summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--app/assets/javascripts/application.js5
-rw-r--r--app/views/home/index.html.haml11
-rw-r--r--app/views/layouts/_messages.html.haml5
-rw-r--r--app/views/layouts/application.html.haml5
-rw-r--r--core/lib/leap_web_core/dependencies.rb1
-rw-r--r--core/lib/leap_web_core/ui_dependencies.rb1
-rw-r--r--help/app/controllers/tickets_controller.rb85
-rw-r--r--help/app/helpers/tickets_helper.rb15
-rw-r--r--help/app/models/ticket.rb134
-rw-r--r--help/app/views/tickets/_admin-nav.html.haml5
-rw-r--r--help/app/views/tickets/_order-nav.html.haml7
-rw-r--r--help/app/views/tickets/_status-nav.html.haml7
-rw-r--r--help/app/views/tickets/_table-nav.html.haml5
-rw-r--r--help/app/views/tickets/_ticket.html.haml13
-rw-r--r--help/app/views/tickets/index.html.haml28
-rw-r--r--help/app/views/tickets/show.html.haml45
-rw-r--r--help/config/routes.rb2
-rw-r--r--help/test/functional/tickets_controller_test.rb170
-rw-r--r--help/test/unit/ticket_test.rb38
-rw-r--r--ui_dependencies.rb2
-rw-r--r--users/app/controllers/controller_extension/authentication.rb4
-rw-r--r--users/test/functional/application_controller_test.rb2
-rw-r--r--users/test/support/auth_test_helper.rb6
-rw-r--r--users/test/unit/user_test.rb11
24 files changed, 520 insertions, 87 deletions
diff --git a/app/assets/javascripts/application.js b/app/assets/javascripts/application.js
index f7ca1ec..23d7fef 100644
--- a/app/assets/javascripts/application.js
+++ b/app/assets/javascripts/application.js
@@ -16,5 +16,10 @@
//= require users
//= require_tree .
//= require bootstrap
+//= require jquery.pjax
+
+$(function() {
+ $('a:not([data-remote]):not([data-behavior]):not([data-skip-pjax])').pjax('[data-pjax-container]');
+});
//= require rails.validations
//= require rails.validations.simple_form
diff --git a/app/views/home/index.html.haml b/app/views/home/index.html.haml
index 9e68674..dd7e5aa 100644
--- a/app/views/home/index.html.haml
+++ b/app/views/home/index.html.haml
@@ -1,11 +1,14 @@
+%h1 spacer for firefox
+%h1 spacer for firefox
Try to fetch a
= link_to "cert", cert_path
%p
-Try to create a
+Create a
= link_to "ticket", new_ticket_path
-%p
-See all
-= link_to "tickets", tickets_path
+- if logged_in?
+ %p
+ See all
+ = link_to "tickets", tickets_path
diff --git a/app/views/layouts/_messages.html.haml b/app/views/layouts/_messages.html.haml
new file mode 100644
index 0000000..80e34d4
--- /dev/null
+++ b/app/views/layouts/_messages.html.haml
@@ -0,0 +1,5 @@
+- flash.each do |name, msg|
+ - if msg.is_a?(String)
+ %div{:class => "alert alert-#{name == :notice ? "success" : "error"}"}
+ %a.close{"data-dismiss" => "alert"} ×
+ = content_tag :div, msg, :id => "flash_#{name}"
diff --git a/app/views/layouts/application.html.haml b/app/views/layouts/application.html.haml
index a57d65e..b0644f2 100644
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@@ -18,6 +18,7 @@
.content
.row
.span12
- //= render 'layouts/messages'
- = yield
+ = render 'layouts/messages' # TODO: In firefox, these are hidden by header
+ %div{"data-pjax-container" => ""}
+ = yield
%footer
diff --git a/core/lib/leap_web_core/dependencies.rb b/core/lib/leap_web_core/dependencies.rb
index 7f6ca87..00ef515 100644
--- a/core/lib/leap_web_core/dependencies.rb
+++ b/core/lib/leap_web_core/dependencies.rb
@@ -11,6 +11,7 @@ module LeapWebCore
"haml" => "~> 3.1.7",
"bootstrap-sass" => "~> 2.0.4",
"jquery-rails" => nil,
+ "pjax_rails" => nil,
"simple_form" => nil
}
diff --git a/core/lib/leap_web_core/ui_dependencies.rb b/core/lib/leap_web_core/ui_dependencies.rb
index e0a0b86..8ca9b91 100644
--- a/core/lib/leap_web_core/ui_dependencies.rb
+++ b/core/lib/leap_web_core/ui_dependencies.rb
@@ -2,6 +2,7 @@ require "haml"
require "bootstrap-sass"
require "jquery-rails"
require "simple_form"
+require "pjax_rails"
if Rails.env == "development"
require "haml-rails"
diff --git a/help/app/controllers/tickets_controller.rb b/help/app/controllers/tickets_controller.rb
index 4c7415b..1a73df9 100644
--- a/help/app/controllers/tickets_controller.rb
+++ b/help/app/controllers/tickets_controller.rb
@@ -3,6 +3,10 @@ class TicketsController < ApplicationController
respond_to :html #, :json
#has_scope :open, :type => boolean
+ before_filter :set_strings
+
+ before_filter :authorize, :only => [:index]
+
def new
@ticket = Ticket.new
@ticket.comments.build
@@ -10,15 +14,17 @@ class TicketsController < ApplicationController
def create
@ticket = Ticket.new(params[:ticket])
- if current_user
+ if logged_in?
