user_controller_test.rb 46 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137
  1. require 'test_helper'
  2. class UserControllerTest < ActionDispatch::IntegrationTest
  3. include SearchindexHelper
  4. setup do
  5. # set accept header
  6. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
  7. # create agent
  8. roles = Role.where(name: %w[Admin Agent])
  9. groups = Group.all
  10. UserInfo.current_user_id = 1
  11. @backup_admin = User.create!(
  12. login: 'backup-admin',
  13. firstname: 'Backup',
  14. lastname: 'Agent',
  15. email: 'backup-admin@example.com',
  16. password: 'adminpw',
  17. active: true,
  18. roles: roles,
  19. groups: groups,
  20. )
  21. @admin = User.create!(
  22. login: 'rest-admin',
  23. firstname: 'Rest',
  24. lastname: 'Agent',
  25. email: 'rest-admin@example.com',
  26. password: 'adminpw',
  27. active: true,
  28. roles: roles,
  29. groups: groups,
  30. )
  31. # create agent
  32. roles = Role.where(name: 'Agent')
  33. @agent = User.create!(
  34. login: 'rest-agent@example.com',
  35. firstname: 'Rest',
  36. lastname: 'Agent',
  37. email: 'rest-agent@example.com',
  38. password: 'agentpw',
  39. active: true,
  40. roles: roles,
  41. groups: groups,
  42. )
  43. # create customer without org
  44. roles = Role.where(name: 'Customer')
  45. @customer_without_org = User.create!(
  46. login: 'rest-customer1@example.com',
  47. firstname: 'Rest',
  48. lastname: 'Customer1',
  49. email: 'rest-customer1@example.com',
  50. password: 'customer1pw',
  51. active: true,
  52. roles: roles,
  53. )
  54. # create orgs
  55. @organization = Organization.create!(
  56. name: 'Rest Org',
  57. )
  58. @organization2 = Organization.create!(
  59. name: 'Rest Org #2',
  60. )
  61. @organization3 = Organization.create!(
  62. name: 'Rest Org #3',
  63. )
  64. # create customer with org
  65. @customer_with_org = User.create!(
  66. login: 'rest-customer2@example.com',
  67. firstname: 'Rest',
  68. lastname: 'Customer2',
  69. email: 'rest-customer2@example.com',
  70. password: 'customer2pw',
  71. active: true,
  72. roles: roles,
  73. organization_id: @organization.id,
  74. )
  75. configure_elasticsearch do
  76. travel 1.minute
  77. rebuild_searchindex
  78. # execute background jobs
  79. Scheduler.worker(true)
  80. sleep 6
  81. end
  82. UserInfo.current_user_id = nil
  83. end
  84. test 'user create tests - no user' do
  85. post '/api/v1/signshow', params: {}, headers: @headers
  86. # create user with disabled feature
  87. Setting.set('user_create_account', false)
  88. token = @response.headers['CSRF-TOKEN']
  89. # token based on form
  90. params = { email: 'some_new_customer@example.com', authenticity_token: token }
  91. post '/api/v1/users', params: params.to_json, headers: @headers
  92. assert_response(422)
  93. result = JSON.parse(@response.body)
  94. assert(result['error'])
  95. assert_equal('Feature not enabled!', result['error'])
  96. # token based on headers
  97. headers = @headers.merge('X-CSRF-Token' => token)
  98. params = { email: 'some_new_customer@example.com' }
  99. post '/api/v1/users', params: params.to_json, headers: headers
  100. assert_response(422)
  101. result = JSON.parse(@response.body)
  102. assert(result['error'])
  103. assert_equal('Feature not enabled!', result['error'])
  104. Setting.set('user_create_account', true)
  105. # no signup param with enabled feature
  106. params = { email: 'some_new_customer@example.com' }
  107. post '/api/v1/users', params: params.to_json, headers: headers
  108. assert_response(422)
  109. result = JSON.parse(@response.body)
  110. assert(result['error'])
  111. assert_equal('Only signup with not authenticate user possible!', result['error'])
  112. # already existing user with enabled feature
  113. params = { email: 'rest-customer1@example.com', signup: true }
  114. post '/api/v1/users', params: params.to_json, headers: headers
  115. assert_response(422)
  116. result = JSON.parse(@response.body)
  117. assert(result['error'])
  118. assert_equal('Email address is already used for other user.', result['error'])
  119. # email missing with enabled feature
  120. params = { firstname: 'some firstname', signup: true }
  121. post '/api/v1/users', params: params.to_json, headers: headers
  122. assert_response(422)
  123. result = JSON.parse(@response.body)
  124. assert(result['error'])
  125. assert_equal('Attribute \'email\' required!', result['error'])
  126. # email missing with enabled feature
  127. params = { firstname: 'some firstname', signup: true }
  128. post '/api/v1/users', params: params.to_json, headers: headers
  129. assert_response(422)
  130. result = JSON.parse(@response.body)
  131. assert(result['error'])
  132. assert_equal('Attribute \'email\' required!', result['error'])
  133. # create user with enabled feature (take customer role)
  134. params = { firstname: 'Me First', lastname: 'Me Last', email: 'new_here@example.com', signup: true }
  135. post '/api/v1/users', params: params.to_json, headers: headers
  136. assert_response(201)
  137. result = JSON.parse(@response.body)
  138. assert(result)
  139. assert_equal('Me First', result['firstname'])
  140. assert_equal('Me Last', result['lastname'])
  141. assert_equal('new_here@example.com', result['login'])
  142. assert_equal('new_here@example.com', result['email'])
  143. user = User.find(result['id'])
  144. assert_not(user.role?('Admin'))
  145. assert_not(user.role?('Agent'))
  146. assert(user.role?('Customer'))
  147. # create user with admin role (not allowed for signup, take customer role)
  148. role = Role.lookup(name: 'Admin')
  149. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin@example.com', role_ids: [ role.id ], signup: true }
  150. post '/api/v1/users', params: params.to_json, headers: headers
  151. assert_response(201)
  152. result = JSON.parse(@response.body)
  153. assert(result)
