create_spec.rb 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Gql::Mutations::Ticket::Create, :aggregate_failures, type: :graphql do
  4. let(:query) do
  5. <<~QUERY
  6. mutation ticketCreate($input: TicketCreateInput!) {
  7. ticketCreate(input: $input) {
  8. ticket {
  9. id
  10. title
  11. group {
  12. name
  13. }
  14. priority {
  15. name
  16. }
  17. customer {
  18. fullname
  19. }
  20. owner {
  21. fullname
  22. }
  23. objectAttributeValues {
  24. attribute {
  25. name
  26. }
  27. value
  28. }
  29. tags
  30. }
  31. errors {
  32. message
  33. field
  34. }
  35. }
  36. }
  37. QUERY
  38. end
  39. let(:agent) { create(:agent, groups: [ Group.find_by(name: 'Users')]) }
  40. let(:customer) { create(:customer) }
  41. let(:user) { agent }
  42. let(:group) { agent.groups.first }
  43. let(:priority) { Ticket::Priority.last }
  44. let(:article_payload) { nil }
  45. let(:input_base_payload) do
  46. {
  47. title: 'Ticket Create Mutation Test',
  48. groupId: gql.id(group),
  49. priorityId: gql.id(priority),
  50. customer: { id: gql.id(customer) },
  51. ownerId: gql.id(agent),
  52. tags: %w[foo bar],
  53. article: article_payload
  54. # pending_time: 10.minutes.from_now,
  55. # type: ...
  56. }
  57. end
  58. let(:input_payload) { input_base_payload }
  59. let(:variables) { { input: input_payload } }
  60. let(:expected_base_response) do
  61. {
  62. 'id' => gql.id(Ticket.last),
  63. 'title' => 'Ticket Create Mutation Test',
  64. 'owner' => { 'fullname' => agent.fullname },
  65. 'group' => { 'name' => agent.groups.first.name },
  66. 'customer' => { 'fullname' => customer.fullname },
  67. 'priority' => { 'name' => Ticket::Priority.last.name },
  68. 'tags' => %w[foo bar],
  69. 'objectAttributeValues' => [],
  70. }
  71. end
  72. let(:expected_response) do
  73. expected_base_response
  74. end
  75. def it_creates_ticket(articles: 0, stores: 0)
  76. expect { gql.execute(query, variables: variables) }
  77. .to change(Ticket, :count).by(1)
  78. .and change(Ticket::Article, :count).by(articles)
  79. .and change(Store, :count).by(stores)
  80. end
  81. def it_fails_to_create_ticket
  82. expect { gql.execute(query, variables: variables) }
  83. .not_to change(Ticket, :count)
  84. end
  85. context 'when creating a new ticket' do
  86. context 'with an agent', authenticated_as: :agent do
  87. it 'creates Ticket record' do
  88. it_creates_ticket
  89. expect(gql.result.data[:ticket]).to eq(expected_response)
  90. end
  91. context 'without title' do
  92. let(:input_payload) { input_base_payload.tap { |h| h[:title] = ' ' } }
  93. it 'fails validation' do
  94. it_fails_to_create_ticket
  95. expect(gql.result.error_message).to include('Variable $input of type TicketCreateInput! was provided invalid value for title')
  96. end
  97. end
  98. context 'with custom object_attribute', db_strategy: :reset do
  99. let(:object_attribute) do
  100. screens = { create: { 'admin.organization': { shown: true, required: false } } }
  101. create(:object_manager_attribute_text, object_name: 'Ticket', screens: screens).tap do |_oa|
  102. ObjectManager::Attribute.migration_execute
  103. end
  104. end
  105. let(:input_payload) do
  106. input_base_payload.merge(
  107. {
  108. objectAttributeValues: [ { name: object_attribute.name, value: 'object_attribute_value' } ]
  109. }
  110. )
  111. end
  112. let(:expected_response) do
  113. expected_base_response.merge(
  114. {
  115. 'objectAttributeValues' => [{ 'attribute' => { 'name'=>object_attribute.name }, 'value' => 'object_attribute_value' }]
  116. }
  117. )
  118. end
  119. it 'creates the ticket' do
  120. it_creates_ticket
  121. expect(gql.result.data[:ticket]).to eq(expected_response)
  122. end
  123. end
  124. context 'with links' do
  125. let!(:other_ticket) { create(:ticket, group: agent.groups.first) }