@ticket.created_by = current_user.id
@ticket.email = current_user.email if current_user.email
@ticket.comments.last.posted_by = current_user.id
- else
+ else
@ticket.comments.last.posted_by = nil #hacky, but protecting this attribute doesn't work right, so this should make sure it isn't set.
end
-
flash[:notice] = 'Ticket was successfully created.' if @ticket.save
+ if !logged_in?
+ flash[:notice] = flash[:notice] + ' You can later access this ticket at the url ' + request.protocol + request.host_with_port + ticket_path(@ticket.id) + '. You might want to bookmark this page to find it again. Anybody with this URL will be able to access this ticket, so if you are on a shared computer you might want to remove it from the browser history' #todo
+ end
respond_with(@ticket)
end
@@ -33,34 +39,77 @@ class TicketsController < ApplicationController
def show
@ticket = Ticket.find(params[:id])
+ if !@ticket
+ redirect_to tickets_path, :alert => "No such ticket"
+ return
+ end
+ ticket_access_denied? #authorize_ticket_access
# @ticket.comments.build
# build ticket comments?
end
-
+
def update
@ticket = Ticket.find(params[:id])
- @ticket.attributes = params[:ticket]
-
- @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) #protecting posted_by isn't working, so this should protect it.
- if @ticket.save
- flash[:notice] = 'Ticket was successfully updated.'
- respond_with @ticket
- else
- #redirect_to [:show, @ticket] #
- flash[:alert] = 'Ticket has not been changed'
- redirect_to @ticket
- #respond_with(@ticket) # why does this go to edit?? redirect???
+ if !ticket_access_denied?
+ if status = params[:change_status] #close or open button was pressed
+ @ticket.close if params[:change_status] == 'close'
+ @ticket.reopen if params[:change_status] == 'open'
+ else
+ params[:ticket][:comments_attributes] = nil if params[:ticket][:comments_attributes].values.first[:body].blank? #unset comments hash if no new comment was typed
+ @ticket.attributes = params[:ticket] #this will call comments_attributes=
+ # @ticket.is_open = false if params[:commit] == @reply_close_str #this overrides is_open selection
+ @ticket.close if params[:commit] == @reply_close_str #this overrides is_open selection
+
+ # what if there is an update and no new comment? Confirm that there is a new comment to update posted_by:
+ @ticket.comments.last.posted_by = (current_user ? current_user.id : nil) if @ticket.comments_changed? #protecting posted_by isn't working, so this should protect it.
+ end
+ if @ticket.changed? and @ticket.save
+ flash[:notice] = 'Ticket was successfully updated.'
+ if @ticket.is_open
+ respond_with @ticket
+ else #for closed tickets, redirect to index.
+ redirect_to tickets_path
+ end
+ else
+ #redirect_to [:show, @ticket] #
+ flash[:alert] = 'Ticket has not been changed'
+ redirect_to @ticket
+ #respond_with(@ticket) # why does this go to edit?? redirect???
+ end
end
end
def index
- # @tickets = Ticket.by_title #not actually what we will want
- respond_with(@tickets = Ticket.all) #we'll want only tickets that this user can access
+ #TODO: we will need pagination
+ @tickets = Ticket.for_user(current_user, params, admin?)
+
+ #below works if @tickets is a CouchRest::Model::Designs::View, but not if it is an Array
+ @tickets = @tickets.page(params[:page]).per(10) #TEST
+ #respond_with(@tickets)
+ end
+
+ def destroy
+ @ticket = Ticket.find(params[:id])
+ @ticket.destroy if admin?
+ redirect_to tickets_path
end
private
-
+
+ def ticket_access?
