redmine/test/functional/queries_controller_test.rb

# Redmine - project management software
# Copyright (C) 2006-2017  Jean-Philippe Lang
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

require File.expand_path('../../test_helper', __FILE__)

class QueriesControllerTest < Redmine::ControllerTest
  fixtures :projects, :enabled_modules,
           :users, :email_addresses,
           :members, :member_roles, :roles,
           :trackers, :issue_statuses, :issue_categories, :enumerations, :versions,
           :issues, :custom_fields, :custom_values,
           :queries

  def setup
    User.current = nil
  end

  def test_index
    get :index
    # HTML response not implemented
    assert_response 406
  end

  def test_new_project_query
    @request.session[:user_id] = 2
    get :new, :params => {
        :project_id => 1
      }
    assert_response :success

    assert_select 'input[name=?][value="0"][checked=checked]', 'query[visibility]'
    assert_select 'input[name=query_is_for_all][type=checkbox]:not([checked]):not([disabled])'
    assert_select 'select[name=?]', 'c[]' do
      assert_select 'option[value=tracker]'
      assert_select 'option[value=subject]'
    end
  end

  def test_new_global_query
    @request.session[:user_id] = 2
    get :new
    assert_response :success

    assert_select 'input[name=?]', 'query[visibility]', 0
    assert_select 'input[name=query_is_for_all][type=checkbox][checked]:not([disabled])'
  end

  def test_new_on_invalid_project
    @request.session[:user_id] = 2
    get :new, :params => {
        :project_id => 'invalid'
      }
    assert_response 404
  end

  def test_new_time_entry_query
    @request.session[:user_id] = 2
    get :new, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery'
      }
    assert_response :success
    assert_select 'input[name=type][value=?]', 'TimeEntryQuery'
  end

  def test_new_time_entry_query_should_select_spent_time_from_main_menu
    @request.session[:user_id] = 2
    get :new, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery'
      }
    assert_response :success
    assert_select '#main-menu a.time-entries.selected'
  end

  def test_new_time_entry_query_with_issue_tracking_module_disabled_should_be_allowed
    Project.find(1).disable_module! :issue_tracking

    @request.session[:user_id] = 2
    get :new, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery'
      }
    assert_response :success
  end

  def test_create_project_public_query
    @request.session[:user_id] = 2
    post :create, :params => {
        :project_id => 'ecookbook',
        :default_columns => '1',
        :f => ["status_id", "assigned_to_id"],
        :op => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :v => {
          "assigned_to_id" => ["1"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_new_project_public_query", "visibility" => "2"
        }
      }

    q = Query.find_by_name('test_new_project_public_query')
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :query_id => q
    assert q.is_public?
    assert q.has_default_columns?
    assert q.valid?
  end

  def test_create_project_private_query
    @request.session[:user_id] = 3
    post :create, :params => {
        :project_id => 'ecookbook',
        :default_columns => '1',
        :fields => ["status_id", "assigned_to_id"],
        :operators => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :values => {
          "assigned_to_id" => ["1"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_new_project_private_query", "visibility" => "0"
        }
      }

    q = Query.find_by_name('test_new_project_private_query')
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :query_id => q
    assert !q.is_public?
    assert q.has_default_columns?
    assert q.valid?
  end

  def test_create_project_roles_query
    @request.session[:user_id] = 2
    post :create, :params => {
        :project_id => 'ecookbook',
        :default_columns => '1',
        :fields => ["status_id", "assigned_to_id"],
        :operators => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :values => {
          "assigned_to_id" => ["1"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_create_project_roles_query", "visibility" => "1", "role_ids" => ["1", "2", ""]
        }
      }

    q = Query.find_by_name('test_create_project_roles_query')
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :query_id => q
    assert_equal Query::VISIBILITY_ROLES, q.visibility
    assert_equal [1, 2], q.roles.ids.sort
  end

  def test_create_global_private_query_with_custom_columns
    @request.session[:user_id] = 3
    post :create, :params => {
        :fields => ["status_id", "assigned_to_id"],
        :operators => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :values => {
          "assigned_to_id" => ["me"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_new_global_private_query", "visibility" => "0"
        },
        :c => ["", "tracker", "subject", "priority", "category"]
      }

    q = Query.find_by_name('test_new_global_private_query')
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => nil, :query_id => q
    assert !q.is_public?
    assert !q.has_default_columns?
    assert_equal [:id, :tracker, :subject, :priority, :category], q.columns.collect {|c| c.name}
    assert q.valid?
  end

