tickets_controller_test.rb 47 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110
  1. # encoding: utf-8
  2. require 'test_helper'
  3. class TicketsControllerTest < ActionDispatch::IntegrationTest
  4. setup do
  5. # set accept header
  6. @headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
  7. # create agent
  8. roles = Role.where(name: %w(Admin Agent))
  9. groups = Group.all
  10. UserInfo.current_user_id = 1
  11. @admin = User.create_or_update(
  12. login: 'tickets-admin',
  13. firstname: 'Tickets',
  14. lastname: 'Admin',
  15. email: 'tickets-admin@example.com',
  16. password: 'adminpw',
  17. active: true,
  18. roles: roles,
  19. groups: groups,
  20. )
  21. # create agent
  22. roles = Role.where(name: 'Agent')
  23. @agent = User.create_or_update(
  24. login: 'tickets-agent@example.com',
  25. firstname: 'Tickets',
  26. lastname: 'Agent',
  27. email: 'tickets-agent@example.com',
  28. password: 'agentpw',
  29. active: true,
  30. roles: roles,
  31. groups: groups,
  32. )
  33. # create customer without org
  34. roles = Role.where(name: 'Customer')
  35. @customer_without_org = User.create_or_update(
  36. login: 'tickets-customer1@example.com',
  37. firstname: 'Tickets',
  38. lastname: 'Customer1',
  39. email: 'tickets-customer1@example.com',
  40. password: 'customer1pw',
  41. active: true,
  42. roles: roles,
  43. )
  44. end
  45. test '01.01 ticket create with agent - missing group' do
  46. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  47. params = {
  48. title: 'a new ticket #1',
  49. article: {
  50. content_type: 'text/plain', # or text/html
  51. body: 'some body',
  52. sender: 'Customer',
  53. type: 'note',
  54. },
  55. }
  56. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  57. assert_response(422)
  58. result = JSON.parse(@response.body)
  59. assert_equal(Hash, result.class)
  60. assert_equal('Group can\'t be blank', result['error_human'])
  61. end
  62. test '01.02 ticket create with agent - wrong group' do
  63. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  64. params = {
  65. title: 'a new ticket #2',
  66. group: 'not_existing',
  67. article: {
  68. content_type: 'text/plain', # or text/html
  69. body: 'some body',
  70. sender: 'Customer',
  71. type: 'note',
  72. },
  73. }
  74. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  75. assert_response(422)
  76. result = JSON.parse(@response.body)
  77. assert_equal(Hash, result.class)
  78. assert_equal('No lookup value found for \'group\': "not_existing"', result['error'])
  79. end
  80. test '01.03 ticket create with agent - missing article.body' do
  81. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  82. params = {
  83. title: 'a new ticket #3',
  84. group: 'Users',
  85. priority: '2 normal',
  86. state: 'new',
  87. customer_id: @customer_without_org.id,
  88. article: {},
  89. }
  90. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  91. assert_response(422)
  92. result = JSON.parse(@response.body)
  93. assert_equal(Hash, result.class)
  94. assert_equal('Need at least article: { body: "some text" }', result['error'])
  95. end
  96. test '01.03 ticket create with agent - minimal article' do
  97. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  98. params = {
  99. title: 'a new ticket #3',
  100. group: 'Users',
  101. priority: '2 normal',
  102. state: 'new',
  103. customer_id: @customer_without_org.id,
  104. article: {
  105. body: 'some test 123',
  106. },
  107. }
  108. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  109. assert_response(201)
  110. result = JSON.parse(@response.body)
  111. assert_equal(Hash, result.class)
  112. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  113. assert_equal('a new ticket #3', result['title'])
  114. assert_equal(@customer_without_org.id, result['customer_id'])
  115. assert_equal(@agent.id, result['updated_by_id'])
  116. assert_equal(@agent.id, result['created_by_id'])
  117. end
  118. test '01.04 ticket create with agent - wrong owner_id - 0' do
  119. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  120. params = {
  121. title: 'a new ticket #4',
  122. group: 'Users',
  123. priority: '2 normal',
  124. owner_id: 0,
  125. state: 'new',
  126. customer_id: @customer_without_org.id,
  127. article: {
  128. body: 'some test 123',
  129. },
  130. }
  131. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  132. assert_response(422)
  133. result = JSON.parse(@response.body)
  134. assert_equal(Hash, result.class)
  135. assert_equal('Invalid value for param \'owner_id\': 0', result['error'])
  136. end
  137. test '01.05 ticket create with agent - wrong owner_id - ""' do
  138. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  139. params = {
  140. title: 'a new ticket #5',
  141. group: 'Users',
  142. priority: '2 normal',
  143. owner_id: '',
  144. state: 'new',
  145. customer_id: @customer_without_org.id,
  146. article: {
  147. body: 'some test 123',
  148. },
  149. }
  150. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  151. #assert_response(422)
  152. #result = JSON.parse(@response.body)
  153. #assert_equal(Hash, result.class)
  154. #assert_equal('Invalid value for param \'owner_id\': ""', result['error'])
  155. assert_response(201)
  156. result = JSON.parse(@response.body)
  157. assert_equal(Hash, result.class)
  158. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  159. assert_equal('a new ticket #5', result['title'])
  160. assert_equal(@customer_without_org.id, result['customer_id'])
  161. assert_equal(@agent.id, result['updated_by_id'])
  162. assert_equal(@agent.id, result['created_by_id'])
  163. end
