zammad/test/controllers/search_controller_test.rb

require 'test_helper'
require 'rake'

class SearchControllerTest < ActionDispatch::IntegrationTest
  setup do

    # set current user
    UserInfo.current_user_id = 1

    # set accept header
    @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }

    # create agent
    roles  = Role.where(name: %w[Admin Agent])
    groups = Group.all

    @admin = User.create_or_update(
      login: 'search-admin',
      firstname: 'Search',
      lastname: 'Admin',
      email: 'search-admin@example.com',
      password: 'adminpw',
      active: true,
      roles: roles,
      groups: groups,
    )

    # create agent
    roles = Role.where(name: 'Agent')
    @agent = User.create_or_update(
      login: 'search-agent@example.com',
      firstname: 'Search 1234',
      lastname: 'Agent',
      email: 'search-agent@example.com',
      password: 'agentpw',
      active: true,
      roles: roles,
      groups: groups,
    )

    # create customer without org
    roles = Role.where(name: 'Customer')
    @customer_without_org = User.create_or_update(
      login: 'search-customer1@example.com',
      firstname: 'Search',
      lastname: 'Customer1',
      email: 'search-customer1@example.com',
      password: 'customer1pw',
      active: true,
      roles: roles,
    )

    # create orgs
    @organization = Organization.create_or_update(
      name: 'Rest Org',
    )
    @organization2 = Organization.create_or_update(
      name: 'Rest Org #2',
    )
    @organization3 = Organization.create_or_update(
      name: 'Rest Org #3',
    )

    # create customer with org
    @customer_with_org2 = User.create_or_update(
      login: 'search-customer2@example.com',
      firstname: 'Search',
      lastname: 'Customer2',
      email: 'search-customer2@example.com',
      password: 'customer2pw',
      active: true,
      roles: roles,
      organization_id: @organization.id,
    )

    @customer_with_org3 = User.create_or_update(
      login: 'search-customer3@example.com',
      firstname: 'Search',
      lastname: 'Customer3',
      email: 'search-customer3@example.com',
      password: 'customer3pw',
      active: true,
      roles: roles,
      organization_id: @organization.id,
    )

    @ticket1 = Ticket.create!(
      title: 'test 1234-1',
      group: Group.lookup(name: 'Users'),
      customer_id: @customer_without_org.id,
      state: Ticket::State.lookup(name: 'new'),
      priority: Ticket::Priority.lookup(name: '2 normal'),
    )
    @article1 = Ticket::Article.create!(
      ticket_id: @ticket1.id,
      from: 'some_sender1@example.com',
      to: 'some_recipient1@example.com',
      subject: 'some subject1',
      message_id: 'some@id',
      body: 'some message1',
      internal: false,
      sender: Ticket::Article::Sender.where(name: 'Customer').first,
      type: Ticket::Article::Type.where(name: 'email').first,
    )
    travel 1.second
    @ticket2 = Ticket.create!(
      title: 'test 1234-2',
      group: Group.lookup(name: 'Users'),
      customer_id: @customer_with_org2.id,
      state: Ticket::State.lookup(name: 'new'),
      priority: Ticket::Priority.lookup(name: '2 normal'),
    )
    @article2 = Ticket::Article.create!(
      ticket_id: @ticket2.id,
      from: 'some_sender2@example.com',
      to: 'some_recipient2@example.com',
      subject: 'some subject2',
      message_id: 'some@id',
      body: 'some message2',
      internal: false,
      sender: Ticket::Article::Sender.where(name: 'Customer').first,
      type: Ticket::Article::Type.where(name: 'email').first,
    )
    travel 1.second
    @ticket3 = Ticket.create!(
      title: 'test 1234-2',
      group: Group.lookup(name: 'Users'),
      customer_id: @customer_with_org3.id,
      state: Ticket::State.lookup(name: 'new'),
      priority: Ticket::Priority.lookup(name: '2 normal'),
    )
    @article3 = Ticket::Article.create!(
      ticket_id: @ticket3.id,
      from: 'some_sender3@example.com',
      to: 'some_recipient3@example.com',
      subject: 'some subject3',
      message_id: 'some@id',
      body: 'some message3',
      internal: false,
      sender: Ticket::Article::Sender.where(name: 'Customer').first,
      type: Ticket::Article::Type.where(name: 'email').first,
    )

    # configure es
    if ENV['ES_URL'].present?
      #fail "ERROR: Need ES_URL - hint ES_URL='http://127.0.0.1:9200'"
      Setting.set('es_url', ENV['ES_URL'])

