summaryrefslogtreecommitdiff
path: root/rt/t/web/dashboards-basics.t
diff options
context:
space:
mode:
Diffstat (limited to 'rt/t/web/dashboards-basics.t')
-rw-r--r--rt/t/web/dashboards-basics.t268
1 files changed, 268 insertions, 0 deletions
diff --git a/rt/t/web/dashboards-basics.t b/rt/t/web/dashboards-basics.t
new file mode 100644
index 000000000..1d56da5be
--- /dev/null
+++ b/rt/t/web/dashboards-basics.t
@@ -0,0 +1,268 @@
+#!/usr/bin/perl -w
+use strict;
+
+use RT::Test tests => 122;
+my ($baseurl, $m) = RT::Test->started_ok;
+
+my $url = $m->rt_base_url;
+
+my $user_obj = RT::User->new(RT->SystemUser);
+my ($ret, $msg) = $user_obj->LoadOrCreateByEmail('customer@example.com');
+ok($ret, 'ACL test user creation');
+$user_obj->SetName('customer');
+$user_obj->SetPrivileged(1);
+($ret, $msg) = $user_obj->SetPassword('customer');
+$user_obj->PrincipalObj->GrantRight(Right => 'ModifySelf');
+my $currentuser = RT::CurrentUser->new($user_obj);
+
+my $onlooker = RT::User->new(RT->SystemUser);
+($ret, $msg) = $onlooker->LoadOrCreateByEmail('onlooker@example.com');
+ok($ret, 'ACL test user creation');
+$onlooker->SetName('onlooker');
+$onlooker->SetPrivileged(1);
+($ret, $msg) = $onlooker->SetPassword('onlooker');
+
+my $queue = RT::Queue->new(RT->SystemUser);
+$queue->Create(Name => 'SearchQueue'.$$);
+
+for my $user ($user_obj, $onlooker) {
+ $user->PrincipalObj->GrantRight(Right => 'ModifySelf');
+ for my $right (qw/SeeQueue ShowTicket OwnTicket/) {
+ $user->PrincipalObj->GrantRight(Right => $right, Object => $queue);
+ }
+}
+
+ok $m->login(customer => 'customer'), "logged in";
+
+$m->get_ok($url."Dashboards/index.html");
+$m->content_lacks('<a href="/Dashboards/Modify.html?Create=1">New</a>',
+ "No 'new dashboard' link because we have no CreateOwnDashboard");
+
+$m->no_warnings_ok;
+
+$m->get_ok($url."Dashboards/Modify.html?Create=1");
+$m->content_contains("Permission denied");
+$m->content_lacks("Save Changes");
+
+$m->warning_like(qr/Permission denied/, "got a permission denied warning");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'ModifyOwnDashboard', Object => $RT::System);
+
+# Modify itself is no longer good enough, you need Create
+$m->get_ok($url."Dashboards/Modify.html?Create=1");
+$m->content_contains("Permission denied");
+$m->content_lacks("Save Changes");
+
+$m->warning_like(qr/Permission denied/, "got a permission denied warning");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'CreateOwnDashboard', Object => $RT::System);
+
+$m->get_ok($url."Dashboards/Modify.html?Create=1");
+$m->content_lacks("Permission denied");
+$m->content_contains("Create");
+
+$m->get_ok($url."Dashboards/index.html");
+$m->content_contains("New", "'New' link because we now have ModifyOwnDashboard");
+$m->follow_link_ok({ id => 'home-dashboard_create'});
+$m->form_name('ModifyDashboard');
+$m->field("Name" => 'different dashboard');
+$m->content_lacks('Delete', "Delete button hidden because we are creating");
+$m->click_button(value => 'Create');
+$m->content_contains("Saved dashboard different dashboard");
+$user_obj->PrincipalObj->GrantRight(Right => 'SeeOwnDashboard', Object => $RT::System);
+$m->get($url."Dashboards/index.html");
+$m->follow_link_ok({ text => 'different dashboard'});
+$m->content_lacks("Permission denied", "we now have SeeOwnDashboard");
+$m->content_lacks('Delete', "Delete button hidden because we lack DeleteOwnDashboard");
+
+$m->get_ok($url."Dashboards/index.html");
+$m->content_contains("different dashboard", "we now have SeeOwnDashboard");
+$m->content_lacks("Permission denied");
+
+$m->follow_link_ok({text => "different dashboard"});
+$m->content_contains("Basics");
+$m->content_contains("Content");
+$m->content_lacks("Subscription", "we don't have the SubscribeDashboard right");
+
+$m->follow_link_ok({text => "Basics"});