  164. test '01.06 ticket create with agent - wrong owner_id - 99999' do
  165. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  166. params = {
  167. title: 'a new ticket #6',
  168. group: 'Users',
  169. priority: '2 normal',
  170. owner_id: 99_999,
  171. state: 'new',
  172. customer_id: @customer_without_org.id,
  173. article: {
  174. body: 'some test 123',
  175. },
  176. }
  177. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  178. assert_response(422)
  179. result = JSON.parse(@response.body)
  180. assert_equal(Hash, result.class)
  181. assert_equal('Invalid value for param \'owner_id\': 99999', result['error'])
  182. end
  183. test '01.07 ticket create with agent - wrong owner_id - nil' do
  184. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  185. params = {
  186. title: 'a new ticket #7',
  187. group: 'Users',
  188. priority: '2 normal',
  189. owner_id: nil,
  190. state: 'new',
  191. customer_id: @customer_without_org.id,
  192. article: {
  193. body: 'some test 123',
  194. },
  195. }
  196. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  197. assert_response(201)
  198. result = JSON.parse(@response.body)
  199. assert_equal(Hash, result.class)
  200. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  201. assert_equal('a new ticket #7', result['title'])
  202. assert_equal(@customer_without_org.id, result['customer_id'])
  203. assert_equal(@agent.id, result['updated_by_id'])
  204. assert_equal(@agent.id, result['created_by_id'])
  205. end
  206. test '01.08 ticket create with agent - minimal article with guess customer' do
  207. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  208. params = {
  209. title: 'a new ticket #8',
  210. group: 'Users',
  211. priority: '2 normal',
  212. state: 'new',
  213. customer_id: 'guess:some_new_customer@example.com',
  214. article: {
  215. body: 'some test 123',
  216. },
  217. }
  218. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  219. assert_response(201)
  220. result = JSON.parse(@response.body)
  221. assert_equal(Hash, result.class)
  222. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  223. assert_equal('a new ticket #8', result['title'])
  224. assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
  225. assert_equal(@agent.id, result['updated_by_id'])
  226. assert_equal(@agent.id, result['created_by_id'])
  227. end
  228. test '01.09 ticket create with agent - minimal article with guess customer' do
  229. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  230. params = {
  231. title: 'a new ticket #9',
  232. group: 'Users',
  233. customer_id: 'guess:some_new_customer@example.com',
  234. article: {
  235. body: 'some test 123',
  236. },
  237. }
  238. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  239. assert_response(201)
  240. result = JSON.parse(@response.body)
  241. assert_equal(Hash, result.class)
  242. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  243. assert_equal('a new ticket #9', result['title'])
  244. assert_equal(User.lookup(email: 'some_new_customer@example.com').id, result['customer_id'])
  245. assert_equal(@agent.id, result['updated_by_id'])
  246. assert_equal(@agent.id, result['created_by_id'])
  247. end
  248. test '01.10 ticket create with agent - minimal article with missing body - with customer' do
  249. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  250. params = {
  251. title: 'a new ticket #10',
  252. group: 'Users',
  253. customer_id: @customer_without_org.id,
  254. article: {
  255. subject: 'some test 123',
  256. },
  257. }
  258. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  259. assert_response(422)
  260. result = JSON.parse(@response.body)
  261. assert_equal(Hash, result.class)
  262. assert_equal('Need at least article: { body: "some text" }', result['error'])
  263. end
  264. test '01.11 ticket create with agent - minimal article and attachment with customer' do
  265. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  266. params = {
  267. title: 'a new ticket #11',
  268. group: 'Users',
  269. customer_id: @customer_without_org.id,
  270. article: {
  271. subject: 'some test 123',
  272. body: 'some test 123',
  273. attachments: [
  274. 'filename' => 'some_file.txt',
  275. 'data' => 'dGVzdCAxMjM=',
  276. 'mime-type' => 'text/plain',
  277. ],
  278. },
  279. }
  280. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  281. assert_response(201)
  282. result = JSON.parse(@response.body)
  283. assert_equal(Hash, result.class)
  284. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  285. assert_equal('a new ticket #11', result['title'])
  286. assert_equal(@customer_without_org.id, result['customer_id'])
  287. assert_equal(@agent.id, result['updated_by_id'])
  288. assert_equal(@agent.id, result['created_by_id'])
  289. ticket = Ticket.find(result['id'])
  290. assert_equal(1, ticket.articles.count)
  291. assert_equal(1, ticket.articles.first.attachments.count)
  292. file = ticket.articles.first.attachments.first
  293. assert_equal('test 123', file.content)
  294. assert_equal('some_file.txt', file.filename)
  295. assert_equal('text/plain', file.preferences['Mime-Type'])
  296. assert_not(file.preferences['Content-ID'])
  297. end
  298. test '01.12 ticket create with agent - minimal article and attachment with customer' do
  299. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  300. params = {
  301. title: 'a new ticket #12',
  302. group: 'Users',
  303. customer_id: @customer_without_org.id,
  304. article: {
  305. subject: 'some test 123',
  306. body: 'some test 123',
  307. attachments: [
  308. {
  309. 'filename' => 'some_file1.txt',
