article_policy_spec.rb 2.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe Ticket::ArticlePolicy do
  4. subject { described_class.new(user, record) }
  5. let!(:group) { create(:group) }
  6. let!(:ticket_customer) { create(:customer) }
  7. let(:record) do
  8. ticket = create(:ticket, group: group, customer: ticket_customer)
  9. create(:ticket_article, ticket: ticket)
  10. end
  11. context 'when article internal' do
  12. let(:record) do
  13. ticket = create(:ticket, group: group, customer: ticket_customer)
  14. create(:ticket_article, ticket: ticket, internal: true)
  15. end
  16. context 'when agent' do
  17. let(:user) { create(:agent, groups: [group]) }
  18. it { is_expected.to permit_actions(%i[show]) }
  19. end
  20. context 'when agent and customer' do
  21. let(:user) { create(:agent_and_customer, groups: [group]) }
  22. it { is_expected.to permit_actions(%i[show]) }
  23. end
  24. context 'when agent and customer but no agent group access' do
  25. let(:user) do
  26. customer_role = create(:role, :customer)
  27. create(:agent_and_customer, roles: [customer_role])
  28. end
  29. it { is_expected.to forbid_actions(%i[show]) }
  30. end
  31. context 'when customer' do
  32. let(:user) { ticket_customer }
  33. it { is_expected.to forbid_actions(%i[show]) }
  34. end
  35. end
  36. context 'when agent' do
  37. let(:user) { create(:agent, groups: [group]) }
  38. it { is_expected.to permit_actions(%i[show]) }
  39. end
  40. context 'when agent and customer' do
  41. let(:user) { create(:agent_and_customer, groups: [group]) }
  42. it { is_expected.to permit_actions(%i[show]) }
  43. end
  44. context 'when customer' do
  45. let(:user) { ticket_customer }
  46. it { is_expected.to permit_actions(%i[show]) }
  47. end
  48. context 'when customer is agent and customer' do
  49. let(:user) { ticket_customer }
  50. let(:ticket_customer) { create(:agent_and_customer) }
  51. it { is_expected.to permit_actions(%i[show]) }
  52. it { is_expected.to forbid_actions(%i[update destroy]) }
  53. end
  54. end