      # Setting.set('es_url', 'http://127.0.0.1:9200')
      # Setting.set('es_index', 'estest.local_zammad')
      # Setting.set('es_user', 'elasticsearch')
      # Setting.set('es_password', 'zammad')

      if ENV['ES_INDEX_RAND'].present?
        ENV['ES_INDEX'] = "es_index_#{rand(999_999_999)}"
      end
      if ENV['ES_INDEX'].blank?
        raise "ERROR: Need ES_INDEX - hint ES_INDEX='estest.local_zammad'"
      end
      Setting.set('es_index', ENV['ES_INDEX'])

      # set max attachment size in mb
      Setting.set('es_attachment_max_size_in_mb', 1)

      travel 1.minute

      # drop/create indexes
      Rake::Task.clear
      Zammad::Application.load_tasks
      #Rake::Task["searchindex:drop"].execute
      #Rake::Task["searchindex:create"].execute
      Rake::Task['searchindex:rebuild'].execute

      # execute background jobs
      Scheduler.worker(true)

      sleep 6
    end
  end

  teardown do
    if ENV['ES_URL'].present?
      Rake::Task['searchindex:drop'].execute
    end
  end

  test 'settings index with nobody' do
    params = {
      query: 'test 1234',
      limit: 2,
    }

    post '/api/v1/search/ticket', params: params.to_json, headers: @headers
    assert_response(401)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_not(result.blank?)
    assert_equal('authentication failed', result['error'])

    post '/api/v1/search/user', params: params.to_json, headers: @headers
    assert_response(401)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_not(result.blank?)
    assert_equal('authentication failed', result['error'])

    post '/api/v1/search', params: params.to_json, headers: @headers
    assert_response(401)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_not(result.blank?)
    assert_equal('authentication failed', result['error'])
  end

  test 'settings index with admin' do
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-admin@example.com', 'adminpw')

    params = {
      query: '1234*',
      limit: 1,
    }
    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('User', result['result'][1]['type'])
    assert_equal(@agent.id, result['result'][1]['id'])
    assert_not(result['result'][2])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_equal('Ticket', result['result'][2]['type'])
    assert_equal(@ticket1.id, result['result'][2]['id'])
    assert_equal('User', result['result'][3]['type'])
    assert_equal(@agent.id, result['result'][3]['id'])
    assert_not(result['result'][4])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_equal('Ticket', result['result'][2]['type'])
    assert_equal(@ticket1.id, result['result'][2]['id'])
    assert_not(result['result'][3])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_equal('User', result['result'][0]['type'])
    assert_equal(@agent.id, result['result'][0]['id'])
    assert_not(result['result'][1])
  end

  test 'settings index with agent' do
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-agent@example.com', 'agentpw')

    params = {
      query: '1234*',
      limit: 1,
    }

    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('User', result['result'][1]['type'])
    assert_equal(@agent.id, result['result'][1]['id'])
    assert_not(result['result'][2])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_equal('Ticket', result['result'][2]['type'])
    assert_equal(@ticket1.id, result['result'][2]['id'])
    assert_equal('User', result['result'][3]['type'])
    assert_equal(@agent.id, result['result'][3]['id'])
    assert_not(result['result'][4])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_equal('Ticket', result['result'][2]['type'])
    assert_equal(@ticket1.id, result['result'][2]['id'])
    assert_not(result['result'][3])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_equal('User', result['result'][0]['type'])
    assert_equal(@agent.id, result['result'][0]['id'])
    assert_not(result['result'][1])
  end

  test 'settings index with customer 1' do
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer1@example.com', 'customer1pw')

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket1.id, result['result'][0]['id'])
    assert_not(result['result'][1])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket1.id, result['result'][0]['id'])
    assert_not(result['result'][1])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_not(result['result'][0])
  end

  test 'settings index with customer 2' do
    credentials = ActionController::HttpAuthentication::Basic.encode_credentials('search-customer2@example.com', 'customer2pw')

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_not(result['result'][2])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/ticket', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert(result)
    assert_equal('Ticket', result['result'][0]['type'])
    assert_equal(@ticket3.id, result['result'][0]['id'])
    assert_equal('Ticket', result['result'][1]['type'])
    assert_equal(@ticket2.id, result['result'][1]['id'])
    assert_not(result['result'][2])

    params = {
      query: '1234*',
      limit: 10,
    }

    post '/api/v1/search/user', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
    assert_response(200)
    result = JSON.parse(@response.body)
    assert_equal(Hash, result.class)
    assert_not(result['result'][0])
  end

end