overview_policy.rb 897 B

1234567891011121314151617181920212223242526272829303132333435363738394041424344
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
  2. class OverviewPolicy < ApplicationPolicy
  3. # Permission to use an overview is not implicitly granted to
  4. # admins, so that they don't see all overviews in their list.
  5. def use?
  6. # User must always have one role assigned.
  7. return false if user_has_assigned_role?
  8. # If overview is restricted by individual users, user must be included.
  9. if record.user_ids.count.positive? && record.user_ids.exclude?(user.id)
  10. return false
  11. end
  12. true
  13. end
  14. def show?
  15. user_is_admin? || use?
  16. end
  17. def create?
  18. user_is_admin?
  19. end
  20. def update?
  21. user_is_admin?
  22. end
  23. def destroy?
  24. user_is_admin?
  25. end
  26. private
  27. def user_is_admin?
  28. user.permissions?('admin.overview')
  29. end
  30. def user_has_assigned_role?
  31. (user.role_ids.to_set & record.role_ids.to_set).count.zero?
  32. end
  33. end