  154. user = User.find(result['id'])
  155. assert_not(user.role?('Admin'))
  156. assert_not(user.role?('Agent'))
  157. assert(user.role?('Customer'))
  158. # create user with agent role (not allowed for signup, take customer role)
  159. role = Role.lookup(name: 'Agent')
  160. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent@example.com', role_ids: [ role.id ], signup: true }
  161. post '/api/v1/users', params: params.to_json, headers: headers
  162. assert_response(201)
  163. result = JSON.parse(@response.body)
  164. assert(result)
  165. user = User.find(result['id'])
  166. assert_not(user.role?('Admin'))
  167. assert_not(user.role?('Agent'))
  168. assert(user.role?('Customer'))
  169. # no user (because of no session)
  170. get '/api/v1/users', params: {}, headers: headers
  171. assert_response(401)
  172. result = JSON.parse(@response.body)
  173. assert_equal('authentication failed', result['error'])
  174. # me
  175. get '/api/v1/users/me', params: {}, headers: headers
  176. assert_response(401)
  177. result = JSON.parse(@response.body)
  178. assert_equal('authentication failed', result['error'])
  179. end
  180. test 'auth tests - not existing user' do
  181. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('not_existing@example.com', 'adminpw')
  182. # me
  183. get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
  184. assert_response(401)
  185. result = JSON.parse(@response.body)
  186. assert_equal('authentication failed', result['error'])
  187. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  188. assert_response(401)
  189. result = JSON.parse(@response.body)
  190. assert_equal('authentication failed', result['error'])
  191. end
  192. test 'auth tests - username auth, wrong pw' do
  193. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'not_existing')
  194. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  195. assert_response(401)
  196. result = JSON.parse(@response.body)
  197. assert_equal('authentication failed', result['error'])
  198. end
  199. test 'auth tests - email auth, wrong pw' do
  200. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'not_existing')
  201. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  202. assert_response(401)
  203. result = JSON.parse(@response.body)
  204. assert_equal('authentication failed', result['error'])
  205. end
  206. test 'auth tests - username auth' do
  207. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin', 'adminpw')
  208. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  209. assert_response(200)
  210. result = JSON.parse(@response.body)
  211. assert(result)
  212. end
  213. test 'auth tests - email auth' do
  214. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  215. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  216. assert_response(200)
  217. result = JSON.parse(@response.body)
  218. assert(result)
  219. end
  220. test 'user index and create with admin' do
  221. # email auth
  222. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  223. # me
  224. get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
  225. assert_response(200)
  226. result = JSON.parse(@response.body)
  227. assert(result)
  228. assert_equal(result['email'], 'rest-admin@example.com')
  229. # index
  230. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  231. assert_response(200)
  232. result = JSON.parse(@response.body)
  233. assert(result)
  234. # index
  235. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  236. assert_response(200)
  237. result = JSON.parse(@response.body)
  238. assert(result)
  239. assert_equal(result.class, Array)
  240. assert(result.length >= 3)
  241. # show/:id
  242. get "/api/v1/users/#{@agent.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  243. assert_response(200)
  244. result = JSON.parse(@response.body)
  245. assert(result)
  246. assert_equal(result.class, Hash)
  247. assert_equal(result['email'], 'rest-agent@example.com')
  248. get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  249. assert_response(200)
  250. result = JSON.parse(@response.body)
  251. assert(result)
  252. assert_equal(result.class, Hash)
  253. assert_equal(result['email'], 'rest-customer1@example.com')
  254. # create user with admin role
  255. role = Role.lookup(name: 'Admin')
  256. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_admin@example.com', role_ids: [ role.id ] }
  257. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  258. assert_response(201)
  259. result = JSON.parse(@response.body)
  260. assert(result)
  261. user = User.find(result['id'])
  262. assert(user.role?('Admin'))
  263. assert_not(user.role?('Agent'))
  264. assert_not(user.role?('Customer'))
  265. assert_equal('new_admin_by_admin@example.com', result['login'])
  266. assert_equal('new_admin_by_admin@example.com', result['email'])
  267. # create user with agent role
  268. role = Role.lookup(name: 'Agent')
  269. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_admin1@example.com', role_ids: [ role.id ] }
  270. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  271. assert_response(201)
  272. result = JSON.parse(@response.body)
  273. assert(result)
  274. user = User.find(result['id'])
  275. assert_not(user.role?('Admin'))
  276. assert(user.role?('Agent'))
  277. assert_not(user.role?('Customer'))
  278. assert_equal('new_agent_by_admin1@example.com', result['login'])
  279. assert_equal('new_agent_by_admin1@example.com', result['email'])
  280. role = Role.lookup(name: 'Agent')
  281. params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
  282. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  283. assert_response(201)
  284. result = JSON.parse(@response.body)
  285. assert(result)
  286. user = User.find(result['id'])
  287. assert_not(user.role?('Admin'))
  288. assert(user.role?('Agent'))
  289. assert_not(user.role?('Customer'))
