base_scope.rb 1.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647
  1. # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
  2. # Abstract base class for various "types" of ticket access.
  3. #
  4. # Do NOT instantiate directly; instead,
  5. # choose the appropriate subclass from below
  6. # (see commit message for details).
  7. class TicketPolicy < ApplicationPolicy
  8. class BaseScope < ApplicationPolicy::Scope
  9. # overwrite PunditPolicy#initialize to make `context` optional and use Ticket as default
  10. def initialize(user, context = Ticket)
  11. super
  12. end
  13. def resolve # rubocop:disable Metrics/AbcSize
  14. raise NoMethodError, <<~ERR.chomp if instance_of?(TicketPolicy::BaseScope)
  15. specify an access type using a subclass of TicketPolicy::BaseScope
  16. ERR
  17. sql = []
  18. bind = []
  19. if user.permissions?('ticket.agent')
  20. sql.push('group_id IN (?)')
  21. bind.push(user.group_ids_access(self.class::ACCESS_TYPE))
  22. end
  23. if user.organization&.shared
  24. sql.push('(tickets.customer_id = ? OR tickets.organization_id = ?)')
  25. bind.push(user.id, user.organization.id)
  26. else
  27. sql.push('tickets.customer_id = ?')
  28. bind.push(user.id)
  29. end
  30. scope.where sql.join(' OR '), *bind
  31. end
  32. # #resolve is UNDEFINED BEHAVIOR for the abstract base class (but not its subclasses)
  33. def respond_to?(*args)
  34. return false if args.first.to_s == 'resolve' && instance_of?(TicketPolicy::BaseScope)
  35. super(*args)
  36. end
  37. end
  38. end