+ @ticket and (admin? or !@ticket.created_by or (current_user and current_user.id == @ticket.created_by))
+ end
+
+ def ticket_access_denied?
+ access_denied unless ticket_access?
+ end
+
+
+ def set_strings
+ @post_reply_str = 'Post reply' #t :post_reply
+ @reply_close_str = 'Reply and close' #t :reply_and_close
+ end
# not using now, as we are using comment_attributes= from the Ticket model
=begin
def add_comment
diff --git a/help/app/helpers/tickets_helper.rb b/help/app/helpers/tickets_helper.rb
new file mode 100644
index 0000000..c683be3
--- /dev/null
+++ b/help/app/helpers/tickets_helper.rb
@@ -0,0 +1,15 @@
+module TicketsHelper
+
+ def status
+ params[:open_status] || 'open'
+ end
+
+ def admin
+ params[:admin_status] || 'all'
+ end
+
+ def link_to_status(new_status)
+ label = new_status + ' issues'
+ link_to label, :open_status => new_status, :admin_status => admin
+ end
+end
diff --git a/help/app/models/ticket.rb b/help/app/models/ticket.rb
index f38fed2..e06180f 100644
--- a/help/app/models/ticket.rb
+++ b/help/app/models/ticket.rb
@@ -20,23 +20,78 @@ class Ticket < CouchRest::Model::Base
#also, both created_by and regarding_user could be nil---say user forgets username, or has general question
property :title, String
property :email, String #verify
-
+
#property :user_verified, TrueClass, :default => false #will be true exactly when user is set
#admins
- property :code, String, :protected => true # only should be set if created_by is nil
+ #property :code, String, :protected => true # only should be set if created_by is nil #instead we will just use couchdb ID
property :is_open, TrueClass, :default => true
property :comments, [TicketComment]
timestamps!
-
+
#before_validation :set_created_by, :set_code, :set_email, :on => :create
- before_validation :set_code, :set_email, :on => :create
+ before_validation :set_email, :on => :create
#named_scope :open, :conditions => {:is_open => true} #??
design do
- view :by_title
+ #TODO--clean this all up
+ view :by_is_open
+ view :by_created_by
+
+ view :by_updated_at #
+
+ view :by_is_open_and_created_by
+ view :by_is_open_and_created_at
+ view :by_is_open_and_updated_at
+
+ view :includes_post_by,
+ :map =>
+ "function(doc) {
+ var arr = {}
+ if (doc['type'] == 'Ticket' && doc.comments) {
+ doc.comments.forEach(function(comment){
+ if (comment.posted_by && !arr[comment.posted_by]) {
+ //don't add duplicates
+ arr[comment.posted_by] = true;
+ emit(comment.posted_by, doc);
+ }
+ });
+ }
+ }"
+
+ view :includes_post_by_and_open_status_and_updated_at,
+ :map =>
+ "function(doc) {
+ var arr = {}
+ if (doc['type'] == 'Ticket' && doc.comments) {
+ doc.comments.forEach(function(comment){
+ if (comment.posted_by && !arr[comment.posted_by]) {
+ //don't add duplicates
+ arr[comment.posted_by] = true;
+ emit([comment.posted_by, doc.is_open, doc.updated_at], doc);
+ }
+ });
+ }
+ }"
+
+ view :includes_post_by_and_updated_at,
+ :map =>
+ "function(doc) {
+ var arr = {}
+ if (doc['type'] == 'Ticket' && doc.comments) {
+ doc.comments.forEach(function(comment){
+ if (comment.posted_by && !arr[comment.posted_by]) {
+ //don't add duplicates
+ arr[comment.posted_by] = true;
+ emit([comment.posted_by, doc.updated_at], doc);
+ }
+ });
+ }
+ }"
+
+
end
validates :title, :presence => true
@@ -45,20 +100,47 @@ class Ticket < CouchRest::Model::Base
# html5 has built-in validation which isn't ideal, as it says 'please enter an email address' for invalid email addresses, which implies an email address is required, and it is not.
validates :email, :format => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/, :if => :email #email address is optional
-
+
#TODO:
#def set_created_by
# self.created_by = User.current if User.current
#end
-
+
+ def self.for_user(user, options = {}, is_admin = false)
+ # TODO: sorting
+ # TODO: do these correctly default to showing open?
+ # TODO: Time.now + 2.days is to catch tickets created in future. shouldn't happen but does on my computer now, so this at least catches for now.