  290. assert_equal('new_agent_by_admin2@example.com', result['login'])
  291. assert_equal('new_agent_by_admin2@example.com', result['email'])
  292. assert_equal('Agent', result['firstname'])
  293. assert_equal('First', result['lastname'])
  294. role = Role.lookup(name: 'Agent')
  295. params = { firstname: 'Agent First', email: 'new_agent_by_admin2@example.com', role_ids: [ role.id ] }
  296. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  297. assert_response(422)
  298. result = JSON.parse(@response.body)
  299. assert(result)
  300. assert_equal('Email address is already used for other user.', result['error'])
  301. # missing required attributes
  302. params = { note: 'some note' }
  303. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  304. assert_response(422)
  305. result = JSON.parse(@response.body)
  306. assert(result)
  307. assert_equal('Minimum one identifier (login, firstname, lastname, phone or email) for user is required.', result['error'])
  308. # invalid email
  309. params = { firstname: 'newfirstname123', email: 'some_what', note: 'some note' }
  310. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  311. assert_response(422)
  312. result = JSON.parse(@response.body)
  313. assert(result)
  314. assert_equal('Invalid email', result['error'])
  315. # with valid attributes
  316. params = { firstname: 'newfirstname123', note: 'some note' }
  317. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  318. assert_response(201)
  319. result = JSON.parse(@response.body)
  320. assert(result)
  321. user = User.find(result['id'])
  322. assert_not(user.role?('Admin'))
  323. assert_not(user.role?('Agent'))
  324. assert(user.role?('Customer'))
  325. assert(result['login'].start_with?('auto-'))
  326. assert_equal('', result['email'])
  327. assert_equal('newfirstname123', result['firstname'])
  328. assert_equal('', result['lastname'])
  329. end
  330. test 'user index and create with agent' do
  331. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-agent@example.com', 'agentpw')
  332. # me
  333. get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
  334. assert_response(200)
  335. result = JSON.parse(@response.body)
  336. assert(result)
  337. assert_equal(result['email'], 'rest-agent@example.com')
  338. # index
  339. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  340. assert_response(200)
  341. result = JSON.parse(@response.body)
  342. assert(result)
  343. # index
  344. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  345. assert_response(200)
  346. result = JSON.parse(@response.body)
  347. assert(result)
  348. assert_equal(result.class, Array)
  349. assert(result.length >= 3)
  350. get '/api/v1/users?limit=40&page=1&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
  351. assert_response(200)
  352. result = JSON.parse(@response.body)
  353. assert_equal(Array, result.class)
  354. users = User.order(:id).limit(2)
  355. assert_equal(users[0].id, result[0]['id'])
  356. assert_equal(users[1].id, result[1]['id'])
  357. assert_equal(2, result.count)
  358. get '/api/v1/users?limit=40&page=2&per_page=2', params: {}, headers: @headers.merge('Authorization' => credentials)
  359. assert_response(200)
  360. result = JSON.parse(@response.body)
  361. assert_equal(Array, result.class)
  362. users = User.order(:id).limit(4)
  363. assert_equal(users[2].id, result[0]['id'])
  364. assert_equal(users[3].id, result[1]['id'])
  365. assert_equal(2, result.count)
  366. # create user with admin role
  367. firstname = "First test#{rand(999_999_999)}"
  368. role = Role.lookup(name: 'Admin')
  369. params = { firstname: "Admin#{firstname}", lastname: 'Admin Last', email: 'new_admin_by_agent@example.com', role_ids: [ role.id ] }
  370. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  371. assert_response(201)
  372. result_user1 = JSON.parse(@response.body)
  373. assert(result_user1)
  374. user = User.find(result_user1['id'])
  375. assert_not(user.role?('Admin'))
  376. assert_not(user.role?('Agent'))
  377. assert(user.role?('Customer'))
  378. assert_equal('new_admin_by_agent@example.com', result_user1['login'])
  379. assert_equal('new_admin_by_agent@example.com', result_user1['email'])
  380. # create user with agent role
  381. role = Role.lookup(name: 'Agent')
  382. params = { firstname: "Agent#{firstname}", lastname: 'Agent Last', email: 'new_agent_by_agent@example.com', role_ids: [ role.id ] }
  383. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  384. assert_response(201)
  385. result_user1 = JSON.parse(@response.body)
  386. assert(result_user1)
  387. user = User.find(result_user1['id'])
  388. assert_not(user.role?('Admin'))
  389. assert_not(user.role?('Agent'))
  390. assert(user.role?('Customer'))
  391. assert_equal('new_agent_by_agent@example.com', result_user1['login'])
  392. assert_equal('new_agent_by_agent@example.com', result_user1['email'])
  393. # create user with customer role
  394. role = Role.lookup(name: 'Customer')
  395. params = { firstname: "Customer#{firstname}", lastname: 'Customer Last', email: 'new_customer_by_agent@example.com', role_ids: [ role.id ] }
  396. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  397. assert_response(201)
  398. result_user1 = JSON.parse(@response.body)
  399. assert(result_user1)
  400. user = User.find(result_user1['id'])
  401. assert_not(user.role?('Admin'))
  402. assert_not(user.role?('Agent'))
  403. assert(user.role?('Customer'))
  404. assert_equal('new_customer_by_agent@example.com', result_user1['login'])
  405. assert_equal('new_customer_by_agent@example.com', result_user1['email'])
  406. # search as agent
  407. Scheduler.worker(true)
  408. sleep 2 # let es time to come ready
  409. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
  410. assert_response(200)
  411. result = JSON.parse(@response.body)
  412. assert_equal(Array, result.class)
  413. assert_equal(result_user1['id'], result[0]['id'])
