# Copyright (C) 2012-2016 Zammad Foundation, http://zammad-foundation.org/ class User module ChecksAccess extend ActiveSupport::Concern # Checks the given access of a given user for another user. # # @param [User] The user that will be checked for given access. # @param [String] The access that should get checked. # # @example # user.access?(user, 'read') # #=> true # # @return [Boolean] def access?(user, _access) # check agent return true if user.permissions?('admin.user') return true if user.permissions?('ticket.agent') # check customer if user.permissions?('ticket.customer') # access ok if its own user return id == user.id end false end # Checks the given access of a given user for another user and fails with an exception. # # @param (see User#access?) # # @example # user.access!(user, 'read') # # @raise [NotAuthorized] Gets raised if given user doesn't have the given access. # # @return [nil] def access!(user, access) return if access?(user, access) raise Exceptions::NotAuthorized end end end