search_spec.rb 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Search', type: :request do
  4. let(:group) { create(:group) }
  5. let!(:admin) do
  6. create(:admin, groups: [Group.lookup(name: 'Users'), group])
  7. end
  8. let!(:agent) do
  9. create(:agent, firstname: 'Search 1234', groups: [Group.lookup(name: 'Users'), group])
  10. end
  11. let!(:customer) do
  12. create(:customer)
  13. end
  14. let!(:organization1) do
  15. create(:organization, name: 'Rest Org')
  16. end
  17. let!(:organization2) do
  18. create(:organization, name: 'Rest Org #2')
  19. end
  20. let!(:organization3) do
  21. create(:organization, name: 'Rest Org #3')
  22. end
  23. let!(:organization4) do
  24. create(:organization, name: 'Tes.t. Org')
  25. end
  26. let!(:organization5) do
  27. create(:organization, name: 'ABC_D Org')
  28. end
  29. let!(:customer2) do
  30. create(:customer, organization: organization1)
  31. end
  32. let!(:customer3) do
  33. create(:customer, organization: organization1)
  34. end
  35. let!(:ticket1) do
  36. create(:ticket, title: 'test 1234-1', customer: customer, group: group)
  37. end
  38. let!(:ticket2) do
  39. create(:ticket, title: 'test 1234-2', customer: customer2, group: group)
  40. end
  41. let!(:ticket3) do
  42. create(:ticket, title: 'test 1234-2', customer: customer3, group: group)
  43. end
  44. let!(:article1) do
  45. create(:ticket_article, ticket_id: ticket1.id)
  46. end
  47. let!(:article2) do
  48. create(:ticket_article, ticket_id: ticket2.id)
  49. end
  50. let!(:article3) do
  51. create(:ticket_article, ticket_id: ticket3.id)
  52. end
  53. describe 'request handling', performs_jobs: true, searchindex: true do
  54. before do
  55. searchindex_model_reload([Ticket, User, Organization])
  56. end
  57. it 'does settings index with nobody' do
  58. params = {
  59. query: 'test 1234',
  60. limit: 2,
  61. }
  62. post '/api/v1/search/ticket', params: params, as: :json
  63. expect(response).to have_http_status(:forbidden)
  64. expect(json_response).to be_a(Hash)
  65. expect(json_response).not_to be_blank
  66. expect(json_response['error']).to eq('Authentication required')
  67. post '/api/v1/search/user', params: params, as: :json
  68. expect(response).to have_http_status(:forbidden)
  69. expect(json_response).to be_a(Hash)
  70. expect(json_response).not_to be_blank
  71. expect(json_response['error']).to eq('Authentication required')
  72. post '/api/v1/search', params: params, as: :json
  73. expect(response).to have_http_status(:forbidden)
  74. expect(json_response).to be_a(Hash)
  75. expect(json_response).not_to be_blank
  76. expect(json_response['error']).to eq('Authentication required')
  77. end
  78. it 'does settings index with admin' do
  79. params = {
  80. query: '1234*',
  81. limit: 1,
  82. }
  83. authenticated_as(admin)
  84. post '/api/v1/search', params: params, as: :json
  85. expect(response).to have_http_status(:ok)
  86. expect(json_response).to be_a(Hash)
  87. expect(json_response).to be_truthy
  88. expect(json_response['result'][0]['type']).to eq('Ticket')
  89. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  90. expect(json_response['result'][1]['type']).to eq('User')
  91. expect(json_response['result'][1]['id']).to eq(agent.id)
  92. expect(json_response['result'][2]).to be_falsey
  93. params = {
  94. query: '1234*',
  95. limit: 10,
  96. }
  97. post '/api/v1/search', params: params, as: :json
  98. expect(response).to have_http_status(:ok)
  99. expect(json_response).to be_a(Hash)
  100. expect(json_response).to be_truthy
  101. expect(json_response['result'][0]['type']).to eq('Ticket')
  102. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  103. expect(json_response['result'][1]['type']).to eq('Ticket')
  104. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  105. expect(json_response['result'][2]['type']).to eq('Ticket')
  106. expect(json_response['result'][2]['id']).to eq(ticket1.id)
  107. expect(json_response['result'][3]['type']).to eq('User')
  108. expect(json_response['result'][3]['id']).to eq(agent.id)
