123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe ObjectManager::Object do
- describe 'attribute permissions', db_strategy: :reset do
- let(:user) { create(:user, roles: [role_attribute_permissions]) }
- let(:skip_permission) { false }
- let(:attribute) { described_class.new('Ticket').attributes(user, skip_permission: skip_permission).detect { |attribute| attribute[:name] == attribute_name } }
- let(:role_attribute_permissions) do
- create(:role).tap do |role|
- role.permission_grant('admin.organization')
- role.permission_grant('ticket.agent')
- end
- end
- let(:attribute_name) { 'example_attribute' }
- before do
- create(:object_manager_attribute_text, name: attribute_name, screens: screens)
- ObjectManager::Attribute.migration_execute
- end
- context 'when true and false values for show exist' do
- let(:screens) do
- {
- create: {
- 'admin.organization': {
- shown: true
- },
- 'ticket.agent': {
- shown: false
- }
- }
- }
- end
- it 'uses true' do
- expect(attribute[:screen]['create']['shown']).to be true
- end
- context 'with skip_permission: true' do
- let(:skip_permission) { true }
- it 'uses true' do
- expect(attribute[:screen]['create']['shown']).to be true
- end
- end
- end
- context 'when -all- is present' do
- let(:screens) do
- {
- create: {
- '-all-': {
- shown: true
- },
- 'admin.organization': {
- shown: false
- },
- 'ticket.agent': {
- shown: false
- }
- }
- }
- end
- it 'takes its values into account' do
- expect(attribute[:screen]['create']['shown']).to be true
- end
- context 'with skip_permission: true' do
- let(:skip_permission) { true }
- it 'takes its values into account' do
- expect(attribute[:screen]['create']['shown']).to be true
- end
- end
- end
- context 'when non boolean values are present' do
- let(:screens) do
- {
- create: {
- '-all-': {
- shown: true,
- item_class: 'column'
- },
- 'admin.organization': {
- shown: false
- },
- 'ticket.agent': {
- shown: false
- }
- }
- }
- end
- it 'takes these values into account' do
- expect(attribute[:screen]['create']['item_class']).to eq('column')
- end
- context 'with skip_permission: true' do
- let(:skip_permission) { true }
- it 'takes these values into account' do
- expect(attribute[:screen]['create']['item_class']).to eq('column')
- end
- end
- end
- context 'when agent is also customer' do
- let(:user) { create(:agent_and_customer) }
- let(:screens) do
- {
- create: {
- 'ticket.customer': {
- filter: [2, 4]
- },
- 'ticket.agent': {
- filter: [3, 5]
- }
- }
- }
- end
- it 'prefers agent over customer permissions' do
- expect(attribute[:screen]['create']['filter']).to eq([3, 5])
- end
- context 'with skip_permission: true' do
- let(:skip_permission) { true }
- it 'prefers agent over customer permissions' do
- expect(attribute[:screen]['create']['filter']).to eq([3, 5])
- end
- end
- end
- end
- end
|