  310. 'data' => 'dGVzdCAxMjM=',
  311. 'mime-type' => 'text/plain',
  312. },
  313. {
  314. 'filename' => 'some_file2.txt',
  315. 'data' => 'w6TDtsO8w58=',
  316. 'mime-type' => 'text/plain',
  317. },
  318. ],
  319. },
  320. }
  321. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  322. assert_response(201)
  323. result = JSON.parse(@response.body)
  324. assert_equal(Hash, result.class)
  325. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  326. assert_equal('a new ticket #12', result['title'])
  327. assert_equal(@customer_without_org.id, result['customer_id'])
  328. assert_equal(@agent.id, result['updated_by_id'])
  329. assert_equal(@agent.id, result['created_by_id'])
  330. ticket = Ticket.find(result['id'])
  331. assert_equal(1, ticket.articles.count)
  332. assert_equal(2, ticket.articles.first.attachments.count)
  333. file = ticket.articles.first.attachments.first
  334. assert_equal('test 123', file.content)
  335. assert_equal('some_file1.txt', file.filename)
  336. assert_equal('text/plain', file.preferences['Mime-Type'])
  337. assert_not(file.preferences['Content-ID'])
  338. end
  339. test '01.13 ticket create with agent - minimal article and attachment missing mine-type with customer' do
  340. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  341. params = {
  342. title: 'a new ticket #13',
  343. group: 'Users',
  344. customer_id: @customer_without_org.id,
  345. article: {
  346. subject: 'some test 123',
  347. body: 'some test 123',
  348. attachments: [
  349. 'filename' => 'some_file.txt',
  350. 'data' => 'ABC_INVALID_BASE64',
  351. 'mime-type' => 'text/plain',
  352. ],
  353. },
  354. }
  355. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  356. assert_response(422)
  357. result = JSON.parse(@response.body)
  358. assert_equal(Hash, result.class)
  359. assert_equal('Invalid base64 for attachment with index \'0\'', result['error'])
  360. end
  361. test '01.14 ticket create with agent - minimal article and attachment invalid base64 with customer' do
  362. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  363. params = {
  364. title: 'a new ticket #14',
  365. group: 'Users',
  366. customer_id: @customer_without_org.id,
  367. article: {
  368. subject: 'some test 123',
  369. body: 'some test 123',
  370. attachments: [
  371. 'filename' => 'some_file.txt',
  372. 'data' => 'dGVzdCAxMjM=',
  373. ],
  374. },
  375. }
  376. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  377. assert_response(422)
  378. result = JSON.parse(@response.body)
  379. assert_equal(Hash, result.class)
  380. assert_equal('Attachment needs \'mime-type\' param for attachment with index \'0\'', result['error'])
  381. end
  382. test '01.15 ticket create with agent - minimal article and inline attachments with customer' do
  383. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  384. params = {
  385. title: 'a new ticket #15',
  386. group: 'Users',
  387. customer_id: @customer_without_org.id,
  388. article: {
  389. content_type: 'text/html',
  390. subject: 'some test 123',
  391. body: 'some test 123 <img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAUA
  392. AAAFCAYAAACNbyblAAAAHElEQVQI12P4//8/w38GIAXDIBKE0DHxgljNBAAO
  393. 9TXL0Y4OHwAAAABJRU5ErkJggg==" alt="Red dot" /> <img src="data:image/jpeg;base64,/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAAJAAD/4QMtaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjMtYzAxMSA2Ni4xNDU2NjEsIDIwMTIvMDIvMDYtMTQ6NTY6MjcgICAgICAgICI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bXA6Q3JlYXRvclRvb2w9IkFkb2JlIFBob3Rvc2hvcCBDUzYgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QzJCOTE2NzlGQUEwMTFFNjg0M0NGQjU0OUU4MTFEOEIiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QzJCOTE2N0FGQUEwMTFFNjg0M0NGQjU0OUU4MTFEOEIiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpDMkI5MTY3N0ZBQTAxMUU2ODQzQ0ZCNTQ5RTgxMUQ4QiIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpDMkI5MTY3OEZBQTAxMUU2ODQzQ0ZCNTQ5RTgxMUQ4QiIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/Pv/uAA5BZG9iZQBkwAAAAAH/2wCEABQRERoTGioZGSo1KCEoNTEpKCgpMUE4ODg4OEFEREREREREREREREREREREREREREREREREREREREREREREREQBFhoaIh0iKRoaKTkpIik5RDktLTlEREREOERERERERERERERERERERERERERERERERERERERERERERERERERERP/AABEIABAADAMBIgACEQEDEQH/xABbAAEBAAAAAAAAAAAAAAAAAAAEBQEBAQAAAAAAAAAAAAAAAAAABAUQAAEEAgMAAAAAAAAAAAAAAAABAhIDESIxBAURAAICAwAAAAAAAAAAAAAAAAESABNRoQP/2gAMAwEAAhEDEQA/AJDq1rfF3Imeg/1+lFy2oR564DKWWWbweV+Buf/Z">',
  394. },
  395. }
  396. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  397. assert_response(201)
  398. result = JSON.parse(@response.body)
  399. assert_equal(Hash, result.class)
  400. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  401. assert_equal('a new ticket #15', result['title'])
  402. assert_equal(@customer_without_org.id, result['customer_id'])
  403. assert_equal(@agent.id, result['updated_by_id'])
  404. assert_equal(@agent.id, result['created_by_id'])
  405. ticket = Ticket.find(result['id'])
  406. assert_equal(1, ticket.articles.count)
  407. assert_equal(2, ticket.articles.first.attachments.count)
  408. file = ticket.articles.first.attachments[0]
  409. assert_equal('d3c1e09bdefb92b6a06b791a24ca9599', Digest::MD5.hexdigest(file.content))
  410. assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename)
  411. assert_equal('image/png', file.preferences['Mime-Type'])
  412. assert(file.preferences['Content-ID'])
  413. file = ticket.articles.first.attachments[1]
  414. assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content))
  415. assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename)
  416. assert_equal('image/jpeg', file.preferences['Mime-Type'])