+$m->content_contains("Modify the dashboard different dashboard");
+
+$m->follow_link_ok({text => "Content"});
+$m->content_contains("Modify the content of dashboard different dashboard");
+my $form = $m->form_name('Dashboard-Searches-body');
+my @input = $form->find_input('Searches-body-Available');
+my ($unowned) =
+ map { ( $_->possible_values )[1] }
+ grep { ( $_->value_names )[1] =~ /Saved Search: Unowned Tickets/ } @input;
+$form->value('Searches-body-Available' => $unowned );
+$m->click_button(name => 'add');
+$m->content_contains("Dashboard updated");
+
+my $dashboard = RT::Dashboard->new($currentuser);
+my ($id) = $m->content =~ /name="id" value="(\d+)"/;
+ok($id, "got an ID, $id");
+$dashboard->LoadById($id);
+is($dashboard->Name, "different dashboard");
+
+is($dashboard->Privacy, 'RT::User-' . $user_obj->Id, "correct privacy");
+is($dashboard->PossibleHiddenSearches, 0, "all searches are visible");
+
+my @searches = $dashboard->Searches;
+is(@searches, 1, "one saved search in the dashboard");
+like($searches[0]->Name, qr/newest unowned tickets/, "correct search name");
+
+$form = $m->form_name('Dashboard-Searches-body');
+@input = $form->find_input('Searches-body-Available');
+my ($my_tickets) =
+ map { ( $_->possible_values )[1] }
+ grep { ( $_->value_names )[1] =~ /Saved Search: My Tickets/ } @input;
+$form->value('Searches-body-Available' => $my_tickets );
+$m->click_button(name => 'add');
+$m->content_contains("Dashboard updated");
+
+RT::Record->FlushCache if RT::Record->can('FlushCache');
+$dashboard = RT::Dashboard->new($currentuser);
+$dashboard->LoadById($id);
+
+@searches = $dashboard->Searches;
+is(@searches, 2, "two saved searches in the dashboard");
+like($searches[0]->Name, qr/newest unowned tickets/, "correct existing search name");
+like($searches[1]->Name, qr/highest priority tickets I own/, "correct new search name");
+
+my $ticket = RT::Ticket->new(RT->SystemUser);
+$ticket->Create(
+ Queue => $queue->Id,
+ Requestor => [ $user_obj->Name ],
+ Owner => $user_obj,
+ Subject => 'dashboard test',
+);
+
+$m->follow_link_ok({id => 'page-show'});
+$m->content_contains("50 highest priority tickets I own");
+$m->content_contains("50 newest unowned tickets");
+$m->content_unlike( qr/Bookmarked Tickets.*Bookmarked Tickets/s,
+ 'only dashboard queries show up' );
+$m->content_contains("dashboard test", "ticket subject");
+
+$m->get_ok("/Dashboards/$id/This fragment left intentionally blank");
+$m->content_contains("50 highest priority tickets I own");
+$m->content_contains("50 newest unowned tickets");
+$m->content_unlike( qr/Bookmarked Tickets.*Bookmarked Tickets/s,
+ 'only dashboard queries show up' );
+$m->content_contains("dashboard test", "ticket subject");
+
+$m->get_ok("/Dashboards/Subscription.html?id=$id");
+$m->form_name('SubscribeDashboard');
+$m->click_button(name => 'Save');
+$m->content_contains("Permission denied");
+$m->warning_like(qr/Unable to subscribe to dashboard.*Permission denied/, "got a permission denied warning when trying to subscribe to a dashboard");
+
+$user_obj->Attributes->RedoSearch;
+is($user_obj->Attributes->Named('Subscription'), 0, "no subscriptions");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'SubscribeDashboard', Object => $RT::System);
+
+$m->get_ok("/Dashboards/Modify.html?id=$id");
+$m->follow_link_ok({text => "Subscription"});
+$m->content_contains("Subscribe to dashboard different dashboard");
+$m->content_contains("Unowned Tickets");
+$m->content_contains("My Tickets");
+$m->content_unlike( qr/Bookmarked Tickets.*Bookmarked Tickets/s,
+ 'only dashboard queries show up' );
+
+$m->form_name('SubscribeDashboard');
+$m->click_button(name => 'Save');
+$m->content_lacks("Permission denied");
+$m->content_contains("Subscribed to dashboard different dashboard");
+
+$user_obj->Attributes->RedoSearch;
