LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

chore: Clean up report & knowledge base policies (#11234)

Browse Source 
- Removes the portal_members table and all associated records
- Updates policies to use custom roles with knowledge_base_manage
permission
- Updates controllers, models, and views to work without portal
membership
- Adds tests for the new permission model
This commit is contained in:
Sojan Jose
2025-04-03 16:00:32 -07:00
committed by GitHub
parent 196bdf15af
commit 1a78a9243f
36 changed files with 694 additions and 232 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
spec/controllers/api/v1/accounts/articles_controller_spec.rb
View File

@@ -3,12 +3,11 @@ require 'rails_helper'
RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
let(:account) { create(:account) }
let(:agent) { create(:user, account: account, role: :agent) }
let(:admin) { create(:user, account: account, role: :administrator) }
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id) }
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, locale: 'en', slug: 'category_slug') }
let!(:article) { create(:article, category: category, portal: portal, account_id: account.id, author_id: agent.id) }
before { create(:portal_member, user: agent, portal: portal) }
describe 'POST /api/v1/accounts/{account.id}/portals/{portal.slug}/articles' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
@@ -33,7 +32,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
}
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
params: article_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eql('MyTitle')
@@ -56,7 +55,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
}
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
params: article_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eql('MyTitle')
@@ -84,7 +83,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
}
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
params: article_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eql('MyTitle')
@@ -110,7 +109,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
}
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
params: article_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eql('MyTitle')
@@ -144,7 +143,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
params: article_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eql(article_params[:article][:title])
@@ -165,7 +164,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
context 'when it is an authenticated user' do
it 'deletes category' do
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
deleted_article = Article.find_by(id: article.id)
expect(deleted_article).to be_nil
@@ -187,7 +186,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
expect(article2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
headers: agent.create_new_auth_token,
headers: admin.create_new_auth_token,
params: {}
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -199,7 +198,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
expect(article2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
headers: agent.create_new_auth_token,
headers: admin.create_new_auth_token,
params: {}
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -213,7 +212,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
expect(article2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
headers: agent.create_new_auth_token,
headers: admin.create_new_auth_token,
params: { category_slug: category.slug }
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -230,14 +229,14 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
expect(article2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
headers: agent.create_new_auth_token,
headers: admin.create_new_auth_token,
params: { query: 'funny' }
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload'].count).to be 1
expect(json_response['meta']['all_articles_count']).to be 2
expect(json_response['meta']['articles_count']).to be 1
expect(json_response['meta']['mine_articles_count']).to be 1
expect(json_response['meta']['mine_articles_count']).to be 0
end
end
@@ -247,7 +246,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
expect(article2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article2.id}",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -263,7 +262,7 @@ RSpec.describe 'Api::V1::Accounts::Articles', type: :request do
associated_article_id: root_article.id)
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{root_article.id}",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body

29
spec/controllers/api/v1/accounts/categories_controller_spec.rb
View File

@@ -3,6 +3,7 @@ require 'rails_helper'
RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
let(:account) { create(:account) }
let(:agent) { create(:user, account: account, role: :agent) }
let(:admin) { create(:user, account: account, role: :administrator) }
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id, config: { allowed_locales: %w[en es] }) }
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, slug: 'category_slug', position: 1) }
let!(:category_to_associate) do
@@ -15,8 +16,6 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
create(:category, name: 'related category 2', portal: portal, account_id: account.id, slug: 'category_slug_2', position: 4)
end
before { create(:portal_member, user: agent, portal: portal) }
describe 'POST /api/v1/accounts/{account.id}/portals/{portal.slug}/categories' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
@@ -59,7 +58,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
it 'creates category' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -75,11 +74,11 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
it 'creates multiple sub_categories under one parent_category' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params_2,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
expect(category.reload.sub_category_ids).to eql(Category.last(2).pluck(:id))
@@ -88,11 +87,11 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
it 'creates multiple associated_categories with one category' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params_2,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
expect(category_to_associate.reload.associated_category_ids).to eql(Category.last(2).pluck(:id))
@@ -101,11 +100,11 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
it 'will throw an error on locale, category_id uniqueness' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['message']).to eql('Locale should be unique in the category and portal')
@@ -123,7 +122,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
@@ -158,7 +157,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
json_response = response.parsed_body
@@ -181,7 +180,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
@@ -209,7 +208,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{related_category_2.id}",
params: category_params,
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
@@ -230,7 +229,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
context 'when it is an authenticated user' do
it 'deletes category' do
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
deleted_category = Category.find_by(id: category.id)
expect(deleted_category).to be_nil
@@ -255,7 +254,7 @@ RSpec.describe 'Api::V1::Accounts::Categories', type: :request do
expect(category2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload'].count).to be(category_count + 1)