  126. let(:links) do
  127. [
  128. { linkObjectId: gql.id(other_ticket), linkType: 'child' },
  129. { linkObjectId: gql.id(other_ticket), linkType: 'normal' },
  130. ]
  131. end
  132. let(:input_payload) { input_base_payload.merge(links:) }
  133. it 'creates the ticket and adds links' do
  134. it_creates_ticket
  135. expect(Link.list(link_object: 'Ticket', link_object_value: Ticket.last.id)).to contain_exactly(
  136. { 'link_object' => 'Ticket', 'link_object_value' => other_ticket.id, 'link_type' => 'parent' },
  137. { 'link_object' => 'Ticket', 'link_object_value' => other_ticket.id, 'link_type' => 'normal' },
  138. )
  139. end
  140. end
  141. context 'when customer is provided as an email address' do
  142. let(:email_address) { Faker::Internet.email }
  143. let(:input_payload) { input_base_payload.merge(customer: { email: email_address }) }
  144. context 'with valid email address' do
  145. it 'creates the ticket and a new customer' do
  146. it_creates_ticket
  147. expect(User.find_by(email: email_address)).to be_present
  148. expect(gql.result.data[:ticket][:customer][:fullname]).to eq(User.find_by(email: email_address).fullname)
  149. end
  150. end
  151. context 'with invalid email address' do
  152. let(:email_address) { 'invalid-email' }
  153. it 'fails to create the ticket' do
  154. it_fails_to_create_ticket
  155. expect(gql.result.error_message).to include('The email address is invalid.')
  156. end
  157. end
  158. context 'with valid email address of an existing customer' do
  159. let(:email_address) { customer.email }
  160. it 'creates the ticket' do
  161. it_creates_ticket
  162. expect(gql.result.data[:ticket][:customer][:fullname]).to eq(customer.fullname)
  163. end
  164. end
  165. end
  166. context 'when creating the ticket in a group with only :create permission' do
  167. let(:group) { create(:group) }
  168. let(:owner) { create(:agent, groups: [group]) }
  169. let(:input_payload) { input_base_payload.merge(ownerId: gql.id(owner)) }
  170. before do
  171. user.groups << group
  172. user.group_names_access_map = { user.groups.first.name => ['full'], group.name => ['create'] }
  173. end
  174. it 'creates the ticket in the correct group, but returns an error trying to access the new ticket' do
  175. expect { gql.execute(query, variables: variables) }.to change(Ticket, :count).by(1)
  176. expect(Ticket.last.group.id).to eq(group.id)
  177. expect(gql.result.payload['data']['ticketCreate']).to eq({ 'ticket' => nil, 'errors' => nil }) # Mutation did run, but data retrieval was not authorized.
  178. expect(gql.result.payload['errors'].first['message']).to eq('Access forbidden by Gql::Types::TicketType')
  179. expect(gql.result.payload['errors'].first['extensions']['type']).to eq('Exceptions::Forbidden')
  180. end
  181. end
  182. context 'when creating the ticket in a group without email address' do
  183. let(:group) { create(:group, email_address: nil) }
  184. let(:agent) { create(:agent, groups: [group]) }
  185. let(:article_payload) { { body: 'dummy', type: 'email' } }
  186. let(:input_payload) { input_base_payload.merge(groupId: gql.id(group)) }
  187. it 'fails to create the ticket' do
  188. it_fails_to_create_ticket
  189. expect(gql.result.payload['data']['ticketCreate']).to eq(
  190. {
  191. 'ticket' => nil,
  192. 'errors' => [
  193. {
  194. 'message' => 'This group has no email address configured for outgoing communication.',
  195. 'field' => 'group_id'
  196. }
  197. ]
  198. }
  199. )
  200. end
  201. end
  202. context 'with no permission to the group' do
  203. let(:group) { create(:group) }
  204. it 'raises an error', :aggregate_failures do
  205. it_fails_to_create_ticket
  206. expect(gql.result.error_type).to eq(Exceptions::Forbidden)
  207. expect(gql.result.error_message).to eq('Access forbidden by Gql::Types::GroupType')