  417. assert(file.preferences['Content-ID'])
  418. end
  419. test '01.16 ticket create with agent - minimal article and inline attachments with customer' do
  420. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  421. params = {
  422. title: 'a new ticket #16',
  423. group: 'Users',
  424. customer_id: @customer_without_org.id,
  425. article: {
  426. content_type: 'text/html',
  427. subject: 'some test 123',
  428. body: 'some test 123 <img src="data:image/jpeg;base64,/9j/4QAYRXhpZgAASUkqAAgAAAAAAAAAAAAAAP/sABFEdWNreQABAAQAAAAJAAD/4QMtaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLwA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/PiA8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjMtYzAxMSA2Ni4xNDU2NjEsIDIwMTIvMDIvMDYtMTQ6NTY6MjcgICAgICAgICI+IDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+IDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iIHhtbG5zOnN0UmVmPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VSZWYjIiB4bXA6Q3JlYXRvclRvb2w9IkFkb2JlIFBob3Rvc2hvcCBDUzYgKE1hY2ludG9zaCkiIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6QzJCOTE2NzlGQUEwMTFFNjg0M0NGQjU0OUU4MTFEOEIiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6QzJCOTE2N0FGQUEwMTFFNjg0M0NGQjU0OUU4MTFEOEIiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDpDMkI5MTY3N0ZBQTAxMUU2ODQzQ0ZCNTQ5RTgxMUQ4QiIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDpDMkI5MTY3OEZBQTAxMUU2ODQzQ0ZCNTQ5RTgxMUQ4QiIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/Pv/uAA5BZG9iZQBkwAAAAAH/2wCEABQRERoTGioZGSo1KCEoNTEpKCgpMUE4ODg4OEFEREREREREREREREREREREREREREREREREREREREREREREREQBFhoaIh0iKRoaKTkpIik5RDktLTlEREREOERERERERERERERERERERERERERERERERERERERERERERERERERERP/AABEIABAADAMBIgACEQEDEQH/xABbAAEBAAAAAAAAAAAAAAAAAAAEBQEBAQAAAAAAAAAAAAAAAAAABAUQAAEEAgMAAAAAAAAAAAAAAAABAhIDESIxBAURAAICAwAAAAAAAAAAAAAAAAESABNRoQP/2gAMAwEAAhEDEQA/AJDq1rfF3Imeg/1+lFy2oR564DKWWWbweV+Buf/Z"
  429. >',
  430. attachments: [
  431. 'filename' => 'some_file.txt',
  432. 'data' => 'dGVzdCAxMjM=',
  433. 'mime-type' => 'text/plain',
  434. ],
  435. },
  436. }
  437. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  438. assert_response(201)
  439. result = JSON.parse(@response.body)
  440. assert_equal(Hash, result.class)
  441. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  442. assert_equal('a new ticket #16', result['title'])
  443. assert_equal(@customer_without_org.id, result['customer_id'])
  444. assert_equal(@agent.id, result['updated_by_id'])
  445. assert_equal(@agent.id, result['created_by_id'])
  446. ticket = Ticket.find(result['id'])
  447. assert_equal(1, ticket.articles.count)
  448. assert_equal(2, ticket.articles.first.attachments.count)
  449. file = ticket.articles.first.attachments[0]
  450. assert_equal('006a2ca3793b550c8fe444acdeb39252', Digest::MD5.hexdigest(file.content))
  451. assert_match(/#{ticket.id}\..+?@zammad.example.com/, file.filename)
  452. assert_equal('image/jpeg', file.preferences['Mime-Type'])
  453. assert(file.preferences['Content-ID'])
  454. file = ticket.articles.first.attachments[1]
  455. assert_equal('39d0d586a701e199389d954f2d592720', Digest::MD5.hexdigest(file.content))
  456. assert_equal('some_file.txt', file.filename)
  457. assert_equal('text/plain', file.preferences['Mime-Type'])
  458. assert_not(file.preferences['Content-ID'])
  459. end
  460. test '02.02 ticket create with agent' do
  461. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  462. params = {
  463. title: 'a new ticket #1',
  464. state: 'new',
  465. priority: '2 normal',
  466. group: 'Users',
  467. customer: 'tickets-customer1@example.com',
  468. article: {
  469. content_type: 'text/plain', # or text/html
  470. body: 'some body',
  471. },
  472. links: {
  473. Ticket: {
  474. parent: [1],
  475. }
  476. }
  477. }
  478. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  479. assert_response(201)
  480. result = JSON.parse(@response.body)
  481. assert_equal(Hash, result.class)
  482. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  483. assert_equal('a new ticket #1', result['title'])
  484. assert_equal(@agent.id, result['updated_by_id'])
  485. assert_equal(@agent.id, result['created_by_id'])
  486. links = Link.list(
  487. link_object: 'Ticket',
  488. link_object_value: result['id'],
  489. )
  490. assert_equal('child', links[0]['link_type'])
  491. assert_equal('Ticket', links[0]['link_object'])
  492. assert_equal(1, links[0]['link_object_value'])
  493. end
  494. test '02.03 ticket with wrong ticket id' do
  495. group = Group.create_or_update(
  496. name: "GroupWithoutPermission-#{rand(9_999_999_999)}",
  497. active: true,
  498. updated_by_id: 1,
  499. created_by_id: 1,
  500. )
  501. ticket = Ticket.create!(
  502. title: 'ticket with wrong ticket id',
  503. group_id: group.id,
  504. customer_id: @customer_without_org.id,
  505. state: Ticket::State.lookup(name: 'new'),
  506. priority: Ticket::Priority.lookup(name: '2 normal'),
  507. updated_by_id: 1,
  508. created_by_id: 1,
  509. )
  510. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  511. get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
  512. assert_response(401)
  513. result = JSON.parse(@response.body)
  514. assert_equal(Hash, result.class)
  515. assert_equal('Not authorized', result['error'])
  516. params = {
  517. title: 'ticket with wrong ticket id - 2',
  518. }
  519. put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
  520. assert_response(401)
  521. result = JSON.parse(@response.body)
  522. assert_equal(Hash, result.class)
  523. assert_equal('Not authorized', result['error'])
  524. delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
  525. assert_response(401)