41
spec/controllers/api/v1/accounts/portals_controller_spec.rb
View File

@@ -8,8 +8,6 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
let(:agent_2) { create(:user, account: account, role: :agent) }
let!(:portal) { create(:portal, slug: 'portal-1', name: 'test_portal', account_id: account.id) }
before { create(:portal_member, user: agent, portal: portal) }
describe 'GET /api/v1/accounts/{account.id}/portals' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
@@ -23,7 +21,7 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
portal2 = create(:portal, name: 'test_portal_2', account_id: account.id, slug: 'portal-2')
expect(portal2.id).not_to be_nil
get "/api/v1/accounts/#{account.id}/portals",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -45,7 +43,7 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
context 'when it is an authenticated user' do
it 'get one portals' do
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -62,7 +60,7 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
create(:article, category_id: es_cat.id, portal_id: portal.id, author_id: agent.id)
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}?locale=en",
headers: agent.create_new_auth_token
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
@@ -178,38 +176,7 @@ RSpec.describe 'Api::V1::Accounts::Portals', type: :request do
end
end
describe 'PUT /api/v1/accounts/{account.id}/portals/{portal.slug}/add_members' do
let(:new_account) { create(:account) }
let(:new_agent) { create(:user, account: new_account, role: :agent) }
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/add_members", params: {}
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated user' do
it 'add members to the portal' do
portal_params = {
portal: {
member_ids: [agent_1.id, agent_2.id]
}
}
expect(portal.members.count).to be(1)
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/add_members",
params: portal_params,
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(portal.reload.member_ids).to include(agent_1.id)
expect(json_response['portal_members'].length).to be(3)
end
end
end
# Portal members endpoint removed
describe 'DELETE /api/v1/accounts/{account.id}/portals/{portal.slug}/logo' do
context 'when it is an unauthenticated user' do

103
spec/enterprise/controllers/enterprise/api/v1/accounts/articles_controller_spec.rb Normal file
View File

@@ -0,0 +1,103 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise Articles API', type: :request do
let(:account) { create(:account) }
let(:admin) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account, role: :agent) }
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id) }
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, locale: 'en', slug: 'category_slug') }
let!(:article) { create(:article, category: category, portal: portal, account_id: account.id, author_id: admin.id) }
# Create a custom role with knowledge_base_manage permission
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
# Create user without account
let!(:agent_with_role) { create(:user) }
# Then create account_user association with custom_role
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
# Ensure the account_user with custom role is created before tests run
before do
agent_with_role_account_user
end
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
describe 'POST /api/v1/accounts/:account_id/portals/:portal_slug/articles' do
let(:article_params) do
{
article: {
category_id: category.id,
title: 'New Article',
slug: 'new-article',
content: 'This is a new article',
author_id: agent_with_role.id,
status: 'draft'
}
}
end
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
params: article_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eq('New Article')
end
end
end
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
let(:article_params) do
{
article: {
title: 'Updated Article',
content: 'This is an updated article'
}
}
end
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
params: article_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['title']).to eq('Updated Article')
end
end
end
describe 'DELETE /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
expect(Article.find_by(id: article.id)).to be_nil
end
end
end
end

111
spec/enterprise/controllers/enterprise/api/v1/accounts/categories_controller_spec.rb Normal file
View File