  109. expect(json_response['result'][4]).to be_falsey
  110. params = {
  111. query: '1234*',
  112. limit: 10,
  113. }
  114. post '/api/v1/search/ticket', params: params, as: :json
  115. expect(response).to have_http_status(:ok)
  116. expect(json_response).to be_a(Hash)
  117. expect(json_response).to be_truthy
  118. expect(json_response['result'][0]['type']).to eq('Ticket')
  119. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  120. expect(json_response['result'][1]['type']).to eq('Ticket')
  121. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  122. expect(json_response['result'][2]['type']).to eq('Ticket')
  123. expect(json_response['result'][2]['id']).to eq(ticket1.id)
  124. expect(json_response['result'][3]).to be_falsey
  125. params = {
  126. query: '1234*',
  127. limit: 10,
  128. }
  129. post '/api/v1/search/user', params: params, as: :json
  130. expect(response).to have_http_status(:ok)
  131. expect(json_response).to be_a(Hash)
  132. expect(json_response['result'][0]['type']).to eq('User')
  133. expect(json_response['result'][0]['id']).to eq(agent.id)
  134. expect(json_response['result'][1]).to be_falsey
  135. end
  136. it 'does settings index with agent' do
  137. params = {
  138. query: '1234*',
  139. limit: 1,
  140. }
  141. authenticated_as(agent)
  142. post '/api/v1/search', params: params, as: :json
  143. expect(response).to have_http_status(:ok)
  144. expect(json_response).to be_a(Hash)
  145. expect(json_response).to be_truthy
  146. expect(json_response['result'][0]['type']).to eq('Ticket')
  147. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  148. expect(json_response['result'][1]['type']).to eq('User')
  149. expect(json_response['result'][1]['id']).to eq(agent.id)
  150. expect(json_response['result'][2]).to be_falsey
  151. params = {
  152. query: '1234*',
  153. limit: 10,
  154. }
  155. post '/api/v1/search', params: params, as: :json
  156. expect(response).to have_http_status(:ok)
  157. expect(json_response).to be_a(Hash)
  158. expect(json_response).to be_truthy
  159. expect(json_response['result'][0]['type']).to eq('Ticket')
  160. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  161. expect(json_response['result'][1]['type']).to eq('Ticket')
  162. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  163. expect(json_response['result'][2]['type']).to eq('Ticket')
  164. expect(json_response['result'][2]['id']).to eq(ticket1.id)
  165. expect(json_response['result'][3]['type']).to eq('User')
  166. expect(json_response['result'][3]['id']).to eq(agent.id)
  167. expect(json_response['result'][4]).to be_falsey
  168. params = {
  169. query: '1234*',
  170. limit: 10,
  171. }
  172. post '/api/v1/search/ticket', params: params, as: :json
  173. expect(response).to have_http_status(:ok)
  174. expect(json_response).to be_a(Hash)
  175. expect(json_response).to be_truthy
  176. expect(json_response['result'][0]['type']).to eq('Ticket')
  177. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  178. expect(json_response['result'][1]['type']).to eq('Ticket')
  179. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  180. expect(json_response['result'][2]['type']).to eq('Ticket')
  181. expect(json_response['result'][2]['id']).to eq(ticket1.id)
  182. expect(json_response['result'][3]).to be_falsey
  183. params = {
  184. query: '1234*',
  185. limit: 10,
  186. }
  187. post '/api/v1/search/user', params: params, as: :json
  188. expect(response).to have_http_status(:ok)
  189. expect(json_response).to be_a(Hash)
  190. expect(json_response['result'][0]['type']).to eq('User')
  191. expect(json_response['result'][0]['id']).to eq(agent.id)
  192. expect(json_response['result'][1]).to be_falsey
  193. end
  194. it 'does settings index with customer 1' do
  195. params = {
  196. query: '1234*',
  197. limit: 10,
  198. }
  199. authenticated_as(customer)
  200. post '/api/v1/search', params: params, as: :json
  201. expect(response).to have_http_status(:ok)
  202. expect(json_response).to be_a(Hash)
  203. expect(json_response).to be_truthy
  204. expect(json_response['result'][0]['type']).to eq('Ticket')