  526. result = JSON.parse(@response.body)
  527. assert_equal(Hash, result.class)
  528. assert_equal('Not authorized', result['error'])
  529. end
  530. test '02.04 ticket with correct ticket id' do
  531. title = "ticket with corret ticket id testagent#{rand(999_999_999)}"
  532. ticket = Ticket.create!(
  533. title: title,
  534. group: Group.lookup(name: 'Users'),
  535. customer_id: @customer_without_org.id,
  536. state: Ticket::State.lookup(name: 'new'),
  537. priority: Ticket::Priority.lookup(name: '2 normal'),
  538. updated_by_id: 1,
  539. created_by_id: 1,
  540. )
  541. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-agent@example.com', 'agentpw')
  542. get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
  543. assert_response(200)
  544. result = JSON.parse(@response.body)
  545. assert_equal(Hash, result.class)
  546. assert_equal(ticket.id, result['id'])
  547. assert_equal(title, result['title'])
  548. assert_equal(ticket.customer_id, result['customer_id'])
  549. assert_equal(1, result['updated_by_id'])
  550. assert_equal(1, result['created_by_id'])
  551. params = {
  552. title: "#{title} - 2",
  553. customer_id: @agent.id,
  554. }
  555. put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
  556. assert_response(200)
  557. result = JSON.parse(@response.body)
  558. assert_equal(Hash, result.class)
  559. assert_equal(ticket.id, result['id'])
  560. assert_equal("#{title} - 2", result['title'])
  561. assert_equal(@agent.id, result['customer_id'])
  562. assert_equal(@agent.id, result['updated_by_id'])
  563. assert_equal(1, result['created_by_id'])
  564. params = {
  565. ticket_id: ticket.id,
  566. subject: 'some subject',
  567. body: 'some body',
  568. }
  569. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  570. assert_response(201)
  571. article_result = JSON.parse(@response.body)
  572. assert_equal(Hash, article_result.class)
  573. assert_equal(ticket.id, article_result['ticket_id'])
  574. assert_equal('Tickets Agent', article_result['from'])
  575. assert_equal('some subject', article_result['subject'])
  576. assert_equal('some body', article_result['body'])
  577. assert_equal('text/plain', article_result['content_type'])
  578. assert_equal(false, article_result['internal'])
  579. assert_equal(@agent.id, article_result['created_by_id'])
  580. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, article_result['sender_id'])
  581. assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id'])
  582. Scheduler.worker(true)
  583. get "/api/v1/tickets/search?query=#{CGI.escape(title)}", {}, @headers.merge('Authorization' => credentials)
  584. assert_response(200)
  585. result = JSON.parse(@response.body)
  586. assert_equal(Hash, result.class)
  587. assert_equal(ticket.id, result['tickets'][0])
  588. assert_equal(1, result['tickets_count'])
  589. params = {
  590. condition: {
  591. 'ticket.title' => {
  592. operator: 'contains',
  593. value: title,
  594. },
  595. },
  596. }
  597. post '/api/v1/tickets/search', params.to_json, @headers.merge('Authorization' => credentials)
  598. assert_response(200)
  599. result = JSON.parse(@response.body)
  600. assert_equal(Hash, result.class)
  601. assert_equal(ticket.id, result['tickets'][0])
  602. assert_equal(1, result['tickets_count'])
  603. delete "/api/v1/ticket_articles/#{article_result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  604. assert_response(200)
  605. params = {
  606. from: 'something which should not be changed on server side',
  607. ticket_id: ticket.id,
  608. subject: 'some subject',
  609. body: 'some body',
  610. type: 'email',
  611. internal: true,
  612. }
  613. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  614. assert_response(201)
  615. result = JSON.parse(@response.body)
  616. assert_equal(Hash, result.class)
  617. assert_equal(ticket.id, result['ticket_id'])
  618. assert_equal('"Tickets Agent via Zammad" <zammad@localhost>', result['from'])
  619. assert_equal('some subject', result['subject'])
  620. assert_equal('some body', result['body'])
  621. assert_equal('text/plain', result['content_type'])
  622. assert_equal(true, result['internal'])
  623. assert_equal(@agent.id, result['created_by_id'])
  624. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
  625. assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
  626. params = {
  627. subject: 'new subject',
  628. }
  629. put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
  630. assert_response(200)
  631. result = JSON.parse(@response.body)
  632. assert_equal(Hash, result.class)
  633. assert_equal(ticket.id, result['ticket_id'])
  634. assert_equal('"Tickets Agent via Zammad" <zammad@localhost>', result['from'])
  635. assert_equal('new subject', result['subject'])
  636. assert_equal('some body', result['body'])
  637. assert_equal('text/plain', result['content_type'])
  638. assert_equal(true, result['internal'])
  639. assert_equal(@agent.id, result['created_by_id'])
  640. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
  641. assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
  642. delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  643. assert_response(401)
  644. result = JSON.parse(@response.body)
  645. assert_equal(Hash, result.class)
  646. assert_equal('Not authorized (admin permission required)!', result['error'])
  647. delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
  648. assert_response(401)
  649. result = JSON.parse(@response.body)
  650. assert_equal(Hash, result.class)
  651. assert_equal('Not authorized (admin permission required)!', result['error'])
  652. end