@@ -0,0 +1,111 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise Categories API', type: :request do
let(:account) { create(:account) }
let(:admin) { create(:user, account: account, role: :administrator) }
let(:agent) { create(:user, account: account, role: :agent) }
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id, config: { allowed_locales: %w[en es] }) }
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, slug: 'category_slug', position: 1) }
# Create a custom role with knowledge_base_manage permission
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
let!(:agent_with_role) { create(:user) }
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
# Ensure the account_user with custom role is created before tests run
before do
agent_with_role_account_user
end
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/categories' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['name']).to eq('category')
end
end
end
describe 'POST /api/v1/accounts/:account_id/portals/:portal_slug/categories' do
let(:category_params) do
{
category: {
name: 'New Category',
slug: 'new-category',
locale: 'en',
description: 'This is a new category'
}
}
end
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
params: category_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['name']).to eq('New Category')
end
end
end
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
let(:category_params) do
{
category: {
name: 'Updated Category',
description: 'This is an updated category'
}
}
end
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
params: category_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['payload']['name']).to eq('Updated Category')
end
end
end
describe 'DELETE /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
end

123
spec/enterprise/controllers/enterprise/api/v1/accounts/contacts/conversations_controller_spec.rb Normal file
View File

@@ -0,0 +1,123 @@
require 'rails_helper'
RSpec.describe '/api/v1/accounts/{account.id}/contacts/:id/conversations enterprise', type: :request do
let(:account) { create(:account) }
let(:contact) { create(:contact, account: account) }
let(:inbox) { create(:inbox, account: account) }
let(:contact_inbox) { create(:contact_inbox, contact: contact, inbox: inbox) }
describe 'GET /api/v1/accounts/{account.id}/contacts/:id/conversations with custom role permissions' do
context 'with user having custom role' do
let(:agent_with_custom_role) { create(:user, account: account, role: :agent) }
let(:custom_role) { create(:custom_role, account: account) }
before do
create(:inbox_member, user: agent_with_custom_role, inbox: inbox)
end
context 'with conversation_participating_manage permission' do
let(:assigned_conversation) do
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox, assignee: agent_with_custom_role)
end
before do
# Create a conversation assigned to this agent
assigned_conversation
# Create another conversation that shouldn't be visible
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox, assignee: create(:user, account: account, role: :agent))
# Set up permissions
custom_role.update!(permissions: %w[conversation_participating_manage])
# Associate the custom role with the agent
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
account_user.update!(role: :agent, custom_role: custom_role)
end
it 'returns only conversations assigned to the agent' do
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
headers: agent_with_custom_role.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
# Should only return the conversation assigned to this agent
expect(json_response['payload'].length).to eq 1
expect(json_response['payload'][0]['id']).to eq assigned_conversation.display_id
end
end
context 'with conversation_unassigned_manage permission' do
let(:unassigned_conversation) do
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox, assignee: nil)
end
let(:assigned_conversation) do
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox, assignee: agent_with_custom_role)
end
before do
# Create the conversations
unassigned_conversation
assigned_conversation
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox, assignee: create(:user, account: account, role: :agent))
# Set up permissions
custom_role.update!(permissions: %w[conversation_unassigned_manage])
# Associate the custom role with the agent
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
account_user.update!(role: :agent, custom_role: custom_role)
end
it 'returns unassigned conversations AND conversations assigned to the agent' do
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
headers: agent_with_custom_role.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
# Should return both unassigned and assigned to this agent conversations
expect(json_response['payload'].length).to eq 2
conversation_ids = json_response['payload'].pluck('id')
expect(conversation_ids).to include(unassigned_conversation.display_id)
expect(conversation_ids).to include(assigned_conversation.display_id)
end
end
context 'with conversation_manage permission' do
before do
# Create multiple conversations
3.times do
create(:conversation, account: account, inbox: inbox, contact: contact,
contact_inbox: contact_inbox)
end
# Set up permissions
custom_role.update!(permissions: %w[conversation_manage])
# Associate the custom role with the agent
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
account_user.update!(role: :agent, custom_role: custom_role)
end
it 'returns all conversations' do
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
headers: agent_with_custom_role.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
# Should return all conversations in this inbox
expect(json_response['payload'].length).to eq 3
end
end
end
end
end

90
spec/enterprise/controllers/enterprise/api/v1/accounts/portals_controller_spec.rb Normal file
View File

