Restructure omni services and add Chatwoot research snapshot

research/chatwoot/spec/enterprise/policies/article_policy_spec.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::ArticlePolicy', type: :policy do
+  subject(:article_policy) { ArticlePolicy }
+
+  let(:account) { create(:account) }
+  let(:agent) { create(:user, account: account) } # Needed for author
+  let(:portal) { create(:portal, account: account) }
+  let(:article) { create(:article, account: account, portal: portal, author: agent) }
+
+  # Create a custom role with knowledge_base_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :index?, :update?, :show?, :edit?, :create?, :destroy?, :reorder? do
+    context 'when agent with knowledge_base_manage permission' do
+      it { expect(article_policy).to permit(agent_with_role_context, article) }
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/category_policy_spec.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::CategoryPolicy', type: :policy do
+  subject(:category_policy) { CategoryPolicy }
+
+  let(:account) { create(:account) }
+  let(:portal) { create(:portal, account: account) }
+  let(:category) { create(:category, account: account, portal: portal, slug: 'test-category') }
+
+  # Create a custom role with knowledge_base_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :index?, :update?, :show?, :edit?, :create?, :destroy? do
+    context 'when agent with knowledge_base_manage permission' do
+      it { expect(category_policy).to permit(agent_with_role_context, category) }
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/company_policy_spec.rb

@@ -0,0 +1,33 @@
+require 'rails_helper'
+
+RSpec.describe CompanyPolicy, type: :policy do
+  subject(:company_policy) { described_class }
+
+  let(:account) { create(:account) }
+  let(:administrator) { create(:user, :administrator, account: account) }
+  let(:agent) { create(:user, account: account) }
+  let(:company) { create(:company, account: account) }
+
+  let(:administrator_context) { { user: administrator, account: account, account_user: account.account_users.first } }
+  let(:agent_context) { { user: agent, account: account, account_user: account.account_users.first } }
+
+  permissions :index?, :show?, :create?, :update? do
+    context 'when administrator' do
+      it { expect(company_policy).to permit(administrator_context, company) }
+    end
+
+    context 'when agent' do
+      it { expect(company_policy).to permit(agent_context, company) }
+    end
+  end
+
+  permissions :destroy? do
+    context 'when administrator' do
+      it { expect(company_policy).to permit(administrator_context, company) }
+    end
+
+    context 'when agent' do
+      it { expect(company_policy).not_to permit(agent_context, company) }
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/conversation_policy_spec.rb

@@ -0,0 +1,65 @@
+require 'rails_helper'
+
+RSpec.describe ConversationPolicy, type: :policy do
+  subject { described_class }
+
+  let(:account) { create(:account) }
+  let(:agent) { create(:user, account: account, role: :agent) }
+  let(:inbox) { create(:inbox, account: account) }
+  let(:agent_account_user) { agent.account_users.find_by(account: account) }
+  let(:context) { { user: agent, account: account, account_user: agent_account_user } }
+
+  before do
+    create(:inbox_member, user: agent, inbox: inbox)
+  end
+
+  permissions :show? do
+    context 'when role grants conversation_unassigned_manage' do
+      let(:custom_role) { create(:custom_role, account: account, permissions: ['conversation_unassigned_manage']) }
+
+      before do
+        agent_account_user.update!(role: :agent, custom_role: custom_role)
+      end
+
+      it 'allows access to conversations assigned to the agent' do
+        conversation = create(:conversation, account: account, inbox: inbox, assignee: agent)
+
+        expect(subject).to permit(context, conversation)
+      end
+
+      it 'denies access to conversations assigned to someone else' do
+        other_agent = create(:user, account: account, role: :agent)
+        conversation = create(:conversation, account: account, inbox: inbox, assignee: other_agent)
+
+        expect(subject).not_to permit(context, conversation)
+      end
+    end
+
+    context 'when role grants conversation_participating_manage' do
+      let(:custom_role) { create(:custom_role, account: account, permissions: ['conversation_participating_manage']) }
+
+      before do
+        agent_account_user.update!(role: :agent, custom_role: custom_role)
+      end
+
+      it 'allows access to conversations assigned to the agent' do
+        conversation = create(:conversation, account: account, inbox: inbox, assignee: agent)
+
+        expect(subject).to permit(context, conversation)
+      end
+
+      it 'allows access to conversations where the agent is a participant' do
+        conversation = create(:conversation, account: account, inbox: inbox, assignee: nil)
+        create(:conversation_participant, conversation: conversation, account: account, user: agent)
+
+        expect(subject).to permit(context, conversation)
+      end
+
+      it 'denies access to unrelated conversations' do
+        conversation = create(:conversation, account: account, inbox: inbox, assignee: nil)
+
+        expect(subject).not_to permit(context, conversation)
+      end
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/csat_survey_response_policy_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::CsatSurveyResponsePolicy', type: :policy do
+  subject(:csat_policy) { CsatSurveyResponsePolicy }
+
+  let(:account) { create(:account) }
+  let(:csat_survey_response) { create(:csat_survey_response, account: account) }
+
+  # Create a custom role with report_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :index?, :metrics?, :download? do
+    context 'when agent with report_manage permission' do
+      it { expect(csat_policy).to permit(agent_with_role_context, csat_survey_response) }
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/portal_policy_spec.rb

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::PortalPolicy', type: :policy do
+  subject(:portal_policy) { PortalPolicy }
+
+  let(:account) { create(:account) }
+  let(:portal) { create(:portal, account: account) }
+
+  # Create a custom role with knowledge_base_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['knowledge_base_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :update?, :edit?, :logo? do
+    context 'when agent with knowledge_base_manage permission' do
+      it { expect(portal_policy).to permit(agent_with_role_context, portal) }
+    end
+  end
+
+  permissions :create?, :destroy? do
+    context 'when agent with knowledge_base_manage permission' do
+      it { expect(portal_policy).not_to permit(agent_with_role_context, portal) }
+    end
+  end
+end

research/chatwoot/spec/enterprise/policies/report_policy_spec.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Enterprise::ReportPolicy', type: :policy do
+  subject(:report_policy) { ReportPolicy }
+
+  let(:account) { create(:account) }
+  let(:report) { :report }
+
+  # Create a custom role with report_manage permission
+  let(:custom_role) { create(:custom_role, account: account, permissions: ['report_manage']) }
+  let(:agent_with_role) { create(:user) } # Create without account
+  let(:agent_with_role_account_user) do
+    create(:account_user, user: agent_with_role, account: account, role: :agent, custom_role: custom_role)
+  end
+  let(:agent_with_role_context) do
+    { user: agent_with_role, account: account, account_user: agent_with_role_account_user }
+  end
+
+  permissions :view? do
+    context 'when agent with report_manage permission' do
+      it { expect(report_policy).to permit(agent_with_role_context, report) }
+    end
+  end
+end