MODE=TAP,23

# Test creating deleting tickets.

BEGINPERL

my $mech;

subtest 'Login' => sub {
    plan tests => 4;

    $mech = webui_login(
        username => 'user2',
        password => 'user2',
        url      => "http://$webhost",
    );
};

$mech->follow_link( text_regex => qr/View My Details/ );

(my $principal_id = $mech->uri()) =~ s/^.*&id=(\d+)$/$1/;

my $edit_url = $mech->uri();

$mech->follow_link( text_regex => qr/Create Collection/ );
my $create_collection_url = $mech->uri();

# Create 3 tickets for testing deletion.
# 0 = Delete by the principal who created it.
# 1 = Try to delete by another principal
# 2 = Try to delete by another principal
my @col_id;
my @ticket_id;

for (my $i = 0; $i < 3; $i++) {
    $col_id[$i] = create_collection($mech, $create_collection_url, $i);
    $ticket_id[$i] = create_ticket($mech, $edit_url, $i, "/user2/test_ticket_collection_$i/");
}

#$mech->save_content("$save_location/$case-A", binmode => ':utf8');

# Delete our first ticket.
$mech->get("http://$webhost/admin.php?action=edit&t=principal&id=$principal_id&ticket_id=" . $ticket_id[0] . "&subaction=delete_ticket");
$mech->follow_link( text_regex => qr/Confirm Deletion of the Ticket/ );

$mech->content_contains(
    'Access ticket deleted',
    'Access ticket deleted message displayed'
);

#diag("Saved content of B to $save_location/$case-B");
#$mech->save_content("$save_location/$case-B", binmode => ':utf8');

my $mech_other;
subtest 'Login as user1' => sub {
    plan tests => 4;

    $mech_other = webui_login(
        username => 'user1',
        password => 'user1',
        url      => "http://$webhost",
    );
};

$mech_other->follow_link( text_regex => qr/View My Details/ );
(my $other_principal_id = $mech_other->uri()) =~ s/^.*&id=(\d+)$/$1/;

# Try delete ticket as another user, should be rejected.
$mech_other->get("http://$webhost/admin.php?action=edit&t=principal&id=$principal_id&ticket_id=" . $ticket_id[1] . "&subaction=delete_ticket");
$mech->follow_link( text_regex => qr/Confirm Deletion of the Ticket/ );

$mech_other->content_contains(
    'You are not allowed to delete tickets for this principal.',
    'Collection deletion error displayed when specifying other principal and their ticket'
);

#diag("Saved content of C to $save_location/$case-C");
#$mech_other->save_content("$save_location/$case-C", binmode => ':utf8');


# Try delete other users ticket as us, should be rejected.
$mech_other->get("http://$webhost/admin.php?action=edit&t=principal&id=$other_principal_id&collection_id=" . $ticket_id[2] . "&subaction=delete_ticket");
$mech_other->follow_link( text_regex => qr/Confirm Deletion of the Ticket/ );

$mech_other->content_contains(
    'Access ticket deletion failed.',
    'Ticket deletion error display when specifying our principal and their collection'
);

#diag("Saved content of D to $save_location/$case-D");
#$mech_other->save_content("$save_location/$case-D", binmode => ':utf8');

sub create_collection {
    my ($mech, $create_url, $i) = @_;

    $mech->get($create_url);

    # Create a collection
    $mech->submit_form_ok(
        {
            form_number => 1,
            button      => 'submit',
            fields      => {
                collection_name  => "test_ticket_collection_$i",
                dav_displayname  => "Test Ticket_Collection $i",
                description      => "Description for Ticket Collection $i",
            },
        }, "Create collection - $i"
    );

    $mech->content_contains(
        'Creating new Collection.',
        "Collection created message displayed - $i"
    );

    if ($mech->content() =~ /Collection ID:.*?(\d+)/m) {
        return $1;
    }
}



sub create_ticket {
    my ($mech, $create_url, $i, $collection, $fail) = @_;

    $mech->get($create_url);

    # Find the new ticket ID
    my $ticket_id;
    if ($mech->content() =~ qr/<input type="hidden" name="ticket_id" value="(\S+?)">/) {
        $ticket_id = $1;

        like($ticket_id, qr/^[0-9a-z]{8}$/i, "Found new ticket ID - $i");
    } else {
        fail("No ticket ID found - $i");
    }

    # Create a ticket
    $mech->submit_form_ok(
        {
            form_number => 3,
            button      => 'ticketrow',
            fields      => {
                target => $collection,
                'ticket_privileges[read]' => 1,
                'ticket_privileges[write-content]' => 1,
            },
        }, "Create ticket - $i"
    );

    if (! defined $fail) {
        $mech->content_contains(
            'Creating new ticket granting privileges to this Principal',
            "Ticket created message displayed - $i"
        );

        $mech->content_like(
            qr,^(?:<tbody>|</tr>)<tr class="r\d+"><td class="left">$ticket_id</td>\s*<td style="white-space:nowrap;">$collection</td>,m,
            "Ticket with collection path displayed - $i"
        );

        return $ticket_id;
    } else {
        $mech->content_contains(
            'Can only add tickets for existing collection paths which you own',
            "Ticket creation failed message displayed - $i"
        );

        return;
    }
}

ENDPERL


# Check that the state of the following collections:
# 0 = Deleted
# 1 = Exists
# 2 = Exists
# Hard as the ticket ID will change... Exclude that from the query.
BEGINQUERY
SELECT t.privileges, c.dav_name, c.dav_displayname
FROM access_ticket AS t LEFT JOIN collection AS c ON (t.target_collection_id = c.collection_id)
WHERE c.dav_name like '/user2/test_ticket_collection%'
ORDER BY c.dav_name;
ENDQUERY