  25. end
  26. describe 'when customer', authenticated_as: :customer do
  27. it 'can not access group details' do
  28. expect(group_note).to be_nil
  29. end
  30. it 'can access name_last attribute (#4981)' do
  31. expect(group_name_last).not_to be_nil
  32. end
  33. context 'when group has parent', authenticated_as: :authenticate do
  34. def authenticate
  35. Group.first.update(parent_id: create(:group, name: 'Parent').id)
  36. customer
  37. end
  38. it 'can access parent_id attribute' do
  39. expect(group_parent_id).not_to be_nil
  40. end
  41. end
  42. end
  43. describe 'when agent', authenticated_as: :agent do
  44. it 'can access group details' do
  45. expect(group_note).not_to be_nil
  46. end
  47. end
  48. describe 'when admin', authenticated_as: :admin do
  49. it 'can access group details' do
  50. expect(group_note).not_to be_nil
  51. end
  52. end
  53. end
  54. context 'organizations' do
  55. def organization_note
  56. page.execute_script("return App.Organization.find(#{organization.id}).note")
  57. end
  58. before do
  59. visit "#ticket/zoom/#{ticket.id}"
  60. end
  61. describe 'when customer', authenticated_as: :customer do
  62. it 'can not access organization details' do
  63. expect(organization_note).to be_nil
  64. end
  65. end
  66. describe 'when agent', authenticated_as: :agent do
  67. it 'can access organization details' do
  68. expect(organization_note).not_to be_nil
  69. end
  70. end
  71. describe 'when admin', authenticated_as: :admin do
  72. it 'can access organization details' do
  73. expect(organization_note).not_to be_nil
  74. end
  75. end
  76. end
  77. context 'roles' do
  78. def role_name
  79. page.execute_script('return App.Role.first().name')
  80. end
  81. before do
  82. visit "#ticket/zoom/#{ticket.id}"
  83. end
  84. describe 'when customer', authenticated_as: :customer do
  85. it 'can not access role details' do
  86. expect(role_name).to eq('Role_1')
  87. end
  88. end
  89. describe 'when agent', authenticated_as: :agent do
  90. it 'can access role details' do
  91. expect(role_name).not_to eq('Role_1')
  92. end
  93. end
  94. describe 'when admin', authenticated_as: :admin do
  95. it 'can access role details' do
  96. expect(role_name).not_to eq('Role_1')
  97. end
  98. end
  99. end
  100. context 'users' do
  101. def customer_email
  102. page.execute_script("return App.User.find(#{customer.id}).email")
  103. end
  104. def customer_note
  105. page.execute_script("return App.User.find(#{customer.id}).note")
  106. end
  107. def customer_available_group_count
  108. page.execute_script('return App.Group.all().length')
  109. end
  110. def owner_firstname
  111. page.execute_script("return App.User.find(#{agent.id}).firstname")
  112. end
  113. def owner_accounts
  114. page.execute_script("return App.User.find(#{agent.id}).accounts")
  115. end
  116. def owner_details
  117. [
  118. page.execute_script("return App.User.find(#{agent.id}).last_login"),
  119. page.execute_script("return App.User.find(#{agent.id}).login_failed"),
  120. page.execute_script("return App.User.find(#{agent.id}).email"),
  121. page.execute_script("return App.User.find(#{agent.id}).note"),
  122. ].compact
  123. end
  124. describe 'when customer', authenticated_as: :customer do
  125. let(:agent_groups) { create_list(:group, 3) }
  126. context 'when zoom' do
  127. before do
  128. visit "#ticket/zoom/#{ticket.id}"
  129. end
  130. it 'can access customer email' do
  131. expect(customer_email).not_to be_nil
  132. end
  133. it 'can not access customer note' do
  134. expect(customer_note).to be_nil
  135. end
  136. it 'can not access owner details' do
  137. expect(owner_details).to be_empty
  138. end
  139. it 'can access owner firstname' do
  140. expect(owner_firstname).not_to be_nil
  141. end
  142. it 'can access not owner owner accounts' do
  143. expect(owner_accounts).to be_nil
  144. end
  145. context 'when groups are restricted', authenticated_as: :authenticate do
  146. def authenticate
  147. agent_groups
  148. Setting.set('customer_ticket_create_group_ids', [Group.first.id])
  149. customer
  150. end
  151. it 'can not access agent groups' do
  152. expect(customer_available_group_count).to eq(1)
  153. end
  154. context 'when there are old tickets for the customer', authenticated_as: :authenticate do
  155. def authenticate
  156. agent_groups
  157. create(:ticket, group: agent_groups.first, customer: customer)
  158. Setting.set('customer_ticket_create_group_ids', [Group.first.id])
  159. customer
  160. end
  161. it 'can access one of the agent groups' do
  162. expect(customer_available_group_count).to eq(2)
  163. end
  164. end
  165. end
  166. end
  167. context 'when ticket create' do
  168. before do
  169. visit '#customer_ticket_new'
  170. end
  171. context 'when there are no customer groups', authenticated_as: :authenticate do
  172. def authenticate
  173. agent_groups
  174. Setting.set('customer_ticket_create_group_ids', [])
  175. customer
  176. end
  177. it 'can create tickets in all groups' do
  178. expect(customer_available_group_count).to eq(5)
  179. end
  180. end
  181. context 'when there are customer groups', authenticated_as: :authenticate do
  182. def authenticate
  183. agent_groups
  184. Setting.set('customer_ticket_create_group_ids', [Group.first.id])
  185. customer
  186. end
  187. it 'can create tickets in configured groups' do
  188. expect(customer_available_group_count).to eq(1)
  189. end
  190. end
  191. end
  192. end
  193. describe 'when agent', authenticated_as: :agent do
  194. before do
  195. visit "#ticket/zoom/#{ticket.id}"
  196. end
  197. it 'can access customer email' do
  198. expect(customer_email).not_to be_nil
  199. end
  200. it 'can access customer note' do
  201. expect(customer_note).not_to be_nil
  202. end
  203. it 'can access owner details' do
  204. expect(owner_details).not_to be_empty
  205. end
  206. it 'can access owner firstname' do
  207. expect(owner_firstname).not_to be_nil
  208. end
  209. it 'can access owner owner accounts' do
  210. expect(owner_accounts).not_to be_nil
  211. end
  212. end
  213. describe 'when admin', authenticated_as: :admin do
  214. before do
  215. visit "#ticket/zoom/#{ticket.id}"
  216. end
  217. it 'can access customer email' do
  218. expect(customer_email).not_to be_nil
  219. end
  220. it 'can access customer note' do
  221. expect(customer_note).not_to be_nil
  222. end
  223. it 'can access owner details' do
  224. expect(owner_details).not_to be_empty
  225. end
  226. it 'can access owner firstname' do
  227. expect(owner_firstname).not_to be_nil
  228. end
  229. it 'can access owner owner accounts' do
  230. expect(owner_accounts).not_to be_nil
  231. end
  232. end
  233. end
  234. end