  208. end
  209. end
  210. context 'with article' do
  211. before do
  212. Group.find(agent.groups.first.id).update(email_address: create(:email_address))
  213. end
  214. context 'with inline attachments' do
  215. let(:body) do
  216. <<~BODY
  217. This is a test article with inline attachments.
  218. <img tabindex="0" style="width: 421px; max-width: 100%;" src="" />
  219. BODY
  220. end
  221. let(:article_payload) do
  222. {
  223. body: body,
  224. contentType: 'text/html',
  225. }
  226. end
  227. it 'creates a new ticket + a new article with inline attachments' do
  228. it_creates_ticket(articles: 1, stores: 1)
  229. expect(Store.last.filename).to eq('image1.png')
  230. end
  231. end
  232. context 'with attachments' do
  233. let(:article_payload) do
  234. form_id = SecureRandom.uuid
  235. file_name = 'file1.txt'
  236. file_type = 'text/plain'
  237. file_content = Base64.strict_encode64('file1')
  238. UploadCache.new(form_id).tap do |cache|
  239. cache.add(
  240. data: file_content,
  241. filename: file_name,
  242. preferences: { 'Content-Type' => file_type },
  243. created_by_id: agent.id
  244. )
  245. end
  246. {
  247. body: 'dummy',
  248. contentType: 'text/html',
  249. attachments: {
  250. formId: form_id,
  251. files: [
  252. {
  253. name: file_name,
  254. type: file_type,
  255. content: file_content,
  256. },
  257. ],
  258. },
  259. }
  260. end
  261. it 'creates a new ticket + a new article with attachments' do
  262. it_creates_ticket(articles: 1, stores: 1)
  263. expect(Store.last.filename).to eq('file1.txt')
  264. end
  265. end
  266. context 'with inline attachments + attachments' do
  267. let(:body) do
  268. <<~BODY
  269. This is a test article with inline attachments.
  270. <img tabindex="0" style="width: 421px; max-width: 100%;" src="" />
  271. BODY
  272. end
  273. let(:article_payload) do
  274. form_id = SecureRandom.uuid
  275. file_name = 'file1.txt'
  276. file_type = 'text/plain'
  277. file_content = Base64.strict_encode64('file1')
  278. UploadCache.new(form_id).tap do |cache|
  279. cache.add(
  280. data: file_content,
  281. filename: file_name,
  282. preferences: { 'Content-Type' => file_type },
  283. created_by_id: agent.id
  284. )
  285. end
  286. {
  287. body: body,
  288. contentType: 'text/html',
  289. attachments: {
  290. formId: form_id,
  291. files: [
  292. {
  293. name: file_name,
  294. type: file_type,
  295. content: file_content,
  296. },
  297. ],
  298. },
  299. }
  300. end
  301. it 'creates a new ticket + a new article with inline attachments + attachments' do
  302. it_creates_ticket(articles: 1, stores: 2)
  303. expect(Store.last.filename).to eq('image1.png')
  304. end
  305. end
  306. context 'with a specific sender' do
  307. let(:article_payload) do
  308. {
  309. body: 'dummy',
  310. sender: 'Agent',
  311. }
  312. end
  313. it 'creates a new ticket + a new article with a specific sender' do
  314. it_creates_ticket(articles: 1)
  315. expect(Ticket.last.articles.last.sender.name).to eq('Agent')
  316. end
  317. it 'sets correct "to" and "from" values', :aggregate_failures do
  318. it_creates_ticket(articles: 1)
  319. expect(Ticket.last.articles.last)
  320. .to have_attributes(
  321. from: agent.fullname,
  322. to: "#{customer.fullname} <#{customer.email}>"
  323. )
  324. end
  325. end
  326. context 'with no type' do
  327. let(:article_payload) do
  328. {
  329. body: 'dummy',
  330. }
  331. end
  332. it 'creates a new ticket + a new article, but falls back to type "note"' do
  333. it_creates_ticket(articles: 1)
  334. expect(Ticket.last.articles.last.type.name).to eq('note')
  335. end
  336. end
  337. context 'with a specific type' do
  338. let(:article_payload) do
  339. {
  340. body: 'dummy',
  341. type: Ticket::Article::Type.first.name,
  342. to: 'dummy@example.org',
  343. }
  344. end
  345. it 'creates a new ticket + a new article with a specific type' do
