4 use RT::Test tests => 109;
5 my ($baseurl, $m) = RT::Test->started_ok;
7 my $url = $m->rt_base_url;
9 my $user_obj = RT::User->new($RT::SystemUser);
10 my ($ret, $msg) = $user_obj->LoadOrCreateByEmail('customer@example.com');
11 ok($ret, 'ACL test user creation');
12 $user_obj->SetName('customer');
13 $user_obj->SetPrivileged(1);
14 ($ret, $msg) = $user_obj->SetPassword('customer');
15 $user_obj->PrincipalObj->GrantRight(Right => 'ModifySelf');
16 my $currentuser = RT::CurrentUser->new($user_obj);
18 my $onlooker = RT::User->new($RT::SystemUser);
19 ($ret, $msg) = $onlooker->LoadOrCreateByEmail('onlooker@example.com');
20 ok($ret, 'ACL test user creation');
21 $onlooker->SetName('onlooker');
22 $onlooker->SetPrivileged(1);
23 ($ret, $msg) = $onlooker->SetPassword('onlooker');
25 my $queue = RT::Queue->new($RT::SystemUser);
26 $queue->Create(Name => 'SearchQueue'.$$);
28 for my $user ($user_obj, $onlooker) {
29 $user->PrincipalObj->GrantRight(Right => 'ModifySelf');
30 for my $right (qw/SeeQueue ShowTicket OwnTicket/) {
31 $user->PrincipalObj->GrantRight(Right => $right, Object => $queue);
35 ok $m->login(customer => 'customer'), "logged in";
37 $m->get_ok($url."Dashboards/index.html");
38 $m->content_lacks('<a href="/Dashboards/Modify.html?Create=1">New</a>',
39 "No 'new dashboard' link because we have no CreateOwnDashboard");
43 $m->get_ok($url."Dashboards/Modify.html?Create=1");
44 $m->content_contains("Permission denied");
45 $m->content_lacks("Save Changes");
47 $m->warning_like(qr/Permission denied/, "got a permission denied warning");
49 $user_obj->PrincipalObj->GrantRight(Right => 'ModifyOwnDashboard', Object => $RT::System);
51 # Modify itself is no longer good enough, you need Create
52 $m->get_ok($url."Dashboards/Modify.html?Create=1");
53 $m->content_contains("Permission denied");
54 $m->content_lacks("Save Changes");
56 $m->warning_like(qr/Permission denied/, "got a permission denied warning");
58 $user_obj->PrincipalObj->GrantRight(Right => 'CreateOwnDashboard', Object => $RT::System);
60 $m->get_ok($url."Dashboards/Modify.html?Create=1");
61 $m->content_lacks("Permission denied");
62 $m->content_contains("Create");
64 $m->get_ok($url."Dashboards/index.html");
65 $m->content_contains("New", "'New' link because we now have ModifyOwnDashboard");
67 $m->follow_link_ok({text => "New"});
68 $m->form_name('ModifyDashboard');
69 $m->field("Name" => 'different dashboard');
70 $m->content_lacks('Delete', "Delete button hidden because we are creating");
71 $m->click_button(value => 'Create');
72 $m->content_lacks("No permission to create dashboards");
73 $m->content_contains("Saved dashboard different dashboard");
74 $m->content_lacks('Delete', "Delete button hidden because we lack DeleteOwnDashboard");
76 $m->get_ok($url."Dashboards/index.html");
77 $m->content_lacks("different dashboard", "we lack SeeOwnDashboard");
79 $user_obj->PrincipalObj->GrantRight(Right => 'SeeOwnDashboard', Object => $RT::System);
81 $m->get_ok($url."Dashboards/index.html");
82 $m->content_contains("different dashboard", "we now have SeeOwnDashboard");
83 $m->content_lacks("Permission denied");
85 $m->follow_link_ok({text => "different dashboard"});
86 $m->content_contains("Basics");
87 $m->content_contains("Queries");
88 $m->content_lacks("Subscription", "we don't have the SubscribeDashboard right");
90 $m->follow_link_ok({text => "Basics"});
91 $m->content_contains("Modify the dashboard different dashboard");
