diff --git a/app/models/campaign.rb b/app/models/campaign.rb index 9898699ab..1103e8fb2 100644 --- a/app/models/campaign.rb +++ b/app/models/campaign.rb @@ -37,6 +37,8 @@ class Campaign < ApplicationRecord validate :validate_campaign_inbox validate :validate_url validate :prevent_completed_campaign_from_update, on: :update + validate :sender_must_belong_to_account + belongs_to :account belongs_to :inbox belongs_to :sender, class_name: 'User', optional: true @@ -90,6 +92,14 @@ class Campaign < ApplicationRecord errors.add(:url, 'invalid') if inbox.inbox_type == 'Website' && !use_http_protocol end + def sender_must_belong_to_account + return unless sender + + return if account.users.exists?(id: sender.id) + + errors.add(:sender_id, 'must belong to the same account as the campaign') + end + def prevent_completed_campaign_from_update errors.add :status, 'The campaign is already completed' if !campaign_status_changed? && completed? end diff --git a/spec/models/campaign_spec.rb b/spec/models/campaign_spec.rb index f3154c50a..bb03b4520 100644 --- a/spec/models/campaign_spec.rb +++ b/spec/models/campaign_spec.rb @@ -114,4 +114,26 @@ RSpec.describe Campaign do end end end + + context 'when validating sender' do + let(:account) { create(:account) } + let(:user) { create(:user, account: account) } + let(:web_widget) { create(:channel_widget, account: account) } + let(:inbox) { create(:inbox, channel: web_widget, account: account) } + + it 'allows sender from the same account' do + campaign = build(:campaign, inbox: inbox, account: account, sender: user) + expect(campaign).to be_valid + end + + it 'does not allow sender from different account' do + other_account = create(:account) + other_user = create(:user, account: other_account) + campaign = build(:campaign, inbox: inbox, account: account, sender: other_user) + expect(campaign).not_to be_valid + expect(campaign.errors[:sender_id]).to include( + 'must belong to the same account as the campaign' + ) + end + end end