feat: Bulk delete for contacts (#12778)

Introduces a new bulk action `delete` for contacts ref: https://github.com/chatwoot/chatwoot/pull/12763 ## Screens <img width="1492" height="973" alt="Screenshot 2025-10-31 at 6 27 21 PM" src="https://github.com/user-attachments/assets/30dab1bb-2c2c-4168-9800-44e0eb5f8e3a" /> <img width="1492" height="985" alt="Screenshot 2025-10-31 at 6 27 32 PM" src="https://github.com/user-attachments/assets/5be610c4-b19e-4614-a164-103b22337382" />
2025-11-04 17:47:53 -08:00
parent e8ae73230d
commit f89d9a4401
11 changed files with 325 additions and 95 deletions
--- a/spec/controllers/api/v1/accounts/bulk_actions_controller_spec.rb
+++ b/spec/controllers/api/v1/accounts/bulk_actions_controller_spec.rb
@@ -195,37 +195,6 @@ RSpec.describe 'Api::V1::Accounts::BulkActionsController', type: :request do
        expect(Conversation.first.label_list).to contain_exactly('support', 'priority_customer')
        expect(Conversation.second.label_list).to contain_exactly('support', 'priority_customer')
      end
-
-      it 'enqueues contact bulk action job with permitted params' do
-        contact_one = create(:contact, account: account)
-        contact_two = create(:contact, account: account)
-
-        previous_adapter = ActiveJob::Base.queue_adapter
-        ActiveJob::Base.queue_adapter = :test
-
-        expect do
-          post "/api/v1/accounts/#{account.id}/bulk_actions",
-               headers: agent.create_new_auth_token,
-               params: {
-                 type: 'Contact',
-                 ids: [contact_one.id, contact_two.id],
-                 labels: { add: %w[vip support] },
-                 extra: 'ignored'
-               }
-        end.to have_enqueued_job(Contacts::BulkActionJob).with(
-          account.id,
-          agent.id,
-          hash_including(
-            'ids' => [contact_one.id, contact_two.id],
-            'labels' => hash_including('add' => %w[vip support])
-          )
-        )
-
-        expect(response).to have_http_status(:success)
-      ensure
-        ActiveJob::Base.queue_adapter = previous_adapter
-        clear_enqueued_jobs
-      end
    end
  end

@@ -256,4 +225,49 @@ RSpec.describe 'Api::V1::Accounts::BulkActionsController', type: :request do
      end
    end
  end
+
+  describe 'POST /api/v1/accounts/{account.id}/bulk_actions (contacts)' do
+    context 'when it is an authenticated user' do
+      let!(:agent) { create(:user, account: account, role: :agent) }
+
+      it 'enqueues Contacts::BulkActionJob with permitted params' do
+        contact_one = create(:contact, account: account)
+        contact_two = create(:contact, account: account)
+
+        expect do
+          post "/api/v1/accounts/#{account.id}/bulk_actions",
+               headers: agent.create_new_auth_token,
+               params: {
+                 type: 'Contact',
+                 ids: [contact_one.id, contact_two.id],
+                 labels: { add: %w[vip support] },
+                 extra: 'ignored'
+               }
+        end.to have_enqueued_job(Contacts::BulkActionJob).with(
+          account.id,
+          agent.id,
+          hash_including(
+            'ids' => [contact_one.id.to_s, contact_two.id.to_s],
+            'labels' => hash_including('add' => %w[vip support])
+          )
+        )
+
+        expect(response).to have_http_status(:success)
+      end
+
+      it 'returns unauthorized for delete action when user is not admin' do
+        contact = create(:contact, account: account)
+
+        post "/api/v1/accounts/#{account.id}/bulk_actions",
+             headers: agent.create_new_auth_token,
+             params: {
+               type: 'Contact',
+               ids: [contact.id],
+               action_name: 'delete'
+             }
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+  end
 end