  414. assert_equal("Customer#{firstname}", result[0]['firstname'])
  415. assert_equal('Customer Last', result[0]['lastname'])
  416. assert(result[0]['role_ids'])
  417. assert_not(result[0]['roles'])
  418. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  419. assert_response(200)
  420. result = JSON.parse(@response.body)
  421. assert_equal(Array, result.class)
  422. assert_equal(result_user1['id'], result[0]['id'])
  423. assert_equal("Customer#{firstname}", result[0]['firstname'])
  424. assert_equal('Customer Last', result[0]['lastname'])
  425. assert(result[0]['role_ids'])
  426. assert(result[0]['roles'])
  427. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  428. assert_response(200)
  429. result = JSON.parse(@response.body)
  430. assert_equal(Array, result.class)
  431. assert_equal(result_user1['id'], result[0]['id'])
  432. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
  433. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
  434. assert_not(result[0]['role_ids'])
  435. assert_not(result[0]['roles'])
  436. get "/api/v1/users/search?term=#{CGI.escape("Customer#{firstname}")}", params: {}, headers: @headers.merge('Authorization' => credentials)
  437. assert_response(200)
  438. result = JSON.parse(@response.body)
  439. assert_equal(Array, result.class)
  440. assert_equal(result_user1['id'], result[0]['id'])
  441. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
  442. assert_equal('new_customer_by_agent@example.com', result[0]['value'])
  443. assert_not(result[0]['role_ids'])
  444. assert_not(result[0]['roles'])
  445. role = Role.find_by(name: 'Agent')
  446. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  447. assert_response(200)
  448. result = JSON.parse(@response.body)
  449. assert_equal(Array, result.class)
  450. assert_equal(0, result.count)
  451. role = Role.find_by(name: 'Customer')
  452. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&role_ids=#{role.id}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  453. assert_response(200)
  454. result = JSON.parse(@response.body)
  455. assert_equal(Array, result.class)
  456. assert_equal(result_user1['id'], result[0]['id'])
  457. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
  458. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
  459. assert_not(result[0]['role_ids'])
  460. assert_not(result[0]['roles'])
  461. permission = Permission.find_by(name: 'ticket.agent')
  462. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  463. assert_response(200)
  464. result = JSON.parse(@response.body)
  465. assert_equal(Array, result.class)
  466. assert_equal(0, result.count)
  467. permission = Permission.find_by(name: 'ticket.customer')
  468. get "/api/v1/users/search?query=#{CGI.escape("Customer#{firstname}")}&permissions=#{permission.name}&label=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  469. assert_response(200)
  470. result = JSON.parse(@response.body)
  471. assert_equal(Array, result.class)
  472. assert_equal(result_user1['id'], result[0]['id'])
  473. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['label'])
  474. assert_equal("Customer#{firstname} Customer Last <new_customer_by_agent@example.com>", result[0]['value'])
  475. assert_not(result[0]['role_ids'])
  476. assert_not(result[0]['roles'])
  477. end
  478. test 'user index and create with customer1' do
  479. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
  480. # me
  481. get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
  482. assert_response(200)
  483. result = JSON.parse(@response.body)
  484. assert(result)
  485. assert_equal(result['email'], 'rest-customer1@example.com')
  486. # index
  487. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  488. assert_response(200)
  489. result = JSON.parse(@response.body)
  490. assert_equal(result.class, Array)
  491. assert_equal(result.length, 1)
  492. # show/:id
  493. get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  494. assert_response(200)
  495. result = JSON.parse(@response.body)
  496. assert_equal(result.class, Hash)
  497. assert_equal(result['email'], 'rest-customer1@example.com')
  498. get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  499. assert_response(401)
  500. result = JSON.parse(@response.body)
  501. assert_equal(result.class, Hash)
  502. assert(result['error'])
  503. # create user with admin role
  504. role = Role.lookup(name: 'Admin')
  505. params = { firstname: 'Admin First', lastname: 'Admin Last', email: 'new_admin_by_customer1@example.com', role_ids: [ role.id ] }
  506. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  507. assert_response(401)
  508. # create user with agent role
  509. role = Role.lookup(name: 'Agent')
  510. params = { firstname: 'Agent First', lastname: 'Agent Last', email: 'new_agent_by_customer1@example.com', role_ids: [ role.id ] }
  511. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  512. assert_response(401)
  513. # search
  514. Scheduler.worker(true)
  515. get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
  516. assert_response(401)
  517. end
  518. test 'user index with customer2' do
  519. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer2@example.com', 'customer2pw')
  520. # me
  521. get '/api/v1/users/me', params: {}, headers: @headers.merge('Authorization' => credentials)
  522. assert_response(200)
  523. result = JSON.parse(@response.body)
  524. assert(result)
  525. assert_equal(result['email'], 'rest-customer2@example.com')
  526. # index
  527. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  528. assert_response(200)
  529. result = JSON.parse(@response.body)
  530. assert_equal(result.class, Array)
  531. assert_equal(result.length, 1)
  532. # show/:id
  533. get "/api/v1/users/#{@customer_with_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  534. assert_response(200)
  535. result = JSON.parse(@response.body)