  653. test '02.05 ticket with correct ticket id' do
  654. ticket = Ticket.create!(
  655. title: 'ticket with corret ticket id',
  656. group: Group.lookup(name: 'Users'),
  657. customer_id: @customer_without_org.id,
  658. state: Ticket::State.lookup(name: 'new'),
  659. priority: Ticket::Priority.lookup(name: '2 normal'),
  660. updated_by_id: 1,
  661. created_by_id: 1,
  662. )
  663. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
  664. get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
  665. assert_response(200)
  666. result = JSON.parse(@response.body)
  667. assert_equal(Hash, result.class)
  668. assert_equal(ticket.id, result['id'])
  669. assert_equal('ticket with corret ticket id', result['title'])
  670. assert_equal(ticket.customer_id, result['customer_id'])
  671. assert_equal(1, result['updated_by_id'])
  672. assert_equal(1, result['created_by_id'])
  673. params = {
  674. title: 'ticket with corret ticket id - 2',
  675. customer_id: @agent.id,
  676. }
  677. put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
  678. assert_response(200)
  679. result = JSON.parse(@response.body)
  680. assert_equal(Hash, result.class)
  681. assert_equal(ticket.id, result['id'])
  682. assert_equal('ticket with corret ticket id - 2', result['title'])
  683. assert_equal(@agent.id, result['customer_id'])
  684. assert_equal(@admin.id, result['updated_by_id'])
  685. assert_equal(1, result['created_by_id'])
  686. params = {
  687. from: 'something which should not be changed on server side',
  688. ticket_id: ticket.id,
  689. subject: 'some subject',
  690. body: 'some body',
  691. }
  692. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  693. assert_response(201)
  694. result = JSON.parse(@response.body)
  695. assert_equal(Hash, result.class)
  696. assert_equal(ticket.id, result['ticket_id'])
  697. assert_equal('Tickets Admin', result['from'])
  698. assert_equal('some subject', result['subject'])
  699. assert_equal('some body', result['body'])
  700. assert_equal('text/plain', result['content_type'])
  701. assert_equal(false, result['internal'])
  702. assert_equal(@admin.id, result['created_by_id'])
  703. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
  704. assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
  705. params = {
  706. subject: 'new subject',
  707. internal: true,
  708. }
  709. put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
  710. assert_response(200)
  711. result = JSON.parse(@response.body)
  712. assert_equal(Hash, result.class)
  713. assert_equal(ticket.id, result['ticket_id'])
  714. assert_equal('Tickets Admin', result['from'])
  715. assert_equal('new subject', result['subject'])
  716. assert_equal('some body', result['body'])
  717. assert_equal('text/plain', result['content_type'])
  718. assert_equal(true, result['internal'])
  719. assert_equal(@admin.id, result['created_by_id'])
  720. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
  721. assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
  722. delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  723. assert_response(200)
  724. params = {
  725. ticket_id: ticket.id,
  726. subject: 'some subject',
  727. body: 'some body',
  728. type: 'email',
  729. }
  730. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  731. assert_response(201)
  732. result = JSON.parse(@response.body)
  733. assert_equal(Hash, result.class)
  734. assert_equal(ticket.id, result['ticket_id'])
  735. assert_equal('"Tickets Admin via Zammad" <zammad@localhost>', result['from'])
  736. assert_equal('some subject', result['subject'])
  737. assert_equal('some body', result['body'])
  738. assert_equal('text/plain', result['content_type'])
  739. assert_equal(false, result['internal'])
  740. assert_equal(@admin.id, result['created_by_id'])
  741. assert_equal(Ticket::Article::Sender.lookup(name: 'Agent').id, result['sender_id'])
  742. assert_equal(Ticket::Article::Type.lookup(name: 'email').id, result['type_id'])
  743. delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  744. assert_response(200)
  745. delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
  746. assert_response(200)
  747. end
  748. test '02.05 ticket pagination' do
  749. title = "ticket pagination #{rand(999_999_999)}"
  750. tickets = []
  751. (1..20).each { |count|
  752. ticket = Ticket.create!(
  753. title: "#{title} - #{count}",
  754. group: Group.lookup(name: 'Users'),
  755. customer_id: @customer_without_org.id,
  756. state: Ticket::State.lookup(name: 'new'),
  757. priority: Ticket::Priority.lookup(name: '2 normal'),
  758. updated_by_id: 1,
  759. created_by_id: 1,
  760. )
  761. Ticket::Article.create!(
  762. type: Ticket::Article::Type.lookup(name: 'note'),
  763. sender: Ticket::Article::Sender.lookup(name: 'Customer'),
  764. from: 'sender',
  765. subject: 'subject',
  766. body: 'some body',
  767. ticket_id: ticket.id,
  768. updated_by_id: 1,
  769. created_by_id: 1,
  770. )
  771. tickets.push ticket
  772. sleep 1
  773. }
  774. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-admin', 'adminpw')
  775. get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40", {}, @headers.merge('Authorization' => credentials)
  776. assert_response(200)
  777. result = JSON.parse(@response.body)
  778. assert_equal(Hash, result.class)
  779. assert_equal(tickets[19].id, result['tickets'][0])
  780. assert_equal(tickets[0].id, result['tickets'][19])
  781. assert_equal(20, result['tickets_count'])
  782. get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=10", {}, @headers.merge('Authorization' => credentials)
  783. assert_response(200)
  784. result = JSON.parse(@response.body)
