123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe Gql::Mutations::User::Update, type: :graphql do
- let(:variables) do
- {
- id: gql.id(user),
- input: input
- }
- end
- let(:input) { { email: 'dummy@zammad.com' } }
- context 'when updating a user', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:user) { create(:user, :with_org) }
- let(:query) do
- <<~QUERY
- mutation userUpdate($id: ID!, $input: UserInput!) {
- userUpdate(id: $id, input: $input) {
- user {
- id
- firstname
- lastname
- fullname
- }
- errors {
- message
- field
- }
- }
- }
- QUERY
- end
- context 'with basic fields' do
- let(:input) do
- {
- email: 'dummy@zammad.com',
- firstname: 'Bender',
- lastname: 'Rodríguez',
- }
- end
- let(:expected_response) do
- {
- 'id' => gql.id(user),
- 'firstname' => 'Bender',
- 'lastname' => 'Rodríguez',
- 'fullname' => 'Bender Rodríguez',
- }
- end
- it 'updates User record' do
- gql.execute(query, variables: variables)
- expect(gql.result.data[:user]).to eq(expected_response)
- end
- context 'with not unique email', :aggregate_failures do
- it 'returns a user error' do
- create(:user, email: 'dummy@zammad.com')
- gql.execute(query, variables: variables)
- expect(gql.result.data[:errors].first).to include({ 'message' => "Email address 'dummy@zammad.com' is already used for another user." })
- end
- end
- end
- context 'with multiple secondary organizations' do
- let(:organization_a) { create(:organization) }
- let(:organization_b) { create(:organization) }
- context 'when user has no secondary organizations' do
- let(:input) do
- {
- email: 'dummy@zammad.com',
- organizationIds: [organization_a, organization_b].map { |elem| gql.id(elem) }
- }
- end
- it 'adds given organizations' do
- gql.execute(query, variables: variables)
- expect(user.reload).to have_attributes(organizations: [organization_a, organization_b])
- end
- end
- context 'when user already has a secondary organization' do
- let(:input) do
- {
- email: 'dummy@zammad.com',
- organizationIds: [organization_b].map { |elem| gql.id(elem) }
- }
- end
- it 'replaces secondary organization with a given one' do
- user.update! organizations: [organization_a]
- gql.execute(query, variables: variables)
- expect(user.reload).to have_attributes(organizations: [organization_b])
- end
- end
- end
- context 'without permission', authenticated_as: :user do
- context 'with not authorized agent' do
- let(:user) { create(:admin, roles: [role]) }
- let(:role) do
- role = create(:role)
- role.permission_grant('admin.branding')
- role
- end
- it 'raises an error' do
- gql.execute(query, variables: variables)
- expect(gql.result.error_type).to eq(Pundit::NotAuthorizedError)
- end
- end
- context 'with customer' do
- let(:user) { create(:customer) }
- it 'raises an error' do
- gql.execute(query, variables: variables)
- expect(gql.result.error_type).to eq(Pundit::NotAuthorizedError)
- end
- end
- end
- context 'when user is email-less' do
- let(:user) { create(:user, :without_email) }
- let(:firstname) { 'dummy test name' }
- let(:input) { { firstname: firstname } }
- it 'updates User record' do
- gql.execute(query, variables: variables)
- expect(user.reload).to have_attributes(firstname: firstname)
- end
- end
- end
- end
|