@@ -0,0 +1,90 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise Portal API', type: :request do
let(:account) { create(:account) }
let(:admin) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account, role: :agent) }
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id) }
# Create a custom role with knowledge_base_manage permission
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
# Create user without account
let!(:agent_with_role) { create(:user) }
# Then create account_user association with custom_role
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
# Ensure the account_user with custom role is created before tests run
before do
agent_with_role_account_user
end
describe 'GET /api/v1/accounts/:account_id/portals' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
get "/api/v1/accounts/#{account.id}/portals",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug' do
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}",
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['name']).to eq('test_portal')
end
end
end
describe 'POST /api/v1/accounts/:account_id/portals' do
let(:portal_params) do
{ portal: {
name: 'test_portal',
slug: 'test_kbase',
custom_domain: 'https://support.chatwoot.dev'
} }
end
context 'when it is an authenticated user' do
it 'restricts portal creation for agents with knowledge_base_manage permission' do
post "/api/v1/accounts/#{account.id}/portals",
params: portal_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unauthorized)
end
end
end
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug' do
let(:portal_params) do
{ portal: { name: 'updated_portal' } }
end
context 'when it is an authenticated user' do
it 'returns success for agents with knowledge_base_manage permission' do
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}",
params: portal_params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['name']).to eq('updated_portal')
end
end
end
end

67
spec/enterprise/controllers/enterprise/api/v2/accounts/reports_controller_spec.rb Normal file
View File

@@ -0,0 +1,67 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise Reports API', type: :request do
let(:account) { create(:account) }
let(:agent) { create(:user, account: account, role: :agent) }
# Create a custom role with report_manage permission
let!(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
let!(:agent_with_role) { create(:user) }
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
let(:default_timezone) { 'UTC' }
let(:start_of_today) { Time.current.in_time_zone(default_timezone).beginning_of_day.to_i }
let(:end_of_today) { Time.current.in_time_zone(default_timezone).end_of_day.to_i }
let(:params) { { timezone_offset: Time.zone.utc_offset } }
before do
agent_with_role_account_user
end
describe 'GET /api/v2/accounts/:account_id/reports' do
context 'when it is an authenticated user' do
let(:params) do
super().merge(
metric: 'conversations_count',
type: :account,
since: start_of_today.to_s,
until: end_of_today.to_s
)
end
it 'returns success for agents with report_manage permission' do
get "/api/v2/accounts/#{account.id}/reports",
params: params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
describe 'GET /api/v2/accounts/:account_id/reports/summary' do
context 'when it is an authenticated user' do
let(:params) do
super().merge(
type: :account,
since: start_of_today.to_s,
until: end_of_today.to_s
)
end
it 'returns success for agents with report_manage permission' do
get "/api/v2/accounts/#{account.id}/reports/summary",
params: params,
headers: agent_with_role.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
end
end
end
end

28
spec/enterprise/policies/article_policy_spec.rb Normal file
View File

@@ -0,0 +1,28 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise::ArticlePolicy', type: :policy do
subject(:article_policy) { ArticlePolicy }
let(:account) { create(:account) }
let(:agent) { create(:user, account: account) } # Needed for author
let(:portal) { create(:portal, account: account) }
let(:article) { create(:article, account: account, portal: portal, author: agent) }
# Create a custom role with knowledge_base_manage permission
let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
let(:agent_with_role) { create(:user) } # Create without account
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
let(:agent_with_role_context) do
{ user: agent_with_role, account: account, account_user: agent_with_role_account_user }
end
permissions :index?, :update?, :show?, :edit?, :create?, :destroy?, :reorder? do
context 'when agent with knowledge_base_manage permission' do
it { expect(article_policy).to permit(agent_with_role_context, article) }
end
end
end

27
spec/enterprise/policies/category_policy_spec.rb Normal file
View File

@@ -0,0 +1,27 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise::CategoryPolicy', type: :policy do
subject(:category_policy) { CategoryPolicy }
let(:account) { create(:account) }
let(:portal) { create(:portal, account: account) }
let(:category) { create(:category, account: account, portal: portal, slug: 'test-category') }
# Create a custom role with knowledge_base_manage permission
let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
let(:agent_with_role) { create(:user) } # Create without account
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
let(:agent_with_role_context) do
{ user: agent_with_role, account: account, account_user: agent_with_role_account_user }
end
permissions :index?, :update?, :show?, :edit?, :create?, :destroy? do
context 'when agent with knowledge_base_manage permission' do
it { expect(category_policy).to permit(agent_with_role_context, category) }
end
end
end

