| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 |
- class TicketPolicy < ApplicationPolicy
- def show?
- access?('read')
- end
- def create?
- access?('create')
- end
- def update?
- access?('change')
- end
- def destroy?
- return true if user.permissions?('admin')
- # This might look like a bug is actually just defining
- # what exception is being raised and shown to the user.
- return false if !access?('delete')
- not_authorized('admin permission required')
- end
- def full?
- access?('full')
- end
- def follow_up?
- return true if user.permissions?('ticket.agent') # agents can always reopen tickets, regardless of group configuration
- return true if record.group.follow_up_possible != 'new_ticket' # check if the setting for follow_up_possible is disabled
- return true if record.state.name != 'closed' # check if the ticket state is already closed
- raise Exceptions::UnprocessableEntity, 'Cannot follow-up on a closed ticket. Please create a new ticket.'
- end
- private
- def access?(access)
- # agent - access if requester is owner
- return true if record.owner_id == user.id
- # agent - access if requester is in group
- return true if user.group_access?(record.group.id, access)
- # check customer
- return false if !user.permissions?('ticket.customer')
- # access ok if its own ticket
- return true if record.customer_id == user.id
- organization_access?
- end
- def organization_access?
- return false if record.organization_id.blank?
- return false if user.organization_id.blank?
- return false if record.organization_id != user.organization_id
- record.organization.shared?
- end
- end
|
