Skip to content

Commit

Permalink
Fixes zammad#1339 deny ticket creation over web
Browse files Browse the repository at this point in the history
  • Loading branch information
@mantas
mantas committed May 31, 2018
1 parent 8f708b7 commit 7fd5393
Show file tree
Hide file tree
Showing 3 changed files with 95 additions and 30 deletions.
8 changes: 7 additions & 1 deletion app/assets/javascripts/app/controllers/customer_ticket_create.coffee
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,12 @@ class Index extends App.ControllerContent
@bindId = App.TicketCreateCollection.one(load)

render: (template = {}) ->
if !@Config.get('customer_ticket_create')
@renderScreenError(
detail: 'Your role cannot create new ticket. Please contact your administrator.'
objectName: 'Ticket'
)
return

# set defaults
defaults = template['options'] || {}
Expand Down Expand Up @@ -190,4 +196,4 @@ class Index extends App.ControllerContent
)

App.Config.set('customer_ticket_new', Index, 'Routes')
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], divider: true }, 'NavBarRight')
App.Config.set('CustomerTicketNew', { prio: 8003, parent: '#new', name: 'New Ticket', translate: true, target: '#customer_ticket_new', permission: ['ticket.customer'], setting: ['customer_ticket_create'], divider: true }, 'NavBarRight')
57 changes: 28 additions & 29 deletions app/assets/javascripts/app/controllers/navigation.coffee
View file
Original file line number Diff line number Diff line change
Expand Up @@ -305,6 +305,31 @@ class App.Navigation extends App.ControllerWidgetPermanent
@searchContainer.toggleClass('filled', !!@query)
@globalSearch.search(query: @query)

filterNavbar: (values, user, parent = null) ->
return _.filter values, (item) =>
if typeof item.callback is 'function'
data = item.callback() || {}
for key, value of data
item[key] = value

if !parent? && !item.parent || item.parent is parent
return @filterNavbarPermissionOk(item, user) &&
@filterNavbarSettingOk(item)
else
return false

filterNavbarPermissionOk: (item, user) ->
return true unless item.permission

return _.any item.permission, (permissionName) ->
return user && user.permission(permissionName)

filterNavbarSettingOk: (item) ->
return true unless item.setting

return _.any item.setting, (settingName) =>
return @Config.get(settingName)

getItems: (data) ->
navbar = _.values(data.navbar)

Expand All @@ -315,38 +340,12 @@ class App.Navigation extends App.ControllerWidgetPermanent
if App.Session.get('id')
user = App.User.find(App.Session.get('id'))

for item in navbar
if typeof item.callback is 'function'
data = item.callback() || {}
for key, value of data
item[key] = value
if !item.parent
match = true
if item.permission
match = false
for permissionName in item.permission
if !match && user && user.permission(permissionName)
match = true
if match
level1.push item
level1 = @filterNavbar(navbar, user)

for item in navbar
if item.parent && !dropdown[ item.parent ]
dropdown[ item.parent ] = []

# find all childs and order
for itemSub in navbar
if itemSub.parent is item.parent
match = true
if itemSub.permission
match = false
for permissionName in itemSub.permission
if !match && user && user.permission(permissionName)
match = true
if match
dropdown[ item.parent ].push itemSub

# find parent
dropdown[ item.parent ] = @filterNavbar(navbar, user, item.parent)

for itemLevel1 in level1
if itemLevel1.target is item.parent
sub = @getOrder(dropdown[ item.parent ])
Expand Down
60 changes: 60 additions & 0 deletions test/browser/customer_ticket_create_test.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,4 +213,64 @@ def test_customer_ticket_create_relogin_with_agent_ticket_crearte
)
end

def test_customer_disable_ticket_creation
@browser = browser_instance

# disable ticket creation
login(
username: '[email protected]',
password: 'test',
url: browser_url,
)

click(css: 'a[href="#manage"]')
click(css: 'a[href="#channels/web"]')

@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=false]').click
click(css: '#customer_ticket_create .btn')

sleep(1)

logout()

# check if new ticket button is not visible

login(
username: '[email protected]',
password: 'test',
url: browser_url,
)

assert(exists_not(css: 'a[href="#customer_ticket_new"]'))

logout()

# enable ticket creation

login(
username: '[email protected]',
password: 'test',
url: browser_url,
)

click(css: 'a[href="#manage"]')
click(css: 'a[href="#channels/web"]')

@browser.find_element(css: 'select[name=customer_ticket_create]').find_element(css: 'option[value=true]').click
click(css: '#customer_ticket_create .btn')

sleep(1)

logout()

# check if new ticket button is visible

login(
username: '[email protected]',
password: 'test',
url: browser_url,
)

assert(exists(css: 'a[href="#customer_ticket_new"]'))
end
end

0 comments on commit 7fd5393

Please sign in to comment.