chore: Clean up report & knowledge base policies (#11234)
- Removes the portal_members table and all associated records - Updates policies to use custom roles with knowledge_base_manage permission - Updates controllers, models, and views to work without portal membership - Adds tests for the new permission model
This commit is contained in:
Sojan Jose
@@ -0,0 +1,103 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Enterprise Articles API', type: :request do
|
||||
let(:account) { create(:account) }
|
||||
let(:admin) { create(:user, :administrator, account: account) }
|
||||
let(:agent) { create(:user, account: account, role: :agent) }
|
||||
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id) }
|
||||
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, locale: 'en', slug: 'category_slug') }
|
||||
let!(:article) { create(:article, category: category, portal: portal, account_id: account.id, author_id: admin.id) }
|
||||
|
||||
# Create a custom role with knowledge_base_manage permission
|
||||
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
|
||||
# Create user without account
|
||||
let!(:agent_with_role) { create(:user) }
|
||||
# Then create account_user association with custom_role
|
||||
let(:agent_with_role_account_user) do
|
||||
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
# Ensure the account_user with custom role is created before tests run
|
||||
before do
|
||||
agent_with_role_account_user
|
||||
end
|
||||
|
||||
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /api/v1/accounts/:account_id/portals/:portal_slug/articles' do
|
||||
let(:article_params) do
|
||||
{
|
||||
article: {
|
||||
category_id: category.id,
|
||||
title: 'New Article',
|
||||
slug: 'new-article',
|
||||
content: 'This is a new article',
|
||||
author_id: agent_with_role.id,
|
||||
status: 'draft'
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles",
|
||||
params: article_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['payload']['title']).to eq('New Article')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
|
||||
let(:article_params) do
|
||||
{
|
||||
article: {
|
||||
title: 'Updated Article',
|
||||
content: 'This is an updated article'
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
|
||||
params: article_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['payload']['title']).to eq('Updated Article')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE /api/v1/accounts/:account_id/portals/:portal_slug/articles/:id' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/articles/#{article.id}",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
expect(Article.find_by(id: article.id)).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,111 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Enterprise Categories API', type: :request do
|
||||
let(:account) { create(:account) }
|
||||
let(:admin) { create(:user, account: account, role: :administrator) }
|
||||
let(:agent) { create(:user, account: account, role: :agent) }
|
||||
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id, config: { allowed_locales: %w[en es] }) }
|
||||
let!(:category) { create(:category, name: 'category', portal: portal, account_id: account.id, slug: 'category_slug', position: 1) }
|
||||
|
||||
# Create a custom role with knowledge_base_manage permission
|
||||
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
|
||||
let!(:agent_with_role) { create(:user) }
|
||||
let(:agent_with_role_account_user) do
|
||||
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
# Ensure the account_user with custom role is created before tests run
|
||||
before do
|
||||
agent_with_role_account_user
|
||||
end
|
||||
|
||||
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/categories' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['payload']['name']).to eq('category')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /api/v1/accounts/:account_id/portals/:portal_slug/categories' do
|
||||
let(:category_params) do
|
||||
{
|
||||
category: {
|
||||
name: 'New Category',
|
||||
slug: 'new-category',
|
||||
locale: 'en',
|
||||
description: 'This is a new category'
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
post "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories",
|
||||
params: category_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['payload']['name']).to eq('New Category')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
|
||||
let(:category_params) do
|
||||
{
|
||||
category: {
|
||||
name: 'Updated Category',
|
||||
description: 'This is an updated category'
|
||||
}
|
||||
}
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
|
||||