32
spec/enterprise/policies/portal_policy_spec.rb Normal file
View File

@@ -0,0 +1,32 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise::PortalPolicy', type: :policy do
subject(:portal_policy) { PortalPolicy }
let(:account) { create(:account) }
let(:portal) { create(:portal, account: account) }
# Create a custom role with knowledge_base_manage permission
let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
let(:agent_with_role) { create(:user) } # Create without account
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
let(:agent_with_role_context) do
{ user: agent_with_role, account: account, account_user: agent_with_role_account_user }
end
permissions :update?, :edit?, :logo? do
context 'when agent with knowledge_base_manage permission' do
it { expect(portal_policy).to permit(agent_with_role_context, portal) }
end
end
permissions :create?, :destroy? do
context 'when agent with knowledge_base_manage permission' do
it { expect(portal_policy).not_to permit(agent_with_role_context, portal) }
end
end
end

26
spec/enterprise/policies/report_policy_spec.rb Normal file
View File

@@ -0,0 +1,26 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe 'Enterprise::ReportPolicy', type: :policy do
subject(:report_policy) { ReportPolicy }
let(:account) { create(:account) }
let(:report) { :report }
# Create a custom role with report_manage permission
let(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
let(:agent_with_role) { create(:user) } # Create without account
let(:agent_with_role_account_user) do
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
end
let(:agent_with_role_context) do
{ user: agent_with_role, account: account, account_user: agent_with_role_account_user }
end
permissions :view? do
context 'when agent with report_manage permission' do
it { expect(report_policy).to permit(agent_with_role_context, report) }
end
end
end

197
spec/enterprise/services/enterprise/conversations/permission_filter_service_spec.rb Normal file
View File

