diff options
Diffstat (limited to 'rt/t/api')
-rw-r--r-- | rt/t/api/emailparser.t | 17 | ||||
-rw-r--r-- | rt/t/api/rights.t | 227 | ||||
-rw-r--r-- | rt/t/api/rights_show_ticket.t | 262 |
3 files changed, 405 insertions, 101 deletions
diff --git a/rt/t/api/emailparser.t b/rt/t/api/emailparser.t index 4807138cc..940c26fde 100644 --- a/rt/t/api/emailparser.t +++ b/rt/t/api/emailparser.t @@ -1,32 +1,19 @@ use strict; use warnings; -use RT; + use RT::Test tests => 4; +RT->Config->Set( RTAddressRegexp => qr/^rt\@example.com$/i ); -{ ok(require RT::EmailParser); - -} - -{ - is(RT::EmailParser::IsRTAddress("","rt\@example.com"),1, "Regexp matched rt address" ); is(RT::EmailParser::IsRTAddress("","frt\@example.com"),undef, "Regexp didn't match non-rt address" ); - -} - -{ - my @before = ("rt\@example.com", "frt\@example.com"); my @after = ("frt\@example.com"); ok(eq_array(RT::EmailParser::CullRTAddresses("",@before),@after), "CullRTAddresses only culls RT addresses"); - -} - 1; diff --git a/rt/t/api/rights.t b/rt/t/api/rights.t index 7bd332f13..a38bcea0c 100644 --- a/rt/t/api/rights.t +++ b/rt/t/api/rights.t @@ -47,96 +47,151 @@ # # END BPS TAGGED BLOCK }}} -use RT; -use RT::Test tests => 26; +use RT::Test tests => 30; -use RT::I18N; use strict; -no warnings 'once'; +use warnings; -use RT::Queue; -use RT::ACE; -use RT::User; -use RT::Group; -use RT::Ticket; +# clear all global right +{ + my $acl = RT::ACL->new($RT::SystemUser); + $acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' ); + $acl->LimitToObject( $RT::System ); + while( my $ace = $acl->Next ) { + $ace->Delete; + } +} +my $queue = RT::Test->load_or_create_queue( Name => 'Regression' ); +ok $queue && $queue->id, 'loaded or created queue'; +my $qname = $queue->Name; + +my $user = RT::Test->load_or_create_user( + Name => 'user', Password => 'password', +); +ok $user && $user->id, 'loaded or created user'; + +{ + ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ), + "user can't own ticket" + ); + ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "user can't reply to ticket" + ); +} -# clear all global right -my $acl = RT::ACL->new($RT::SystemUser); -$acl->Limit( FIELD => 'RightName', OPERATOR => '!=', VALUE => 'SuperUser' ); -$acl->LimitToObject( $RT::System ); -while( my $ace = $acl->Next ) { - $ace->Delete; +{ + my $group = RT::Group->new( $RT::SystemUser ); + ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'Owner' ), + "load queue owners role group" + ); + my $ace = RT::ACE->new( $RT::SystemUser ); + my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( + Right => 'ReplyToTicket', Object => $queue + ); + ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" ); + ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "role group can reply to ticket" + ); + ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), + "user can't reply to ticket" + ); +} + +my $ticket; +{ + # new ticket + $ticket = RT::Ticket->new($RT::SystemUser); + my ($ticket_id) = $ticket->Create( Queue => $queue->id, Subject => 'test'); + ok( $ticket_id, 'new ticket created' ); + is( $ticket->Owner, $RT::Nobody->Id, 'owner of the new ticket is nobody' ); + + ok( !$user->HasRight( Right => 'OwnTicket', Object => $ticket ), + "user can't reply to ticket" + ); + my ($status, $msg) = $ticket->SetOwner( $user->id ); + ok( !$status, "no permissions to be an owner" ); +} + +{ + my ($status, $msg) = $user->PrincipalObj->GrantRight( + Object => $queue, Right => 'OwnTicket' + ); + ok( $status, "successfuly granted right: $msg" ); + ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ), + "user can own ticket" + ); + ok( $user->HasRight( Right => 'OwnTicket', Object => $ticket ), + "user can own ticket" + ); + + ($status, $msg) = $ticket->SetOwner( $user->id ); + ok( $status, "successfuly set owner: $msg" ); + is( $ticket->Owner, $user->id, "set correct owner" ); + + ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ), + "user is owner and can reply to ticket" + ); } -my $rand_name = "rights". int rand($$); -# create new queue to be shure we don't mess with rights -my $queue = RT::Queue->new($RT::SystemUser); -my ($queue_id) = $queue->Create( Name => $rand_name); -ok( $queue_id, 'queue created for rights tests' ); - -# new privileged user to check rights -my $user = RT::User->new( $RT::SystemUser ); -my ($user_id) = $user->Create( Name => $rand_name, - EmailAddress => $rand_name .'