  536. assert_equal(result.class, Hash)
  537. assert_equal(result['email'], 'rest-customer2@example.com')
  538. get "/api/v1/users/#{@customer_without_org.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  539. assert_response(401)
  540. result = JSON.parse(@response.body)
  541. assert_equal(result.class, Hash)
  542. assert(result['error'])
  543. # search
  544. Scheduler.worker(true)
  545. get "/api/v1/users/search?query=#{CGI.escape('First')}", params: {}, headers: @headers.merge('Authorization' => credentials)
  546. assert_response(401)
  547. end
  548. test '04.01 users show and response format' do
  549. roles = Role.where(name: 'Customer')
  550. organization = Organization.first
  551. user = User.create!(
  552. login: 'rest-customer3@example.com',
  553. firstname: 'Rest',
  554. lastname: 'Customer3',
  555. email: 'rest-customer3@example.com',
  556. password: 'customer3pw',
  557. active: true,
  558. organization: organization,
  559. roles: roles,
  560. updated_by_id: @admin.id,
  561. created_by_id: @admin.id,
  562. )
  563. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  564. get "/api/v1/users/#{user.id}", params: {}, headers: @headers.merge('Authorization' => credentials)
  565. assert_response(200)
  566. result = JSON.parse(@response.body)
  567. assert_equal(Hash, result.class)
  568. assert_equal(user.id, result['id'])
  569. assert_equal(user.firstname, result['firstname'])
  570. assert_not(result['organization'])
  571. assert_equal(user.organization_id, result['organization_id'])
  572. assert_not(result['password'])
  573. assert_equal(user.role_ids, result['role_ids'])
  574. assert_equal(@admin.id, result['updated_by_id'])
  575. assert_equal(@admin.id, result['created_by_id'])
  576. get "/api/v1/users/#{user.id}?expand=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  577. assert_response(200)
  578. result = JSON.parse(@response.body)
  579. assert_equal(Hash, result.class)
  580. assert_equal(user.id, result['id'])
  581. assert_equal(user.firstname, result['firstname'])
  582. assert_equal(user.organization_id, result['organization_id'])
  583. assert_equal(user.organization.name, result['organization'])
  584. assert_equal(user.role_ids, result['role_ids'])
  585. assert_not(result['password'])
  586. assert_equal(@admin.id, result['updated_by_id'])
  587. assert_equal(@admin.id, result['created_by_id'])
  588. get "/api/v1/users/#{user.id}?expand=false", params: {}, headers: @headers.merge('Authorization' => credentials)
  589. assert_response(200)
  590. result = JSON.parse(@response.body)
  591. assert_equal(Hash, result.class)
  592. assert_equal(user.id, result['id'])
  593. assert_equal(user.firstname, result['firstname'])
  594. assert_not(result['organization'])
  595. assert_equal(user.organization_id, result['organization_id'])
  596. assert_not(result['password'])
  597. assert_equal(user.role_ids, result['role_ids'])
  598. assert_equal(@admin.id, result['updated_by_id'])
  599. assert_equal(@admin.id, result['created_by_id'])
  600. get "/api/v1/users/#{user.id}?full=true", params: {}, headers: @headers.merge('Authorization' => credentials)
  601. assert_response(200)
  602. result = JSON.parse(@response.body)
  603. assert_equal(Hash, result.class)
  604. assert_equal(user.id, result['id'])
  605. assert(result['assets'])
  606. assert(result['assets']['User'])
  607. assert(result['assets']['User'][user.id.to_s])
  608. assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
  609. assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
  610. assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
  611. assert_equal(user.role_ids, result['assets']['User'][user.id.to_s]['role_ids'])
  612. get "/api/v1/users/#{user.id}?full=false", params: {}, headers: @headers.merge('Authorization' => credentials)
  613. assert_response(200)
  614. result = JSON.parse(@response.body)
  615. assert_equal(Hash, result.class)
  616. assert_equal(user.id, result['id'])
  617. assert_equal(user.firstname, result['firstname'])
  618. assert_not(result['organization'])
  619. assert_equal(user.organization_id, result['organization_id'])
  620. assert_not(result['password'])
  621. assert_equal(user.role_ids, result['role_ids'])
  622. assert_equal(@admin.id, result['updated_by_id'])
  623. assert_equal(@admin.id, result['created_by_id'])
  624. end
  625. test '04.02 user index and response format' do
  626. roles = Role.where(name: 'Customer')
  627. organization = Organization.first
  628. user = User.create!(
  629. login: 'rest-customer3@example.com',
  630. firstname: 'Rest',
  631. lastname: 'Customer3',
  632. email: 'rest-customer3@example.com',
  633. password: 'customer3pw',
  634. active: true,
  635. organization: organization,
  636. roles: roles,
  637. updated_by_id: @admin.id,
  638. created_by_id: @admin.id,
  639. )
  640. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  641. get '/api/v1/users', params: {}, headers: @headers.merge('Authorization' => credentials)
  642. assert_response(200)
  643. result = JSON.parse(@response.body)
  644. assert_equal(Array, result.class)
  645. assert_equal(Hash, result[0].class)
  646. assert_equal(user.id, result.last['id'])
  647. assert_equal(user.lastname, result.last['lastname'])
  648. assert_not(result.last['organization'])
  649. assert_equal(user.role_ids, result.last['role_ids'])
  650. assert_equal(user.organization_id, result.last['organization_id'])
  651. assert_not(result.last['password'])
  652. assert_equal(@admin.id, result.last['updated_by_id'])
  653. assert_equal(@admin.id, result.last['created_by_id'])
  654. get '/api/v1/users?expand=true', params: {}, headers: @headers.merge('Authorization' => credentials)
  655. assert_response(200)
  656. result = JSON.parse(@response.body)
  657. assert_equal(Array, result.class)
  658. assert_equal(Hash, result[0].class)
  659. assert_equal(user.id, result.last['id'])