+ if (is_admin && (options[:admin_status] != 'mine'))
+ # show all (selected) tickets to admin
+ if options[:open_status] == 'all'
+ Ticket.by_updated_at
+ else
+ Ticket.by_is_open_and_updated_at.startkey([(options[:open_status] == 'open'), 0]).endkey([(options[:open_status] == 'open'), Time.now + 2.days])
+ end
+ else
+ # only show tickets this user has commented on, as user is non-admin or admin viewing only their tickets
+ if options[:open_status] == 'all'
+ Ticket.includes_post_by_and_updated_at.startkey([user.id, 0]).endkey([user.id, Time.now + 2.days])
+ else
+ Ticket.includes_post_by_and_open_status_and_updated_at.startkey([user.id, (options[:open_status] == 'open'), 0]).endkey([user.id, (options[:open_status] == 'open'), Time.now + 2.days])
+ end
+ end
+ end
+
+ def self.tickets_by_commenter(user_id)#, options = {})
+ Ticket.includes_post_by_and_updated_at.startkey([user_id, 0]).endkey([user_id, Time.now])
+ end
+
def is_creator_validated?
!!created_by
end
- def set_code
+=begin
+ def set_code #let's not use this---can use same show url
# ruby 1.9 provides url-safe option---this is not necessarily url-safe
self.code = SecureRandom.hex(8) if !is_creator_validated?
end
+=end
def set_email
@@ -66,23 +148,41 @@ class Ticket < CouchRest::Model::Base
# in controller set to be current users email if that exists
end
+ #not saving with close and reopen, as we will save in update when they are called.
def close
self.is_open = false
- save
+ #save
end
def reopen
self.is_open = true
- save
+ #save
end
- def comments_attributes=(attributes)
+ def commenters
+ commenters = []
+ self.comments.each do |comment|
+ if comment.posted_by
+ if user = User.find(comment.posted_by)
+ commenters << user.login if user and !commenters.include?(user.login)
+ else
+ commenters << 'unknown user' if !commenters.include?('unknown user') #todo don't hardcode string 'unknown user'
+ end
+ else
+ commenters << 'unauthenticated user' if !commenters.include?('unauthenticated user') #todo don't hardcode string 'unauthenticated user'
+ end
+ end
+ commenters.join(', ')
+ end
- comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
- #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
- comment.posted_at = Time.now
- comments << comment
-
+ def comments_attributes=(attributes)
+ if attributes # could be empty as we will empty if nothing was typed in
+ comment = TicketComment.new(attributes.values.first) #TicketComment.new(attributes)
+ #comment.posted_by = User.current.id if User.current #we want to avoid User.current, and current_user won't work here. instead will set in tickets_controller
+ # what about: comment.posted_by = self.updated_by (will need to add ticket.updated_by)
+ comment.posted_at = Time.now
+ comments << comment
+ end
end
=begin
@@ -91,5 +191,5 @@ class Ticket < CouchRest::Model::Base
errors.add 'email', 'contains an invalid address'
end
end
-=end
+=end
end
diff --git a/help/app/views/tickets/_admin-nav.html.haml b/help/app/views/tickets/_admin-nav.html.haml
new file mode 100644
index 0000000..055485d
--- /dev/null
+++ b/help/app/views/tickets/_admin-nav.html.haml
@@ -0,0 +1,5 @@
+%ul.nav.nav-pills.nav-stacked
+ %li{:class => ("active" if admin == 'mine')}
+ = link_to 'tickets i admin', {:admin_status => 'mine', :open_status => status}
+ %li{:class => ("active" if admin == 'all')}
+ = link_to 'all tickets', {:admin_status => 'all', :open_status => status}
diff --git a/help/app/views/tickets/_order-nav.html.haml b/help/app/views/tickets/_order-nav.html.haml
new file mode 100644
index 0000000..176acdc
--- /dev/null
+++ b/help/app/views/tickets/_order-nav.html.haml
@@ -0,0 +1,7 @@
+%ul.nav.nav-pills.pull-right
+ %li
+ = link_to 'created at'
+ %li{:class=> ("active" if true)}
+ = link_to do
+ %i.icon-arrow-up
+ updated at
diff --git a/help/app/views/tickets/_status-nav.html.haml b/help/app/views/tickets/_status-nav.html.haml
new file mode 100644
index 0000000..69f4248
--- /dev/null
+++ b/help/app/views/tickets/_status-nav.html.haml
@@ -0,0 +1,7 @@
+%ul.nav.nav-tabs