@@ -0,0 +1,197 @@
require 'rails_helper'
RSpec.describe Enterprise::Conversations::PermissionFilterService do
let(:account) { create(:account) }
# Create conversations with different states
let!(:assigned_conversation) { create(:conversation, account: account, inbox: inbox, assignee: agent) }
let!(:unassigned_conversation) { create(:conversation, account: account, inbox: inbox, assignee: nil) }
let!(:another_assigned_conversation) { create(:conversation, account: account, inbox: inbox, assignee: create(:user, account: account)) }
let(:admin) { create(:user, account: account, role: :administrator) }
let(:agent) { create(:user, account: account, role: :agent) }
let!(:inbox) { create(:inbox, account: account) }
# This inbox_member is used to establish the agent's access to the inbox
before { create(:inbox_member, user: agent, inbox: inbox) }
describe '#perform' do
context 'when user is an administrator' do
it 'returns all conversations' do
result = Conversations::PermissionFilterService.new(
account.conversations,
admin,
account
).perform
expect(result).to include(assigned_conversation)
expect(result).to include(unassigned_conversation)
expect(result).to include(another_assigned_conversation)
expect(result.count).to eq(3)
end
end
context 'when user is a regular agent' do
it 'returns all conversations in assigned inboxes' do
inbox_ids = agent.inboxes.where(account_id: account.id).pluck(:id)
result = Conversations::PermissionFilterService.new(
account.conversations.where(inbox_id: inbox_ids),
agent,
account
).perform
expect(result).to include(assigned_conversation)
expect(result).to include(unassigned_conversation)
expect(result).to include(another_assigned_conversation)
expect(result.count).to eq(3)
end
end
context 'when user has conversation_manage permission' do
# Test with a new clean state for each test case
it 'returns all conversations' do
# Create a new isolated test environment
test_account = create(:account)
test_inbox = create(:inbox, account: test_account)
# Create test agent
test_agent = create(:user, account: test_account, role: :agent)
create(:inbox_member, user: test_agent, inbox: test_inbox)
# Create custom role with conversation_manage permission
test_custom_role = create(:custom_role, account: test_account, permissions: ['conversation_manage'])
account_user = AccountUser.find_by(user: test_agent, account: test_account)
account_user.update(role: :agent, custom_role: test_custom_role)
# Create some conversations
assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: test_agent)
unassigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: nil)
other_assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: create(:user, account: test_account))
# Run the test
result = Conversations::PermissionFilterService.new(
test_account.conversations,
test_agent,
test_account
).perform
# Should have access to all conversations
expect(result.count).to eq(3)
expect(result).to include(assigned_conversation)
expect(result).to include(unassigned_conversation)
expect(result).to include(other_assigned_conversation)
end
end
context 'when user has conversation_participating_manage permission' do
it 'returns only conversations assigned to the agent' do
# Create a new isolated test environment
test_account = create(:account)
test_inbox = create(:inbox, account: test_account)
# Create test agent
test_agent = create(:user, account: test_account, role: :agent)
create(:inbox_member, user: test_agent, inbox: test_inbox)
# Create a custom role with only the conversation_participating_manage permission
test_custom_role = create(:custom_role, account: test_account, permissions: %w[conversation_participating_manage])
account_user = AccountUser.find_by(user: test_agent, account: test_account)
account_user.update(role: :agent, custom_role: test_custom_role)
# Create some conversations
other_conversation = create(:conversation, account: test_account, inbox: test_inbox)
assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: test_agent)
# Run the test
result = Conversations::PermissionFilterService.new(
test_account.conversations,
test_agent,
test_account
).perform
# Should only see conversations assigned to this agent
expect(result.count).to eq(1)
expect(result.first.assignee).to eq(test_agent)
expect(result).to include(assigned_conversation)
expect(result).not_to include(other_conversation)
end
end
context 'when user has conversation_unassigned_manage permission' do
it 'returns unassigned conversations AND mine' do
# Create a new isolated test environment
test_account = create(:account)
test_inbox = create(:inbox, account: test_account)
# Create test agent
test_agent = create(:user, account: test_account, role: :agent)
create(:inbox_member, user: test_agent, inbox: test_inbox)
# Create a custom role with only the conversation_unassigned_manage permission
test_custom_role = create(:custom_role, account: test_account, permissions: %w[conversation_unassigned_manage])
account_user = AccountUser.find_by(user: test_agent, account: test_account)
account_user.update(role: :agent, custom_role: test_custom_role)
# Create some conversations
assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: test_agent)
unassigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: nil)
other_assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: create(:user, account: test_account))
# Run the test
result = Conversations::PermissionFilterService.new(
test_account.conversations,
test_agent,
test_account
).perform
# Should see unassigned conversations AND conversations assigned to this agent
expect(result.count).to eq(2)
expect(result).to include(unassigned_conversation)
expect(result).to include(assigned_conversation)
# Should NOT include conversations assigned to others
expect(result).not_to include(other_assigned_conversation)
end
end
context 'when user has both participating and unassigned permissions (hierarchical test)' do
it 'gives higher priority to unassigned_manage over participating_manage' do
# Create a new isolated test environment
test_account = create(:account)
test_inbox = create(:inbox, account: test_account)
# Create test agent
test_agent = create(:user, account: test_account, role: :agent)
create(:inbox_member, user: test_agent, inbox: test_inbox)
# Create a custom role with both participating and unassigned permissions
permissions = %w[conversation_participating_manage conversation_unassigned_manage]
test_custom_role = create(:custom_role, account: test_account, permissions: permissions)
account_user = AccountUser.find_by(user: test_agent, account: test_account)
account_user.update(role: :agent, custom_role: test_custom_role)
# Create some conversations
assigned_to_agent = create(:conversation, account: test_account, inbox: test_inbox, assignee: test_agent)
unassigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: nil)
other_assigned_conversation = create(:conversation, account: test_account, inbox: test_inbox, assignee: create(:user, account: test_account))
# Run the test
result = Conversations::PermissionFilterService.new(
test_account.conversations,
test_agent,
test_account
).perform
# Should behave the same as conversation_unassigned_manage test
# - Show both unassigned and assigned to this agent
# - Do not show conversations assigned to others
expect(result.count).to eq(2)
expect(result).to include(unassigned_conversation)
expect(result).to include(assigned_to_agent)
expect(result).not_to include(other_assigned_conversation)
end
end
end
end