  205. expect(json_response['result'][0]['id']).to eq(ticket1.id)
  206. expect(json_response['result'][1]).to be_falsey
  207. params = {
  208. query: '1234*',
  209. limit: 10,
  210. }
  211. post '/api/v1/search/ticket', params: params, as: :json
  212. expect(response).to have_http_status(:ok)
  213. expect(json_response).to be_a(Hash)
  214. expect(json_response).to be_truthy
  215. expect(json_response['result'][0]['type']).to eq('Ticket')
  216. expect(json_response['result'][0]['id']).to eq(ticket1.id)
  217. expect(json_response['result'][1]).to be_falsey
  218. params = {
  219. query: '1234*',
  220. limit: 10,
  221. }
  222. post '/api/v1/search/user', params: params, as: :json
  223. expect(response).to have_http_status(:ok)
  224. expect(json_response).to be_a(Hash)
  225. expect(json_response['result'][0]).to be_falsey
  226. end
  227. it 'does settings index with customer 2' do
  228. params = {
  229. query: '1234*',
  230. limit: 10,
  231. }
  232. authenticated_as(customer2)
  233. post '/api/v1/search', params: params, as: :json
  234. expect(response).to have_http_status(:ok)
  235. expect(json_response).to be_a(Hash)
  236. expect(json_response).to be_truthy
  237. expect(json_response['result'][0]['type']).to eq('Ticket')
  238. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  239. expect(json_response['result'][1]['type']).to eq('Ticket')
  240. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  241. expect(json_response['result'][2]).to be_falsey
  242. params = {
  243. query: '1234*',
  244. limit: 10,
  245. }
  246. post '/api/v1/search/ticket', params: params, as: :json
  247. expect(response).to have_http_status(:ok)
  248. expect(json_response).to be_a(Hash)
  249. expect(json_response).to be_truthy
  250. expect(json_response['result'][0]['type']).to eq('Ticket')
  251. expect(json_response['result'][0]['id']).to eq(ticket3.id)
  252. expect(json_response['result'][1]['type']).to eq('Ticket')
  253. expect(json_response['result'][1]['id']).to eq(ticket2.id)
  254. expect(json_response['result'][2]).to be_falsey
  255. params = {
  256. query: '1234*',
  257. limit: 10,
  258. }
  259. post '/api/v1/search/user', params: params, as: :json
  260. expect(response).to have_http_status(:ok)
  261. expect(json_response).to be_a(Hash)
  262. expect(json_response['result'][0]).to be_falsey
  263. end
  264. # Verify fix for Github issue #2058 - Autocomplete hangs on dot in the new user form
  265. it 'does searching for organization with a dot in its name' do
  266. authenticated_as(agent)
  267. get '/api/v1/search/organization?query=tes.', as: :json
  268. expect(response).to have_http_status(:ok)
  269. expect(json_response['result'].size).to eq(1)
  270. expect(json_response['result'][0]['type']).to eq('Organization')
  271. target_id = json_response['result'][0]['id']
  272. expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('Tes.t. Org')
  273. end
  274. # Search query H& should correctly match H&M
  275. it 'does searching for organization with _ in its name' do
  276. authenticated_as(agent)
  277. get '/api/v1/search/organization?query=abc_', as: :json
  278. expect(response).to have_http_status(:ok)
  279. expect(json_response['result'].size).to eq(1)
  280. expect(json_response['result'][0]['type']).to eq('Organization')
  281. target_id = json_response['result'][0]['id']
  282. expect(json_response['assets']['Organization'][target_id.to_s]['name']).to eq('ABC_D Org')
  283. end
  284. it 'does find the ticket by group name even if the group name changes' do
  285. authenticated_as(agent)
  286. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && group.name:ultrasupport" }, as: :json
  287. expect(response).to have_http_status(:ok)
  288. expect(json_response).to be_a(Hash)
  289. expect(json_response).to be_truthy
  290. expect(json_response['assets']['Ticket']).to be_falsey
  291. expect(group).not_to eq('ultrasupport')
  292. group.update(name: 'ultrasupport')
  293. perform_enqueued_jobs
  294. SearchIndexBackend.refresh
  295. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && group.name:ultrasupport" }, as: :json