  def test_create_global_query_with_custom_filters
    @request.session[:user_id] = 3
    post :create, :params => {
        :fields => ["assigned_to_id"],
        :operators => {
          "assigned_to_id" => "="
        },
        :values => {
          "assigned_to_id" => ["me"]
        },
        :query => {
          "name" => "test_new_global_query"
        }
      }

    q = Query.find_by_name('test_new_global_query')
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => nil, :query_id => q
    assert !q.is_public?
    assert !q.has_filter?(:status_id)
    assert_equal ['assigned_to_id'], q.filters.keys
    assert q.valid?
  end

  def test_create_with_sort
    @request.session[:user_id] = 1
    post :create, :params => {
        :default_columns => '1',
        :operators => {
          "status_id" => "o"
        },
        :values => {
          "status_id" => ["1"]
        },
        :query => {
          :name => "test_new_with_sort",
          :visibility => "2",
          :sort_criteria => {
          "0" => ["due_date", "desc"], "1" => ["tracker", ""]}
        }
      }

    query = Query.find_by_name("test_new_with_sort")
    assert_not_nil query
    assert_equal [['due_date', 'desc'], ['tracker', 'asc']], query.sort_criteria
  end

  def test_create_with_failure
    @request.session[:user_id] = 2
    assert_no_difference '::Query.count' do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query => {
            :name => ''
          }
        }
    end
    assert_response :success

    assert_select 'input[name=?]', 'query[name]'
  end

  def test_create_query_without_permission_should_fail
    Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}

    @request.session[:user_id] = 2
    assert_no_difference '::Query.count' do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query => {:name => 'Foo'}
        }
    end
    assert_response 403
  end

  def test_create_global_query_without_permission_should_fail
    Role.all.each {|r| r.remove_permission! :save_queries, :manage_public_queries}

    @request.session[:user_id] = 2
    assert_no_difference '::Query.count' do
      post :create, :params => {
          :query => {:name => 'Foo'}
        }
    end
    assert_response 403
  end

  def test_create_global_query_from_gantt
    @request.session[:user_id] = 1
    assert_difference 'IssueQuery.count' do
      post :create, :params => {
          :gantt => 1,
          :operators => {
            "status_id" => "o"
          },
          :values => {
            "status_id" => ["1"]
          },
          :query => {
            :name => "test_create_from_gantt",
            :draw_relations => '1',
            :draw_progress_line => '1'
          }
        }
      assert_response 302
    end
    query = IssueQuery.order('id DESC').first
    assert_redirected_to "/issues/gantt?query_id=#{query.id}"
    assert_equal true, query.draw_relations
    assert_equal true, query.draw_progress_line
  end

  def test_create_project_query_from_gantt
    @request.session[:user_id] = 1
    assert_difference 'IssueQuery.count' do
      post :create, :params => {
          :project_id => 'ecookbook',
          :gantt => 1,
          :operators => {
            "status_id" => "o"
          },
          :values => {
            "status_id" => ["1"]
          },
          :query => {
            :name => "test_create_from_gantt",
            :draw_relations => '0',
            :draw_progress_line => '0'
          }
        }
      assert_response 302
    end
    query = IssueQuery.order('id DESC').first
    assert_redirected_to "/projects/ecookbook/issues/gantt?query_id=#{query.id}"
    assert_equal false, query.draw_relations
    assert_equal false, query.draw_progress_line
  end

  def test_create_project_public_query_should_force_private_without_manage_public_queries_permission
    @request.session[:user_id] = 3
    query = new_record(Query) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query => {
            "name" => "name", "visibility" => "2"
          }
        }
      assert_response 302
    end
    assert_not_nil query.project
    assert_equal Query::VISIBILITY_PRIVATE, query.visibility
  end

  def test_create_global_public_query_should_force_private_without_manage_public_queries_permission
    @request.session[:user_id] = 3
    query = new_record(Query) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query_is_for_all => '1',
          :query => {
            "name" => "name", "visibility" => "2"
          }
        }
      assert_response 302
    end
    assert_nil query.project
    assert_equal Query::VISIBILITY_PRIVATE, query.visibility
  end

  def test_create_project_public_query_with_manage_public_queries_permission
    @request.session[:user_id] = 2
    query = new_record(Query) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query => {
            "name" => "name", "visibility" => "2"
          }
        }
      assert_response 302
    end
    assert_not_nil query.project
    assert_equal Query::VISIBILITY_PUBLIC, query.visibility
  end