93 $m->follow_link_ok({text => "Queries"});
94 $m->content_contains("Modify the queries of dashboard different dashboard");
95 $m->form_name('Dashboard-Searches-body');
96 $m->field('Searches-body-Available' => ["search-2-RT::System-1"]);
97 $m->click_button(name => 'add');
98 $m->content_contains("Dashboard updated");
100 my $dashboard = RT::Dashboard->new($currentuser);
101 my ($id) = $m->content =~ /name="id" value="(\d+)"/;
102 ok($id, "got an ID, $id");
103 $dashboard->LoadById($id);
104 is($dashboard->Name, "different dashboard");
106 is($dashboard->Privacy, 'RT::User-' . $user_obj->Id, "correct privacy");
107 is($dashboard->PossibleHiddenSearches, 0, "all searches are visible");
109 my @searches = $dashboard->Searches;
110 is(@searches, 1, "one saved search in the dashboard");
111 like($searches[0]->Name, qr/newest unowned tickets/, "correct search name");
113 $m->form_name('Dashboard-Searches-body');
114 $m->field('Searches-body-Available' => ["search-1-RT::System-1"]);
115 $m->click_button(name => 'add');
116 $m->content_contains("Dashboard updated");
118 RT::Record->FlushCache if RT::Record->can('FlushCache');
119 $dashboard = RT::Dashboard->new($currentuser);
120 $dashboard->LoadById($id);
122 @searches = $dashboard->Searches;
123 is(@searches, 2, "two saved searches in the dashboard");
124 like($searches[0]->Name, qr/newest unowned tickets/, "correct existing search name");
125 like($searches[1]->Name, qr/highest priority tickets I own/, "correct new search name");
127 my $ticket = RT::Ticket->new($RT::SystemUser);
130 Requestor => [ $user_obj->Name ],
132 Subject => 'dashboard test',
135 $m->follow_link_ok({text => 'different dashboard'});
136 $m->content_contains("50 highest priority tickets I own");
137 $m->content_contains("50 newest unowned tickets");
138 $m->content_lacks("Bookmarked Tickets");
139 $m->content_contains("dashboard test", "ticket subject");
141 $m->get_ok("/Dashboards/$id/This fragment left intentionally blank");
142 $m->content_contains("50 highest priority tickets I own");
143 $m->content_contains("50 newest unowned tickets");
144 $m->content_lacks("Bookmarked Tickets");
145 $m->content_contains("dashboard test", "ticket subject");
147 $m->get_ok("/Dashboards/Subscription.html?DashboardId=$id");
148 $m->form_name('SubscribeDashboard');
149 $m->click_button(name => 'Save');
150 $m->content_contains("Permission denied");
151 $m->warning_like(qr/Unable to subscribe to dashboard.*Permission denied/, "got a permission denied warning when trying to subscribe to a dashboard");
153 RT::Record->FlushCache if RT::Record->can('FlushCache');
154 is($user_obj->Attributes->Named('Subscription'), 0, "no subscriptions");
156 $user_obj->PrincipalObj->GrantRight(Right => 'SubscribeDashboard', Object => $RT::System);
158 $m->get_ok("/Dashboards/Modify.html?id=$id");
159 $m->follow_link_ok({text => "Subscription"});
160 $m->content_contains("Subscribe to dashboard different dashboard");
161 $m->content_contains("Unowned Tickets");
162 $m->content_contains("My Tickets");
163 $m->content_lacks("Bookmarked Tickets", "only dashboard queries show up");
165 $m->form_name('SubscribeDashboard');
166 $m->click_button(name => 'Save');
167 $m->content_lacks("Permission denied");
168 $m->content_contains("Subscribed to dashboard different dashboard");
170 RT::Record->FlushCache if RT::Record->can('FlushCache');