  296. expect(response).to have_http_status(:ok)
  297. expect(json_response).to be_a(Hash)
  298. expect(json_response).to be_truthy
  299. expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy
  300. end
  301. it 'does find the ticket by state name even if the state name changes' do
  302. authenticated_as(agent)
  303. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && state.name:ultrastate" }, as: :json
  304. expect(response).to have_http_status(:ok)
  305. expect(json_response).to be_a(Hash)
  306. expect(json_response).to be_truthy
  307. expect(json_response['assets']['Ticket']).to be_falsey
  308. expect(ticket1.state.name).not_to eq('ultrastate')
  309. ticket1.state.update(name: 'ultrastate')
  310. perform_enqueued_jobs
  311. SearchIndexBackend.refresh
  312. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && state.name:ultrastate" }, as: :json
  313. expect(response).to have_http_status(:ok)
  314. expect(json_response).to be_a(Hash)
  315. expect(json_response).to be_truthy
  316. expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy
  317. end
  318. it 'does find the ticket by priority name even if the priority name changes' do
  319. authenticated_as(agent)
  320. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && priority.name:ultrapriority" }, as: :json
  321. expect(response).to have_http_status(:ok)
  322. expect(json_response).to be_a(Hash)
  323. expect(json_response).to be_truthy
  324. expect(json_response['assets']['Ticket']).to be_falsey
  325. expect(ticket1.priority.name).not_to eq('ultrapriority')
  326. ticket1.priority.update(name: 'ultrapriority')
  327. perform_enqueued_jobs
  328. SearchIndexBackend.refresh
  329. post '/api/v1/search/Ticket', params: { query: "number:#{ticket1.number} && priority.name:ultrapriority" }, as: :json
  330. expect(response).to have_http_status(:ok)
  331. expect(json_response).to be_a(Hash)
  332. expect(json_response).to be_truthy
  333. expect(json_response['assets']['Ticket'][ticket1.id.to_s]).to be_truthy
  334. end
  335. end
  336. describe 'Assign user to multiple organizations #1573' do
  337. shared_examples 'search for organization ids' do
  338. context 'when customer with multi organizations', authenticated_as: :customer do
  339. context 'with multi organizations' do
  340. let(:customer) { create(:customer, organization: organizations[0], organizations: organizations[1..2]) }
  341. let(:organizations) { create_list(:organization, 5) }
  342. it 'does not return organizations which are not allowed' do
  343. params = {
  344. query: 'TestOrganization',
  345. limit: 10,
  346. }
  347. post '/api/v1/search/Organization', params: params, as: :json
  348. expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  349. expect(json_response['result']).to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  350. expect(json_response['result']).to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  351. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  352. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  353. end
  354. it 'does not return organizations which are not allowed when overwritten' do
  355. params = {
  356. query: 'TestOrganization',
  357. limit: 10,
  358. ids: organizations.map(&:id)
  359. }
  360. post '/api/v1/search/Organization', params: params, as: :json
  361. expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  362. expect(json_response['result']).to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  363. expect(json_response['result']).to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  364. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  365. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  366. end
  367. end
  368. context 'with single organization' do
  369. let(:customer) { create(:customer, organization: organizations[0]) }
  370. let(:organizations) { create_list(:organization, 5) }
  371. it 'does not return organizations which are not allowed' do
  372. params = {
  373. query: 'TestOrganization',
  374. limit: 10,
  375. }
  376. post '/api/v1/search/Organization', params: params, as: :json
