123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- describe Ticket::ArticlePolicy do
- subject { described_class.new(user, record) }
- let!(:group) { create(:group) }
- let!(:ticket_customer) { create(:customer) }
- let(:record) do
- ticket = create(:ticket, group: group, customer: ticket_customer)
- create(:ticket_article, ticket: ticket)
- end
- context 'when article internal' do
- let(:record) do
- ticket = create(:ticket, group: group, customer: ticket_customer)
- create(:ticket_article, ticket: ticket, internal: true)
- end
- context 'when agent' do
- let(:user) { create(:agent, groups: [group]) }
- it { is_expected.to permit_actions(%i[show]) }
- end
- context 'when agent and customer' do
- let(:user) { create(:agent_and_customer, groups: [group]) }
- it { is_expected.to permit_actions(%i[show]) }
- end
- context 'when agent and customer but no agent group access' do
- let(:user) do
- customer_role = create(:role, :customer)
- create(:agent_and_customer, roles: [customer_role])
- end
- it { is_expected.to forbid_actions(%i[show]) }
- end
- context 'when customer' do
- let(:user) { ticket_customer }
- it { is_expected.to forbid_actions(%i[show]) }
- end
- end
- context 'when agent' do
- let(:user) { create(:agent, groups: [group]) }
- it { is_expected.to permit_actions(%i[show]) }
- end
- context 'when agent and customer' do
- let(:user) { create(:agent_and_customer, groups: [group]) }
- it { is_expected.to permit_actions(%i[show]) }
- end
- context 'when customer' do
- let(:user) { ticket_customer }
- it { is_expected.to permit_actions(%i[show]) }
- end
- context 'when customer is agent and customer' do
- let(:user) { ticket_customer }
- let(:ticket_customer) { create(:agent_and_customer) }
- it { is_expected.to permit_actions(%i[show]) }
- it { is_expected.to forbid_actions(%i[update destroy]) }
- end
- end
|