@localhost', - Privileged => 1, - Password => 'qwe123', - ); -ok( !$user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can't own ticket" ); -ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" ); - -my $group = RT::Group->new( $RT::SystemUser ); -ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'Owner' ), "load queue owners role group" ); -my $ace = RT::ACE->new( $RT::SystemUser ); -my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ReplyToTicket', Object => $queue ); -ok( $ace_id, "Granted queue owners role group with ReplyToTicket right: $msg" ); -ok( $group->PrincipalObj->HasRight( Right => 'ReplyToTicket', Object => $queue ), "role group can reply to ticket" ); -ok( !$user->HasRight( Right => 'ReplyToTicket', Object => $queue ), "user can't reply to ticket" ); - -# new ticket -my $ticket = RT::Ticket->new($RT::SystemUser); -my ($ticket_id) = $ticket->Create( Queue => $queue_id, Subject => 'test'); -ok( $ticket_id, 'new ticket created' ); -is( $ticket->Owner, $RT::Nobody->Id, 'owner of the new ticket is nobody' ); - -my $status; -($status, $msg) = $user->PrincipalObj->GrantRight( Object => $queue, Right => 'OwnTicket' ); -ok( $status, "successfuly granted right: $msg" ); -ok( $user->HasRight( Right => 'OwnTicket', Object => $queue ), "user can own ticket" ); - -($status, $msg) = $ticket->SetOwner( $user_id ); -ok( $status, "successfuly set owner: $msg" ); -is( $ticket->Owner, $user_id, "set correct owner" ); - -ok( $user->HasRight( Right => 'ReplyToTicket', Object => $ticket ), "user is owner and can reply to ticket" ); - -# Testing of EquivObjects -$group = RT::Group->new( $RT::SystemUser ); -ok( $group->LoadQueueRoleGroup( Queue => $queue_id, Type=> 'AdminCc' ), "load queue AdminCc role group" ); -$ace = RT::ACE->new( $RT::SystemUser ); -($ace_id, $msg) = $group->PrincipalObj->GrantRight( Right => 'ModifyTicket', Object => $queue ); -ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" ); -ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ), "role group can modify ticket" ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is not AdminCc and can't modify ticket" ); -($status, $msg) = $ticket->AddWatcher(Type => 'AdminCc', PrincipalId => $user->PrincipalId); -ok( $status, "successfuly added user as AdminCc"); -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ), "user is AdminCc and can modify ticket" ); - -my $ticket2 = RT::Ticket->new($RT::SystemUser); -my ($ticket2_id) = $ticket2->Create( Queue => $queue_id, Subject => 'test2'); -ok( $ticket2_id, 'new ticket created' ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ), "user is not AdminCc and can't modify ticket2" ); - -# now we can finally test EquivObjects -my $equiv = [ $ticket ]; -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv ), - "user is not AdminCc but can modify ticket2 because of EquivObjects" ); - -# the first a third test below are the same, so they should both pass -my $equiv2 = []; -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ), - "user is not AdminCc and can't modify ticket2" ); -ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => $equiv2 ), - "user is AdminCc and can modify ticket" ); -ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => $equiv2 ), - "user is not AdminCc and can't modify ticket2 (same question different answer)" ); +{ + # Testing of EquivObjects + my $group = RT::Group->new( $RT::SystemUser ); + ok( $group->LoadQueueRoleGroup( Queue => $queue->id, Type=> 'AdminCc' ), + "load queue AdminCc role group" + ); + my $ace = RT::ACE->new( $RT::SystemUser ); + my ($ace_id, $msg) = $group->PrincipalObj->GrantRight( + Right => 'ModifyTicket', Object => $queue + ); + ok( $ace_id, "Granted queue AdminCc role group with ModifyTicket right: $msg" ); + ok( $group->PrincipalObj->HasRight( Right => 'ModifyTicket', Object => $queue ), + "role group can modify ticket" + ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket ), + "user is not AdminCc and can't modify ticket" + ); +} + +{ + my ($status, $msg) = $ticket->AddWatcher( + Type => 'AdminCc', PrincipalId => $user->PrincipalId + ); + ok( $status, "successfuly added user as AdminCc"); + ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket ), + "user is AdminCc and can modify ticket" + ); +} + +my $ticket2; +{ + $ticket2 = RT::Ticket->new($RT::SystemUser); + my ($id) = $ticket2->Create( Queue => $queue->id, Subject => 'test2'); + ok( $id, 'new ticket created' ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2 ), + "user is not AdminCc and can't modify ticket2" + ); + + # now we can finally test EquivObjectsa + my $has = $user->HasRight( + Right => 'ModifyTicket', + Object => $ticket2, + EquivObjects => [$ticket], + ); + ok( $has, "user is not AdminCc but can modify ticket2 because of EquivObjects" ); +} + +{ + # the first a third test below are the same, so they should both pass + # make sure passed equive list is not changed + my @list = (); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ), + "user is not AdminCc and can't modify ticket2" + ); + ok( $user->HasRight( Right => 'ModifyTicket', Object => $ticket, EquivObjects => \@list ), + "user is AdminCc and can modify ticket" + ); + ok( !$user->HasRight( Right => 'ModifyTicket', Object => $ticket2, EquivObjects => \@list ), + "user is not AdminCc and can't modify ticket2 (same question different answer)" + ); +} diff --git a/rt/t/api/rights_show_ticket.t b/rt/t/api/rights_show_ticket.t new file mode 100644 index 000000000..3e1d0740f --- /dev/null +++ b/rt/t/api/rights_show_ticket.t @@ -0,0 +1,262 @@ +#!/usr/bin/perl -w + +use RT::Test tests => 264; + +use strict; +use warnings; + + +my $queue_a = RT::Test->load_or_create_queue( Name => 'A' ); +ok $queue_a && $queue_a->id, 'loaded or created queue_a'; +my $qa_id = $queue_a->id; + +my $queue_b = RT::Test->load_or_create_queue( Name => 'B' ); +ok $queue_b && $queue_b->id, 'loaded or created queue_b'; +my $qb_id = $queue_b->id; + +my $user_a = RT::Test->load_or_create_user( + Name => 'user_a', Password => 'password', +); +ok $user_a && $user_a->id, 'loaded or created user'; + +my $user_b = RT::Test->load_or_create_user( + Name => 'user_b', Password => 'password', +); +ok $user_b && $user_b->id, 'loaded or created user'; + +foreach my $option (0 .. 1 ) { RT->Config->Set( 'UseSQLForACLChecks' => $option ); + +diag "Testing with UseSQLForACLChecks => $option"; + +# Global Cc has right, a User is nobody +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Right => [qw(ShowTicket)] }, + ); + create_tickets_set(); + have_no_rights($user_a, $user_b); +} + +# Global Cc has right, a User is Queue Cc +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Right => [qw(ShowTicket)] }, + ); + create_tickets_set(); + have_no_rights($user_a, $user_b); + + my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); + ok($status, "user A is now queue A watcher"); + + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + my $found = 0; + while ( my $t = $tickets->Next ) { + $found++; + is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); + } + is($found, 2, "user sees tickets"); + } + have_no_rights( $user_b ); +} + +# global Cc has right, a User is ticket Cc +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Right => [qw(ShowTicket)] }, + ); + my @tickets = create_tickets_set(); + have_no_rights($user_a, $user_b); + + my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); + ok($status, "user A is now queue A