Skip to content

Commit

Permalink
Merge pull request #739 from guillegiu/master
Browse files Browse the repository at this point in the history 
Custom Validation and Ruby test - Get authors path
  • Loading branch information
@guillegiu
guillegiu committed Mar 3, 2020
2 parents bd5db08 + 5b75e5d commit 33bf2c4
Show file tree
Hide file tree
Showing 5 changed files with 120 additions and 16 deletions.
24 changes: 12 additions & 12 deletions server/controllers/ticket/get-authors.php
View file
Expand Up @@ -35,11 +35,11 @@ public function validations() {
'permission' => 'staff_1',
'requestData' => [
'query' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType()),
'validation' => DataValidator::oneOf(DataValidator::stringType(),DataValidator::nullType()),
'error' => ERRORS::INVALID_QUERY
],
'blackList' => [
'validation' => DataValidator::oneOf(DataValidator::notBlank(),DataValidator::nullType(),DataValidator::arrayType()),
'validation' => DataValidator::oneOf(DataValidator::validAuthorsBlackList(),DataValidator::nullType()),
'error' => ERRORS::INVALID_BLACK_LIST
]
]
Expand All @@ -49,25 +49,25 @@ public function validations() {
public function handler() {
$query = Controller::request('query');

$idAuthorsQuery = "SELECT id,name,level FROM staff " . $this->GenerateAuthorsIdQuery($query) . " LIMIT 10";
$authorsIdList = RedBean::getAll($idAuthorsQuery, [':query' => "%" .$query . "%",':query2' => $query . "%"] );
$authorsList = [];
$authorsQuery = "SELECT id,name,level FROM staff " . $this->generateAuthorsIdQuery($query) . " LIMIT 10";
$authorsMatch = RedBean::getAll($authorsQuery, [':query' => "%" .$query . "%",':queryAtBeginning' => $query . "%"] );
$authors = [];

foreach($authorsIdList as $item) {
if($item['level'] >=1 && $item['level'] <= 3){
$author = Staff::getDataStore($item['id']*1);
foreach($authorsMatch as $authorMatch) {
if($authorMatch['level'] >=1 && $authorMatch['level'] <= 3){
$author = Staff::getDataStore($authorMatch['id']*1);
} else {
$author = User::getDataStore($item['id']*1);
$author = User::getDataStore($authorMatch['id']*1);
}
array_push($authorsList, $author->toArray());
array_push($authors, $author->toArray());
}
Response::respondSuccess([
'authors' => $authorsList
'authors' => $authors
]);
}
public function generateAuthorsIdQuery($query) {
if ($query){
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :query2) THEN 1 ELSE 2 END ASC ";
return "WHERE name LIKE :query " . $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE name LIKE :query " . $this->generateUserBlackListQuery() . " ORDER BY CASE WHEN (name LIKE :queryAtBeginning) THEN 1 ELSE 2 END ASC ";
} else {
return "WHERE 1=1 ". $this->generateStaffBlackListQuery() . " UNION SELECT id,name,signup_date FROM user WHERE 1=1". $this->generateUserBlackListQuery() ." ORDER BY id";
}
Expand Down
7 changes: 3 additions & 4 deletions server/controllers/ticket/search.php
View file
Expand Up @@ -134,9 +134,8 @@ public function handler() {

$query = $this->getSQLQuery($inputs);
$queryWithOrder = $this->getSQLQueryWithOrder($inputs);
//throw new Exception($queryWithOrder);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':query2' => $inputs['query'] . "%"]);
$totalCount = RedBean::getAll("SELECT COUNT(*) FROM (SELECT COUNT(*) " . $query . " ) AS T2", [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%" ])[0]['COUNT(*)'];
$ticketIdList = RedBean::getAll($queryWithOrder, [':query' => "%" . $inputs['query'] . "%", ':queryAtBeginning' => $inputs['query'] . "%"]);
$ticketList = [];
foreach ($ticketIdList as $item) {
$ticket = Ticket::getDataStore($item['id']);
Expand Down Expand Up @@ -411,7 +410,7 @@ private function setStringOrder($querysearch, &$order){

if($querysearch !== null){
$ticketeventOrder = ( $ticketEventTableExists ? " WHEN (ticketevent.content LIKE :query) THEN 5 " : "");
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :query2) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
$order .= "CASE WHEN (ticket.ticket_number LIKE :query) THEN 1 WHEN (ticket.title LIKE :queryAtBeginning) THEN 2 WHEN (ticket.title LIKE :query) THEN 3 WHEN ( ticket.content LIKE :query) THEN 4 " . $ticketeventOrder ."END asc, ";
}
}

Expand Down
20 changes: 20 additions & 0 deletions server/libs/validations/validAuthorsBlackList.php
View file
@@ -0,0 +1,20 @@
<?php

namespace CustomValidations;

use Respect\Validation\Rules\AbstractRule;

class ValidAuthorsBlackList extends AbstractRule {

public function validate($blackList) {
if(is_array(json_decode($blackList))){
foreach (json_decode($blackList) as $item) {
if(!$item->id || !$item->staff) return false;
if($item->staff != 0 && $item->staff != 1) return false;
if(!is_numeric($item->id)) return false;
}
return true;
}
return false;
}
}
1 change: 1 addition & 0 deletions tests/init.rb
View file
Expand Up @@ -72,6 +72,7 @@
require './ticket/edit-comment.rb'
require './ticket/edit-title.rb'
require './system/custom-fields.rb'
require './ticket/get-authors.rb'
require './system/disable-user-system.rb'
require './ticket/search.rb'
# require './system/get-stats.rb'
84 changes: 84 additions & 0 deletions tests/ticket/get-authors.rb
View file
@@ -0,0 +1,84 @@
describe '/ticket/get-authors/' do

it 'should fail if a user is loged' do
request('/user/logout')
Scripts.login('tyrion@opensupports.com', 'tyrionl')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world'
})

(result['status']).should.equal('fail')
(result['message']).should.equal('NO_PERMISSION')


end

it 'should fail if blackList is invalid' do
request('/user/logout')
Scripts.login($staff[:email], $staff[:password], true)
Scripts.createUser(email = 'eemilia@jobs.com', password = 'custompassword', name = 'eemilia')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':2,'id':2}]
})

(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':'level two','id':2}]
})

(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'hello world',
blackList: [{'staff':1,'id':'four'}]
})

(result['status']).should.equal('fail')
(result['message']).should.equal('INVALID_BLACK_LIST')
end

it 'should return the correct authors' do

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(2)
(result['data']['authors'][0]['name']).should.equal('Emilia Clarke')
(result['data']['authors'][1]['name']).should.equal('eemilia')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: 'emilia',
blackList: '[{"staff":1,"id":1}]'
})
(result['status']).should.equal('success')
(result['data']['authors'].size).should.equal(1)
(result['data']['authors'][0]['name']).should.equal('eemilia')

result = request('/ticket/get-authors', {
csrf_userid: $csrf_userid,
csrf_token: $csrf_token,
query: '',
})
(result['status']).should.equal('success')
end
end

0 comments on commit 33bf2c4

Please sign in to comment.