+ %li{:class => ("active" if status == 'open')}
+ = link_to_status 'open'
+ %li{:class => ("active" if status == 'closed')}
+ = link_to_status 'closed'
+ %li{:class => ("active" if status == 'all')}
+ = link_to_status 'all'
diff --git a/help/app/views/tickets/_table-nav.html.haml b/help/app/views/tickets/_table-nav.html.haml
new file mode 100644
index 0000000..635b59b
--- /dev/null
+++ b/help/app/views/tickets/_table-nav.html.haml
@@ -0,0 +1,5 @@
+.row
+ .span6
+ = render 'tickets/status-nav'
+ .span4
+ = render 'tickets/order-nav'
diff --git a/help/app/views/tickets/_ticket.html.haml b/help/app/views/tickets/_ticket.html.haml
new file mode 100644
index 0000000..3edfa8b
--- /dev/null
+++ b/help/app/views/tickets/_ticket.html.haml
@@ -0,0 +1,13 @@
+%tr
+ %td
+ %b
+ = link_to ticket.title, ticket
+ %br
+ %small
+ created:
+ = ticket.created_at.to_s(:short)
+ updated:
+ = ticket.updated_at.to_s(:short)
+ %small.pull-right
+ comments by:
+ = ticket.commenters
diff --git a/help/app/views/tickets/index.html.haml b/help/app/views/tickets/index.html.haml
index 6db2140..fdbeec5 100644
--- a/help/app/views/tickets/index.html.haml
+++ b/help/app/views/tickets/index.html.haml
@@ -1,10 +1,22 @@
-%h2 tickets index (just as space)
+%h1 tickets index
+
Create a
= link_to "new ticket", new_ticket_path
-= # below shouldn't be unless logged in
-%h2 Tickets
-= # want to have selection option to see tickets, that are open, closed or all
-- @tickets.each do |ticket|
- %p
- = link_to ticket.title, ticket
-= #render(:partial => "ticket", :collection => @tickets)
+
+= #%div{"data-pjax-container" => ""} # not sure how to get this working right
+.row
+ .span2
+ - if admin?
+ = render 'tickets/admin-nav'
+ .span10
+ = render 'tickets/table-nav'
+ %table.table-striped.table-bordered.table-hover{:style => "width:100%;"}
+ %tbody
+ = render @tickets.all
+ = paginate @tickets
+
+%div{"data-pjax-container" => ""}
+ / PJAX updates will go here
+ hmmm
+
+
diff --git a/help/app/views/tickets/show.html.haml b/help/app/views/tickets/show.html.haml
index a9b994e..d9f594b 100644
--- a/help/app/views/tickets/show.html.haml
+++ b/help/app/views/tickets/show.html.haml
@@ -1,26 +1,37 @@
-- if flash[:notice]
- =flash[:notice]
-- if flash[:alert]
- =flash[:alert]
%h2= @ticket.title
-is open?
-= @ticket.is_open
-- if @ticket.code
- code:
- = @ticket.code
- if @ticket.email
email:
= @ticket.email
-- if User.find(@ticket.created_by)
- Created by
- = User.find(@ticket.created_by).login
-- else
- Unauthenticated ticket creator
+%li
+ - if User.find(@ticket.created_by)
+ Created by
+ = User.find(@ticket.created_by).login
+ - else
+ Unauthenticated ticket creator
+%li
+ = "status:"
+ - if @ticket.is_open
+ = 'open'
+ = #link_to 'close', ticket_path, :method => :put
+ = #button_to 'close', ticket_path, :method => :put
+ = button_to 'close', {:change_status => :close}, :method => :put
+ - else
+ = 'closed'
+ = button_to 'open', {:change_status => :open}, :method => :put
= render(:partial => "comment", :collection => @ticket.comments)
+= #render @ticket.comments should work if view is in /app/views/comments/_comment
-= simple_form_for (@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test
+= simple_form_for(@ticket, :html => {:novalidate => true}) do |f| #turn off html5 validations to test
= f.simple_fields_for :comments, TicketComment.new do |c|
= c.input :body, :label => 'Comment', :as => :text
= #render :partial => 'new_comment'
- = f.button :submit
- = link_to t(:cancel), tickets_path, :class => :btn \ No newline at end of file
+ = #f.label :is_open
+ = #f.select :is_open, [true, false] #remove
+ = f.button :submit, @post_reply_str
+ - if @ticket.is_open
+ = f.button :submit, @reply_close_str
+= #link_to t(:destroy), ticket_path, :confirm => 'are you sure?', :method => :delete, :class => :btn if admin? # for link_to to work with delete, need to figure out jquery interaction correctly. see http://stackoverflow.com/questions/3774925/delete-link-sends-get-instead-of-delete-in-rails-3-view etc..
