ticket_policy_spec.rb 2.3 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182
  1. # Copyright (C) 2012-2022 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. describe TicketPolicy do
  4. subject { described_class.new(user, record) }
  5. let(:record) { create(:ticket) }
  6. context 'when given ticket’s owner' do
  7. let(:user) { record.owner }
  8. it { is_expected.to forbid_actions(%i[show full]) }
  9. context 'when owner has ticket.agent permission' do
  10. let(:user) do
  11. create(:agent, groups: [record.group]).tap do |user|
  12. record.update!(owner: user)
  13. end
  14. end
  15. it { is_expected.to permit_actions(%i[show full]) }
  16. end
  17. end
  18. context 'when given user that is agent and customer' do
  19. let(:user) { create(:agent_and_customer, groups: [record.group]) }
  20. it { is_expected.to permit_actions(%i[show full]) }
  21. end
  22. context 'when given a user that is neither owner nor customer' do
  23. let(:user) { create(:agent) }
  24. it { is_expected.to forbid_actions(%i[show full]) }
  25. context 'but the user is an agent with full access to ticket’s group' do
  26. before { user.group_names_access_map = { record.group.name => 'full' } }
  27. it { is_expected.to permit_actions(%i[show full]) }
  28. end
  29. context 'but the user is a customer from the same organization as ticket’s customer' do
  30. let(:record) { create(:ticket, customer: customer) }
  31. let(:customer) { create(:customer, organization: create(:organization)) }
  32. let(:user) { create(:customer, organization: customer.organization) }
  33. context 'and organization.shared is true (default)' do
  34. it { is_expected.to permit_actions(%i[show full]) }
  35. end
  36. context 'but organization.shared is false' do
  37. before { customer.organization.update(shared: false) }
  38. it { is_expected.to forbid_actions(%i[show full]) }
  39. end
  40. end
  41. context 'when user is admin with group access' do
  42. let(:user) { create(:user, roles: Role.where(name: %w[Admin])) }
  43. it { is_expected.to forbid_actions(%i[show full]) }
  44. end
  45. end
  46. context 'when user is agent' do
  47. context 'when owner has ticket.agent permission' do
  48. let(:user) do
  49. create(:agent, groups: [record.group]).tap do |user|
  50. record.update!(owner: user)
  51. end
  52. end
  53. it { is_expected.to permit_actions(%i[show full]) }
  54. end
  55. end
  56. end