links_controller_policy_spec.rb 7.9 KB


  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe Controllers::LinksControllerPolicy do
  4. subject { described_class.new(user, record) }
  5. include_context 'basic Knowledge Base'
  6. let(:record_class) { LinksController }
  7. let(:record) do
  8. rec = record_class.new
  9. rec.action_name = action_name
  10. rec.params = params
  11. rec
  12. end
  13. describe '#add' do
  14. context 'with target ticket and source ticket' do
  15. let(:ticket_source) { create(:ticket) }
  16. let(:ticket_target) { create(:ticket) }
  17. let(:action_name) { :add }
  18. let(:params) do
  19. {
  20. link_object_source: 'Ticket',
  21. link_object_source_number: ticket_source.number,
  22. link_object_target: 'Ticket',
  23. link_object_target_value: ticket_target.id,
  24. action: action_name.to_s
  25. }
  26. end
  27. context 'when user has full permission on target and access on source' do
  28. let(:user) { create(:agent, groups: [ticket_target.group, ticket_source.group]) }
  29. it { is_expected.to permit_action(action_name) }
  30. end
  31. context 'when user has no permission on target' do
  32. let(:user) { create(:agent, groups: [ticket_source.group]) }
  33. it { is_expected.to forbid_action(action_name) }
  34. end
  35. context 'when user has no permission on source' do
  36. let(:user) { create(:agent, groups: [ticket_target.group]) }
  37. it { is_expected.to forbid_action(action_name) }
  38. end
  39. end
  40. context 'with target ticket and source knowledge base answer' do
  41. let(:ticket_target) { create(:ticket) }
  42. let(:action_name) { :add }
  43. let(:params) do
  44. {
  45. link_object_source: 'KnowledgeBase::Answer::Translation',
  46. link_object_source_number: kb_answer_source.id,
  47. link_object_target: 'Ticket',
  48. link_object_target_value: ticket_target.id,
  49. action: action_name.to_s
  50. }
  51. end
  52. context 'when user has full permission on target and accces on source' do
  53. let(:kb_answer_source) { published_answer.translations.first }
  54. let(:user) { create(:agent, groups: [ticket_target.group]) }
  55. it { is_expected.to permit_action(action_name) }
  56. end
  57. context 'when user has no permission on target' do
  58. let(:kb_answer_source) { published_answer.translations.first }
  59. let(:user) { create(:agent) }
  60. it { is_expected.to forbid_action(action_name) }
  61. end
  62. context 'when user has no access on source' do
  63. let(:kb_answer_source) { archived_answer.translations.first }
  64. let(:user) { create(:agent, groups: [ticket_target.group]) }
  65. it { is_expected.to forbid_action(action_name) }
  66. end
  67. end
  68. context 'with target knowledge base answer and source ticket' do
  69. let(:ticket_source) { create(:ticket) }
  70. let(:kb_answer_target) { published_answer.translations.first }
  71. let(:action_name) { :remove }
  72. let(:params) do
  73. {
  74. link_object_source: 'Ticket',
  75. link_object_source_number: ticket_source.number,
  76. link_object_target: 'KnowledgeBase::Answer::Translation',
  77. link_object_target_value: kb_answer_target.id,
  78. }
  79. end
  80. context 'when user has full permission on target and accces on source' do
  81. let(:role) { create(:role, permission_names: %w[knowledge_base.editor]) }
  82. let(:user) { create(:agent, groups: [ticket_source.group], roles: [role]) }
  83. it { is_expected.to permit_action(action_name) }
  84. end
  85. context 'when user has no permission on target' do
  86. let(:user) { create(:agent, groups: [ticket_source.group]) }
  87. it { is_expected.to forbid_action(action_name) }
  88. end
  89. context 'when user has no accces on source' do
  90. let(:role) { create(:role, permission_names: %w[knowledge_base.editor]) }
  91. let(:ticket_source) { create(:ticket, group: create(:group)) }