  346. it_creates_ticket(articles: 1)
  347. expect(Ticket.last.articles.last.type.name).to eq(Ticket::Article::Type.first.name)
  348. end
  349. context 'with all integrations disabled' do
  350. let(:article_payload) do
  351. {
  352. body: 'dummy',
  353. to: ['to@example.com'],
  354. type: 'email',
  355. security: {
  356. method: 'SMIME',
  357. options: %w[encryption sign]
  358. }
  359. }
  360. end
  361. before do
  362. Setting.set('smime_integration', false)
  363. Setting.set('pgp_integration', false)
  364. end
  365. it 'doesn\'t set security if security integrations are not enabled', :aggregate_failures do
  366. it_creates_ticket(articles: 1)
  367. expect(Ticket.last.articles.last.preferences[:security]).to be_nil
  368. end
  369. end
  370. context 'with smime enabled' do
  371. let(:article_payload) do
  372. {
  373. body: 'dummy',
  374. to: ['to@example.com'],
  375. type: 'email',
  376. security: {
  377. method: 'SMIME',
  378. options: %w[encryption sign]
  379. }
  380. }
  381. end
  382. before do
  383. Setting.set('smime_integration', true)
  384. Setting.set('pgp_integration', false)
  385. end
  386. it 'creates a new ticket with correct security preferences', :aggregate_failures do
  387. it_creates_ticket(articles: 1)
  388. expect(Ticket.last.articles.last.preferences[:security]).to eq(
  389. 'type' => 'S/MIME',
  390. 'encryption' => { 'success' => true },
  391. 'sign' => { 'success' => true },
  392. )
  393. end
  394. end
  395. context 'with pgp enabled' do
  396. let(:article_payload) do
  397. {
  398. body: 'dummy',
  399. to: ['to@example.com'],
  400. type: 'email',
  401. security: {
  402. method: 'PGP',
  403. options: %w[encryption sign]
  404. }
  405. }
  406. end
  407. before do
  408. Setting.set('smime_integration', false)
  409. Setting.set('pgp_integration', true)
  410. end
  411. it 'creates a new ticket with correct security preferences', :aggregate_failures do
  412. it_creates_ticket(articles: 1)
  413. expect(Ticket.last.articles.last.preferences[:security]).to eq(
  414. 'type' => 'PGP',
  415. 'encryption' => { 'success' => true },
  416. 'sign' => { 'success' => true },
  417. )
  418. end
  419. end
  420. end
  421. end
  422. context 'with to: and cc: being string values' do
  423. let(:article_payload) do
  424. {
  425. body: 'dummy',
  426. to: 'to@example.com',
  427. cc: 'cc@example.com',
  428. }
  429. end
  430. it 'creates a new ticket + a new article and sets correct "to" and "cc" values', :aggregate_failures do
  431. it_creates_ticket(articles: 1)
  432. expect(Ticket.last.articles.last).to have_attributes(to: 'to@example.com', cc: 'cc@example.com')
  433. end
  434. end
  435. context 'with to: and cc: containing array values' do
  436. let(:article_payload) do
  437. {
  438. body: 'dummy',
  439. to: ['to@example.com', 'to2@example.com'],
  440. cc: ['cc@example.com', 'cc2@example.com'],
  441. }
  442. end
  443. it 'creates a new ticket + a new article and sets correct "to" and "cc" values', :aggregate_failures do
  444. it_creates_ticket(articles: 1)
  445. expect(Ticket.last.articles.last).to have_attributes(to: 'to@example.com, to2@example.com', cc: 'cc@example.com, cc2@example.com')
  446. end
  447. end
  448. context 'with a shared draft' do
  449. let(:shared_draft) { create(:ticket_shared_draft_start, group:) }
  450. let(:input_payload) do
  451. input_base_payload
  452. .merge(sharedDraftId: Gql::ZammadSchema.id_from_object(shared_draft))
  453. end
  454. it 'passed to ticket create service' do
  455. expect_any_instance_of(Service::Ticket::Create)
  456. .to receive(:execute)
  457. .with(ticket_data: include(shared_draft:))
  458. .and_call_original
  459. gql.execute(query, variables: variables)
  460. end
  461. end
  462. end
  463. context 'with a customer', authenticated_as: :customer do
  464. let(:input_payload) { input_base_payload.tap { |h| h.delete(:customer) } }
  465. let(:expected_response) do
