2 files changed, 192 insertions, 16 deletions

diff --git a/help/test/functional/tickets_controller_test.rb b/help/test/functional/tickets_controller_test.rb
index 6bdb6c7..cf123a9 100644
--- a/help/test/functional/tickets_controller_test.rb
+++ b/help/test/functional/tickets_controller_test.rb
@@ -2,7 +2,18 @@ require 'test_helper'
 
 class TicketsControllerTest < ActionController::TestCase
 
-  test "should get index" do
+  setup do
+    User.create(User.valid_attributes_hash.merge({:login => 'first_test'}))
+    User.create(User.valid_attributes_hash.merge({:login => 'different'}))
+  end
+
+  teardown do
+    User.find_by_login('first_test').destroy
+    User.find_by_login('different').destroy
+  end
+
+  test "should get index if logged in" do
+    login(User.last)
     get :index
     assert_response :success
     assert_not_nil assigns(:tickets)
@@ -14,51 +25,184 @@ class TicketsControllerTest < ActionController::TestCase
     assert_response :success
   end
 
+  test "ticket show access" do
+    ticket = Ticket.first
+    ticket.created_by = nil # TODO: hacky, but this makes sure this ticket is an unauthenticated one
+    ticket.save
+    get :show, :id => ticket.id
+    assert_response :success
+
+    ticket.created_by = User.last.id
+    ticket.save
+    get :show, :id => ticket.id
+    assert_response :redirect
+    assert_redirected_to login_url
+
+    login(User.last)
+    get :show, :id => ticket.id
+    assert_response :success
+
+    login(User.first) #assumes User.first != User.last:
+    assert_not_equal User.first, User.last
+    get :show, :id => ticket.id
+    assert_response :redirect
+    assert_redirected_to root_url
+
+  end
 
   test "should create unauthenticated ticket" do
-    params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
+    params = {:title => "unauth ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
 
     assert_difference('Ticket.count') do
       post :create, :ticket => params
     end
 
     assert_response :redirect
-    #assert_equal assigns(:ticket).email, User.current.email
-    #assert_equal User.find(assigns(:ticket).created_by).login, User.current.login
     assert_nil assigns(:ticket).created_by
 
     assert_equal 1, assigns(:ticket).comments.count
-  end
+    assert_nil assigns(:ticket).comments.first.posted_by
+    assigns(:ticket).destroy # destroys without checking permission. is that okay?
 
+  end
 
   test "should create authenticated ticket" do
 
-    params = {:title => "ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
+    params = {:title => "auth ticket test title", :comments_attributes => {"0" => {"body" =>"body of test ticket"}}}
 
     login User.last
-
     assert_difference('Ticket.count') do
       post :create, :ticket => params
     end
 
     assert_response :redirect
-    ticket = assigns(:ticket)
-    assert ticket
-    assert_equal @current_user.id, ticket.created_by
-    assert_equal @current_user.email, ticket.email
+
+    assert_not_nil assigns(:ticket).created_by
+    assert_equal assigns(:ticket).created_by, @current_user.id
+    assert_equal assigns(:ticket).email, @current_user.email
 
     assert_equal 1, assigns(:ticket).comments.count
+    assert_not_nil assigns(:ticket).comments.first.posted_by
+    assert_equal assigns(:ticket).comments.first.posted_by, @current_user.id
+    assigns(:ticket).destroy
+  end
+
+  test "add comment to unauthenticated ticket" do
+    ticket = Ticket.last
+    ticket.created_by = nil # TODO: hacky, but this makes sure this ticket is an unauthenticated one
+    ticket.save
+    assert_difference('Ticket.last.comments.count') do
+      put :update, :id => ticket.id,
+        :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+    end
+
+    assert_equal ticket, assigns(:ticket) # still same ticket, with different comments
+    assert_not_equal ticket.comments, assigns(:ticket).comments # ticket == assigns(:ticket), but they have different comments (which we want)
+
+  end
+
+
+  test "add comment to own authenticated ticket" do
+
+    login(User.last)
+    ticket = Ticket.last
+    ticket.created_by = User.last.id # TODO: hacky, but confirms it is their ticket
+    ticket.save
+    #they should be able to comment if it is their ticket:
+    assert_difference('Ticket.last.comments.count') do
+      put :update, :id => ticket.id,
+        :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+    end
+    assert_not_equal ticket.comments, assigns(:ticket).comments
+    assert_not_nil assigns(:ticket).comments.last.posted_by
+    assert_equal assigns(:ticket).comments.last.posted_by, @current_user.id
+
+  end
+
+
+  test "cannot comment if it is not your ticket" do
+
+    login(User.last) # assumes User.last is not admin
+    assert !@current_user.is_admin?
+
+    ticket = Ticket.last
+
+    assert_not_nil User.first.id
+    ticket.created_by = User.first.id #assumes User.first != User.last:
+    assert_not_equal User.first, User.last
+    ticket.save
+    # they should *not* be able to comment if it is not their ticket
+    put :update, :id => ticket.id,
+        :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
+    assert_response :redirect
+    assert_access_denied
+    assert_equal ticket.comments, assigns(:ticket).comments
+
   end
 