  785. assert_equal(Hash, result.class)
  786. assert_equal(tickets[19].id, result['tickets'][0])
  787. assert_equal(tickets[10].id, result['tickets'][9])
  788. assert_equal(10, result['tickets_count'])
  789. get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=1&per_page=5", {}, @headers.merge('Authorization' => credentials)
  790. assert_response(200)
  791. result = JSON.parse(@response.body)
  792. assert_equal(Hash, result.class)
  793. assert_equal(tickets[19].id, result['tickets'][0])
  794. assert_equal(tickets[15].id, result['tickets'][4])
  795. assert_equal(5, result['tickets_count'])
  796. get "/api/v1/tickets/search?query=#{CGI.escape(title)}&limit=40&page=2&per_page=5", {}, @headers.merge('Authorization' => credentials)
  797. assert_response(200)
  798. result = JSON.parse(@response.body)
  799. assert_equal(Hash, result.class)
  800. assert_equal(tickets[14].id, result['tickets'][0])
  801. assert_equal(tickets[10].id, result['tickets'][4])
  802. assert_equal(5, result['tickets_count'])
  803. get '/api/v1/tickets?limit=40&page=1&per_page=5', {}, @headers.merge('Authorization' => credentials)
  804. assert_response(200)
  805. result = JSON.parse(@response.body)
  806. assert_equal(Array, result.class)
  807. tickets = Ticket.order(:id).limit(5)
  808. assert_equal(tickets[0].id, result[0]['id'])
  809. assert_equal(tickets[4].id, result[4]['id'])
  810. assert_equal(5, result.count)
  811. get '/api/v1/tickets?limit=40&page=2&per_page=5', {}, @headers.merge('Authorization' => credentials)
  812. assert_response(200)
  813. result = JSON.parse(@response.body)
  814. assert_equal(Array, result.class)
  815. tickets = Ticket.order(:id).limit(10)
  816. assert_equal(tickets[5].id, result[0]['id'])
  817. assert_equal(tickets[9].id, result[4]['id'])
  818. assert_equal(5, result.count)
  819. end
  820. test '03.01 ticket create with customer minimal' do
  821. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
  822. params = {
  823. title: 'a new ticket #c1',
  824. state: 'new',
  825. priority: '2 normal',
  826. group: 'Users',
  827. article: {
  828. body: 'some body',
  829. },
  830. }
  831. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  832. assert_response(201)
  833. result = JSON.parse(@response.body)
  834. assert_equal(Hash, result.class)
  835. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  836. assert_equal('a new ticket #c1', result['title'])
  837. assert_equal(@customer_without_org.id, result['customer_id'])
  838. assert_equal(@customer_without_org.id, result['updated_by_id'])
  839. assert_equal(@customer_without_org.id, result['created_by_id'])
  840. end
  841. test '03.02 ticket create with customer with wrong customer' do
  842. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
  843. params = {
  844. title: 'a new ticket #c2',
  845. state: 'new',
  846. priority: '2 normal',
  847. group: 'Users',
  848. customer_id: @agent.id,
  849. article: {
  850. content_type: 'text/plain', # or text/html
  851. body: 'some body',
  852. sender: 'System',
  853. },
  854. }
  855. post '/api/v1/tickets', params.to_json, @headers.merge('Authorization' => credentials)
  856. assert_response(201)
  857. result = JSON.parse(@response.body)
  858. assert_equal(Hash, result.class)
  859. assert_equal(Ticket::State.lookup(name: 'new').id, result['state_id'])
  860. assert_equal('a new ticket #c2', result['title'])
  861. assert_equal(@customer_without_org.id, result['customer_id'])
  862. assert_equal(@customer_without_org.id, result['updated_by_id'])
  863. assert_equal(@customer_without_org.id, result['created_by_id'])
  864. end
  865. test '03.03 ticket with wrong ticket id' do
  866. ticket = Ticket.create!(
  867. title: 'ticket with wrong ticket id',
  868. group: Group.lookup(name: 'Users'),
  869. customer_id: @agent.id,
  870. state: Ticket::State.lookup(name: 'new'),
  871. priority: Ticket::Priority.lookup(name: '2 normal'),
  872. updated_by_id: 1,
  873. created_by_id: 1,
  874. )
  875. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
  876. get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
  877. assert_response(401)
  878. result = JSON.parse(@response.body)
  879. assert_equal(Hash, result.class)
  880. assert_equal('Not authorized', result['error'])
  881. params = {
  882. title: 'ticket with wrong ticket id - 2',
  883. }
  884. put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
  885. assert_response(401)
  886. result = JSON.parse(@response.body)
  887. assert_equal(Hash, result.class)
  888. assert_equal('Not authorized', result['error'])
  889. delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
  890. assert_response(401)
  891. result = JSON.parse(@response.body)
  892. assert_equal(Hash, result.class)
  893. assert_equal('Not authorized', result['error'])
  894. end
  895. test '03.04 ticket with correct ticket id' do
  896. title = "ticket with corret ticket id testme#{rand(999_999_999)}"
  897. ticket = Ticket.create!(
  898. title: title,
  899. group: Group.lookup(name: 'Users'),
  900. customer_id: @customer_without_org.id,
  901. state: Ticket::State.lookup(name: 'new'),
  902. priority: Ticket::Priority.lookup(name: '2 normal'),
  903. updated_by_id: 1,
  904. created_by_id: 1,
  905. )
  906. credentials = ActionController::HttpAuthentication::Basic.encode_credentials('tickets-customer1@example.com', 'customer1pw')
  907. get "/api/v1/tickets/#{ticket.id}", {}, @headers.merge('Authorization' => credentials)
  908. assert_response(200)
  909. result = JSON.parse(@response.body)
  910. assert_equal(Hash, result.class)
  911. assert_equal(ticket.id, result['id'])
