KumiSystems/Chatwoot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

chore: Ensure privilege validations for API endpoints (#2224)

Browse source 
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
This commit is contained in:
Sojan Jose 2021-06-11 11:44:31 +05:30 committed by GitHub
parent 5a95c74bf6
commit 534acfbf96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 335 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

8
spec/controllers/api/v1/accounts/conversations/assignments_controller_spec.rb
View file

@ -14,10 +14,14 @@ RSpec.describe 'Conversation Assignment API', type: :request do
end
end
context 'when it is an authenticated user' do
context 'when it is an authenticated user with access to the inbox' do
let(:agent) { create(:user, account: account, role: :agent) }
let(:team) { create(:team, account: account) }
before do
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'assigns a user to the conversation' do
params = { assignee_id: agent.id }
@ -48,6 +52,7 @@ RSpec.describe 'Conversation Assignment API', type: :request do
before do
conversation.update!(assignee: agent)
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'unassigns the assignee from the conversation' do
@ -69,6 +74,7 @@ RSpec.describe 'Conversation Assignment API', type: :request do
before do
conversation.update!(team: team)
create(:inbox_member, inbox: conversation.inbox, user: agent)
end
it 'unassigns the team from the conversation' do