# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
class Validations::DataPrivacyTaskValidator < ActiveModel::Validator
attr_reader :record
delegate :deletable, to: :record
def validate(record)
@record = record
check_for_deletable_type
check_for_existing_task
check_for_user
end
private
def check_for_deletable_type
return if !record.deletable_type_changed?
return if [User, Ticket].any? { deletable.is_a?(_1) }
record.errors.add(:base, __('Data privacy task allows to delete a user or a ticket only.'))
end
def check_for_user
return if !record.deletable_id_changed?
return if !deletable.is_a?(User)
check_for_system_user
check_for_current_user
check_for_last_admin
end
def check_for_system_user
return if deletable.id != 1
record.errors.add(:base, __('It is not possible to delete the system user.'))
end
def check_for_current_user
return if deletable.id != UserInfo.current_user_id
record.errors.add(:base, __('It is not possible to delete your current account.'))
end
def check_for_last_admin
return if !last_admin?
record.errors.add(:base, __('It is not possible to delete the last account with admin permissions.'))
end
def check_for_existing_task
return if !record.deletable_id_changed?
return if !tasks_exists?
record.errors.add(:base, __('Selected object is already queued for deletion.'))
end
def tasks_exists?
DataPrivacyTask
.where.not(id: record.id)
.where.not(state: 'failed')
.exists? deletable: deletable
end
def last_admin?
return false if !deletable_is_admin?
future_admin_ids.blank?
end
def future_admin_ids
other_admin_ids - existing_jobs_admin_ids
end
def other_admin_ids
admin_users.where.not(id: deletable.id).pluck(:id)
end
def deletable_is_admin?
admin_users.exists?(id: deletable.id)
end
def existing_jobs_admin_ids
DataPrivacyTask.where(
deletable_id: other_admin_ids,
deletable_type: 'User'
).pluck(:deletable_id)
end
def admin_users
User.with_permissions('admin')
end
end