-  test "add comment to ticket" do
+
+  test "admin add comment to authenticated ticket" do
+
+    admin_login = APP_CONFIG['admins'].first
+    admin_user = User.find_by_login(admin_login) #assumes that there is an admin login
+    login(admin_user)
 
     ticket = Ticket.last
+    assert_not_nil User.last.id
+    ticket.created_by = User.last.id # TODO: hacky, but confirms it somebody elses ticket. assumes last user is not admin user:
+    assert_not_equal User.last, admin_user
+    ticket.save
+
+    #admin should be able to comment:
     assert_difference('Ticket.last.comments.count') do
       put :update, :id => ticket.id,
         :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}} }
     end
-    assert_equal ticket, assigns(:ticket)
+    assert_not_equal ticket.comments, assigns(:ticket).comments
+    assert_not_nil assigns(:ticket).comments.last.posted_by
+    assert_equal assigns(:ticket).comments.last.posted_by, @current_user.id
+
+  end
+
+  test "tickets by admin" do
+
+    admin_login = APP_CONFIG['admins'].first
+    admin_user = User.find_by_login(admin_login) #assumes that there is an admin login
+    login(admin_user)
+
+    post :create, :ticket => {:title => "test tick", :comments_attributes => {"0" => {"body" =>"body of test tick"}}}
+    post :create, :ticket => {:title => "another test tick", :comments_attributes => {"0" => {"body" =>"body of another test tick"}}}
+
+    assert_not_nil assigns(:ticket).created_by
+    assert_equal assigns(:ticket).created_by, admin_user.id
+
+    get :index, {:admin_status => "mine", :open_status => "open"}
+    assert assigns(:tickets).count > 1 # at least 2 tickets
+
+    # if we close one ticket, the admin should have 1 less open ticket they admin
+    assert_difference('assigns[:tickets].count', -1) do
+      assigns(:ticket).close
+      assigns(:ticket).save
+      get :index, {:admin_status => "mine", :open_status => "open"}
+    end
+    assigns(:ticket).destroy
+
+    testticket = Ticket.create :title => 'testytest'
+    assert !assigns(:tickets).include?(testticket)
+
+    # admin should have one more ticket if a new tick gets an admin comment
+    assert_difference('assigns[:tickets].count') do
+      put :update, :id => testticket.id, :ticket => {:comments_attributes => {"0" => {"body" =>"NEWER comment"}}}
+      get :index, {:admin_status => "mine", :open_status => "open"}
+    end
+
+    assert assigns(:tickets).include?(assigns(:ticket))
+    assert_not_nil assigns(:ticket).comments.last.posted_by
+    assert_equal assigns(:ticket).comments.last.posted_by, admin_user.id
+
+    assigns(:ticket).destroy
 
   end
 
 end
+
diff --git a/help/test/unit/ticket_test.rb b/help/test/unit/ticket_test.rb
index 6b63a23..e93a121 100644
--- a/help/test/unit/ticket_test.rb
+++ b/help/test/unit/ticket_test.rb
@@ -23,7 +23,7 @@ class TicketTest < ActiveSupport::TestCase
     #user = LeapWebUsers::User.create
 
     #t.user = user
-    
+
     #t.email = '' #invalid
     #assert !t.valid?
     #t.email = 'blah@blah.com, bb@jjj.org'
@@ -40,7 +40,7 @@ class TicketTest < ActiveSupport::TestCase
     @sample.created_by = 22 #current_user
     assert @sample.is_creator_validated?
   end
-  
+
 =begin
 # TODO: do once have current_user stuff in order
   test "code if & only if not creator-validated" do
@@ -56,6 +56,38 @@ class TicketTest < ActiveSupport::TestCase
   end
 =end
 
-end
+  test "finds open tickets sorted by created_at" do
+    tickets = Ticket.by_is_open_and_created_at.
+      startkey([true, 0]).
+      endkey([true, Time.now + 10.hours]) # some tickets were created in the future
+    assert_equal Ticket.by_is_open.key(true).count, tickets.count
+  end
+
+  test "find tickets user commented on" do
+
+    # clear old tickets just in case
+    # this will cause RestClient::ResourceNotFound errors if there are multiple copies of the same ticket returned
+    Ticket.includes_post_by.key('123').each {|t| t.destroy}
 
+    testticket = Ticket.create :title => "test retrieving commented tickets"
+    comment = TicketComment.new :body => "my email broke", :posted_by => "123"
+    assert_equal 0, testticket.comments.count
+    assert_equal [], Ticket.includes_post_by.key('123').all
 
+    testticket.comments << comment
+    testticket.save
+    assert_equal 1, testticket.reload.comments.count
+    assert_equal [testticket], Ticket.includes_post_by.key('123').all
+
+    comment = TicketComment.new :body => "another comment", :posted_by => "123"
+    testticket.comments << comment
+    testticket.save
+
+    # this will ensure that the ticket is only included once, even though the user has commented on the ticket twice:
+    assert_equal [testticket], Ticket.includes_post_by.key('123').all
+
+    testticket.destroy
+    assert_equal [], Ticket.includes_post_by.key('123').all;
+  end
+
+end