taskbar_spec.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Taskbars', type: :request do
  4. let(:agent) do
  5. create(:agent)
  6. end
  7. let(:customer) do
  8. create(:customer)
  9. end
  10. describe 'request handling' do
  11. it 'does task ownership' do
  12. params = {
  13. user_id: customer.id,
  14. key: 'Ticket-5',
  15. callback: 'TicketZoom',
  16. state: {
  17. ticket: {
  18. owner_id: agent.id,
  19. },
  20. article: {},
  21. },
  22. params: {
  23. ticket_id: 5,
  24. shown: true,
  25. },
  26. prio: 3,
  27. notify: false,
  28. active: false,
  29. }
  30. authenticated_as(agent)
  31. post '/api/v1/taskbar', params: params, as: :json
  32. expect(response).to have_http_status(:created)
  33. expect(json_response).to be_a(Hash)
  34. expect(json_response['user_id']).to eq(agent.id)
  35. expect(json_response['params']['ticket_id']).to eq(5)
  36. expect(json_response['params']['shown']).to be(true)
  37. taskbar_id = json_response['id']
  38. params[:user_id] = customer.id
  39. params[:params] = {
  40. ticket_id: 5,
  41. shown: false,
  42. }
  43. put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
  44. expect(response).to have_http_status(:ok)
  45. expect(json_response).to be_a(Hash)
  46. expect(json_response['user_id']).to eq(agent.id)
  47. expect(json_response['params']['ticket_id']).to eq(5)
  48. expect(json_response['params']['shown']).to be(false)
  49. # try to access with other user
  50. params = {
  51. active: true,
  52. }
  53. authenticated_as(customer)
  54. put "/api/v1/taskbar/#{taskbar_id}", params: params, as: :json
  55. expect(response).to have_http_status(:unprocessable_entity)
  56. expect(json_response).to be_a(Hash)
  57. expect(json_response['error']).to eq('Not allowed to access this task.')
  58. delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
  59. expect(response).to have_http_status(:unprocessable_entity)
  60. expect(json_response).to be_a(Hash)
  61. expect(json_response['error']).to eq('Not allowed to access this task.')
  62. # delete with correct user
  63. authenticated_as(agent)
  64. delete "/api/v1/taskbar/#{taskbar_id}", params: {}, as: :json
  65. expect(response).to have_http_status(:ok)
  66. expect(json_response).to be_a(Hash)
  67. expect(json_response).to be_blank
  68. end
  69. end
  70. end