  660. assert_equal(user.lastname, result.last['lastname'])
  661. assert_equal(user.organization_id, result.last['organization_id'])
  662. assert_equal(user.organization.name, result.last['organization'])
  663. assert_not(result.last['password'])
  664. assert_equal(@admin.id, result.last['updated_by_id'])
  665. assert_equal(@admin.id, result.last['created_by_id'])
  666. get '/api/v1/users?expand=false', params: {}, headers: @headers.merge('Authorization' => credentials)
  667. assert_response(200)
  668. result = JSON.parse(@response.body)
  669. assert_equal(Array, result.class)
  670. assert_equal(Hash, result[0].class)
  671. assert_equal(user.id, result.last['id'])
  672. assert_equal(user.lastname, result.last['lastname'])
  673. assert_not(result.last['organization'])
  674. assert_equal(user.role_ids, result.last['role_ids'])
  675. assert_equal(user.organization_id, result.last['organization_id'])
  676. assert_not(result.last['password'])
  677. assert_equal(@admin.id, result.last['updated_by_id'])
  678. assert_equal(@admin.id, result.last['created_by_id'])
  679. get '/api/v1/users?full=true', params: {}, headers: @headers.merge('Authorization' => credentials)
  680. assert_response(200)
  681. result = JSON.parse(@response.body)
  682. assert_equal(Hash, result.class)
  683. assert_equal(Array, result['record_ids'].class)
  684. assert_equal(1, result['record_ids'][0])
  685. assert_equal(user.id, result['record_ids'].last)
  686. assert(result['assets'])
  687. assert(result['assets']['User'])
  688. assert(result['assets']['User'][user.id.to_s])
  689. assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
  690. assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
  691. assert_equal(user.organization_id, result['assets']['User'][user.id.to_s]['organization_id'])
  692. assert_not(result['assets']['User'][user.id.to_s]['password'])
  693. get '/api/v1/users?full=false', params: {}, headers: @headers.merge('Authorization' => credentials)
  694. assert_response(200)
  695. result = JSON.parse(@response.body)
  696. assert_equal(Array, result.class)
  697. assert_equal(Hash, result[0].class)
  698. assert_equal(user.id, result.last['id'])
  699. assert_equal(user.lastname, result.last['lastname'])
  700. assert_not(result.last['organization'])
  701. assert_equal(user.role_ids, result.last['role_ids'])
  702. assert_equal(user.organization_id, result.last['organization_id'])
  703. assert_not(result.last['password'])
  704. assert_equal(@admin.id, result.last['updated_by_id'])
  705. assert_equal(@admin.id, result.last['created_by_id'])
  706. end
  707. test '04.03 ticket create and response format' do
  708. organization = Organization.first
  709. params = {
  710. firstname: 'newfirstname123',
  711. note: 'some note',
  712. organization: organization.name,
  713. }
  714. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  715. post '/api/v1/users', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  716. assert_response(201)
  717. result = JSON.parse(@response.body)
  718. assert_equal(Hash, result.class)
  719. user = User.find(result['id'])
  720. assert_equal(user.firstname, result['firstname'])
  721. assert_equal(user.organization_id, result['organization_id'])
  722. assert_not(result['organization'])
  723. assert_not(result['password'])
  724. assert_equal(@admin.id, result['updated_by_id'])
  725. assert_equal(@admin.id, result['created_by_id'])
  726. post '/api/v1/users?expand=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  727. assert_response(201)
  728. result = JSON.parse(@response.body)
  729. assert_equal(Hash, result.class)
  730. user = User.find(result['id'])
  731. assert_equal(user.firstname, result['firstname'])
  732. assert_equal(user.organization_id, result['organization_id'])
  733. assert_equal(user.organization.name, result['organization'])
  734. assert_not(result['password'])
  735. assert_equal(@admin.id, result['updated_by_id'])
  736. assert_equal(@admin.id, result['created_by_id'])
  737. post '/api/v1/users?full=true', params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  738. assert_response(201)
  739. result = JSON.parse(@response.body)
  740. assert_equal(Hash, result.class)
  741. user = User.find(result['id'])
  742. assert(result['assets'])
  743. assert(result['assets']['User'])
  744. assert(result['assets']['User'][user.id.to_s])
  745. assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
  746. assert_equal(user.firstname, result['assets']['User'][user.id.to_s]['firstname'])
  747. assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
  748. assert_not(result['assets']['User'][user.id.to_s]['password'])
  749. assert(result['assets']['User'][@admin.id.to_s])
  750. assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
  751. assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
  752. assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
  753. assert_not(result['assets']['User'][@admin.id.to_s]['password'])
  754. end
  755. test '04.04 ticket update and response formats' do
  756. roles = Role.where(name: 'Customer')
  757. organization = Organization.first
  758. user = User.create!(
  759. login: 'rest-customer3@example.com',
  760. firstname: 'Rest',
  761. lastname: 'Customer3',
  762. email: 'rest-customer3@example.com',
  763. password: 'customer3pw',
  764. active: true,
  765. organization: organization,
  766. roles: roles,
  767. updated_by_id: @admin.id,
  768. created_by_id: @admin.id,
  769. )
  770. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  771. params = {
  772. firstname: 'a update firstname #1',
  773. }
  774. put "/api/v1/users/#{user.id}", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  775. assert_response(200)
  776. result = JSON.parse(@response.body)
  777. assert_equal(Hash, result.class)
  778. user = User.find(result['id'])
  779. assert_equal(user.lastname, result['lastname'])
