shared_examples.rb 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. RSpec.shared_examples 'for agent user' do |access_type|
  3. let(:member_groups) { create_list(:group, 2) }
  4. let(:nonmember_group) { create(:group) }
  5. before do
  6. create(:ticket, group: member_groups.first)
  7. create(:ticket, group: member_groups.second)
  8. create(:ticket, group: nonmember_group)
  9. end
  10. shared_examples 'shown' do
  11. it 'returns its groups’ tickets' do
  12. expect(scope.resolve).to match_array(Ticket.where(group: member_groups))
  13. end
  14. end
  15. shared_examples 'hidden' do
  16. it 'does not return its groups’ tickets' do
  17. expect(scope.resolve).to be_empty
  18. end
  19. end
  20. context 'with direct access via User#groups' do
  21. let(:user) { create(:agent, groups: member_groups) }
  22. context 'when checking for "full" access' do
  23. # this is already true by default, but it doesn't hurt to be explicit
  24. before { user.user_groups.each { |ug| ug.update_columns(access: 'full') } }
  25. include_examples 'shown'
  26. end
  27. context 'when limited to "read" access' do
  28. before { user.user_groups.each { |ug| ug.update_columns(access: 'read') } }
  29. include_examples access_type == 'read' ? 'shown' : 'hidden'
  30. end
  31. context 'when limited to "overview" access' do
  32. before { user.user_groups.each { |ug| ug.update_columns(access: 'overview') } }
  33. include_examples access_type == 'overview' ? 'shown' : 'hidden'
  34. end
  35. end
  36. context 'without any role permission' do
  37. let(:role_without_rights) { create(:role) }
  38. let(:user) { create(:agent, groups: member_groups, role_ids: [ role_without_rights.id ]) }
  39. context 'when checking for "full" access' do
  40. # this is already true by default, but it doesn't hurt to be explicit
  41. before { user.user_groups.each { |ug| ug.update_columns(access: 'full') } }
  42. include_examples 'hidden'
  43. end
  44. context 'when limited to "read" access' do
  45. before { user.user_groups.each { |ug| ug.update_columns(access: 'read') } }
  46. include_examples 'hidden'
  47. end
  48. context 'when limited to "overview" access' do
  49. before { user.user_groups.each { |ug| ug.update_columns(access: 'overview') } }
  50. include_examples 'hidden'
  51. end
  52. end
  53. context 'with report permission' do
  54. let(:report_role) { create(:role).tap { |role| role.permission_grant('report') } }
  55. let(:user) { create(:agent, groups: member_groups, role_ids: [ report_role.id ]) }
  56. context 'when checking for "full" access' do
  57. # this is already true by default, but it doesn't hurt to be explicit
  58. before { user.user_groups.each { |ug| ug.update_columns(access: 'full') } }
  59. it 'grants access to all tickets' do
  60. expect(scope.resolve).to match_array(Ticket.all)
  61. end
  62. end
  63. context 'when limited to "read" access' do
  64. before { user.user_groups.each { |ug| ug.update_columns(access: 'read') } }
  65. it 'grants access to all tickets' do
  66. expect(scope.resolve).to match_array(Ticket.all)
  67. end
  68. end
  69. context 'when limited to "overview" access' do
  70. before { user.user_groups.each { |ug| ug.update_columns(access: 'overview') } }
  71. it 'grants access to all tickets' do
  72. expect(scope.resolve).to match_array(Ticket.all)
  73. end
  74. end
  75. end
  76. context 'with indirect access via Role#groups' do
  77. let(:user) { create(:agent).tap { |u| u.roles << role } }
  78. let(:role) { create(:role, :agent, groups: member_groups) }
  79. context 'when checking for "full" access' do
  80. # this is already true by default, but it doesn't hurt to be explicit
  81. before { role.role_groups.each { |rg| rg.update_columns(access: 'full') } }
  82. include_examples 'shown'
  83. end
  84. context 'when limited to "read" access' do
  85. before { role.role_groups.each { |rg| rg.update_columns(access: 'read') } }
  86. include_examples access_type == 'read' ? 'shown' : 'hidden'
  87. end
  88. context 'when limited to "overview" access' do
  89. before { role.role_groups.each { |rg| rg.update_columns(access: 'overview') } }