watcher"); + + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + my $found = 0; + while ( my $t = $tickets->Next ) { + $found++; + is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); + is( $t->id, $tickets[1]->id, "correct ticket"); + } + is($found, 1, "user sees tickets"); + } + have_no_rights($user_b); +} + +# Queue Cc has right, a User is nobody +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, + ); + create_tickets_set(); + have_no_rights($user_a, $user_b); +} + +# Queue Cc has right, Users are Queue Ccs +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, + ); + create_tickets_set(); + have_no_rights($user_a, $user_b); + + my ($status, $msg) = $queue_a->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); + ok($status, "user A is now queue A watcher"); + + ($status, $msg) = $queue_b->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id ); + ok($status, "user B is now queue B watcher"); + + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + my $found = 0; + while ( my $t = $tickets->Next ) { + $found++; + is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); + } + is($found, 2, "user sees tickets"); + } + have_no_rights( $user_b ); +} + +# Queue Cc has right, Users are ticket Ccs +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => 'Cc', Object => $queue_a, Right => [qw(ShowTicket)] }, + ); + my @tickets = create_tickets_set(); + have_no_rights($user_a, $user_b); + + my ($status, $msg) = $tickets[1]->AddWatcher( Type => 'Cc', PrincipalId => $user_a->id ); + ok($status, "user A is now Cc on a ticket in queue A"); + + ($status, $msg) = $tickets[2]->AddWatcher( Type => 'Cc', PrincipalId => $user_b->id ); + ok($status, "user B is now Cc on a ticket in queue B"); + + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + my $found = 0; + while ( my $t = $tickets->Next ) { + $found++; + is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); + is( $t->id, $tickets[1]->id, ) + } + is($found, 1, "user sees tickets"); + } + have_no_rights( $user_b ); +} + +# Users has direct right on queue +{ + cleanup(); + RT::Test->set_rights( + { Principal => 'Everyone', Right => [qw(SeeQueue)] }, + { Principal => $user_a, Object => $queue_a, Right => [qw(ShowTicket)] }, + ); + my @tickets = create_tickets_set(); + + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $user_a ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + my $found = 0; + while ( my $t = $tickets->Next ) { + $found++; + is( $t->Queue, $queue_a->id, "user sees tickets only in queue A" ); + } + is($found, 2, "user sees tickets"); + } + have_no_rights( $user_b ); +} + + +} + +sub have_no_rights { + $SIG{'INT'} = $SIG{'TERM'} = sub { print STDERR Carp::longmess('boo'); exit 1 }; + local $Test::Builder::Level = $Test::Builder::Level + 1; + foreach my $u ( @_ ) { + foreach my $q ( + '', + "Queue = $qa_id OR Queue = $qb_id", + "Queue = $qb_id OR Queue = $qa_id", + ) { + my $tickets = RT::Tickets->new( RT::CurrentUser->new( $u ) ); + $q? $tickets->FromSQL($q) : $tickets->UnLimit; + ok(!$tickets->First, "no tickets"); + } + } +} + +sub create_tickets_set{ + local $Test::Builder::Level = $Test::Builder::Level + 1; + my @res; + foreach my $q ($queue_a, $queue_b) { + foreach my $n (1 .. 2) { + my $ticket = RT::Ticket->new( $RT::SystemUser ); + my ($tid) = $ticket->Create( + Queue => $q->id, Subject => $q->Name .' - '. $n + ); + ok( $tid, "created ticket #$tid"); + push @res, $ticket; + } + } + return @res; +} + +sub cleanup { delete_tickets(); delete_watchers() }; + +sub delete_tickets { + my $tickets = RT::Tickets->new( $RT::SystemUser ); + $tickets->FromSQL( "Queue = $qa_id OR Queue = $qb_id" ); + while ( my $ticket = $tickets->Next ) { + $ticket->Delete; + } +} + +sub delete_watchers { + foreach my $q ($queue_a, $queue_b) { + foreach my $u ($user_a, $user_b) { + foreach my $t (qw(Cc AdminCc) ) { + $q->DeleteWatcher( Type => $t, PrincipalId => $u->id ) + if $q->IsWatcher( Type => $t, PrincipalId => $u->id ); + } + } + } +} + |