  780. assert_equal(params[:firstname], result['firstname'])
  781. assert_equal(user.organization_id, result['organization_id'])
  782. assert_not(result['organization'])
  783. assert_not(result['password'])
  784. assert_equal(@admin.id, result['updated_by_id'])
  785. assert_equal(@admin.id, result['created_by_id'])
  786. params = {
  787. firstname: 'a update firstname #2',
  788. }
  789. put "/api/v1/users/#{user.id}?expand=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  790. assert_response(200)
  791. result = JSON.parse(@response.body)
  792. assert_equal(Hash, result.class)
  793. user = User.find(result['id'])
  794. assert_equal(user.lastname, result['lastname'])
  795. assert_equal(params[:firstname], result['firstname'])
  796. assert_equal(user.organization_id, result['organization_id'])
  797. assert_equal(user.organization.name, result['organization'])
  798. assert_not(result['password'])
  799. assert_equal(@admin.id, result['updated_by_id'])
  800. assert_equal(@admin.id, result['created_by_id'])
  801. params = {
  802. firstname: 'a update firstname #3',
  803. }
  804. put "/api/v1/users/#{user.id}?full=true", params: params.to_json, headers: @headers.merge('Authorization' => credentials)
  805. assert_response(200)
  806. result = JSON.parse(@response.body)
  807. assert_equal(Hash, result.class)
  808. user = User.find(result['id'])
  809. assert(result['assets'])
  810. assert(result['assets']['User'])
  811. assert(result['assets']['User'][user.id.to_s])
  812. assert_equal(user.id, result['assets']['User'][user.id.to_s]['id'])
  813. assert_equal(params[:firstname], result['assets']['User'][user.id.to_s]['firstname'])
  814. assert_equal(user.lastname, result['assets']['User'][user.id.to_s]['lastname'])
  815. assert_not(result['assets']['User'][user.id.to_s]['password'])
  816. assert(result['assets']['User'][@admin.id.to_s])
  817. assert_equal(@admin.id, result['assets']['User'][@admin.id.to_s]['id'])
  818. assert_equal(@admin.firstname, result['assets']['User'][@admin.id.to_s]['firstname'])
  819. assert_equal(@admin.lastname, result['assets']['User'][@admin.id.to_s]['lastname'])
  820. assert_not(result['assets']['User'][@admin.id.to_s]['password'])
  821. end
  822. test '05.01 csv example - customer no access' do
  823. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-customer1@example.com', 'customer1pw')
  824. get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
  825. assert_response(401)
  826. result = JSON.parse(@response.body)
  827. assert_equal('Not authorized (user)!', result['error'])
  828. end
  829. test '05.02 csv example - admin access' do
  830. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  831. get '/api/v1/users/import_example', params: {}, headers: @headers.merge('Authorization' => credentials)
  832. assert_response(200)
  833. rows = CSV.parse(@response.body)
  834. header = rows.shift
  835. assert_equal('id', header[0])
  836. assert_equal('login', header[1])
  837. assert_equal('firstname', header[2])
  838. assert_equal('lastname', header[3])
  839. assert_equal('email', header[4])
  840. assert(header.include?('organization'))
  841. end
  842. test '05.03 csv import - admin access' do
  843. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  844. # invalid file
  845. csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple_col_not_existing.csv')
  846. csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
  847. post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
  848. assert_response(200)
  849. result = JSON.parse(@response.body)
  850. assert_equal(Hash, result.class)
  851. assert_equal(true, result['try'])
  852. assert_equal(2, result['records'].count)
  853. assert_equal('failed', result['result'])
  854. assert_equal(2, result['errors'].count)
  855. assert_equal("Line 1: unknown attribute 'firstname2' for User.", result['errors'][0])
  856. assert_equal("Line 2: unknown attribute 'firstname2' for User.", result['errors'][1])
  857. # valid file try
  858. csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
  859. csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
  860. post '/api/v1/users/import?try=true', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
  861. assert_response(200)
  862. result = JSON.parse(@response.body)
  863. assert_equal(Hash, result.class)
  864. assert_equal(true, result['try'])
  865. assert_equal(2, result['records'].count)
  866. assert_equal('success', result['result'])
  867. assert_nil(User.find_by(login: 'user-simple-import1'))
  868. assert_nil(User.find_by(login: 'user-simple-import2'))
  869. # valid file
  870. csv_file_path = Rails.root.join('test', 'data', 'csv', 'user_simple.csv')
  871. csv_file = ::Rack::Test::UploadedFile.new(csv_file_path, 'text/csv')
  872. post '/api/v1/users/import', params: { file: csv_file, col_sep: ';' }, headers: { 'Authorization' => credentials }
  873. assert_response(200)
  874. result = JSON.parse(@response.body)
  875. assert_equal(Hash, result.class)
  876. assert_equal(false, result['try'])
  877. assert_equal(2, result['records'].count)
  878. assert_equal('success', result['result'])
  879. user1 = User.find_by(login: 'user-simple-import1')
  880. assert(user1)
  881. assert_equal(user1.login, 'user-simple-import1')
  882. assert_equal(user1.firstname, 'firstname-simple-import1')
  883. assert_equal(user1.lastname, 'lastname-simple-import1')
  884. assert_equal(user1.email, 'user-simple-import1@example.com')
  885. assert_equal(user1.active, true)
  886. user2 = User.find_by(login: 'user-simple-import2')
  887. assert(user2)
  888. assert_equal(user2.login, 'user-simple-import2')
  889. assert_equal(user2.firstname, 'firstname-simple-import2')
  890. assert_equal(user2.lastname, 'lastname-simple-import2')
  891. assert_equal(user2.email, 'user-simple-import2@example.com')
  892. assert_equal(user2.active, false)
  893. user1.destroy!