+is($user_obj->Attributes->Named('Subscription'), 1, "we have a subscription");
+
+$m->get_ok("/Dashboards/Modify.html?id=$id");
+$m->follow_link_ok({text => "Subscription"});
+$m->content_contains("Modify the subscription to dashboard different dashboard");
+
+$m->get_ok("/Dashboards/Modify.html?id=$id&Delete=1");
+$m->content_contains("Permission denied", "unable to delete dashboard because we lack DeleteOwnDashboard");
+
+$m->warning_like(qr/Couldn't delete dashboard.*Permission denied/, "got a permission denied warning when trying to delete the dashboard");
+
+$user_obj->PrincipalObj->GrantRight(Right => 'DeleteOwnDashboard', Object => $RT::System);
+
+$m->get_ok("/Dashboards/Modify.html?id=$id");
+$m->content_contains('Delete', "Delete button shows because we have DeleteOwnDashboard");
+
+$m->form_name('ModifyDashboard');
+$m->click_button(name => 'Delete');
+$m->content_contains("Deleted dashboard");
+
+$m->get("/Dashboards/Modify.html?id=$id");
+$m->content_lacks("different dashboard", "dashboard was deleted");
+$m->content_contains("Failed to load dashboard $id");
+
+$m->warning_like(qr/Failed to load dashboard.*Couldn't find row/, "the dashboard was deleted");
+
+$user_obj->PrincipalObj->GrantRight(Right => "SuperUser", Object => $RT::System);
+
+# now test that we warn about searches others can't see
+# first create a personal saved search...
+$m->get_ok($url."Search/Build.html");
+$m->follow_link_ok({text => 'Advanced'});
+$m->form_with_fields('Query');
+$m->field(Query => "id > 0");
+$m->submit;
+
+$m->form_with_fields('SavedSearchDescription');
+$m->field(SavedSearchDescription => "personal search");
+$m->click_button(name => "SavedSearchSave");
+
+# then the system-wide dashboard
+$m->get_ok($url."Dashboards/Modify.html?Create=1");
+
+$m->form_name('ModifyDashboard');
+$m->field("Name" => 'system dashboard');
+$m->field("Privacy" => 'RT::System-1');
+$m->content_lacks('Delete', "Delete button hidden because we are creating");
+$m->click_button(value => 'Create');
+$m->content_lacks("No permission to create dashboards");
+$m->content_contains("Saved dashboard system dashboard");
+
+$m->follow_link_ok({id => 'page-content'});
+
+$form = $m->form_name('Dashboard-Searches-body');
+@input = $form->find_input('Searches-body-Available');
+my ($personal) =
+ map { ( $_->possible_values )[1] }
+ grep { ( $_->value_names )[1] =~ /Saved Search: personal search/ } @input;
+$form->value('Searches-body-Available' => $personal );
+$m->click_button(name => 'add');
+$m->content_contains("Dashboard updated");
+
+$m->content_contains("The following queries may not be visible to all users who can see this dashboard.");
+
+$m->follow_link_ok({id => 'page-show'});
+$m->content_contains("personal search", "saved search shows up");
+$m->content_contains("dashboard test", "matched ticket shows up");
+
+# make sure the onlooker can't see the search...
+$onlooker->PrincipalObj->GrantRight(Right => 'SeeDashboard', Object => $RT::System);
+
+my $omech = RT::Test::Web->new;
+ok $omech->login(onlooker => 'onlooker'), "logged in";
+$omech->get_ok("/Dashboards");
+
+$omech->follow_link_ok({text => 'system dashboard'});
+$omech->content_lacks("personal search", "saved search doesn't show up");
+$omech->content_lacks("dashboard test", "matched ticket doesn't show up");
+
+$omech->warning_like(qr/User .* tried to load container user /, "can't see other users' personal searches");
+
+# make sure that navigating to dashboard pages with bad IDs throws an error
+my ($bad_id) = $personal =~ /^search-(\d+)/;
+
+for my $page (qw/Modify Queries Render Subscription/) {
+ $m->get("/Dashboards/$page.html?id=$bad_id");
+ $m->content_like(qr/Couldn.+t load dashboard $bad_id: Invalid object type/);
+ $m->warning_like(qr/Couldn't load dashboard $bad_id: Invalid object type/);
+}
+
generated by cgit v1.2.1 (git 2.18.0) at 2025-06-08 16:58:56 +0000