  def test_create_global_public_query_should_force_private_with_manage_public_queries_permission
    @request.session[:user_id] = 2
    query = new_record(Query) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query_is_for_all => '1',
          :query => {
            "name" => "name", "visibility" => "2"
          }
        }
      assert_response 302
    end
    assert_nil query.project
    assert_equal Query::VISIBILITY_PRIVATE, query.visibility
  end

  def test_create_global_public_query_by_admin
    @request.session[:user_id] = 1
    query = new_record(Query) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :query_is_for_all => '1',
          :query => {
            "name" => "name", "visibility" => "2"
          }
        }
      assert_response 302
    end
    assert_nil query.project
    assert_equal Query::VISIBILITY_PUBLIC, query.visibility
  end

  def test_create_project_public_time_entry_query
    @request.session[:user_id] = 2

    q = new_record(TimeEntryQuery) do
      post :create, :params => {
          :project_id => 'ecookbook',
          :type => 'TimeEntryQuery',
          :default_columns => '1',
          :f => ["spent_on"],
          :op => {
            "spent_on" => "="
          },
          :v => {
            "spent_on" => ["2016-07-14"]
          },
          :query => {
            "name" => "test_new_project_public_query", "visibility" => "2"
          }
        }
    end

    assert_redirected_to :controller => 'timelog', :action => 'index', :project_id => 'ecookbook', :query_id => q.id
    assert q.is_public?
    assert q.has_default_columns?
    assert q.valid?
  end

  def test_edit_global_public_query
    @request.session[:user_id] = 1
    get :edit, :params => {
        :id => 4
      }
    assert_response :success

    assert_select 'input[name=?][value="2"][checked=checked]', 'query[visibility]'
    assert_select 'input[name=query_is_for_all][type=checkbox][checked=checked]'
  end

  def test_edit_global_private_query
    @request.session[:user_id] = 3
    get :edit, :params => {
        :id => 3
      }
    assert_response :success

    assert_select 'input[name=?]', 'query[visibility]', 0
    assert_select 'input[name=query_is_for_all][type=checkbox][checked=checked]'
  end

  def test_edit_project_private_query
    @request.session[:user_id] = 3
    get :edit, :params => {
        :id => 2
      }
    assert_response :success

    assert_select 'input[name=?]', 'query[visibility]', 0
    assert_select 'input[name=query_is_for_all][type=checkbox]:not([checked])'
  end

  def test_edit_project_public_query
    @request.session[:user_id] = 2
    get :edit, :params => {
        :id => 1
      }
    assert_response :success

    assert_select 'input[name=?][value="2"][checked=checked]', 'query[visibility]'
    assert_select 'input[name=query_is_for_all][type=checkbox]:not([checked])'
  end

  def test_edit_sort_criteria
    @request.session[:user_id] = 1
    get :edit, :params => {
        :id => 5
      }
    assert_response :success

    assert_select 'select[name=?]', 'query[sort_criteria][0][]' do
      assert_select 'option[value=priority][selected=selected]'
      assert_select 'option[value=desc][selected=selected]'
    end
  end

  def test_edit_invalid_query
    @request.session[:user_id] = 2
    get :edit, :params => {
        :id => 99
      }
    assert_response 404
  end

  def test_update_global_private_query
    @request.session[:user_id] = 3
    put :update, :params => {
        :id => 3,
        :default_columns => '1',
        :fields => ["status_id", "assigned_to_id"],
        :operators => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :values => {
          "assigned_to_id" => ["me"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_edit_global_private_query", "visibility" => "2"
        }
      }

    assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 3
    q = Query.find_by_name('test_edit_global_private_query')
    assert !q.is_public?
    assert q.has_default_columns?
    assert q.valid?
  end

  def test_update_global_public_query
    @request.session[:user_id] = 1
    put :update, :params => {
        :id => 4,
        :default_columns => '1',
        :fields => ["status_id", "assigned_to_id"],
        :operators => {
          "assigned_to_id" => "=", "status_id" => "o"
        },
        :values => {
          "assigned_to_id" => ["1"], "status_id" => ["1"]
        },
        :query => {
          "name" => "test_edit_global_public_query", "visibility" => "2"
        }
      }

    assert_redirected_to :controller => 'issues', :action => 'index', :query_id => 4
    q = Query.find_by_name('test_edit_global_public_query')
    assert q.is_public?
    assert q.has_default_columns?
    assert q.valid?
  end

  def test_update_with_failure
    @request.session[:user_id] = 1
    put :update, :params => {
        :id => 4,
        :query => {
          :name => ''
        }
      }
    assert_response :success
    assert_select_error /Name cannot be blank/
  end

  def test_destroy
    @request.session[:user_id] = 2
    delete :destroy, :params => {
        :id => 1
      }
    assert_redirected_to :controller => 'issues', :action => 'index', :project_id => 'ecookbook', :set_filter => 1, :query_id => nil
    assert_nil Query.find_by_id(1)
  end

  def test_backslash_should_be_escaped_in_filters
    @request.session[:user_id] = 2
    get :new, :params => {
        :subject => 'foo/bar'
      }
    assert_response :success
    assert_include 'addFilter("subject", "=", ["foo\/bar"]);', response.body
  end

  def test_filter_with_project_id_should_return_filter_values
    @request.session[:user_id] = 2
    get :filter, :params => {
        :project_id => 1,
        :name => 'fixed_version_id'
      }

