123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe 'KnowledgeBase permissions', authenticated_as: :current_user, type: :request do
- include_context 'basic Knowledge Base'
- let(:current_user) { create(:admin) }
- let(:role_admin) { Role.find_by(name: 'Admin') }
- let(:role_agent) { Role.find_by(name: 'Agent') }
- let(:initial_permissions) do
- {
- permissions: {
- role_admin.id => 'editor',
- role_agent.id => 'none'
- }
- }
- end
- let(:update_permissions) do
- {
- permissions: {
- role_admin.id => 'editor',
- role_agent.id => 'reader'
- }
- }
- end
- let(:expected_response) do
- {
- 'inherited' => be_empty,
- 'permissions' => be_empty,
- 'roles_reader' => contain_exactly({ 'id' => role_agent.id, 'name' => 'Agent' }),
- 'roles_editor' => contain_exactly({ 'id' => role_admin.id, 'name' => 'Admin' })
- }
- end
- let(:expected_response_permissions) do
- permissions = [
- { 'access' => 'editor', 'id' => KnowledgeBase::Permission.first.id, 'role_id' => role_admin.id },
- { 'access' => 'none', 'id' => KnowledgeBase::Permission.last.id, 'role_id' => role_agent.id }
- ]
- expected_response.merge({ 'permissions' => match_array(permissions) })
- end
- shared_examples 'verify permissions' do
- describe '#show' do
- it 'returns success' do
- get url
- expect(response).to have_http_status(:ok)
- end
- it 'returns correct response' do
- get url
- expect(json_response).to include(expected_response)
- end
- context 'with initial permissions' do
- before do
- KnowledgeBase::PermissionsUpdate.new(object, current_user).update_using_params!(initial_permissions)
- end
- it 'returns correct response' do
- get url
- expect(json_response).to include(expected_response_permissions)
- end
- end
- context 'when a role has both KB permissions' do
- before do
- role_agent.permission_grant('knowledge_base.editor')
- end
- it 'ensures that same role is not returned twice' do
- get url
- expect(json_response['roles_reader'].intersection(json_response['roles_editor']))
- .to be_empty
- end
- it 'ensures that ambiguous role is returned as editor' do
- get url
- editor_includes_agent = json_response['roles_editor'].find { |elem| elem['id'] == role_agent.id }
- expect(editor_includes_agent).to be_truthy
- end
- end
- end
- describe '#update' do
- before do
- put url, params: params
- end
- let(:params) do
- {
- permissions_dialog: update_permissions
- }
- end
- it 'returns success' do
- put url, params: params
- expect(response).to have_http_status(:ok)
- end
- it 'saves update' do
- put url, params: params
- expect(KnowledgeBase::Permission.last.access).to eq 'reader'
- end
- end
- end
- context 'with a category' do
- let(:object) { category }
- let(:url) { "/api/v1/knowledge_bases/#{knowledge_base.id}/categories/#{category.id}/permissions" }
- include_examples 'verify permissions'
- end
- context 'with a knowledge base' do
- let(:object) { knowledge_base }
- let(:url) { "/api/v1/knowledge_bases/#{knowledge_base.id}/permissions" }
- include_examples 'verify permissions'
- end
- end
|