172 local $TODO = "some kind of caching is still happening (it works if I remove the check above)";
173 is($user_obj->Attributes->Named('Subscription'), 1, "we have a subscription");
176 $m->get_ok("/Dashboards/Modify.html?id=$id");
177 $m->follow_link_ok({text => "Subscription"});
178 $m->content_contains("Modify the subscription to dashboard different dashboard");
180 $m->get_ok("/Dashboards/Modify.html?id=$id&Delete=1");
181 $m->content_contains("Permission denied", "unable to delete dashboard because we lack DeleteOwnDashboard");
183 $m->warning_like(qr/Couldn't delete dashboard.*Permission denied/, "got a permission denied warning when trying to delete the dashboard");
185 $user_obj->PrincipalObj->GrantRight(Right => 'DeleteOwnDashboard', Object => $RT::System);
187 $m->get_ok("/Dashboards/Modify.html?id=$id");
188 $m->content_contains('Delete', "Delete button shows because we have DeleteOwnDashboard");
190 $m->form_name('ModifyDashboard');
191 $m->click_button(name => 'Delete');
192 $m->content_contains("Deleted dashboard $id");
194 $m->get("/Dashboards/Modify.html?id=$id");
195 $m->content_lacks("different dashboard", "dashboard was deleted");
196 $m->content_contains("Failed to load dashboard $id");
198 $m->warning_like(qr/Failed to load dashboard.*Couldn't find row/, "the dashboard was deleted");
200 $user_obj->PrincipalObj->GrantRight(Right => "SuperUser", Object => $RT::System);
202 # now test that we warn about searches others can't see
203 # first create a personal saved search...
204 $m->get_ok($url."Search/Build.html");
205 $m->follow_link_ok({text => 'Advanced'});
206 $m->form_with_fields('Query');
207 $m->field(Query => "id > 0");
210 $m->form_with_fields('SavedSearchDescription');
211 $m->field(SavedSearchDescription => "personal search");
212 $m->click_button(name => "SavedSearchSave");
214 # then the system-wide dashboard
215 $m->get_ok($url."Dashboards/Modify.html?Create=1");
217 $m->form_name('ModifyDashboard');
218 $m->field("Name" => 'system dashboard');
219 $m->field("Privacy" => 'RT::System-1');
220 $m->content_lacks('Delete', "Delete button hidden because we are creating");
221 $m->click_button(value => 'Create');
222 $m->content_lacks("No permission to create dashboards");
223 $m->content_contains("Saved dashboard system dashboard");
225 $m->follow_link_ok({text => 'Queries'});
227 $m->form_name('Dashboard-Searches-body');
228 $m->field('Searches-body-Available' => ['search-7-RT::User-22']); # XXX: :( :(
229 $m->click_button(name => 'add');
230 $m->content_contains("Dashboard updated");
232 $m->content_contains("The following queries may not be visible to all users who can see this dashboard.");
234 $m->follow_link_ok({text => 'system dashboard'});
235 $m->content_contains("personal search", "saved search shows up");
236 $m->content_contains("dashboard test", "matched ticket shows up");
238 # make sure the onlooker can't see the search...
239 $onlooker->PrincipalObj->GrantRight(Right => 'SeeDashboard', Object => $RT::System);
241 my $omech = RT::Test::Web->new;
242 ok $omech->login(onlooker => 'onlooker'), "logged in";
243 $omech->get_ok("/Dashboards");
245 $omech->follow_link_ok({text => 'system dashboard'});
246 $omech->content_lacks("personal search", "saved search doesn't show up");
247 $omech->content_lacks("dashboard test", "matched ticket doesn't show up");
249 $m->warning_like(qr/User .* tried to load container user /, "can't see other users' personal searches");