Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 0d519f4847
Branches Tags
zammad
/
lib
/
user_context.rb

user_context.rb 935 B
History Raw

1234567891011121314151617181920212223242526272829303132333435 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. # We need a special UserContext when authorizing in controller context
    4. 

  4. # because of Token authentication which has it's own permissions
    5. 

  5. # See: https://github.com/varvet/pundit#additional-context
    6. 

  6. # We use a Delegator here to have transparent / DuckType access
    7. 

  7. # to the underlying User instance in the Policy
    8. 

  8. class UserContext < Delegator
    9. 

  9. 

  10.   def initialize(user, token = nil) # rubocop:disable Lint/MissingSuper
    11. 

  11.     @user  = user
    12. 

  12.     @token = token
    13. 

  13.   end
    14. 

  14. 

  15.   def __getobj__
    16. 

  16.     @user
    17. 

  17.   end
    18. 

  18. 

  19.   def permissions?(permissions)
    20. 

  20.     permissions!(permissions)
    21. 

  21.     true
    22. 

  22.   rescue Exceptions::Forbidden
    23. 

  23.     false
    24. 

  24.   end
    25. 

  25. 

  26.   def permissions!(permissions)
    27. 

  27.     raise Exceptions::Forbidden, __('Authentication required') if !@user
    28. 

  28. 

  29.     if @token
    30. 

  30.       return @token.with_context(user: @user) { permissions!(permissions) }
    31. 

  31.     end
    32. 

  32. 

  33.     @user.permissions!(permissions)
    34. 

  34.   end
    35. 

  35. end
    36.