Phase 2b: backend services, routes, and notification triggers

Attachments: multer-backed uploads with random-hex filenames, streaming downloads with Content-Disposition, 25MB limit, mimetype allowlist, audit entries, orphan cleanup on DB failure. Full-text search: searchTicketIds + searchComments via raw SQL ranked with ts_rank, composable filters via Prisma.sql/join, hydrated with findMany and reordered via Map to preserve rank. Pagination: listTicketsPaged returns {data,total,page,pageSize} only when page/pageSize present (array response stays default, so the Goddard n8n flow is unchanged). Bulk actions: reassign/close/setSeverity/setStatus on POST /bulk, writes one audit entry per ticket via createMany. Analytics: summarize(window) runs 5 parallel groupBy + raw-SQL queries for open-by-severity, status counts, queue load, age buckets, percentile_cont median resolution hours. CSV export streams matching tickets via res.write; saved views CRUD with per-user ownership checks (403 cross-user, 404 missing). Notifications: in-app Notification rows gated by prefs, email via nodemailer (SMTP_HOST-gated, no-op when unset), outgoing webhooks with HMAC-SHA256 signed POST and 3-retry exponential backoff. Triggers wired into createTicket/updateTicket/addComment; mention detection via parseMentions skips self-notify. Infra: docker-compose uploads volume + SMTP env passthrough; .env.example SMTP section. 43 server tests passing (attachment/webhook/notification/savedView services covered; bulkAction covered in ticketService). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 15:56:33 -04:00
parent 0806aec4a4
commit edf4c5eb3c
25 changed files with 1582 additions and 36 deletions
@@ -1,6 +1,6 @@
 import { describe, it, expect } from 'vitest';
 import { prismaMock } from '../test/setup';
-import { createTicket, updateTicket, closeStale } from './ticketService';
+import { createTicket, updateTicket, closeStale, bulkAction } from './ticketService';

 const existing = {
  id: 'tid',
@@ -119,6 +119,46 @@ describe('ticketService.updateTicket', () => {
  });
 });

+describe('ticketService.bulkAction', () => {
+  it('rejects non-admin attempting close', async () => {
+    await expect(
+      bulkAction({ action: 'close', ids: ['t1', 't2'] }, { id: 'u1', role: 'AGENT' }),
+    ).rejects.toMatchObject({ status: 403 });
+  });
+
+  it('rejects USER role entirely', async () => {
+    await expect(
+      bulkAction(
+        { action: 'setSeverity', ids: ['t1'], value: 2 },
+        { id: 'u1', role: 'USER' },
+      ),
+    ).rejects.toMatchObject({ status: 403 });
+  });
+
+  it('updates many + writes audit entries for each ticket', async () => {
+    prismaMock.ticket.findMany.mockResolvedValue([{ id: 't1' }, { id: 't2' }] as never);
+    prismaMock.ticket.updateMany.mockResolvedValue({ count: 2 });
+
+    const result = await bulkAction(
+      { action: 'setSeverity', ids: ['t1', 't2'], value: 1 },
+      { id: 'u1', role: 'AGENT' },
+    );
+
+    expect(result.updated).toBe(2);
+    expect(prismaMock.ticket.updateMany).toHaveBeenCalledWith(
+      expect.objectContaining({ data: { severity: 1 } }),
+    );
+    expect(prismaMock.auditLog.createMany).toHaveBeenCalledWith(
+      expect.objectContaining({
+        data: expect.arrayContaining([
+          expect.objectContaining({ ticketId: 't1', action: 'SEVERITY_CHANGED' }),
+          expect.objectContaining({ ticketId: 't2', action: 'SEVERITY_CHANGED' }),
+        ]),
+      }),
+    );
+  });
+});
+
 describe('ticketService.closeStale', () => {
  it('closes RESOLVED tickets older than cutoff and returns count', async () => {
    prismaMock.ticket.updateMany.mockResolvedValue({ count: 3 });