    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)
    assert_include ["eCookbook - 2.0", "3", "open"], json
  end

  def test_version_filter_time_entries_with_project_id_should_return_filter_values
    @request.session[:user_id] = 2
    get :filter, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery',
        :name => 'issue.fixed_version_id'
      }

    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)
    assert_include ["eCookbook - 2.0", "3", "open"], json
  end

  def test_version_filter_without_project_id_should_return_all_visible_fixed_versions
    # Remove "jsmith" user from "Private child of eCookbook" project
    Project.find(5).memberships.find_by(:user_id => 2).destroy

    @request.session[:user_id] = 2
    get :filter, :params => {
        :name => 'fixed_version_id'
      }

    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    # response includes visible version
    assert_include ["eCookbook Subproject 1 - 2.0", "4", "open"], json
    assert_include ["eCookbook - 0.1", "1", "closed"], json
    # response includes systemwide visible version
    assert_include ["OnlineStore - Systemwide visible version", "7", "open"], json
    # response doesn't include non visible version
    assert_not_include ["Private child of eCookbook - Private Version of public subproject", "6", "open"], json
  end

  def test_subproject_filter_time_entries_with_project_id_should_return_filter_values
    @request.session[:user_id] = 2
    get :filter, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery',
        :name => 'subproject_id'
      }

    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)
    assert_equal 4, json.count
    assert_include ["Private child of eCookbook","5"], json
  end

  def test_assignee_filter_should_return_active_and_locked_users_grouped_by_status
    @request.session[:user_id] = 1
    get :filter, :params => {
        :project_id => 1,
        :type => 'IssueQuery',
        :name => 'assigned_to_id'
      }
    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    assert_equal 6, json.count
    # "me" value should not be grouped
    assert_include ["<< me >>", "me"], json
    assert_include ["Dave Lopper", "3", "active"], json
    assert_include ["Dave2 Lopper2", "5", "locked"], json
  end

  def test_author_filter_should_return_active_and_locked_users_grouped_by_status
    @request.session[:user_id] = 1
    get :filter, :params => {
        :project_id => 1,
        :type => 'IssueQuery',
        :name => 'author_id'
      }
    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    assert_equal 6, json.count
    # "me" value should not be grouped
    assert_include ["<< me >>", "me"], json
    assert_include ["Dave Lopper", "3", "active"], json
    assert_include ["Dave2 Lopper2", "5", "locked"], json
  end

  def test_user_filter_should_return_active_and_locked_users_grouped_by_status
    @request.session[:user_id] = 1
    get :filter, :params => {
        :project_id => 1,
        :type => 'TimeEntryQuery',
        :name => 'user_id'
      }
    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    assert_equal 6, json.count
    # "me" value should not be grouped
    assert_include ["<< me >>", "me"], json
    assert_include ["Dave Lopper", "3", "active"], json
    assert_include ["Dave2 Lopper2", "5", "locked"], json
  end

  def test_watcher_filter_without_permission_should_show_only_me
    # This user does not have view_issue_watchers permission
    @request.session[:user_id] = 7

    get :filter, :params => {
        :project_id => 1,
        :type => 'IssueQuery',
        :name => 'watcher_id'
      }
    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    assert_equal 1, json.count
    assert_equal [["<< me >>", "me"]], json
  end

  def test_watcher_filter_with_permission_should_show_members
    # This user has view_issue_watchers permission
    @request.session[:user_id] = 1

    get :filter, :params => {
        :project_id => 1,
        :type => 'IssueQuery',
        :name => 'watcher_id'
      }
    assert_response :success
    assert_equal 'application/json', response.content_type
    json = ActiveSupport::JSON.decode(response.body)

    assert_equal 6, json.count
    # "me" value should not be grouped
    assert_include ["<< me >>", "me"], json
    assert_include ["Dave Lopper", "3", "active"], json
    assert_include ["Dave2 Lopper2", "5", "locked"], json
  end
end