  466. expected_base_response.merge(
  467. {
  468. 'owner' => { 'fullname' => nil },
  469. 'priority' => { 'name' => Ticket::Priority.where(default_create: true).first.name },
  470. 'tags' => nil
  471. }
  472. )
  473. end
  474. it 'creates the ticket with filtered values' do
  475. it_creates_ticket
  476. expect(gql.result.data[:ticket]).to eq(expected_response)
  477. end
  478. context 'when sending a different customerId' do
  479. let(:input_payload) { input_base_payload.tap { |h| h[:customer][:id] = gql.id(create(:customer)) } }
  480. it 'fails creating a ticket with permission exception' do
  481. it_fails_to_create_ticket
  482. expect(gql.result.error_type).to eq(Exceptions::Forbidden)
  483. expect(gql.result.error_message).to eq('Access forbidden by Gql::Types::UserType')
  484. end
  485. end
  486. context 'with links' do
  487. let!(:other_ticket) { create(:ticket, customer: customer) }
  488. let(:links) do
  489. [
  490. { linkObjectId: gql.id(other_ticket), linkType: 'child' },
  491. { linkObjectId: gql.id(other_ticket), linkType: 'normal' },
  492. ]
  493. end
  494. let(:input_payload) { input_base_payload.merge(links:) }
  495. it 'creates the ticket without links' do
  496. it_creates_ticket
  497. expect(Link.list(link_object: 'Ticket', link_object_value: Ticket.last.id)).to eq([])
  498. end
  499. end
  500. context 'with article' do
  501. context 'with a forbidden sender' do
  502. let(:article_payload) do
  503. {
  504. body: 'dummy',
  505. sender: 'Agent',
  506. }
  507. end
  508. it 'creates a new ticket + a new article, but falls back to "Customer" as sender' do
  509. it_creates_ticket(articles: 1)
  510. expect(Ticket.last.articles.last.sender.name).to eq('Customer')
  511. end
  512. end
  513. context 'with type "phone"' do
  514. let(:article_payload) do
  515. {
  516. body: 'dummy',
  517. type: 'phone',
  518. }
  519. end
  520. it 'creates a new ticket + a new article, but falls back to "note" as type' do
  521. it_creates_ticket(articles: 1)
  522. expect(Ticket.last.articles.last.type.name).to eq('note')
  523. end
  524. it 'sets correct "to" and "from" values', :aggregate_failures do
  525. it_creates_ticket(articles: 1)
  526. expect(Ticket.last.articles.last)
  527. .to have_attributes(
  528. to: Ticket.last.group.name,
  529. from: customer.fullname
  530. )
  531. end
  532. end
  533. context 'with an article flagged as internal' do
  534. let(:article_payload) do
  535. {
  536. body: 'dummy',
  537. internal: true,
  538. }
  539. end
  540. it 'creates a new ticket + a new article, but flags it as not internal' do
  541. it_creates_ticket(articles: 1)
  542. expect(Ticket.last.articles.last.internal).to be(false)
  543. end
  544. end
  545. end
  546. end
  547. context 'with an agent that has a specific role limited to create/update permission', authenticated_as: :user do
  548. let(:user) { create(:user, roles: [api_role]) }
  549. let(:api_role) do
  550. role = create(:role, name: 'API', permission_names: ['ticket.agent'])
  551. role.group_names_access_map = {
  552. Group.first.name => %w[create],
  553. }
  554. role
  555. end
  556. let(:input_payload) do
  557. {
  558. title: 'Test title for issue #4647',
  559. groupId: gql.id(Group.first),
  560. customer: { id: gql.id(customer) },
  561. article: article_payload,
  562. }
  563. end
  564. let(:article_payload) do
  565. {
  566. type: 'web',
  567. internal: false,
  568. sender: 'Customer',
  569. subject: 'Test subject',
  570. body: SecureRandom.uuid,
  571. }
  572. end
  573. before { Trigger.destroy_all } # triggers may cause additional articles to be created
  574. it 'contains correct "origin_by" + "from" information' do
  575. gql.execute(query, variables: variables)
  576. expect(Ticket.last.articles.last).to have_attributes(
  577. origin_by_id: customer.id,
  578. from: "#{customer.fullname} <#{customer.email}>",
  579. )
  580. end
  581. end
  582. end
  583. end