store_policy.rb 925 B

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. # Copyright (C) 2012-2023 Zammad Foundation, https://zammad-foundation.org/
  2. class StorePolicy < ApplicationPolicy
  3. # Store objects are authorized based on the policy of the object that "owns" them,
  4. # like the ticket or knowledge base answer they are attached to.
  5. # If no owner class or record can be found, forbid access by default.
  6. def show?
  7. store_object_policy(store_object_owner)&.show?
  8. end
  9. def destroy?
  10. store_object_policy(store_object_owner)&.destroy?
  11. end
  12. def user_required?
  13. false
  14. end
  15. def custom_exception
  16. ActiveRecord::RecordNotFound.new
  17. end
  18. private
  19. def store_object_class
  20. record.store_object&.name&.safe_constantize
  21. end
  22. def store_object_policy(target)
  23. Pundit.policy user, target
  24. end
  25. def store_object_owner
  26. if store_object_class == UploadCache
  27. return UploadCache.new(record.o_id)
  28. end
  29. store_object_class&.find record.o_id
  30. end
  31. end