params: category_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['payload']['name']).to eq('Updated Category')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'DELETE /api/v1/accounts/:account_id/portals/:portal_slug/categories/:id' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
delete "/api/v1/accounts/#{account.id}/portals/#{portal.slug}/categories/#{category.id}",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,123 @@
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe '/api/v1/accounts/{account.id}/contacts/:id/conversations enterprise', type: :request do
|
||||
let(:account) { create(:account) }
|
||||
let(:contact) { create(:contact, account: account) }
|
||||
let(:inbox) { create(:inbox, account: account) }
|
||||
let(:contact_inbox) { create(:contact_inbox, contact: contact, inbox: inbox) }
|
||||
|
||||
describe 'GET /api/v1/accounts/{account.id}/contacts/:id/conversations with custom role permissions' do
|
||||
context 'with user having custom role' do
|
||||
let(:agent_with_custom_role) { create(:user, account: account, role: :agent) }
|
||||
let(:custom_role) { create(:custom_role, account: account) }
|
||||
|
||||
before do
|
||||
create(:inbox_member, user: agent_with_custom_role, inbox: inbox)
|
||||
end
|
||||
|
||||
context 'with conversation_participating_manage permission' do
|
||||
let(:assigned_conversation) do
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox, assignee: agent_with_custom_role)
|
||||
end
|
||||
|
||||
before do
|
||||
# Create a conversation assigned to this agent
|
||||
assigned_conversation
|
||||
|
||||
# Create another conversation that shouldn't be visible
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox, assignee: create(:user, account: account, role: :agent))
|
||||
|
||||
# Set up permissions
|
||||
custom_role.update!(permissions: %w[conversation_participating_manage])
|
||||
|
||||
# Associate the custom role with the agent
|
||||
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
|
||||
account_user.update!(role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
it 'returns only conversations assigned to the agent' do
|
||||
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
|
||||
headers: agent_with_custom_role.create_new_auth_token
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
|
||||
# Should only return the conversation assigned to this agent
|
||||
expect(json_response['payload'].length).to eq 1
|
||||
expect(json_response['payload'][0]['id']).to eq assigned_conversation.display_id
|
||||
end
|
||||
end
|
||||
|
||||
context 'with conversation_unassigned_manage permission' do
|
||||
let(:unassigned_conversation) do
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox, assignee: nil)
|
||||
end
|
||||
|
||||
let(:assigned_conversation) do
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox, assignee: agent_with_custom_role)
|
||||
end
|
||||
|
||||
before do
|
||||
# Create the conversations
|
||||
unassigned_conversation
|
||||
assigned_conversation
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox, assignee: create(:user, account: account, role: :agent))
|
||||
|
||||
# Set up permissions
|
||||
custom_role.update!(permissions: %w[conversation_unassigned_manage])
|
||||
|
||||
# Associate the custom role with the agent
|
||||
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
|
||||
account_user.update!(role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
it 'returns unassigned conversations AND conversations assigned to the agent' do
|
||||
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
|
||||
headers: agent_with_custom_role.create_new_auth_token
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
|
||||
# Should return both unassigned and assigned to this agent conversations
|
||||
expect(json_response['payload'].length).to eq 2
|
||||
conversation_ids = json_response['payload'].pluck('id')
|
||||
expect(conversation_ids).to include(unassigned_conversation.display_id)
|
||||
expect(conversation_ids).to include(assigned_conversation.display_id)
|
||||
end
|
||||
end
|
||||
|
||||
context 'with conversation_manage permission' do
|
||||
before do
|
||||
# Create multiple conversations
|
||||
3.times do
|
||||
create(:conversation, account: account, inbox: inbox, contact: contact,
|
||||
contact_inbox: contact_inbox)
|
||||
end
|
||||
|
||||
# Set up permissions
|
||||
custom_role.update!(permissions: %w[conversation_manage])
|
||||
|
||||
# Associate the custom role with the agent
|
||||
account_user = AccountUser.find_by(user: agent_with_custom_role, account: account)
|
||||
account_user.update!(role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
it 'returns all conversations' do
|
||||
get "/api/v1/accounts/#{account.id}/contacts/#{contact.id}/conversations",
|
||||
headers: agent_with_custom_role.create_new_auth_token
