data_privacy_task_spec.rb 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe DataPrivacyTask, type: :model do
  4. describe 'validations' do
  5. it 'uses DataPrivacyTaskValidator' do
  6. expect_any_instance_of(Validations::DataPrivacyTaskValidator).to receive(:validate)
  7. create(:data_privacy_task)
  8. end
  9. end
  10. describe '#perform', aggregate_failures: true do
  11. let(:task) { create(:data_privacy_task, deletable: deletable) }
  12. context 'when deletable is already deleted' do
  13. let(:organization) { create(:organization, name: 'test') }
  14. let(:deletable) { create(:customer, organization: organization) }
  15. it 'sets no error message when user is already deleted' do
  16. task
  17. deletable.destroy
  18. task.perform
  19. expect(task.reload.state).to eq('completed')
  20. end
  21. end
  22. context 'when deleting a user' do
  23. let(:deletable) { create(:agent) }
  24. it 'deletes the user' do
  25. task.perform
  26. expect(User).not_to exist(deletable.id)
  27. end
  28. context 'when user belongs to an organization' do
  29. let(:organization) { create(:organization) }
  30. before { organization.members << deletable }
  31. it 'deletes the user only' do
  32. task.perform
  33. expect(User).not_to exist(deletable.id)
  34. expect(Organization).to exist(organization.id)
  35. end
  36. context 'when organization shall be deleted' do
  37. before do
  38. task.preferences[:delete_organization] = 'true'
  39. task.save!
  40. end
  41. it 'deletes the user and organization' do
  42. task.perform
  43. expect(User).not_to exist(deletable.id)
  44. expect(Organization).not_to exist(organization.id)
  45. end
  46. context 'when organization has more members' do
  47. let(:other_agent) { create(:agent) }
  48. before { organization.members << other_agent }
  49. it 'deletes the original user only' do
  50. task.perform
  51. expect(User).not_to exist(deletable.id)
  52. expect(Organization).to exist(organization.id)
  53. expect(User).to exist(other_agent.id)
  54. end
  55. end
  56. context 'when a secondary organization exists' do
  57. let(:other_organization) { create(:organization) }
  58. before { other_organization.secondary_members << deletable }
  59. it 'deletes the original user and main organization only' do
  60. task.perform
  61. expect(User).not_to exist(deletable.id)
  62. expect(Organization).not_to exist(organization.id)
  63. expect(Organization).to exist(other_organization.id)
  64. end
  65. end
  66. end
  67. end
  68. end
  69. context 'when deleting a ticket' do
  70. let(:deletable) { create(:ticket) }
  71. it 'deletes the ticket' do
  72. task.perform
  73. expect(Ticket).not_to exist(deletable.id)
  74. end
  75. context 'when ticket has a customer that belongs to an organization' do
  76. let(:customer) { create(:customer) }
  77. let(:organization) { create(:organization) }
  78. before do
  79. organization.members << customer
  80. deletable.update!(
  81. customer_id: customer.id,
  82. organization_id: organization.id,
  83. )
  84. end
  85. it 'deletes the ticket only' do
  86. task.perform
  87. expect(Ticket).not_to exist(deletable.id)
  88. expect(User).to exist(customer.id)
  89. expect(Organization).to exist(organization.id)
  90. end
  91. end
  92. end
  93. end
  94. describe '#prepare_deletion_preview' do
  95. let(:organization) { create(:organization, name: 'Zammad GmbH') }
  96. let(:user) { create(:customer, firstname: 'Nicole', lastname: 'Braun', organization: organization, email: 'secret@example.com') }
  97. let(:task) { create(:data_privacy_task, deletable: user) }
  98. context 'when storing user data' do
  99. let(:pseudonymous_data) do
  100. {
  101. 'firstname' => 'N*e',
  102. 'lastname' => 'B*n',
  103. 'email' => 's*t@e*e.com',
  104. 'organization' => 'Z*d G*H',
  105. }
  106. end
  107. it 'creates pseudonymous representation' do
  108. expect(task[:preferences][:user]).to eq(pseudonymous_data)
  109. end
  110. end
  111. context 'when User is owner of Tickets' do
  112. let(:owner_tickets) { create_list(:ticket, 3, owner: user) }
  113. before { owner_tickets }
  114. it 'stores the numbers' do
  115. expect(task[:preferences][:owner_tickets]).to eq(owner_tickets.reverse.map(&:number))
  116. end
  117. context 'when a lot of tickets exist' do
  118. before do
  119. stub_const('DataPrivacyTask::MAX_PREVIEW_TICKETS', 5)
  120. end
  121. let(:owner_tickets) { create_list(:ticket, 6, owner: user) }
  122. it 'stores maximum amount', :aggregate_failures do
  123. expect(task[:preferences][:owner_tickets].size).to be(5)
  124. expect(task[:preferences][:owner_tickets_count]).to be(6)
  125. end
  126. end
  127. end
  128. context 'when User is a customer of Tickets' do
  129. let(:customer_tickets) { create_list(:ticket, 3, customer: user) }
  130. before { customer_tickets }
  131. it 'stores the numbers' do
  132. expect(task[:preferences][:customer_tickets]).to eq(customer_tickets.reverse.map(&:number))
  133. end
  134. context 'when a lot of tickets exist' do
  135. before do
  136. stub_const('DataPrivacyTask::MAX_PREVIEW_TICKETS', 5)
  137. end
  138. let(:customer_tickets) { create_list(:ticket, 6, customer: user) }
  139. it 'stores the maximum amount', :aggregate_failures do
  140. expect(task[:preferences][:customer_tickets].size).to be(5)
  141. expect(task[:preferences][:customer_tickets_count]).to be(6)
  142. end
  143. end
  144. end
  145. context 'when deletable is a ticket' do
  146. let(:ticket) { create(:ticket, title: 'Doomed ticket') }
  147. let(:task) { create(:data_privacy_task, deletable: ticket) }
  148. let(:deleted_tickets) { [ticket.number] }
  149. let(:pseudonymous_data) do
  150. {
  151. 'title' => 'D*d t*t',
  152. }
  153. end
  154. it 'creates pseudonymous representation' do
  155. expect(task[:preferences][:ticket]).to eq(pseudonymous_data)
  156. end
  157. it 'remembers deleted ticket number', :aggregate_failures do
  158. expect(task[:preferences][:customer_tickets]).to eq(deleted_tickets)
  159. expect(task[:preferences][:customer_tickets_count]).to eq(1)
  160. end
  161. end
  162. end
  163. describe '.cleanup' do
  164. let(:task) { create(:data_privacy_task) }
  165. it 'does not delete new tasks' do
  166. task
  167. described_class.cleanup
  168. expect { task.reload }.not_to raise_error
  169. end
  170. it 'does delete old tasks' do
  171. travel_to 13.months.ago
  172. task
  173. travel_back
  174. described_class.cleanup
  175. expect { task.reload }.to raise_error(ActiveRecord::RecordNotFound)
  176. end
  177. it 'does make sure that the cleanup returns truthy value for scheduler' do
  178. expect(described_class.cleanup).to be(true)
  179. end
  180. end
  181. end