  90. include_examples access_type == 'overview' ? 'shown' : 'hidden'
  91. end
  92. end
  93. context 'when checking access via customer organization but no customer permissions' do
  94. let(:user) { create(:agent, organization: organization) }
  95. let(:teammate) { create(:agent, organization: organization) }
  96. before do
  97. create_list(:ticket, 2, customer: user)
  98. create_list(:ticket, 2, customer: teammate)
  99. end
  100. context 'with no #organization' do
  101. let(:organization) { nil }
  102. it 'returns no tickets' do
  103. expect(scope.resolve).to be_empty
  104. end
  105. end
  106. context 'with a non-shared #organization' do
  107. let(:organization) { create(:organization, shared: false) }
  108. it 'returns no tickets' do
  109. expect(scope.resolve).to be_empty
  110. end
  111. end
  112. context 'with a shared #organization (default)' do
  113. let(:organization) { create(:organization, shared: true) }
  114. it 'returns no tickets' do
  115. expect(scope.resolve).to be_empty
  116. end
  117. end
  118. end
  119. end
  120. RSpec.shared_examples 'for agent user with predefined but impossible context' do
  121. let(:member_groups) { create_list(:group, 2) }
  122. let(:nonmember_group) { create(:group) }
  123. let(:user) { create(:agent, groups: member_groups) }
  124. before do
  125. create(:ticket, group: member_groups.first)
  126. create(:ticket, group: member_groups.second)
  127. create(:ticket, group: nonmember_group)
  128. end
  129. it 'does not find tickets because of restrictive predefined scope' do
  130. expect(scope.resolve).to match_array(Ticket.where(id: -1))
  131. end
  132. end
  133. RSpec.shared_examples 'for customer user' do
  134. let(:user) { create(:customer, organization: organization) }
  135. let!(:user_tickets) { create_list(:ticket, 2, customer: user) }
  136. let(:teammate) { create(:customer, organization: organization) }
  137. let!(:teammate_tickets) { create_list(:ticket, 2, customer: teammate) }
  138. context 'with no #organization' do
  139. let(:organization) { nil }
  140. it 'returns only the customer’s tickets' do
  141. expect(scope.resolve).to match_array(user_tickets)
  142. end
  143. end
  144. context 'with a non-shared #organization' do
  145. let(:organization) { create(:organization, shared: false) }
  146. it 'returns only the customer’s tickets' do
  147. expect(scope.resolve).to match_array(user_tickets)
  148. end
  149. end
  150. context 'with a shared #organization (default)' do
  151. let(:organization) { create(:organization, shared: true) }
  152. it 'returns only the customer’s or organization’s tickets' do
  153. expect(scope.resolve).to match_array(user_tickets | teammate_tickets)
  154. end
  155. end
  156. context 'with a multi #organization (shared false)' do
  157. let(:user) { create(:customer, organization: organization, organizations: [secondary_organization]) }
  158. let(:organization) { create(:organization, shared: true) }
  159. let(:secondary_organization) { create(:organization, shared: false) }
  160. let(:secondarymate) { create(:customer, organization: secondary_organization) }
  161. let(:secondarymate_tickets) { create_list(:ticket, 2, customer: secondarymate) }
  162. before do
  163. secondarymate_tickets
  164. end
  165. it 'returns only the customer’s or organization’s tickets' do
  166. expect(scope.resolve).to match_array(user_tickets | teammate_tickets)
  167. end
  168. end
  169. context 'with a multi #organization (shared true)' do
  170. let(:user) { create(:customer, organization: organization, organizations: [secondary_organization]) }
  171. let(:organization) { create(:organization, shared: false) }
  172. let(:secondary_organization) { create(:organization, shared: true) }
  173. let(:secondarymate) { create(:customer, organization: secondary_organization) }
  174. let(:secondarymate_tickets) { create_list(:ticket, 2, customer: secondarymate) }
  175. before do
  176. secondarymate_tickets
  177. end
  178. it 'returns only the customer’s or organization’s tickets' do
  179. expect(scope.resolve).to match_array(user_tickets | secondarymate_tickets)
  180. end
  181. end
  182. end