  894. user2.destroy!
  895. end
  896. test 'user search sortable' do
  897. firstname = "user_search_sortable #{rand(999_999_999)}"
  898. roles = Role.where(name: 'Customer')
  899. user1 = User.create_or_update(
  900. login: 'rest-user_search_sortableA@example.com',
  901. firstname: "#{firstname} A",
  902. lastname: 'user_search_sortableA',
  903. email: 'rest-user_search_sortableA@example.com',
  904. password: 'user_search_sortableA',
  905. active: true,
  906. roles: roles,
  907. organization_id: @organization.id,
  908. out_of_office: false,
  909. created_at: '2016-02-05 17:42:00',
  910. updated_by_id: 1,
  911. created_by_id: 1,
  912. )
  913. user2 = User.create_or_update(
  914. login: 'rest-user_search_sortableB@example.com',
  915. firstname: "#{firstname} B",
  916. lastname: 'user_search_sortableB',
  917. email: 'rest-user_search_sortableB@example.com',
  918. password: 'user_search_sortableB',
  919. active: true,
  920. roles: roles,
  921. organization_id: @organization.id,
  922. out_of_office_start_at: '2016-02-06 19:42:00',
  923. out_of_office_end_at: '2016-02-07 19:42:00',
  924. out_of_office_replacement_id: 1,
  925. out_of_office: true,
  926. created_at: '2016-02-05 19:42:00',
  927. updated_by_id: 1,
  928. created_by_id: 1,
  929. )
  930. Scheduler.worker(true)
  931. sleep 2 # let es time to come ready
  932. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('rest-admin@example.com', 'adminpw')
  933. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'created_at', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
  934. assert_response(200)
  935. result = JSON.parse(@response.body)
  936. assert_equal(Array, result.class)
  937. result.collect! { |v| v['id'] }
  938. assert_equal([user1.id, user2.id], result)
  939. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
  940. assert_response(200)
  941. result = JSON.parse(@response.body)
  942. assert_equal(Array, result.class)
  943. result.collect! { |v| v['id'] }
  944. assert_equal([user1.id, user2.id], result)
  945. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'firstname', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
  946. assert_response(200)
  947. result = JSON.parse(@response.body)
  948. assert_equal(Array, result.class)
  949. result.collect! { |v| v['id'] }
  950. assert_equal([user2.id, user1.id], result)
  951. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
  952. assert_response(200)
  953. result = JSON.parse(@response.body)
  954. assert_equal(Array, result.class)
  955. result.collect! { |v| v['id'] }
  956. assert_equal([user2.id, user1.id], result)
  957. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[firstname created_at], order_by: %w[desc asc] }, headers: @headers.merge('Authorization' => credentials)
  958. assert_response(200)
  959. result = JSON.parse(@response.body)
  960. assert_equal(Array, result.class)
  961. result.collect! { |v| v['id'] }
  962. assert_equal([user2.id, user1.id], result)
  963. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'asc' }, headers: @headers.merge('Authorization' => credentials)
  964. assert_response(200)
  965. result = JSON.parse(@response.body)
  966. assert_equal(Array, result.class)
  967. result.collect! { |v| v['id'] }
  968. assert_equal([user1.id, user2.id], result)
  969. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: 'out_of_office', order_by: 'desc' }, headers: @headers.merge('Authorization' => credentials)
  970. assert_response(200)
  971. result = JSON.parse(@response.body)
  972. assert_equal(Array, result.class)
  973. result.collect! { |v| v['id'] }
  974. assert_equal([user2.id, user1.id], result)
  975. get "/api/v1/users/search?query=#{CGI.escape(firstname)}", params: { sort_by: %w[created_by_id created_at], order_by: %w[asc asc] }, headers: @headers.merge('Authorization' => credentials)
  976. assert_response(200)
  977. result = JSON.parse(@response.body)
  978. assert_equal(Array, result.class)
  979. result.collect! { |v| v['id'] }
  980. assert_equal([user1.id, user2.id], result)
  981. end
  982. end