mirror of
https://github.com/zammad/zammad
synced 2026-05-24 09:48:36 +00:00
302 lines
9.8 KiB
Ruby
302 lines
9.8 KiB
Ruby
# encoding: utf-8
|
|
require 'test_helper'
|
|
|
|
class SettingsControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
|
|
# set accept header
|
|
@headers = { 'ACCEPT' => 'application/json', 'CONTENT_TYPE' => 'application/json' }
|
|
|
|
# create agent
|
|
roles = Role.where(name: %w(Admin Agent))
|
|
groups = Group.all
|
|
|
|
UserInfo.current_user_id = 1
|
|
@admin_full = User.create_or_update(
|
|
login: 'setting-admin',
|
|
firstname: 'Setting',
|
|
lastname: 'Admin',
|
|
email: 'setting-admin@example.com',
|
|
password: 'adminpw',
|
|
active: true,
|
|
roles: roles,
|
|
groups: groups,
|
|
)
|
|
|
|
role_api = Role.create_or_update(
|
|
name: 'AdminApi',
|
|
note: 'To configure your api.',
|
|
preferences: {
|
|
not: ['Customer'],
|
|
},
|
|
default_at_signup: false,
|
|
updated_by_id: 1,
|
|
created_by_id: 1
|
|
)
|
|
role_api.permission_grant('admin.api')
|
|
@admin_api = User.create_or_update(
|
|
login: 'setting-admin-api',
|
|
firstname: 'Setting',
|
|
lastname: 'Admin Api',
|
|
email: 'setting-admin-api@example.com',
|
|
password: 'adminpw',
|
|
active: true,
|
|
roles: [role_api],
|
|
groups: groups,
|
|
)
|
|
|
|
# create agent
|
|
roles = Role.where(name: 'Agent')
|
|
@agent = User.create_or_update(
|
|
login: 'setting-agent@example.com',
|
|
firstname: 'Setting',
|
|
lastname: 'Agent',
|
|
email: 'setting-agent@example.com',
|
|
password: 'agentpw',
|
|
active: true,
|
|
roles: roles,
|
|
groups: groups,
|
|
)
|
|
|
|
# create customer without org
|
|
roles = Role.where(name: 'Customer')
|
|
@customer_without_org = User.create_or_update(
|
|
login: 'setting-customer1@example.com',
|
|
firstname: 'Setting',
|
|
lastname: 'Customer1',
|
|
email: 'setting-customer1@example.com',
|
|
password: 'customer1pw',
|
|
active: true,
|
|
roles: roles,
|
|
)
|
|
|
|
end
|
|
|
|
test 'settings index with nobody' do
|
|
|
|
# index
|
|
get '/api/v1/settings', {}, @headers
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_not(result['settings'])
|
|
|
|
# show
|
|
setting = Setting.find_by(name: 'product_name')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('authentication failed', result['error'])
|
|
end
|
|
|
|
test 'settings index with admin' do
|
|
|
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin@example.com', 'adminpw')
|
|
|
|
# index
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
hit_api = false
|
|
hit_product_name = false
|
|
result.each { |setting|
|
|
if setting['name'] == 'api_token_access'
|
|
hit_api = true
|
|
end
|
|
if setting['name'] == 'product_name'
|
|
hit_product_name = true
|
|
end
|
|
}
|
|
assert_equal(true, hit_api)
|
|
assert_equal(true, hit_product_name)
|
|
|
|
# show
|
|
setting = Setting.find_by(name: 'product_name')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('product_name', result['name'])
|
|
|
|
setting = Setting.find_by(name: 'api_token_access')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('api_token_access', result['name'])
|
|
|
|
# update
|
|
setting = Setting.find_by(name: 'product_name')
|
|
params = {
|
|
id: setting.id,
|
|
name: 'some_new_name',
|
|
preferences: {
|
|
permission: ['admin.branding', 'admin.some_new_permission'],
|
|
some_new_key: true,
|
|
}
|
|
}
|
|
put "/api/v1/settings/#{setting.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('product_name', result['name'])
|
|
assert_equal(1, result['preferences']['permission'].length)
|
|
assert_equal('admin.branding', result['preferences']['permission'][0])
|
|
assert_equal(true, result['preferences']['some_new_key'])
|
|
|
|
# update
|
|
setting = Setting.find_by(name: 'api_token_access')
|
|
params = {
|
|
id: setting.id,
|
|
name: 'some_new_name',
|
|
preferences: {
|
|
permission: ['admin.branding', 'admin.some_new_permission'],
|
|
some_new_key: true,
|
|
}
|
|
}
|
|
