Fixes zammad#3611 - New location notification with X-On-Behalf.

nunzilor · Jul 6, 2021 · 6cbe997 · 6cbe997
1 parent 00169d6
commit 6cbe997
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 0 deletions.
diff --git a/app/controllers/application_controller/handles_devices.rb b/app/controllers/application_controller/handles_devices.rb
@@ -17,6 +17,7 @@ def user_device_log(user, type)
     switched_from_user_id = ENV['SWITCHED_FROM_USER_ID'] || session[:switched_from_user_id]
     return true if params[:controller] == 'init' # do no device logging on static initial page
     return true if switched_from_user_id
+    return true if current_user_on_behalf # do no device logging for the user on behalf feature
     return true if !user
     return true if !user.permissions?('user_preferences.device')
     return true if type == 'SSO'
@@ -42,6 +43,7 @@ def user_device_log(user, type)
 
     # if ip has not changed and ttl in still valid
     remote_ip = ENV['TEST_REMOTE_IP'] || request.remote_ip
+
     return true if time_to_check == false && session[:user_device_remote_ip] == remote_ip
 
     session[:user_device_remote_ip] = remote_ip

diff --git a/spec/requests/api_auth_on_behalf_of_spec.rb b/spec/requests/api_auth_on_behalf_of_spec.rb
@@ -211,5 +211,34 @@
         expect(customer.id).to eq(json_response['created_by_id'])
       end
     end
+
+    context 'when customer account has device user permission' do
+      let(:customer_user_devices_role) do
+        create(:role).tap { |role| role.permission_grant('user_preferences.device') }
+      end
+
+      let(:customer) do
+        create(:customer, firstname: 'Behalf of', role_ids: Role.signup_role_ids.push(customer_user_devices_role.id))
+      end
+
+      it 'creates Ticket because of behalf of customer user, which should not trigger a new user device' do
+        params = {
+          title:       'a new ticket #3',
+          group:       'Users',
+          priority:    '2 normal',
+          state:       'new',
+          customer_id: customer.id,
+          article:     {
+            body: 'some test 123',
+          },
+        }
+        authenticated_as(admin, on_behalf_of: customer.email)
+        post '/api/v1/tickets', params: params, as: :json
+        expect(response).to have_http_status(:created)
+        expect(customer.id).to eq(json_response['created_by_id'])
+
+        expect { Scheduler.worker(true) }.to change(UserDevice, :count).by(0)
+      end
+    end
   end
 end