  912. assert_equal(title, result['title'])
  913. assert_equal(ticket.customer_id, result['customer_id'])
  914. assert_equal(1, result['updated_by_id'])
  915. assert_equal(1, result['created_by_id'])
  916. params = {
  917. title: "#{title} - 2",
  918. customer_id: @agent.id,
  919. }
  920. put "/api/v1/tickets/#{ticket.id}", params.to_json, @headers.merge('Authorization' => credentials)
  921. assert_response(200)
  922. result = JSON.parse(@response.body)
  923. assert_equal(Hash, result.class)
  924. assert_equal(ticket.id, result['id'])
  925. assert_equal("#{title} - 2", result['title'])
  926. assert_equal(ticket.customer_id, result['customer_id'])
  927. assert_equal(@customer_without_org.id, result['updated_by_id'])
  928. assert_equal(1, result['created_by_id'])
  929. params = {
  930. ticket_id: ticket.id,
  931. subject: 'some subject',
  932. body: 'some body',
  933. }
  934. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  935. assert_response(201)
  936. article_result = JSON.parse(@response.body)
  937. assert_equal(Hash, article_result.class)
  938. assert_equal(ticket.id, article_result['ticket_id'])
  939. assert_equal('Tickets Customer1', article_result['from'])
  940. assert_equal('some subject', article_result['subject'])
  941. assert_equal('some body', article_result['body'])
  942. assert_equal('text/plain', article_result['content_type'])
  943. assert_equal(@customer_without_org.id, article_result['created_by_id'])
  944. assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, article_result['sender_id'])
  945. assert_equal(Ticket::Article::Type.lookup(name: 'note').id, article_result['type_id'])
  946. Scheduler.worker(true)
  947. get "/api/v1/tickets/search?query=#{CGI.escape(title)}", {}, @headers.merge('Authorization' => credentials)
  948. assert_response(200)
  949. result = JSON.parse(@response.body)
  950. assert_equal(Hash, result.class)
  951. assert_equal(ticket.id, result['tickets'][0])
  952. assert_equal(1, result['tickets_count'])
  953. params = {
  954. condition: {
  955. 'ticket.title' => {
  956. operator: 'contains',
  957. value: title,
  958. },
  959. },
  960. }
  961. post '/api/v1/tickets/search', params.to_json, @headers.merge('Authorization' => credentials)
  962. assert_response(200)
  963. result = JSON.parse(@response.body)
  964. assert_equal(Hash, result.class)
  965. assert_equal(ticket.id, result['tickets'][0])
  966. assert_equal(1, result['tickets_count'])
  967. delete "/api/v1/ticket_articles/#{article_result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  968. assert_response(401)
  969. result = JSON.parse(@response.body)
  970. assert_equal(Hash, result.class)
  971. assert_equal('Not authorized (admin permission required)!', result['error'])
  972. params = {
  973. ticket_id: ticket.id,
  974. subject: 'some subject',
  975. body: 'some body',
  976. type: 'email',
  977. sender: 'Agent',
  978. }
  979. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  980. assert_response(201)
  981. result = JSON.parse(@response.body)
  982. assert_equal(Hash, result.class)
  983. assert_equal(ticket.id, result['ticket_id'])
  984. assert_equal('Tickets Customer1', result['from'])
  985. assert_equal('some subject', result['subject'])
  986. assert_equal('some body', result['body'])
  987. assert_equal('text/plain', result['content_type'])
  988. assert_equal(@customer_without_org.id, result['created_by_id'])
  989. assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
  990. assert_equal(Ticket::Article::Type.lookup(name: 'note').id, result['type_id'])
  991. delete "/api/v1/ticket_articles/#{result['id']}", {}.to_json, @headers.merge('Authorization' => credentials)
  992. assert_response(401)
  993. result = JSON.parse(@response.body)
  994. assert_equal(Hash, result.class)
  995. assert_equal('Not authorized (admin permission required)!', result['error'])
  996. params = {
  997. from: 'something which should not be changed on server side',
  998. ticket_id: ticket.id,
  999. subject: 'some subject',
  1000. body: 'some body',
  1001. type: 'web',
  1002. sender: 'Agent',
  1003. internal: true,
  1004. }
  1005. post '/api/v1/ticket_articles', params.to_json, @headers.merge('Authorization' => credentials)
  1006. assert_response(201)
  1007. result = JSON.parse(@response.body)
  1008. assert_equal(Hash, result.class)
  1009. assert_equal(ticket.id, result['ticket_id'])
  1010. assert_equal('Tickets Customer1 <tickets-customer1@example.com>', result['from'])
  1011. assert_equal('some subject', result['subject'])
  1012. assert_equal('some body', result['body'])
  1013. assert_equal('text/plain', result['content_type'])
  1014. assert_equal(false, result['internal'])
  1015. assert_equal(@customer_without_org.id, result['created_by_id'])
  1016. assert_equal(Ticket::Article::Sender.lookup(name: 'Customer').id, result['sender_id'])
  1017. assert_equal(Ticket::Article::Type.lookup(name: 'web').id, result['type_id'])
  1018. params = {
  1019. subject: 'new subject',
  1020. }
  1021. put "/api/v1/ticket_articles/#{result['id']}", params.to_json, @headers.merge('Authorization' => credentials)
  1022. assert_response(401)
  1023. result = JSON.parse(@response.body)
  1024. assert_equal(Hash, result.class)
  1025. assert_equal('Not authorized (ticket.agent or admin permission required)!', result['error'])
  1026. delete "/api/v1/tickets/#{ticket.id}", {}.to_json, @headers.merge('Authorization' => credentials)
  1027. assert_response(401)
  1028. result = JSON.parse(@response.body)
  1029. assert_equal(Hash, result.class)
  1030. assert_equal('Not authorized (admin permission required)!', result['error'])
  1031. end
  1032. end