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
|
||||
# Should return all conversations in this inbox
|
||||
expect(json_response['payload'].length).to eq 3
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,90 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Enterprise Portal API', type: :request do
|
||||
let(:account) { create(:account) }
|
||||
let(:admin) { create(:user, :administrator, account: account) }
|
||||
let(:agent) { create(:user, account: account, role: :agent) }
|
||||
let!(:portal) { create(:portal, name: 'test_portal', account_id: account.id) }
|
||||
|
||||
# Create a custom role with knowledge_base_manage permission
|
||||
let!(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
|
||||
# Create user without account
|
||||
let!(:agent_with_role) { create(:user) }
|
||||
# Then create account_user association with custom_role
|
||||
let(:agent_with_role_account_user) do
|
||||
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
# Ensure the account_user with custom role is created before tests run
|
||||
before do
|
||||
agent_with_role_account_user
|
||||
end
|
||||
|
||||
describe 'GET /api/v1/accounts/:account_id/portals' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
get "/api/v1/accounts/#{account.id}/portals",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /api/v1/accounts/:account_id/portals/:portal_slug' do
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
get "/api/v1/accounts/#{account.id}/portals/#{portal.slug}",
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['name']).to eq('test_portal')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'POST /api/v1/accounts/:account_id/portals' do
|
||||
let(:portal_params) do
|
||||
{ portal: {
|
||||
name: 'test_portal',
|
||||
slug: 'test_kbase',
|
||||
custom_domain: 'https://support.chatwoot.dev'
|
||||
} }
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'restricts portal creation for agents with knowledge_base_manage permission' do
|
||||
post "/api/v1/accounts/#{account.id}/portals",
|
||||
params: portal_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:unauthorized)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'PUT /api/v1/accounts/:account_id/portals/:portal_slug' do
|
||||
let(:portal_params) do
|
||||
{ portal: { name: 'updated_portal' } }
|
||||
end
|
||||
|
||||
context 'when it is an authenticated user' do
|
||||
it 'returns success for agents with knowledge_base_manage permission' do
|
||||
put "/api/v1/accounts/#{account.id}/portals/#{portal.slug}",
|
||||
params: portal_params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
json_response = response.parsed_body
|
||||
expect(json_response['name']).to eq('updated_portal')
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -0,0 +1,67 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
require 'rails_helper'
|
||||
|
||||
RSpec.describe 'Enterprise Reports API', type: :request do
|
||||
let(:account) { create(:account) }
|
||||
let(:agent) { create(:user, account: account, role: :agent) }
|
||||
|
||||
# Create a custom role with report_manage permission
|
||||
let!(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
|
||||
let!(:agent_with_role) { create(:user) }
|
||||
let(:agent_with_role_account_user) do
|
||||
create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
|
||||
end
|
||||
|
||||
let(:default_timezone) { 'UTC' }
|
||||
let(:start_of_today) { Time.current.in_time_zone(default_timezone).beginning_of_day.to_i }
|
||||
let(:end_of_today) { Time.current.in_time_zone(default_timezone).end_of_day.to_i }
|
||||
let(:params) { { timezone_offset: Time.zone.utc_offset } }
|
||||
|
||||
before do
|
||||
agent_with_role_account_user
|
||||
end
|
||||
|
||||
describe 'GET /api/v2/accounts/:account_id/reports' do
|
||||
context 'when it is an authenticated user' do
|
||||
let(:params) do
|
||||
super().merge(
|
||||
metric: 'conversations_count',
|
||||
type: :account,
|
||||
since: start_of_today.to_s,
|
||||
until: end_of_today.to_s
|
||||
)
|
||||
end
|
||||
|
||||
it 'returns success for agents with report_manage permission' do
|
||||
get "/api/v2/accounts/#{account.id}/reports",
|
||||
params: params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /api/v2/accounts/:account_id/reports/summary' do
|
||||
context 'when it is an authenticated user' do
|
||||
let(:params) do
|
||||
super().merge(
|
||||
type: :account,
|
||||
since: start_of_today.to_s,
|
||||
until: end_of_today.to_s
|
||||
)
|
||||
end
|
||||
|
||||
it 'returns success for agents with report_manage permission' do
|
||||
get "/api/v2/accounts/#{account.id}/reports/summary",
|
||||
params: params,
|
||||
headers: agent_with_role.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
Reference in New Issue
Block a user