6
spec/factories/portal_members.rb
View File

@@ -1,6 +0,0 @@
FactoryBot.define do
factory :portal_member do
portal
user
end
end

8
spec/models/portal_member_spec.rb
View File

@@ -1,8 +0,0 @@
require 'rails_helper'
RSpec.describe PortalMember do
describe 'associations' do
it { is_expected.to belong_to(:portal) }
it { is_expected.to belong_to(:user) }
end
end

2
spec/models/portal_spec.rb
View File

@@ -12,8 +12,6 @@ RSpec.describe Portal do
it { is_expected.to have_many(:categories) }
it { is_expected.to have_many(:folders) }
it { is_expected.to have_many(:articles) }
it { is_expected.to have_many(:portal_members) }
it { is_expected.to have_many(:members) }
it { is_expected.to have_many(:inboxes) }
end

34
spec/policies/article_policy_spec.rb Normal file
View File

@@ -0,0 +1,34 @@
require 'rails_helper'
RSpec.describe ArticlePolicy, type: :policy do
subject(:article_policy) { described_class }
let(:account) { create(:account) }
let(:administrator) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account) }
let(:portal) { create(:portal, account: account) }
let(:article) { create(:article, account: account, portal: portal, author: administrator) }
let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } }
permissions :index? do
context 'when administrator' do
it { expect(article_policy).to permit(administrator_context, article) }
end
context 'when agent' do
it { expect(article_policy).to permit(agent_context, article) }
end
end
permissions :update?, :show?, :edit?, :create?, :destroy?, :reorder? do
context 'when administrator' do
it { expect(article_policy).to permit(administrator_context, article) }
end
context 'when agent' do
it { expect(article_policy).not_to permit(agent_context, article) }
end
end
end

34
spec/policies/category_policy_spec.rb Normal file
View File

@@ -0,0 +1,34 @@
require 'rails_helper'
RSpec.describe CategoryPolicy, type: :policy do
subject(:category_policy) { described_class }
let(:account) { create(:account) }
let(:administrator) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account) }
let(:portal) { create(:portal, account: account) }
let(:category) { create(:category, account: account, portal: portal, slug: 'test-category') }
let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } }
permissions :index? do
context 'when administrator' do
it { expect(category_policy).to permit(administrator_context, category) }
end
context 'when agent' do
it { expect(category_policy).to permit(agent_context, category) }
end
end
permissions :update?, :show?, :edit?, :create?, :destroy? do
context 'when administrator' do
it { expect(category_policy).to permit(administrator_context, category) }
end
context 'when agent' do
it { expect(category_policy).not_to permit(agent_context, category) }
end
end
end

35
spec/policies/portal_policy_spec.rb Normal file
View File

@@ -0,0 +1,35 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe PortalPolicy, type: :policy do
subject(:portal_policy) { described_class }
let(:account) { create(:account) }
let(:administrator) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account) }
let(:portal) { create(:portal, account: account) }
let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } }
permissions :index?, :show? do
context 'when administrator' do
it { expect(portal_policy).to permit(administrator_context, portal) }
end
context 'when agent' do
it { expect(portal_policy).to permit(agent_context, portal) }
end
end
permissions :update?, :edit?, :create?, :destroy?, :logo? do
context 'when administrator' do
it { expect(portal_policy).to permit(administrator_context, portal) }
end
context 'when agent' do
it { expect(portal_policy).not_to permit(agent_context, portal) }
end
end
end

25
spec/policies/report_policy_spec.rb Normal file
View File

@@ -0,0 +1,25 @@
# frozen_string_literal: true
require 'rails_helper'
RSpec.describe ReportPolicy, type: :policy do
subject(:report_policy) { described_class }
let(:account) { create(:account) }
let(:administrator) { create(:user, :administrator, account: account) }
let(:agent) { create(:user, account: account) }
let(:report) { :report }
let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } }
permissions :view? do
context 'when administrator' do
it { expect(report_policy).to permit(administrator_context, report) }
end
context 'when agent' do
it { expect(report_policy).not_to permit(agent_context, report) }
end
end
end