+= button_to 'destroy', ticket_path, :confirm => 'are you sure?', :method => :delete if admin?
+= # TODO want to have button to close
+= # TODO if admin, have button to delete
+= link_to t(:cancel), tickets_path, :class => :btn
diff --git a/help/config/routes.rb b/help/config/routes.rb
index 5e57e02..86a9201 100644
--- a/help/config/routes.rb
+++ b/help/config/routes.rb
@@ -1,5 +1,5 @@
Rails.application.routes.draw do
- resources :tickets, :only => [:new, :create, :index, :show, :update]
+ resources :tickets, :only => [:new, :create, :index, :show, :update, :destroy]
#resources :ticket, :only => [:show]
end
diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb
index 6bdb6c7..cf123a9 100644
--- a/help/test/functional/tickets_controller_test.rb
+++ b/help/test/functional/tickets_controller_test.rb
@@ -2,7 +2,18 @@ require 'test_helper'
class TicketsControllerTest < ActionController::TestCase
- test "should get index" do
+ setup do
+ User.create(User.valid_attributes_hash.merge({:login => 'first_test'}))
+ User.create(User.valid_attributes_hash.merge({:login => 'different'}))
+ end
+
+ teardown do
+ User.find_by_login('first_test').destroy
+ User.find_by_login('different').destroy
+ end
+
+ test "should get index if logged in" do
+ login(User.last)
get :index
assert_response :success
assert_not_nil assigns(:tickets)
@@ -14,51 +25,184 @@ class TicketsControllerTest < ActionController::TestCase
assert_response :success
end
+ test "ticket show access" do
+ ticket = Ticket.first
+ ticket.created_by = nil # TODO: hacky, but this makes sure this ticket is an unauthenticated one
+ ticket.save
+ get :show, :id => ticket.id
+ assert_response :success
+
+ ticket.created_by = User.last.id
+ ticket.save
+ get :show, :id => ticket.id
+ assert_response :redirect
+ assert_redirected_to login_url
+
+ login(User.last)
+ get :show, :id => ticket.id
+ assert_response :success
+
+ login(User.first) #assumes User.first != User.last:
+ assert_not_equal User.first, User.last
+ get :show, :id => ticket.id
+ assert_response :redirect
+ assert_redirected_to root_url
+
+ end
test "should create unauthenticated ticket" do
- params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
+ params = {:title => "unauth ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
assert_difference('Ticket.count') do
post :create, :ticket => params
end
assert_response :redirect
- #assert_equal assigns(:ticket).email, User.current.email
- #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login
assert_nil assigns(:ticket).created_by
assert_equal 1, assigns(:ticket).comments.count
- end
+ assert_nil assigns(:ticket).comments.first.posted_by
+ assigns(:ticket).destroy # destroys without checking permission. is that okay?
+ end
test "should create authenticated ticket" do
- params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
+ params = {:title => "auth ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
login User.last
-
assert_difference('Ticket.count') do
post :create, :ticket => params
end
assert_response :redirect
- ticket = assigns(:ticket)
- assert ticket
- assert_equal @current_user.id, ticket.created_by
- assert_equal @current_user.email, ticket.email
+
+ assert_not_nil assigns(:ticket).created_by
+ assert_equal assigns(:ticket).created_by, @current_user.id
+ assert_equal assigns(:ticket).email, @current_user.email
assert_equal 1, assigns(:ticket).comments.count
+ assert_not_nil assigns(:ticket).comments.first.posted_by
+ assert_equal assigns(:ticket).comments.first.posted_by, @current_user.id
+ assigns(:ticket).destroy
+ end
+
+ test "add comment to unauthenticated ticket" do
+ ticket = Ticket.last
+ ticket.created_by = nil # TODO: hacky, but this makes sure this ticket is an unauthenticated one
+ ticket.save
+ assert_difference('Ticket.last.comments.count') do
+ put :update, :id => ticket.id,
+ :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+ end
+
+ assert_equal ticket, assigns(:ticket) # still same ticket, with different comments
+ assert_not_equal ticket.comments, assigns(:ticket).comments # ticket == assigns(:ticket), but they have different comments (which we want)
+
+ end
+
+
+ test "add comment to own authenticated ticket" do
+
+ login(User.last)
+ ticket = Ticket.last
+ ticket.created_by = User.last.id # TODO: hacky, but confirms it is their ticket
+ ticket.save
+ #they should be able to comment if it is their ticket:
+ assert_difference('Ticket.last.comments.count') do
+ put :update, :id => ticket.id,
+ :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+ end
+ assert_not_equal ticket.comments, assigns(:ticket).comments
+ assert_not_nil assigns(:ticket).comments.last.posted_by
+ assert_equal assigns(:ticket).comments.last.posted_by, @current_user.id
+
+ end
+
+
+ test "cannot comment if it is not your ticket" do
+
+ login(User.last) # assumes User.last is not admin
+ assert !@current_user.is_admin?