  92. let(:user) { create(:agent, roles: [role]) }
  93. it { is_expected.to permit_action(action_name) }
  94. end
  95. end
  96. end
  97. describe '#remove' do
  98. context 'with target ticket and source ticket' do
  99. let(:ticket_source) { create(:ticket) }
  100. let(:ticket_target) { create(:ticket) }
  101. let(:action_name) { :remove }
  102. let(:params) do
  103. {
  104. link_object_source: 'Ticket',
  105. link_object_source_value: ticket_source.id,
  106. link_object_target: 'Ticket',
  107. link_object_target_value: ticket_target.id,
  108. action: action_name.to_s
  109. }
  110. end
  111. context 'when user has full permission on target and access on source' do
  112. let(:user) { create(:agent, groups: [ticket_target.group, ticket_source.group]) }
  113. it { is_expected.to permit_action(action_name) }
  114. end
  115. context 'when user has no permission on target' do
  116. let(:user) { create(:agent, groups: [ticket_source.group]) }
  117. it { is_expected.to forbid_action(action_name) }
  118. end
  119. context 'when user has no permission on source' do
  120. let(:user) { create(:agent, groups: [ticket_target.group]) }
  121. it { is_expected.to permit_action(action_name) }
  122. end
  123. end
  124. context 'with target ticket and source knowledge base answer' do
  125. let(:ticket_target) { create(:ticket) }
  126. let(:action_name) { :remove }
  127. let(:params) do
  128. {
  129. link_object_source: 'KnowledgeBase::Answer::Translation',
  130. link_object_source_value: kb_answer_source.id,
  131. link_object_target: 'Ticket',
  132. link_object_target_value: ticket_target.id,
  133. action: action_name.to_s
  134. }
  135. end
  136. context 'when user has full permission on target and access on source' do
  137. let(:kb_answer_source) { published_answer.translations.first }
  138. let(:user) { create(:agent, groups: [ticket_target.group]) }
  139. it { is_expected.to permit_action(action_name) }
  140. end
  141. context 'when user has no permission on target' do
  142. let(:kb_answer_source) { published_answer.translations.first }
  143. let(:user) { create(:agent) }
  144. it { is_expected.to forbid_action(action_name) }
  145. end
  146. context 'when user has no permission on source' do
  147. let(:kb_answer_source) { archived_answer.translations.first }
  148. let(:user) { create(:agent, groups: [ticket_target.group]) }
  149. it { is_expected.to permit_action(action_name) }
  150. end
  151. end
  152. context 'with target knowledge base answer and source ticket' do
  153. let(:ticket_source) { create(:ticket) }
  154. let(:kb_answer_target) { published_answer.translations.first }
  155. let(:action_name) { :remove }
  156. let(:params) do
  157. {
  158. link_object_source: 'Ticket',
  159. link_object_source_number: ticket_source.number,
  160. link_object_target: 'KnowledgeBase::Answer::Translation',
  161. link_object_target_value: kb_answer_target.id,
  162. }
  163. end
  164. context 'when user has full permission on target and accces on source' do
  165. let(:role) { create(:role, permission_names: %w[knowledge_base.editor]) }
  166. let(:user) { create(:agent, groups: [ticket_source.group], roles: [role]) }
  167. it { is_expected.to permit_action(action_name) }
  168. end
  169. context 'when user has no permission on target' do
  170. let(:user) { create(:agent, groups: [ticket_source.group]) }
  171. it { is_expected.to forbid_action(action_name) }
  172. end
  173. context 'when user has no accces on source' do
  174. let(:role) { create(:role, permission_names: %w[knowledge_base.editor]) }
  175. let(:ticket_source) { create(:ticket, group: create(:group)) }
  176. let(:user) { create(:agent, roles: [role]) }
  177. it { is_expected.to permit_action(action_name) }
  178. end
  179. end
  180. end
  181. end