  377. expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  378. expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  379. expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  380. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  381. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  382. end
  383. it 'does not return organizations which are not allowed when overwritten' do
  384. params = {
  385. query: 'TestOrganization',
  386. limit: 10,
  387. ids: organizations.map(&:id)
  388. }
  389. post '/api/v1/search/Organization', params: params, as: :json
  390. expect(json_response['result']).to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  391. expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  392. expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  393. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  394. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  395. end
  396. end
  397. context 'with no organization' do
  398. let(:customer) do
  399. organizations
  400. create(:customer)
  401. end
  402. let(:organizations) { create_list(:organization, 5) }
  403. it 'does not return organizations which are not allowed' do
  404. params = {
  405. query: 'TestOrganization',
  406. limit: 10,
  407. }
  408. post '/api/v1/search/Organization', params: params, as: :json
  409. expect(json_response['result']).not_to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  410. expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  411. expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  412. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  413. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  414. end
  415. it 'does not return organizations which are not allowed when overwritten' do
  416. params = {
  417. query: 'TestOrganization',
  418. limit: 10,
  419. ids: organizations.map(&:id)
  420. }
  421. post '/api/v1/search/Organization', params: params, as: :json
  422. expect(json_response['result']).not_to include({ 'id' => organizations[0].id, 'type' => 'Organization' })
  423. expect(json_response['result']).not_to include({ 'id' => organizations[1].id, 'type' => 'Organization' })
  424. expect(json_response['result']).not_to include({ 'id' => organizations[2].id, 'type' => 'Organization' })
  425. expect(json_response['result']).not_to include({ 'id' => organizations[3].id, 'type' => 'Organization' })
  426. expect(json_response['result']).not_to include({ 'id' => organizations[4].id, 'type' => 'Organization' })
  427. end
  428. end
  429. end
  430. it 'does return all organizations' do
  431. params = {
  432. query: 'Rest',
  433. limit: 10,
  434. }
  435. authenticated_as(admin)
  436. post '/api/v1/search/Organization', params: params, as: :json
  437. expect(json_response['result']).to include({ 'id' => organization1.id, 'type' => 'Organization' })
  438. expect(json_response['result']).to include({ 'id' => organization2.id, 'type' => 'Organization' })
  439. expect(json_response['result']).to include({ 'id' => organization3.id, 'type' => 'Organization' })
  440. end
  441. it 'does return organization specific ids' do
  442. params = {
  443. query: 'Rest',
  444. ids: [organization1.id],
  445. limit: 10,
  446. }
  447. authenticated_as(admin)
  448. post '/api/v1/search/Organization', params: params, as: :json
  449. expect(json_response['result']).to include({ 'id' => organization1.id, 'type' => 'Organization' })
  450. expect(json_response['result']).not_to include({ 'id' => organization2.id, 'type' => 'Organization' })
  451. expect(json_response['result']).not_to include({ 'id' => organization3.id, 'type' => 'Organization' })
  452. end
  453. end
  454. context 'with elasticsearch', searchindex: true do
  455. before do
  456. searchindex_model_reload([Ticket, User, Organization])
  457. end
  458. include_examples 'search for organization ids'
  459. end
  460. context 'with db only', searchindex: false do
  461. before do
  462. Setting.set('es_url', nil)
  463. end
  464. include_examples 'search for organization ids'
  465. end
  466. end
  467. end