+
+ ticket = Ticket.last
+
+ assert_not_nil User.first.id
+ ticket.created_by = User.first.id #assumes User.first != User.last:
+ assert_not_equal User.first, User.last
+ ticket.save
+ # they should *not* be able to comment if it is not their ticket
+ put :update, :id => ticket.id,
+ :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+ assert_response :redirect
+ assert_access_denied
+ assert_equal ticket.comments, assigns(:ticket).comments
+
end
- test "add comment to ticket" do
+
+ test "admin add comment to authenticated ticket" do
+
+ admin_login = APP_CONFIG['admins'].first
+ admin_user = User.find_by_login(admin_login) #assumes that there is an admin login
+ login(admin_user)
ticket = Ticket.last
+ assert_not_nil User.last.id
+ ticket.created_by = User.last.id # TODO: hacky, but confirms it somebody elses ticket. assumes last user is not admin user:
+ assert_not_equal User.last, admin_user
+ ticket.save
+
+ #admin should be able to comment:
assert_difference('Ticket.last.comments.count') do
put :update, :id => ticket.id,
:ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
end
- assert_equal ticket, assigns(:ticket)
+ assert_not_equal ticket.comments, assigns(:ticket).comments
+ assert_not_nil assigns(:ticket).comments.last.posted_by
+ assert_equal assigns(:ticket).comments.last.posted_by, @current_user.id
+
+ end
+
+ test "tickets by admin" do
+
+ admin_login = APP_CONFIG['admins'].first
+ admin_user = User.find_by_login(admin_login) #assumes that there is an admin login
+ login(admin_user)
+
+ post :create, :ticket => {:title => "test tick", :comments_attributes => {"0" => {"body" =>"body of test tick"}}}
+ post :create, :ticket => {:title => "another test tick", :comments_attributes => {"0" => {"body" =>"body of another test tick"}}}
+
+ assert_not_nil assigns(:ticket).created_by
+ assert_equal assigns(:ticket).created_by, admin_user.id
+
+ get :index, {:admin_status => "mine", :open_status => "open"}
+ assert assigns(:tickets).count > 1 # at least 2 tickets
+
+ # if we close one ticket, the admin should have 1 less open ticket they admin
+ assert_difference('assigns[:tickets].count', -1) do
+ assigns(:ticket).close
+ assigns(:ticket).save
+ get :index, {:admin_status => "mine", :open_status => "open"}
+ end
+ assigns(:ticket).destroy
+
+ testticket = Ticket.create :title => 'testytest'
+ assert !assigns(:tickets).include?(testticket)
+
+ # admin should have one more ticket if a new tick gets an admin comment
+ assert_difference('assigns[:tickets].count') do
+ put :update, :id => testticket.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}}}
+ get :index, {:admin_status => "mine", :open_status => "open"}
+ end
+
+ assert assigns(:tickets).include?(assigns(:ticket))
+ assert_not_nil assigns(:ticket).comments.last.posted_by
+ assert_equal assigns(:ticket).comments.last.posted_by, admin_user.id
+
+ assigns(:ticket).destroy
end
end
+
diff --git a/help/test/unit/ticket_test.rb b/help/test/unit/ticket_test.rb
index 6b63a23..e93a121 100644
--- a/help/test/unit/ticket_test.rb
+++ b/help/test/unit/ticket_test.rb
@@ -23,7 +23,7 @@ class TicketTest < ActiveSupport::TestCase
#user = LeapWebUsers::User.create
#t.user = user
-
+
#t.email = '' #invalid
#assert !t.valid?
#t.email = 'blah@blah.com, bb@jjj.org'
@@ -40,7 +40,7 @@ class TicketTest < ActiveSupport::TestCase
@sample.created_by = 22 #current_user
assert @sample.is_creator_validated?
end
-
+
=begin
# TODO: do once have current_user stuff in order
test "code if & only if not creator-validated" do
@@ -56,6 +56,38 @@ class TicketTest < ActiveSupport::TestCase
end
=end
-end
+ test "finds open tickets sorted by created_at" do
+ tickets = Ticket.by_is_open_and_created_at.
+ startkey([true, 0]).