put "/api/v1/settings/#{setting.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('api_token_access', result['name'])
|
|
assert_equal(1, result['preferences']['permission'].length)
|
|
assert_equal('admin.api', result['preferences']['permission'][0])
|
|
assert_equal(true, result['preferences']['some_new_key'])
|
|
|
|
# delete
|
|
setting = Setting.find_by(name: 'product_name')
|
|
delete "/api/v1/settings/#{setting.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (feature not possible)', result['error'])
|
|
end
|
|
|
|
test 'settings index with admin-api' do
|
|
|
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-admin-api@example.com', 'adminpw')
|
|
|
|
# index
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Array, result.class)
|
|
assert(result)
|
|
hit_api = false
|
|
hit_product_name = false
|
|
result.each { |setting|
|
|
if setting['name'] == 'api_token_access'
|
|
hit_api = true
|
|
end
|
|
if setting['name'] == 'product_name'
|
|
hit_product_name = true
|
|
end
|
|
}
|
|
assert_equal(true, hit_api)
|
|
assert_equal(false, hit_product_name)
|
|
|
|
# show
|
|
setting = Setting.find_by(name: 'product_name')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (required ["admin.branding"])', result['error'])
|
|
|
|
setting = Setting.find_by(name: 'api_token_access')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('api_token_access', result['name'])
|
|
|
|
# update
|
|
setting = Setting.find_by(name: 'product_name')
|
|
params = {
|
|
id: setting.id,
|
|
name: 'some_new_name',
|
|
preferences: {
|
|
permission: ['admin.branding', 'admin.some_new_permission'],
|
|
some_new_key: true,
|
|
}
|
|
}
|
|
put "/api/v1/settings/#{setting.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (required ["admin.branding"])', result['error'])
|
|
|
|
# update
|
|
setting = Setting.find_by(name: 'api_token_access')
|
|
params = {
|
|
id: setting.id,
|
|
name: 'some_new_name',
|
|
preferences: {
|
|
permission: ['admin.branding', 'admin.some_new_permission'],
|
|
some_new_key: true,
|
|
}
|
|
}
|
|
put "/api/v1/settings/#{setting.id}", params.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(200)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_equal('api_token_access', result['name'])
|
|
assert_equal(1, result['preferences']['permission'].length)
|
|
assert_equal('admin.api', result['preferences']['permission'][0])
|
|
assert_equal(true, result['preferences']['some_new_key'])
|
|
|
|
# delete
|
|
setting = Setting.find_by(name: 'product_name')
|
|
delete "/api/v1/settings/#{setting.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (feature not possible)', result['error'])
|
|
end
|
|
|
|
test 'settings index with agent' do
|
|
|
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-agent@example.com', 'agentpw')
|
|
|
|
# index
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_not(result['settings'])
|
|
assert_equal('Not authorized (user)!', result['error'])
|
|
|
|
# show
|
|
setting = Setting.find_by(name: 'product_name')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (user)!', result['error'])
|
|
end
|
|
|
|
test 'settings index with customer' do
|
|
|
|
credentials = ActionController::HttpAuthentication::Basic.encode_credentials('setting-customer1@example.com', 'customer1pw')
|
|
|
|
# index
|
|
get '/api/v1/settings', {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal(Hash, result.class)
|
|
assert_not(result['settings'])
|
|
assert_equal('Not authorized (user)!', result['error'])
|
|
|
|
# show
|
|
setting = Setting.find_by(name: 'product_name')
|
|
get "/api/v1/settings/#{setting.id}", {}, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (user)!', result['error'])
|
|
|
|
# delete
|
|
setting = Setting.find_by(name: 'product_name')
|
|
delete "/api/v1/settings/#{setting.id}", {}.to_json, @headers.merge('Authorization' => credentials)
|
|
assert_response(401)
|
|
result = JSON.parse(@response.body)
|
|
assert_equal('Not authorized (user)!', result['error'])
|
|
end
|
|
|
|
end
|