+ endkey([true, Time.now + 10.hours]) # some tickets were created in the future
+ assert_equal Ticket.by_is_open.key(true).count, tickets.count
+ end
+
+ test "find tickets user commented on" do
+
+ # clear old tickets just in case
+ # this will cause RestClient::ResourceNotFound errors if there are multiple copies of the same ticket returned
+ Ticket.includes_post_by.key('123').each {|t| t.destroy}
+ testticket = Ticket.create :title => "test retrieving commented tickets"
+ comment = TicketComment.new :body => "my email broke", :posted_by => "123"
+ assert_equal 0, testticket.comments.count
+ assert_equal [], Ticket.includes_post_by.key('123').all
+ testticket.comments << comment
+ testticket.save
+ assert_equal 1, testticket.reload.comments.count
+ assert_equal [testticket], Ticket.includes_post_by.key('123').all
+
+ comment = TicketComment.new :body => "another comment", :posted_by => "123"
+ testticket.comments << comment
+ testticket.save
+
+ # this will ensure that the ticket is only included once, even though the user has commented on the ticket twice:
+ assert_equal [testticket], Ticket.includes_post_by.key('123').all
+
+ testticket.destroy
+ assert_equal [], Ticket.includes_post_by.key('123').all;
+ end
+
+end
diff --git a/ui_dependencies.rb b/ui_dependencies.rb
index 44f8f32..30d6706 100644
--- a/ui_dependencies.rb
+++ b/ui_dependencies.rb
@@ -2,8 +2,10 @@ gem "haml", "~> 3.1.7"
gem "bootstrap-sass", "~> 2.1.0"
gem "jquery-rails"
gem "simple_form"
+gem "pjax_rails"
gem 'client_side_validations'
gem 'client_side_validations-simple_form'
+gem 'kaminari', "0.13.0" # for pagination. trying 0.13.0 as there seem to be issues with 0.14.0 when using couchrest
group :assets do
gem "haml-rails", "~> 0.3.4"
diff --git a/users/app/controllers/controller_extension/authentication.rb b/users/app/controllers/controller_extension/authentication.rb
index 6ac7a5b..f2184d9 100644
--- a/users/app/controllers/controller_extension/authentication.rb
+++ b/users/app/controllers/controller_extension/authentication.rb
@@ -24,7 +24,9 @@ module ControllerExtension::Authentication
end
def access_denied
- redirect_to login_url, :alert => "Not authorized"
+ # TODO: should we redirect to the root_url in either case, and have the root_url include the login screen (and also ability to create unauthenticated tickets) when no user is logged in?
+ redirect_to login_url, :alert => "Not authorized" if !logged_in?
+ redirect_to root_url, :alert => "Not authorized" if logged_in?
end
def admin?
diff --git a/users/test/functional/application_controller_test.rb b/users/test/functional/application_controller_test.rb
index 857bae5..94b77bd 100644
--- a/users/test/functional/application_controller_test.rb
+++ b/users/test/functional/application_controller_test.rb
@@ -9,7 +9,7 @@ class ApplicationControllerTest < ActionController::TestCase
def test_authorize_redirect
@controller.send(:authorize)
- assert_access_denied
+ assert_access_denied(true, false)
end
def test_authorized
diff --git a/users/test/support/auth_test_helper.rb b/users/test/support/auth_test_helper.rb
index e0b673a..99dc141 100644
--- a/users/test/support/auth_test_helper.rb
+++ b/users/test/support/auth_test_helper.rb
@@ -19,10 +19,12 @@ module AuthTestHelper
return @current_user
end
- def assert_access_denied(denied = true)
+ def assert_access_denied(denied = true, logged_in = true)
if denied
assert_equal({:alert => "Not authorized"}, flash.to_hash)
- assert_redirected_to login_path
+ # todo: eventually probably eliminate separate conditions
+ assert_redirected_to login_path if !logged_in
+ assert_redirected_to root_path if logged_in
else
assert flash[:alert].blank?
end
diff --git a/users/test/unit/user_test.rb b/users/test/unit/user_test.rb
index cce11c2..2269d4e 100644
--- a/users/test/unit/user_test.rb
+++ b/users/test/unit/user_test.rb
@@ -49,4 +49,15 @@ class UserTest < ActiveSupport::TestCase
assert_equal client_rnd, srp_session.aa
end
+ test 'is user an admin' do
+ admin_login = APP_CONFIG['admins'].first
+ attribs = User.valid_attributes_hash
+ attribs[:login] = admin_login
+ admin_user = User.new(attribs)
+ assert admin_user.is_admin?
+ assert !@user.is_admin?
+
+ end
+
+
end